Tag: Rebuttal

  • Advisories != Vulnerabilities, and How It Affects Statistics

    [This was originally published on the OSVDB blog.] I’ve written about the various problems with generating vulnerability statistics in the past. There are countless factors that contribute to, or skew vulnerability stats. This is an ongoing problem for many reasons. First, important numbers are thrown around in the media and taken as gospel, creating varying…

  • Rebuttal: Put Up or Shut Up Rafal

    [This was originally published on attrition.org. This is a rebuttal piece to Small Office, Big [Software/eHealth] Problems (2010-11-18) by @wh1t3rabbit (Rafal Los).] I’m not saying that open source sofware [sic] has more issues than commercial, closed-source code …but I don’t think I’ll find anyone to argue against that it’s more difficult to find corporate-level accountability with open-source software…

  • Rebuttal: phpMyAdmin XSS – A Quick Commentary

    [This was originally published on attrition.org. This is a rebuttal piece to phpMyAdmin XSS – A Quick Commentary (2010-08-30) by @wh1t3rabbit (Rafal Los).] Wake up phpMyAdmin users – if you haven’t updated to the latest version yet… what are you waiting for? Haven’t you seen the advisory the YEHG released? Advisory, complete with some interesting screen shots here.…

  • Rebuttal: eBay’s Sub-Domains Vulnerable to XSS …again

    [This was originally published on attrition.org. This is a rebuttal piece to eBay’s Sub-Domains Vulnerable to XSS …again (2010-08-27) by @wh1t3rabbit (Rafal Los).] Sometimes, old attack vectors re-appear in places we wouldn’t expect as security professionals. The re-emergence of XSS (Cross-Site Scripting) on eBay’s domains isn’t something you’d expect to see from a company that works so hard…

  • Rebuttal: Yes, I have. Have you really? (on Cyberwar)

    [This was originally published on attrition.org. This is a rebuttal piece to Cyber War – Fact from Fiction in the shadow of the Tallinn Manual (2012-09-14) by @wh1t3rabbit (Rafal Los).] I was asked to provide comment on this blog piece because of my involvement with Josh Corman in presenting on the topic of Cyberwar (PPT) at BruCON in September, 2012.…

  • Rebuttal: Dear Cyber Avengers; Encouragement and a Gift

    [This was originally posted on attrition.org. This is a rebuttal of sorts, to a tweet by @Beaker (10/18/2012) and a follow-up tweet by @Raistolo. This rebuttal basically wrote itself, as almost all of the data comes from the presentation “Cyberwar: Not what we were expecting” by @JoshCorman and myself.] While I am sure Beaker is not dropping his cloudy dealings…

  • Rebuttal: For it’s one, two, three strikes, you’re out…

    [This was originally published on attrition.org. This is a rebuttal piece and rant regarding Hacker Switches Sides to Help Public Safety Stave Off Cyber Attacks (Aug 10, 2011), a subsequent article, and communication with Mary Rose Roberts and her editor Glenn Bischoff. Yes, I realize this is not a timely response, but it has remained on my…

  • Rebuttal: Got One Part Right; You Fail

    [This was originally posted on attrition.org. This is a rebuttal to Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet (June 1, 2012) by Mikko Hypponen. There are several updates to this article at the end, based on replies from a variety of people including Mikko.] The antivirus market is worth over 4 billion dollars, with a…

  • Rebuttal: Bingo Motherfucker

    [This was originally posted on attrition.org. This is a rebuttal piece to “RSA Buzzword Bingo” (Feb 25, 2012) by Daniel Cornell, Principal at Denim Group. In his blog, Cornell creates some ‘Bingo’ cards to take along to the RSA Security Conference. RSA is well known for being the “Comdex of security conventions”, where vendor hype and self-congratulation are the norm,…

  • Rebuttal: Matthew Hughes, Puppy Kicker

    [This was originally published on attrition.org. This is a rebuttal piece to “Shame on Attrition.org” (2011-07-11) and subsequent tweets by Matthew Hughes. (Update: After reading this piece, Hughes has posted his own rebuttal to this page.)] Earlier today, Matthew Hughes released a libelous and irresponsible post scolding Attrition.org for the “leakage of Gregory D Evans’s psychiatric documents”. He refers…