-
Rebuttal: Skeletons in the Closet
On April 22, 2022, Nate Warfield of Prevailion published an article on Threatpost on the topic of zero days. I’m a little late to this article, but because this horse still has some life in it apparently, I feel obligated to once again point out how the term ‘zero day’ has basically lost all meaning.…
-
2020 – 2022 Charity Auction Drive Summary
Between October 26, 2020 and May 12, 2022, I put up 197 charity auctions on behalf of myself and 32 other people who donated items for the cause. Whoever donated the item for the auction got to pick the charity, or in some cases asked me to pick. For the most part, all money went…
-
Rebuttal: How to avoid headaches when publishing a CVE
On May 12, 2022, Adeeb Shah published an article on Help Net Security titled “How to avoid headaches when publishing a CVE”. Shah is a Senior Security Consultant with SpiderLabs, part of Trustwave. Note that it also appears on Trustwave’s blog and includes a second name in the byline, Bobby Cooke. For the sake of…
-
Rebuttal: A blended look at what makes the CVE program try to tick
A few days ago, Tod Beardsley published an article on SC Magazine titled “An inside look at what makes the CVE Program tick“. Overall the article is well-written and offers some insights into MITRE, CVE, and their “CNA” program or CVE Numbering Authorities. Beardsley does a good job enumerating some basics about the program, the…
-
Book Review: Perdido Street Station
Perdido Street Station February 27, 2001 The Amazon summary for this book reads: The metropolis of New Crobuzon sprawls at the center of the world. Humans and mutants and arcane races brood in the gloom beneath its chimneys, where the river is sluggish with unnatural effluent and foundries pound into the night. For a thousand…
-
Abbott, the Libre 2 App, and No Common Sense
For those familiar with continuous glucose monitors (CGM), you may be familiar with the Abbott FreeStyle Libre device. It is an extremely popular device that is based on Near-field communication (NFC) where the wearer uses their phone to poll the device attached to their body. NFC is convenient but very low range; it’s the same…
-
Review: Console Vault – Installation, Security, and Break-in
Last October I purchased a “Console Vault Jeep Grand Cherokee 2011-2021” which is a drop-in vault for the center console. At the time I paid $269 for it but the price is currently listed at $299. While the vault is a great idea, this model had some strengths and ultimately weaknesses that mean it was…
-
CVE ID Created Date != Much of Anything
Yesterday, SanSec published a blog post discussing the recent Adobe Commerce / Magento Open Source vulnerability that was discovered being exploited in the wild. In the blog, they said: Adobe has been aware of the issue since at least January 27th but decided to issue a patch on Sunday, which is highly unusual. They draw…
-
February 2022 Reviews (many)
Wheel of Time S1 (2021) Medium: TV (Amazon) Rating: 4 / 5 Politics, destiny, and the occasional magic spell Reference(s): IMDB Listing || Trailer This series is loosely based on the novels of the same name, following a mage, her warder, and a group of reluctant adventures that might be destined for greater things. A world of magic and…
-
Log4Shell: Redefining Painful Disclosure
Log4Shell is yet another example of why we simply don’t get security right, and it strongly suggests there is little hope for change. There are plenty of blogs and articles that do a great analysis of the vulnerability from the exploitation and impact angle of this vulnerability. There are a lot fewer that examine why…