• December 2020 Reviews (The Queen’s Gambit, Tenet, Ted Lasso, Devs, Marauders, Fatman, The Midnight Sky, 2067, The Jesus Rolls, War Inc.)

    [A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] The Queen’s Gambit (2020)Rating: 5/5 check it out mateReference(s): IMDB Listing || NetflixThis miniseries, based on a 1983 book with the same name, is a fictional story about a chess prodigy turned master. It has the […]

  • Five Dollar Security; You Get What You Pay For

    The old phrase “If it looks too good to be true, it probably is” is very common, and usually well founded. After seeing an offer for a $5 “security status” of a website, we just had to test it out. Since the service is being offered by a Certified Ethical Hacker (C|EH) with 13 years […]

  • Dystopia Arrives

    The dystopia genre has enjoyed a lot of attention the last decade with hits like The Hunger Games, Blade Runner 2049, and Automata as a few examples. To me, a dystopian film is set in the near future with a focus on society more than technology. In my late teens and early 20s I loved […]

  • Box of Shit: The Kat Variance

    For those who know about the sordid history of the Box of Shit, you know where the name comes from. While some may have thoughtful touches and some personalized items, they are generally fun junk. Behold, the Kat variance! After sending a true box of shit to her, a couple months pass and I get […]

  • Sitting on Undisclosed Vulnerabilities (e.g. SolarWinds Stragglers)

    The company SolarWinds is in the news, victims of an attack that compromised their Orion Platform software by inserting a backdoor into it, allowing for remote code execution. Like most big breaches, we hear the term “sophisticated” used for the attack. And like many breaches, we quickly learn that it might not have been so […]

  • Review Player Two

    TL;DR Ready Player Two is an enjoyable read that keeps the spirit and overall feel of the first book, with a few chapters in the middle that are a bit difficult to slog through. Worth a read though. Summary Ready Player Two is the aptly named sequel to Ready Player One. It picks up shortly […]

  • Not all CVEs are Created Equal. Or even valid…

    [I wrote this early 2019 and it was scheduled for January 7 but it apparently did not actually publish and then got lost in my excessive drafts list. I touched it up this week to publish because the example that triggered this blog is old but the response is evergreen. Apologies for the long delay!] […]

  • Thoughts on 0-days and Risk in 2020

    [Stupid WordPress. This was scheduled to publish Nov 23 but didn’t for some reason. Here it is, a bit late…] On Friday, Maddie Stone from the Google P0 team Tweeted about the 0-day exploits her team tracks. As someone who checks that sheet weekly and tracks vulnerabilities, including ones ‘discovered in the wild’, this is […]

  • Why EVM Security Hasn’t Changed For More Than 15 Years

    [This was originally published on RiskBasedSecurity.com in the 2020 Q3 Vulnerability Quickview Report. It was authored with Curtis Kang.] In our 2019 Year End Vulnerability QuickView Report, we presented a detailed history of public Electronic Voting Machine (EVM) vulnerabilities. We’ve seen little change to the overall EVM security picture since then. With the Presidential elections […]

  • Dec 3 – Breckenridge Ski Report

    The Good The people on the mountain are mostly good about social distancing in on the lift rides (two people for a four-chair lift), but not so much in line. You get a stark reminder of this when it is 10 degrees and you can see everyone’s breath. While not much of the terrain is […]