• What The Hell Was He Thinking?

    [This was originally published on attrition.org. It was written by Lyger and Jericho.] For those who haven’t heard, a recent data loss incident involving the Louisiana Board of Regents was recently disclosed to the media. In short, about 80,000 Social Security numbers were inadvertently exposed over the internet, and the media seemed to be very quick in…

  • This blog is pretty!

    [This was originally published on the OSVDB blog.] Ran across a post on Dancho Danchev’s blog about information visualization. I’ve seen these types of graphical renderings/representations of everything from “the internet” to web sites. In the past they have been part of presentations or been created with tools that weren’t public. Now, Texone is offering…

  • Scrubbing the Source Data

    [This was originally published on the OSVDB blog.] A few months ago, Jeff Jones at CSO Online blogged about “Scrubbing the Source Data”, talking about the challenges of using vulnerability data for analysis. Part 1 examined using the National Vulnerability Database (NVD) showing how you can’t blindly rely on the data from VDBs. In his…

  • Month of Search Engine Bugs (MoSEB) Follow-up

    [This was originally published on the OSVDB blog.] Yes yes, yet another “Month of..” campaign. If you track the mail lists, you may have seen a post about a “Month of [something]” Bugs. Despite little follow-up, this campaign is going strong on the 17th day demonstrating a variety of vulnerabilities in lycos.com, search.myway.com, images.google.com, mamma.com,…

  • The value of 0-day…

    [This was originally published on the OSVDB blog.] Another interesting article regarding the value of 0-day vulnerabilities. Rob Lemos relates the stories of a few researchers who sold their 0-day vulnerability/exploit information for big dollars. The twist here, which is news to some, is who purchased it (the .gov) and for how much (as high…

  • Site Specific Vulnerabilities – New Site Tracking XSS

    [This was originally published on the OSVDB blog.] A while back I wrote about VDBs and site specific vulnerabilities. The general consensus is that VDBs should not track site specific vulnerabilities, even though some do for bigger sites that provide services (i.e. Google, Gmail, Yahoo). While OSVDB does not, we recently ran across a site…

  • Pet Stores Should Be Subject to Stricter Laws

    in the world of pets, there is obviously a wide variety of animals. if i were to break it down into two major types off hand, it would be ‘most pets’ and ‘exotic pets’. some regular pets exhibit many of the same mannerisms as exotics, and they can even share some food, treats, litter and…

  • like, man, know what i’m sayin?!

    There are certain social oddities that have been around for a while. One of them is the prevalent use of certain phrases, often with ridiculous frequency. For the last few years, many friends and I noticed and commented on it. Just a few days ago, Kay and I were at the local Panera Bread listening…

  • VDB Searching Headache: Apache

    [This was originally published on the OSVDB blog.] I had the need to search for Apache vulnerabilities today for the pesky day job. One word, one search and four hours later I realized just how bad our Apache entries were. Enter headache #1. Unfortunately, the rest of the VDBs were no better. What did I…

  • Month of Search Engines Bugs (MOSEB)

    [This was originally published on the OSVDB blog.] It was bound to happen, now we get to see a Month of Search Engine Bugs. It would be nice if this effort included some bugs with meat rather than relatively obscure cross-site scripting issues. The time has come for announcement of my new project – Month…