• Abbott, the Libre 2 App, and No Common Sense
    Abbott, the Libre 2 App, and No Common Sense

    For those familiar with continuous glucose monitors (CGM), you may be familiar with the Abbott FreeStyle Libre device. It is an extremely popular device that is based on Near-field communication (NFC) where the wearer uses their phone to poll the device attached to their body. NFC is convenient but very low range; it’s the same […]

  • Review: Console Vault – Installation, Security, and Break-in
    Review: Console Vault – Installation, Security, and Break-in

    Last October I purchased a “Console Vault Jeep Grand Cherokee 2011-2021” which is a drop-in vault for the center console. At the time I paid $269 for it but the price is currently listed at $299. While the vault is a great idea, this model had some strengths and ultimately weaknesses that mean it was […]

  • CVE ID Created Date != Much of Anything
    CVE ID Created Date != Much of Anything

    Yesterday, SanSec published a blog post discussing the recent Adobe Commerce / Magento Open Source vulnerability that was discovered being exploited in the wild. In the blog, they said: Adobe has been aware of the issue since at least January 27th but decided to issue a patch on Sunday, which is highly unusual. They draw […]

  • February 2022 Reviews (many)
    February 2022 Reviews (many)

    Wheel of Time S1 (2021) Medium: TV (Amazon) Rating: 4 / 5 Politics, destiny, and the occasional magic spell Reference(s): IMDB Listing || Trailer This series is loosely based on the novels of the same name, following a mage, her warder, and a group of reluctant adventures that might be destined for greater things. A world of magic and […]

  • Log4Shell: Redefining Painful Disclosure
    Log4Shell: Redefining Painful Disclosure

    Log4Shell is yet another example of why we simply don’t get security right, and it strongly suggests there is little hope for change. There are plenty of blogs and articles that do a great analysis of the vulnerability from the exploitation and impact angle of this vulnerability. There are a lot fewer that examine why […]

  • January 2022 Reviews (many)
    January 2022 Reviews (many)

    Cowboy Bebop S1 (2021) Medium: TV (Netflix) Rating: 4 / 5 wop bop a loo bop Reference(s): IMDB Listing || Netflix || Trailer As someone who didn’t read the original material or any subsequent work, I enjoyed this live action series. A cyberpunk meets near-term sci-fi with a dose of spaghetti Western thrown in. Three bounty hunters scrape by in […]

  • December 2021 Reviews (many)
    December 2021 Reviews (many)

    Foundation S1 (2021) Medium: TV (Apple) Rating: 4.5 / 5 Great adaptation with some creative liberty Reference(s): IMDB Listing || Trailer || Apple This series is based on Isaac Asimov’s Foundation series of books. It’s been too long so I don’t know how creative they got, but the Internet seems to think it took some liberty with many aspects of […]

  • Privasec’s Ridiculous Claim of a “World Record” in Vulnerability Disclosure
    Privasec’s Ridiculous Claim of a “World Record” in Vulnerability Disclosure

    On May 9, 2019, Privasec published an odd press release with a URL slug of “privasec-queensland-telstra-acquisition” but a title of “Privasec Red’s Consultant Breaks World Record By Disclosing Most Number Of Open-Source CVEs.” This claim is simply wrong. To believe it requires either a complete understanding of the vulnerability disclosure landscape or intent to deceive. […]

  • The Charity Challenge for Banshee
    The Charity Challenge for Banshee

    Unfortunately for them, the fax machine was invented in 1843. Banshee admitted defeat, so Durian it is! But I wanted to give some encouragement and started a charity pledge drive. Of course, me being me, I created a tracking sheet for this and as of this blog, there is already $1945 in pledges to help […]

  • CISA’s BOD 22-01: How to Prioritize 100 Vulnerabilities in Two Weeks

    [This was originally published on riskbasedsecurity.com, and had considerable edits/enhancements done by Curtis Kang.] CISA BOD 22-01 introduces the directive for government vendors to mitigate 292 CVE IDs, or 301 vulnerabilities, 100 of them within a short timeframe. It is well-meaning and brings potentially valuable focus, but it will put pressure on teams working with […]