Tag: Wh1t3rabbit

  • Rebuttal: Missing the Value of Bug Bounties

    [This was originally published on attrition.org. This is a rebuttal piece to Is There a Maturity Link Between Software Security Assurance, Bug Bounty Programs? (2010-12-16) by @wh1t3rabbit (Rafal Los).] So what you have to ask yourself as an organization is this: Is the money we’re offering as a bug bounty higher in worth than what the black-market is…

  • Rebuttal: Worst Anecdote …EVER.

    [This was originally published on attrition.org. This is a rebuttal piece to Worst April Fools’ Joke …EVER. (2010-04-01) by @wh1t3rabbit (Rafal Los).] To kick off this month of colossal “whoops-es” I thought I would tell you guys a story from way, way back when the web was young, and “developers” used notepad to write “web sites”. It was…

  • Rebuttal: Put Up or Shut Up Rafal

    [This was originally published on attrition.org. This is a rebuttal piece to Small Office, Big [Software/eHealth] Problems (2010-11-18) by @wh1t3rabbit (Rafal Los).] I’m not saying that open source sofware [sic] has more issues than commercial, closed-source code …but I don’t think I’ll find anyone to argue against that it’s more difficult to find corporate-level accountability with open-source software…

  • Rebuttal: phpMyAdmin XSS – A Quick Commentary

    [This was originally published on attrition.org. This is a rebuttal piece to phpMyAdmin XSS – A Quick Commentary (2010-08-30) by @wh1t3rabbit (Rafal Los).] Wake up phpMyAdmin users – if you haven’t updated to the latest version yet… what are you waiting for? Haven’t you seen the advisory the YEHG released? Advisory, complete with some interesting screen shots here.…

  • Rebuttal: eBay’s Sub-Domains Vulnerable to XSS …again

    [This was originally published on attrition.org. This is a rebuttal piece to eBay’s Sub-Domains Vulnerable to XSS …again (2010-08-27) by @wh1t3rabbit (Rafal Los).] Sometimes, old attack vectors re-appear in places we wouldn’t expect as security professionals. The re-emergence of XSS (Cross-Site Scripting) on eBay’s domains isn’t something you’d expect to see from a company that works so hard…

  • Rebuttal: Yes, I have. Have you really? (on Cyberwar)

    [This was originally published on attrition.org. This is a rebuttal piece to Cyber War – Fact from Fiction in the shadow of the Tallinn Manual (2012-09-14) by @wh1t3rabbit (Rafal Los).] I was asked to provide comment on this blog piece because of my involvement with Josh Corman in presenting on the topic of Cyberwar (PPT) at BruCON in September, 2012.…