• Social Implications of Keysigning

    [This was originally published on attrition.org. It was written by Raven and Jericho. A Bulgarian translation was done.] Intro The use of strong public encryption has always been popular among geeks. Perhaps the most commonly used and most beloved encryption for e-mail is Pretty Good Privacy (PGP); started as a free method for protecting emails…

  • For Example…

    [This was originally published on the OSVDB blog.] Did you know that RFC 2606 provides for the Internet Assigned Numbers Authority (IANA) to reserve several top level domains, as well as three second level domains in order to provide a safe domain name? To avoid conflict and confusion the domains example.com, example.net and example.org are…

  • Why I’m So Behind

    [This was originally published on the OSVDB blog.] Another night of working on OSVDB, mainly focusing on vulnerability import and creating our entries to cover issues. Most nights end with between 25 and 50 new entries and a feeling of accomplishment. Well, other manglers can see the accomplishment if they check the back end, and…

  • Microsoft Silently Patches…

    [This was originally published on the OSVDB blog.] Sure, the news that Microsoft silently patches vulnerabilities made the rounds. But honestly, who was surprised in the least? We’ve all known it is a common practice among many vendors, not just Microsoft. As you may have guessed, the reasoning behind this practice is a commonly heard…

  • Just Because It Is A Game..

    [This was originally published on the OSVDB blog.] Does the nature of a product determine vulnerability status? Without giving much thought, most people would classify a ‘game’ as nothing of concern. No way it could possibly pose a security threat to you.. besides, it’s fun! In reality though, games are just as likely to bite…

  • The Upside to the Provenance Problem

    [This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from…

  • 10 Infamous Moments In Security Research

    [This was originally published on the OSVDB blog.] 10 Infamous Moments In Security ResearchInformationWeek – Apr 17, 2006 1. SQL Slammer2. Windows Plug and Play3. Cisco IOS heap overflow4. Windows Metafile5. Oracle transparent data encryption6. Oracle PLSQL gateway7. Apple Mac iChat8. Internet Explorer createTextRange()9. Internet Explorer HTA files10. Sendmail SMTP server software While many of…

  • Vulnerability History

    [This was originally published on the OSVDB blog.] Steven Christey (CVE) recently posted about vulnerability history and complexity. The recent sendmail vulnerability has brought up discussion about both topics and adds another interesting piece of history to the venerable sendmail package. One point to walk away with is that while sendmail has a long history…

  • The Web Hacking Incidents Database

    [This was originally published on the OSVDB blog.] The Web Hacking Incidents Database The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and…

  • Disclosure: Annuaire (Directory) Multiple Vulnerabilities

    [This was originally published on OSVDB, now gone. VulnDB IDs 24302, 24303] Comment left on feedback page:http://www.brunox.org/modules.php?op=modload&name=FeedBack&file=index While testing your demo of Annuaire (Directory), I noticed a few security vulnerabilities: Many pages are calling /include/lang-en.php which is showing the full installation path. Additionally, directly requesting this script will reveal the full path. inscription.php The comment…