Tag: OSVDB

  • OSVDB Chosen for Google Summer of Code 2007

    [This was originally published on the OSVDB blog.] For the second year now, OSVDB has been selected to participate in the Google Summer of Code program. It’s pretty neat to be in this program along with other relatively unheard of projects like Debian, FreeBSD, GNU, KDE, NetBSD, OpenSolaris, PHP, PostgreSQL, Python, Samba, Apache, EFF, Fedora…

  • Month of MySpace Bugs (MOMSB)

    [This was originally published on the OSVDB blog.] Yes, the trend continues and gets more .. odd. The Washington Post decided to cover this story giving it more attention than it probably deserves. From the home page of the effort: The purpose of the exercise is not so much to expose Myspace as a hive…

  • Month of PHP Bugs

    [This was originally published on the OSVDB blog.] Hell hath no fury like a PHP developer scorned… http://blog.php-security.org/archives/46-Month-of-PHP-bugs.html During the last months there have been the Month of the Browser bugs and the Month of the Kernel bugs projects that tried to raise awareness for security vulnerabilities in browsers and kernels. After thinking a bit…

  • The Perfect Patch Storm

    [This was originally published on the OSVDB blog.] Steven Christey of CVE recently commented on the fact that Microsoft, Adobe, Cisco, Sun and HP all released multi-issue advisories on the same day (Feb 13). My first reaction was to come up with an amusing graphic depicting this perfect storm. Due to not having any graphic…

  • Month of .. who?!

    [This was originally published on the OSVDB blog.] http://rixstep.com/2/20070104,00.shtml A Month of Rixstep Bugs It’s a win-win proposition. Starting now and for the duration of January 2007 Rixstep will be holding a ‘Month of Rixstep Bugs’ campaign: find a bug in any Rixstep software product and win a prize. It’s not a win-win proposition, it…

  • reply: MJR: The Vulnerability Disclosure Game: Are We More Secure?

    [This was originally published on the OSVDB blog.] The Vulnerability Disclosure Game: Are We More Secure?http://www2.csoonline.com/exclusives/column.html?CID=28072By Marcus J. Ranum Do you remember the original premise of the disclosure game? By publicly announcing vulnerabilities in products we will force the vendors to be more responsive in fixing them, and security will be better. Remember that one?…

  • reply: Microsoft: Responsible Vulnerability Disclosure Protects Users

    [This was originally published on the OSVDB blog.] Microsoft: Responsible Vulnerability Disclosure Protects Usershttp://www2.csoonline.com/exclusives/column.html?CID=28071By Mark Miller, Director, Microsoft Security Response Center Responsible disclosure, reporting a vulnerability directly to the vendor and allowing sufficient time to produce an update, benefits the users and everyone else in the security ecosystem by providing the most comprehensive and highest-quality…

  • Bogus RFI Reports Getting Out of Hand

    [This was originally published on the OSVDB blog.] I know we’re all getting tired of the Remote File Inclusion (RFI) vulnerabilities being disclosed that end up being debunked, but this one takes the cake so far (yes I’m behind on e-mail). Fri Jun 16 2006http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html(1) path/action.php, and to files in path/nucleus including (2) media.php, (3)…

  • [product] (script.php) Remote File Include [exploit|vulnerability]

    [This was originally published on the OSVDB blog.] Somewhere out there is a point-and-click web application that allows neophyte “security researchers” (yes, that is a joke) to quickly whip up their very own Bugtraq or Full-Disclosure post. I’m sure others have noticed this as well? More and more of the disclosures have too much in…

  • January Set As ‘Month Of Apple Bugs’

    [This was originally published on the OSVDB blog.] January Set As ‘Month Of Apple Bugs’http://www.informationweek.com/news/showArticle.jhtml;?articleID=196701178 The “Month of Apple Bugs” project, which will be similar to November’s “Month of Kernel Bugs” campaign, will be hosted by the kernel bug poster who goes by the initials “LMH,” and his partner, Kevin Finisterre, a researcher who has…