• Hey asshole business (Chase)

    Ranting on behalf of a friend. We were out grabbing vegetables for the guinea pigs, a quick dinner and some wine for her. Trying to purchase wine, her debit card was declined. Figuring it was a fluke and the bad mojo of our local Wine Nazi rubbing off, she tried again at Wahoo’s and it…

  • Over Reliance on Social Network Friends in Zynga Games

    Re-thinking Game Design for Character Advancement Abstract:Zynga is a commercial company that produces free games that are played via the Facebook social network. Per Zynga’s mission, they seek to “connect people through games”. This is readily apparent in their eagerness for you to play games with your friends through a number of game designs and…

  • Hypersensitive Computer Displays

    I’ve noticed this many times over the last decade. computerized display systems are often hypersensitive to the point of being silly and absurd. Years ago I noticed downloading files via some clients would show me the speed of the transfer to the Nth place, where N is totally ridiculous. I was getting 83.92384293842903k download and…

  • Reflection on Rescue

    i own guinea pigs. seven of them now, mostly rescues. they come from all types of places, but mostly from places where they were in bad shape or had no future. a year ago i barely knew anything about them but Kay got me into them. before long i had one. two. three. four. five.…

  • Stand Your Ground

    The night started with a loud voice from outside, echoing between the buildings. Couldn’t see anyone from any window but it was definitely very close. Since it couldn’t be from the balcony or parking lot, and wasn’t the courtyard in the next building or mine, it had to be someone between the buildings but near…

  • Dr. Jekyll and Mr. Hide (Sun & Disclosure)

    [This was originally published on the OSVDB blog.] Today just happened to be the right day where I saw the Jekyll and “Hide” of Sun though. A few days ago, |)ruid posted about a Solaris ypupdated vulnerability in which he says it corresponds to CVE-1999-0208 / OSVDB 11517. Given the original vulnerability was published in…

  • Disclosure: Multiple Software Remote File Inclusion

    [This was originally disclosed on the VIM mail list. VulnDB IDs 90794, 90795, 90796. This was the result of watching Apache logs on attrition.org and observing a wide variety of RFI attacks. I started comparing some of the scripts being attempted with OSVDB and noticed some were not found. That means these were essentially 0days…

  • Vulnerability Counts and OSVDB Advocacy

    [This was originally published on the OSVDB blog.] CVE just announced reaching 30,000 identifiers which is a pretty scary thing. CVE staff have a good eye for catching vulnerabilities from sources away from the mainstream (e.g. bugtraq) and they have the advantage of being a very widely accepted standard for tracking vulnerabilities. As companies and…

  • The Purpose of Tracking Numbers.. (IBM)

    [This was originally published on the OSVDB blog.] First it was HP, then it was Sun. Not to be outdone, IBM steps up and gives VDBs a headache. APAR IZ00988 is “sysrouted” to APAR IZ01121 and APAR IZ01122. Really IBM, the amount of information common to all three pages is overwhelming. Do you really need…

  • “high price bug brokering market just isn’t viable”

    [This was originally published on the OSVDB blog.] On January 17, 2007, SnoSoft / Netragard LLC announced a new Exploit Acquisition Program designed to compete with iDefense, TippingPoint and others. Nothing special or different other than the suggestion that they would pay more for high end vulnerabilities. A little over a year later, and they…