• How to Steal an Election (Taylor’s Version)
    How to Steal an Election (Taylor’s Version)

    Disclaimer: This blog is not about politics in the sense of party affiliations and I am not making a political statement. Further, I am not interested in hearing your views on one party or the other. Rather, this blog is just a thought experiment on manipulating an election. This general idea is not new by…

  • 2024 NIST / ANALYGENCE FOIA Results
    2024 NIST / ANALYGENCE FOIA Results

    On June 5, 2024, I sent a FOIA request to National Institute of Standards and Technology requesting a copy of the contract between the National Vulnerability Database (NVD) and ANALYGENCE, a contractor that had been retained to help with the NVD backlog. This was one of two trying to determine how much the U.S. Government…

  • Vulnerability Forecasting Technical Colloquium – A Few Thoughts
    Vulnerability Forecasting Technical Colloquium – A Few Thoughts

    [I wrote this on September 21st, but apparently forgot to ultimately move from GDoc to Blog. I suspect because it really needs to be cleaned up as it is my first draft. Rather than do that, since the event has passed, I will just backdate instead. This blog was actually published December 28, 2024.] Part…

  • Squirrel With a Gun … and Crashes
    Squirrel With a Gun … and Crashes

    As many know, I have eagerly been awaiting the game Squirrel With a Gun for quite a while. I even have the SWaG plushie! So imagine my disappointment when I try to play and run into… needing to install Microsoft Visual C++ (which requires a reboot… in 2024). None of the other steam games require…

  • 400 CNAs, Yay?
    400 CNAs, Yay?

    Introduction This week, or in the next two, we’re likely to see MITRE heralding the milestone of minting their 400th CVE Numbering Authority (CNA). These are, primarily, organizations that can assign a CVE ID without having to go to MITRE each time to obtain the ID. This is part of what MITRE calls a “federated”…

  • June 8, 2024 – Random Thoughts
    June 8, 2024 – Random Thoughts

    In human society one does not always equal one because our way of communicating is so convoluted and weird. United Healthcare (UHC) is still complete shit. They seemingly have no logic or data science being done with the incredible patient / customer data they have. UHC will basically force you into using OptumRX for your…

  • Almost Zero Value in “Zero Progress on Zero-Days”; a Rebuttal
    Almost Zero Value in “Zero Progress on Zero-Days”; a Rebuttal

    The following blog is general comments and a rebuttal of sorts to the following paper: “Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market” by Mailyn Fidler, Assistant Professor, University of New Hampshire, Franklin Pierce School of Law [Link] Unfortunately, I can’t easily cut and paste from this PDF which…

  • GVD Discussion – Round Two
    GVD Discussion – Round Two

    Tom Alrich published a blog titled “The Global Vulnerability Database won’t be a “database” at all” on November 10, 2023. In the blog Tom lays out some ideas for how this “database” would operate and the advantages he sees. I didn’t see this blog until early May and posted my “Thoughts on Tom Alrich’s “Global…

  • Two Definitions of Zero Day Apparently
    Two Definitions of Zero Day Apparently

    What is a “zero day vulnerability”? It’s a term that is frequently used in the vulnerability disclosure ecosystem. I have blogged on this topic frequently and reading some of this will give more history and context, so I won’t rehash everything. If you read one blog, make it “No One Will Burn A Zero Day…

  • Random Movie/TV Thoughts and Reviews (May 2024)
    Random Movie/TV Thoughts and Reviews (May 2024)

    I haven’t had time to do clean write-up reviews of various movies every time, so here are some random thoughts about recent content. In no particular order… Netflix: Heart of the Hunter is advertised as “John Wick, but in Africa”. No, not even close. Just a string of cliches and not even well done at…