-
Vulnerability Research In Numbers
[This was originally published on the OSVDB blog.] I’m so far behind in my daily routine and missed Thomas Ptacek’s post on Vuln Research In Numbers. Fortunately, Dave Aitel referenced the blog entry which prompted me to check it out. I so desperately want Ptacek to run his numbers against a complete OSVDB data set,…
-
Wanna Date?
[This was originally published on the OSVDB blog.] No, this isn’t some odd contest with a disappointing reward. Date an OSVDB moderator! *shudder* Think of dates in the context of vulnerability disclosure. Think of how many dates we don’t know, even in the more formal advisories (some with time lines even). OSVDB currently tracks three…
-
Vulnerability Research Food Chain
[This was originally published on the OSVDB blog.] I’ve mentioned the sociology aspect of the hacker, vuln researcher and security companies before, specifically how they interact, how one will influence another and more. The list of fun ideas I have on these topics is great, and maybe some day i’ll find the time to write…
-
No Exception for Symantec
[This was originally published on the OSVDB blog.] Symantec posted a message to Bugtraq earlier this month announcing the availability of a new advisory. The advisory presumably covers a vulnerability or issue in Symantec On-Demand Protection. If you are reading this blog entry a year from now, that is all you may find on it.…
-
Oldest Vulnerability Contest – Winner
[This was originally published on the OSVDB blog.] On December 20, 2005, I posted a contest looking for the oldest documented vulnerability. This generated a lot of interest and was posted to the FunSec Mail List which generated even more interest and information. It also lead to me spending more time digging through my own…
-
DEF CON/BlackHat Thoughts
[This was originally published on the OSVDB blog.] I keep telling myself, “keep it short!” since writing about a week in Las Vegas tends to be wordy. No promises! Some 3000 people apparently showed for BlackHat briefings and it showed. Despite that much money coming in and the amount of warning Caesars/BH had before the…
-
Security expert dubs July the ‘Month of browser bugs’
[This was originally published on the OSVDB blog.] Security expert dubs July the ‘Month of browser bugs’ By Greg Sandoval Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers. HD Moore, the creator of Metasploit Framework, a tool that helps test whether a…
-
OSVDB at BlackHat/DEF CON 14
[This was originally published on the OSVDB blog.] Once again, many of the folks from OSVDB will be in Las Vegas this week, attending BlackHat Briefings and Defcon. Hopefully you can track one of us down for some OSVDB schwag and maybe have a beer while discussing the best way to get Jake to do…
-
Proof of Concept
[This was originally published on the OSVDB blog.] PoC aka ‘Proof of Concept’. Please, stop and read those words.. actually think about what it means. The term was originally used to label code that demonstrated that a concept or idea was actually valid. ResearcherX would say that SoftwareY contained an exploitable overflow in FunctionZ. Since…
-
Browser Fun
[This was originally published on the OSVDB blog.] http://browserfun.blogspot.com/ This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The…