Tag: Rafal Los

  • Squirrel Goes Down the Rabbit Hole … Podcast

    Squirrel Goes Down the Rabbit Hole … Podcast

    On November 17, I joined the three hosts of the Down the Security Rabbithole (DtSR) podcast to talk about CVSS, CVE, and how they play into risk and defending networks. My time followed Robert “RSnake” Hansen’s podcast where he had a pretty controversial take on risk management. One of the hosts, Rafal Los, asked my…

  • Rebuttal: Missing the Value of Bug Bounties

    [This was originally published on attrition.org. This is a rebuttal piece to Is There a Maturity Link Between Software Security Assurance, Bug Bounty Programs? (2010-12-16) by @wh1t3rabbit (Rafal Los).] So what you have to ask yourself as an organization is this: Is the money we’re offering as a bug bounty higher in worth than what the black-market is…

  • Rebuttal: Worst Anecdote …EVER.

    [This was originally published on attrition.org. This is a rebuttal piece to Worst April Fools’ Joke …EVER. (2010-04-01) by @wh1t3rabbit (Rafal Los).] To kick off this month of colossal “whoops-es” I thought I would tell you guys a story from way, way back when the web was young, and “developers” used notepad to write “web sites”. It was…

  • Rebuttal: Put Up or Shut Up Rafal

    [This was originally published on attrition.org. This is a rebuttal piece to Small Office, Big [Software/eHealth] Problems (2010-11-18) by @wh1t3rabbit (Rafal Los).] I’m not saying that open source sofware [sic] has more issues than commercial, closed-source code …but I don’t think I’ll find anyone to argue against that it’s more difficult to find corporate-level accountability with open-source software…

  • Rebuttal: phpMyAdmin XSS – A Quick Commentary

    [This was originally published on attrition.org. This is a rebuttal piece to phpMyAdmin XSS – A Quick Commentary (2010-08-30) by @wh1t3rabbit (Rafal Los).] Wake up phpMyAdmin users – if you haven’t updated to the latest version yet… what are you waiting for? Haven’t you seen the advisory the YEHG released? Advisory, complete with some interesting screen shots here.…

  • Rebuttal: eBay’s Sub-Domains Vulnerable to XSS …again

    [This was originally published on attrition.org. This is a rebuttal piece to eBay’s Sub-Domains Vulnerable to XSS …again (2010-08-27) by @wh1t3rabbit (Rafal Los).] Sometimes, old attack vectors re-appear in places we wouldn’t expect as security professionals. The re-emergence of XSS (Cross-Site Scripting) on eBay’s domains isn’t something you’d expect to see from a company that works so hard…

  • Rebuttal: Yes, I have. Have you really? (on Cyberwar)

    [This was originally published on attrition.org. This is a rebuttal piece to Cyber War – Fact from Fiction in the shadow of the Tallinn Manual (2012-09-14) by @wh1t3rabbit (Rafal Los).] I was asked to provide comment on this blog piece because of my involvement with Josh Corman in presenting on the topic of Cyberwar (PPT) at BruCON in September, 2012.…