seen from Yemen
seen from United States
seen from Canada
seen from Russia
seen from United States
seen from Türkiye
seen from Australia
seen from United States
seen from United States
seen from United States
seen from Türkiye
seen from Poland
seen from France
seen from Türkiye
seen from Netherlands
seen from Türkiye
seen from China
seen from Canada
seen from Netherlands
seen from United Kingdom
Security Software: Holding the Vault Door Open for Criminals
I have been consistently tracking a fun metric around vulnerabilities since March 19, 2024. Before that I would occasionally mention it during talks or chat, but I don’t think I formally blogged about it before this and didn’t track the exact number. So here we are to discuss the prevalence of vulnerabilities in security software, the very thing designed to protect us. As best I recall, 10 – 20…
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Before you publish your end-of-year vulnerability statistics...
Before you publish your end-of-year vulnerability statistics…
TL;DR – The CVE dataset does not allow you to determine how many vulnerabilities were disclosed in 2017. I’ll try to keep this fairly short and to the point, but who am I kidding? Every year for a decade or more, we see the same thing over and over: companies that do not track or aggregate vulnerabilities decide to do their own review and analysis of disclosures for the prior year. Invariably,…
View On WordPress
@postmodern_mod3: osvdb.org doesn't support SSL. #irony
@OSVDB: Login is over SSL, the public data we maintain is not.
@postmodern_mod3: Ah ha. The link to login should probably be https.
@attritionorg: Did you notice http://postmodern.github.com/ isn't HTTPS? Maybe complain to them first...
@postmodern_mod3: You never submit credentials to postmodern.github.com. Also, why are you replying? @osvdb made their point, issue closed.
@attritionorg: saying OSVDB should be 100% HTTPS and running a site that isn't is #hypocrisy
@attritionorg: because OSVDB uses HTTPS for creds, no reason to use it for the rest of the site. You wasted 15 mins of their lives.
@postmodern_mod3: To clarify, I said 100% https would be "ideal". http is fine for a static site.
@postmodern_mod3: I guess your right. Someone on the internet was wrong.
@jcran: am i wrong in thinking i could grab a cookie over http & use that to change pass?
@attritionorg: possibly. then what? you make changes to a database that require moderation to go live? annoyance at best it seems?
@jcran: but yeah, annoyance at best, it seems #wikipediastillfuctions
@jcran: yeah, i'm behind ssl only where it makes sense, but unless @osvdb reqs old pass to change pass, accounts can be comp'd
@attritionorg: doesn't require an old pass to change, will open a ticket on that. overall, the mods consider HTTP for that site acceptable risk
@jcran: thanks!
@attritionorg: no thank you, hadn't noticed that or I would have ticketed it long ago (begin the mocking)
@jcran: no worries, anyone effing w/ it gets the wrath of a thousand rabid squirrels anyway. #notadvisable
@postmodern_mod3: sorry if I'm wasting more of your time, but could you allow https URLs for /show/osvdb/:id ? It redirects me back to http.
@OSVDB: Can you provide a good reason for this? Again, that is part of the public database, nothing sensitive.
@postmodern_mod3: Also, web.nvd.nist.gov seems to support https requests. So I would think OSVDB should too.
@attritionorg: NVD has a lot of bad habits too, doesn't mean @OSVDB should follow them...
@jkouns: maybe best to just use NVD then if it meets your needs =)
