Tag: Google

  • Forbes: Lazy Vulnerability Reporting & A Bit of Bias

    It may have been almost two decades ago, I joked with colleagues that many Information Security news articles could just be done via Mad Libs. We later joked that breach notifications often appeared to be done via Mad Libs, using the same phrases with different organization names and the number of affected customers. Over the…

  • My Photography is Popular

    According to Ken Rockwell, via the first result of a Google search, the definition of a professional photographer is someone: .. who earns 100% of his income from photography. This is the definition required for entrance into the secret Nikon and Canon factory support organizations. People who earn less than 50% of their income from…

  • Search Speak for Automaton

    Search Speak for Automaton

    Alternate titles for this blog could be “Doodle Transition for Machina” perhaps! For at least a decade I have thought about just such an application and today I have Google Translate for Android. Load, aim, and it will process the text and translate on screen for you. Given the state of technology you would think…

  • Thoughts on 0-days and Risk in 2020

    [Stupid WordPress. This was scheduled to publish Nov 23 but didn’t for some reason. Here it is, a bit late…] On Friday, Maddie Stone from the Google P0 team Tweeted about the 0-day exploits her team tracks. As someone who checks that sheet weekly and tracks vulnerabilities, including ones ‘discovered in the wild’, this is…

  • An Analysis of Google’s Project Zero and Alleged Vendor Bias

    [This was originally published on RiskBasedSecurity.com.] Google announced a new initiative called Project Zero. The basic premise of the project was that Google invests heavily in their own security and had for quite some time been also tasking their researchers part time work on improving the security of other high-profile products. Project Zero is Google’s…

  • Microsoft’s latest plea for CVD is as much propaganda as sincere.

    [This was originally published on the OSVDB blog.] Earlier today, Chris Betz, senior director of the Microsoft Security Response Center (MSRC), posted a blog calling for “better coordinated vulnerability disclosure“. Before I begin a rebuttal of sorts, let me be absolutely clear. The entire OSVDB team is very impressed with Microsoft’s transition over the last…

  • Stop Using Google, It’s Dangerous!

    [This was originally published on the OSVDB blog.] Reported Phishing/Vulnerable Site! The web site http://www.google.com has been reported as a vulnerable site that may pose a threat to your web browsing. Vulnerable sites do not prioritize security and don’t care about their users and customers. These sites may pose a risk to you, exploit the…

  • OSVDB Chosen for Google Summer of Code 2007

    [This was originally published on the OSVDB blog.] For the second year now, OSVDB has been selected to participate in the Google Summer of Code program. It’s pretty neat to be in this program along with other relatively unheard of projects like Debian, FreeBSD, GNU, KDE, NetBSD, OpenSolaris, PHP, PostgreSQL, Python, Samba, Apache, EFF, Fedora…

  • Google VulnSearch?

    [This was originally published on the OSVDB blog.] Fall behind and someone will always beat you to the punch! Gadi Evron posted an entry over at Securiteam on the topic of using Google’s Codesearch to find vulns. Since he and others are writing about this, I don’t have to! However, i’ll post a few more…

  • Google Device Vulnerabilities, EULA and More…

    [This was originally published on the OSVDB blog.] H D Moore recently wrote that he discovered several vulnerabilities in Google Search Appliances. You can find details of these on the Metasploit Vulnerability Page, as well as search OSVDB for the corresponding entries. Normally this wouldn’t be worth posting about, however Moore’s comments on the Google…