• Google VulnSearch?

    [This was originally published on the OSVDB blog.] Fall behind and someone will always beat you to the punch! Gadi Evron posted an entry over at Securiteam on the topic of using Google’s Codesearch to find vulns. Since he and others are writing about this, I don’t have to! However, i’ll post a few more…

  • General TV Complaint

    I’ve thought about this post in my mind for the last two years, since I’ve started watching more tv shows. thank $deity for torrents and a 19″ monitor, because i certainly can’t watch the shows on the network’s time tables. yes, i pay 55 bucks a month for extended cable and *never* turn my TV…

  • Stupid E-mail Disclaimers and the Stupid Users that Use Them

    [This was written with Martums and originally published on attrition.org.] We thought it would be a fad. Ok, we hoped it would be a fad, destined to go away as quickly as it came. Unfortunately, those worthless e-mail legal disclaimers still pollute the internet. Written by overzealous lawyers that don’t seem to realize the stupidity futility of their effort,…

  • Under Pressure…

    [This was originally published on the OSVDB blog.] Microsoft is finding themselves under increasing pressure to release fixes for critical vulnerabilities. This week, Microsoft broke from tradition again and opted to release and early fix for a critical Internet Explorer vulnerability. Since we’ve seen other critical vulnerabilities come up before this one, some of which…

  • Full Disclosure Debate Bibliography

    [This was originally published on the OSVDB blog.] Paul Clark, Systems Librarian at the Wilderness Coast Public Libraries, has created an excellent timeline of Full Disclosure related articles. Unfortunately, mail to him is bouncing and it hasn’t been updated since 2004. Would be great to see someone pick this up.

  • Movie Review: Lucky Number Slevin

    [This was originally published on attrition.org.] This movie is either about horrifying the viewer with the worst wallpapers ever conceived, or one of the ultimate tales of revenge. This movie is also hard to properly review without ruining vital parts of it, so bear with me. Slevin Kelevra (Josh Hartnett) is the wrong guy in…

  • Matousec’s Vulnerability Value

    [This was originally published on the OSVDB blog.] Since the debate about pay-for-disclosure started, some folks have wondered what vulnerabilities are worth. We’ve seen companies like Verisign/iDefense and Tipping Point/ZDI offer serious money for vulnerabilities in the past. Adding to the mix, matousec.com has published a purchase page with prices of some of their vulnerability…

  • Vendor Disclosure Process

    [This was originally published on the OSVDB blog.] Ever wondered what some of the bigger vendors do in response to vulnerability Disclosure? Federico Biancuzzi has written an article on his Disclosure survey which may answer the question for you. Apple, Computer Associates, Google, IBM, Microsoft, Novell, Oracle, Red Hat, SAP, Sun Microsystems and Yahoo all…

  • Numb3rs

    [This was originally published on the OSVDB blog.] I’ve been with the OSVDB project for 1000 days. I am responsible for creating 20,667 entries, moderating 7,791 mangler submissions, and mangling 3,480 vulnerabilities myself. The database contains vulnerabilities dating back to 1965, spanning over 40 years. The database contains over 3,800 cross-site scripting, 2,500 SQL injection…

  • Rare case where being unprofessional is justified?

    [This was originally published on the OSVDB blog.] I think I may have found it. Claus Assmann (no no, too easy) of sendmail.org recently said some words to the CVE team regarding a recent Sendmail DoS. Look at the words and think about it: BTW: it would be nice if your process of creating a…