ExploitHub Evolved
Knowing when to call it quits or pivot is an important life skill. Unfortunately, this time has come for ExploitHub.
Category: software
REcon 2012
I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet. I saw and enjoyed more of the lectures this […]
ExploitHub
A few years ago, following the failure of WabiSabiLabi’s 0day auction site, I gave some thought to how to create a public marketplace for exploits that actually works. Obviously given the example of WabiSabiLabi and a little common sense that any vulnerability researcher worth their salt would know, you can’t have a public market for […]
The Folly of a Scheduled Patch Release Cycle
A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers. Since then, many other vendors have followed suit. There are opinions and arguments supporting both a release schedule philosophy as well […]
The Internet is a Dirty, Dirty Mistress
It’s been quite a while since I wrote or updated DFW, the I)ruidic FireWall. Included with that utility is a default iptables firewall policy which the user can use directly, tweak to their liking, or completely throw away and start over from scratch. NetFilter (iptables) has come a long way since I was actively working […]
Vulnerability Disclosure, Cryptography Research, and Open Source
Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two […]