Tag: BlackHat

  • Buying Into the Bias: Why Vulnerability Statistics Suck [Abstract]

    [This was originally published on the OSVDB blog.] Last week, Steve Christey and I gave a presentation at Black Hat Briefings 2013 in Las Vegas about vulnerability statistics. We submitted a brief whitepaper on the topic, reproduced below, to accompany the slides that are now available. Buying Into the Bias: Why Vulnerability Statistics SuckBy Steve…

  • Buying Into the Bias: Why Vulnerability Statistics Suck [Presentation]

    Steve Christey, the CVE Editor from MITRE, and I gave a presentation at Black Hat Briefings 2013 on the problems we have witnessed over the years with poor vulnerability statistics. Rather than just debunk a handful, which we did, we also went into extensive detail on the different types of bias that ultimately lead to…

  • Stalking me in Las Vegas…

    I fly out to Las Vegas tomorrow for the trifecta of summer security conventions held in oppressing heat. BlackHat Briefings, BSides Las Vegas, and DEF CON 21. If you want to catch up to talk about attrition.org, OSVDB, or anything vulnerability related, look for the disgruntled person likely wearing a squirrel-themed shirt. If you would…

  • Errata Hits Puberty: 13 Years of Chagrin

    I presented on the 13 year history of the Errata project at RVAsec giving a behind-the-scenes look at the nightmare and headaches involved. Both from the project, and from the security industry. This presentation was updated slightly, and given a month later at the Black Hat Briefings 2012 in Las Vegas. The attrition.org Errata project…

  • 2007 Black Hat / DEF CON

    Tuesday, July 31st, 2007 – Black Hat – Day 1 Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves. Rented from Hertz as usual. While I did…

  • DEF CON/BlackHat Thoughts

    [This was originally published on the OSVDB blog.] I keep telling myself, “keep it short!” since writing about a week in Las Vegas tends to be wordy. No promises! Some 3000 people apparently showed for BlackHat briefings and it showed. Despite that much money coming in and the amount of warning Caesars/BH had before the…

  • OSVDB at BlackHat/DEF CON 14

    [This was originally published on the OSVDB blog.] Once again, many of the folks from OSVDB will be in Las Vegas this week, attending BlackHat Briefings and Defcon. Hopefully you can track one of us down for some OSVDB schwag and maybe have a beer while discussing the best way to get Jake to do…

  • Fiasco: BlackHat, Cisco, ISS, Lynn

    [This was originally published on the OSVDB blog.] There are far too many articles covering this topic to justify me rewriting the story in my own words. So in summary, relevant links with background. End up with Schneier’s commentary for a good summary and additional links. BlackHat Briefings: Cisco IOS Security Architecture by Michael Lynnhttp://www.blackhat.com/html/bh-usa-05/bh-usa-05-schedule.html…

  • Lessons Learned From attrition.org / Mirror Image

    B.K. and I did a talk about our experience running the Attrition defacement mirror at BlackHat Briefings USA 2001.

  • Feds, Felons, and Flakes: Reflections on the Attrition Mirror

    In 2000, Matt, Dale, and myself did a presentation at BlackHat Briefings in Las Vegas on the Attrition defacement mirror, after we had concluded the project. Below is the summary and one slide from the stats for perspective. This presentation covered the basics of running the Defacement Mirror, problems we ran into, the mirror process,…