• Is that the best you can do?

    Invariably, when I mention my Guinea Pigs to people, one of the most common and consistent reactions is to tell me that people eat them in South America. ZOMG REALLY? THANKS INFO. Oh wait, that isn’t the response they wanted. ZOMG REALLY?! POOR PIGS IM SO SHOCKED AND DISGUSTED! There, does that work for you?…

  • Who Discovered the Most Vulns?

    [This was originally published on the OSVDB blog.] This is a question OSVDB moderators, CVE staff and countless other VDB maintainers have asked. Today, Gunter Ollmann with IBM X-Force released his research trying to answer this question. Before you read on, I think this research is excellent. The relatively few criticisms I bring up are…

  • Microsoft LifeCam – sucks the life out of me

    It wasn’t my choice, but I was handed a Microsoft “LifeCam” today, as the original recipient didn’t want it. Figured I’d try to use it to make a Guinea Pig cam after seeing a nice setup and live streaming a few nights ago. The software it comes with makes me want to vomit. Insert the…

  • Disclosure: Oempro Multiple Vulnerabilities

    [This was originally published on OSVDB, now gone. VulnDB IDs 50321, 50322, 50323, 50324] Release Date: 2008-12-01Application: Octeth Technologies, Oempro 3.5.5.1Cross Ref: CVE-2008-3057, CVE-2008-3058, CVE-2008-3059OSVDB: 50321 .. 50324Reference: http://osvdb.org/ref/50/oempro.txt Description: “What is Oempro? Newsletters, product release announcement emails, e-cards, happy birthday emails, email reminders, auto responders, simply all kind of emails can easily be generated…

  • Using Nessus to call Nikto
    Using Nessus to call Nikto

    [This was originally published on the Tenable blog.] Earlier this year, Michel Arboi wrote a blog post explaining how to use Nessus to call Nikto and incorporate the results into Nessus output. Most newcomers to Nessus have enabled the nikto.nasl wrapper only to find it produced no output. Some Nessus users have found various ways to ensure…

  • Do you know why?

    I frequently want to ask people that question. “Do you know why..” and then ask why they do something. Ultimately the cause will be one of two reasons; 1) they were brought up doing something or taught that way, and never challenged the legacy or 2) marketing and advertising that snowballs into an unspoken force…

  • So I rant…

    [Originally posted elsewhere.] Sitting among people makes me think, and it’s usually negative and cynical. Sometimes I get the feeling to rant about it, share my feelings, even if it is only with some_obscure_file.txt that will never be seen by the light of day. Then I get to thinking about 15 years ago when I…

  • Tenable Training, First Hand
    Tenable Training, First Hand

    [This was originally published on the Tenable blog.] As a new Tenable employee, one of my first opportunities was to sit in on recently updated Nessus training classes taught by Tenable’s Training Lead, Matt Franz. Joining me in putting Matt on the hot seat was Tenable CSO Marcus Ranum. As a consultant, I have been…

  • A Decade of Oracle Security

    [This was originally published on attrition.org] Oracle Corporation, one of the largest software companies in the world, has been providing database software for 30 years. What began as a U.S. intelligence agency funded relational database designed on a PDP-11 and never officially released, later turned into perhaps the largest and most prevalent commercial database used…

  • Brief analysis of “Analyzing Websites for User-Visible Security Design Flaws”

    [This was originally published on attrition.org] On July 23, 2008, an article was released touting the numbers of a recent study on website security design flaws. The article only quoted some statistics from the research and did not link to it or go into detail on how the statistics were derived. I posted a quick rebuttal to the…