• CryptoCurrency, Blockchain, & SCADA

    [This was originally published on RiskBasedSecurity.com in the 2018 Q1 Vulnerability QuickView Report.] CryptoCurrency and Blockchain: The Latest Rage Blockchain technology, the foundation of CryptoCurrency such as Bitcoin, Ethereum, and countless others is starting to dominate the news. With the wild ride of Bitcoin prices, where one coin was worth around $19,000 in December, 2017 […]

  • 2013 Superdome Outage a Hack? The Value of Post-Incident Investigations.

    [This was originally published on the OSVDB blog.] As we approach the pinnacle of U.S. sportsball, I am reminded of the complete scandal from a past Superbowl. No, not the obviously-setup wardrobe malfunction scandal. No, not the one where we might have been subjected to a pre-recorded half-time show. The one in 2013 where hackers […]

  • The problem with SCADA goes deeper…

    [This was originally published on the OSVDB blog.] We know SCADA is virtual swiss cheese, ready to be owned if someone can reach a device. We have preached airgaps for decades, even before we knew how bad the software was. Back then it was just, “this is so critical, it has to be separate!” The […]

  • Security News Jumped the Shark, Then Beat It With a Rubber Hose

    Anything strike you, the seasoned InfoSec professional, as odd about this batch of headlines? For over a decade, I have been speaking out against bullshit news articles when it comes to security and hackers. It got so bad in the past, I had to stop updating the ‘Media’ section of Errata, because so many articles […]

  • “Threat Intelligence”, not always that intelligent.

    I’ve been in the security arena for some time now, like many of my friends and colleagues. For over a decade, we have been presented with several vendors that deliver yearly reports summarizing various attributes of the industry: vulnerabilities, hack attacks, spam, malware, breaches, and more. They are typically delivered in summaries that can be […]

  • Ferreting Out Unique Vulnerability Data in OSVDB

    [This was originally published on the OSVDB blog.] In previous blog posts and on Twitter, I have shown and mentioned various methods for searching OSVDB to find interesting data. However, there is no written guide to the ins-and-outs of the data. The search interface is simple enough, but it can be used in a manner […]

  • Coffee makers are SCADA, right?!

    [This was originally published on the OSVDB blog.] Steven Christey of CVE posted asking a question about VDBs and the inclusion of coffee makers. Yes, you read that correctly, vulnerabilities are being found in coffee makers that are network accessible. Don’t be surprised, we all knew the day was coming when every household appliance would […]