Josh and Kurt talk about hackers using emergency data requests to gain access to sensitive data. The argument that somehow backdoors can be protected falls under this problem. We don’t yet have the technical or policy protections in place to actually protect this data. We also explain why this zlib issue got a 2018 CVE ID in 2022.Continue reading “Episode 318 – Social engineering and why zlib got a 2018 CVE ID”
Search results for: cve
It’s time to fix CVE
The late, great, John Lewis is well known for a quote about getting into trouble. Never, ever be afraid to make some noise and get in good trouble, necessary trouble. It’s time to start some good trouble. Anyone who knows me, reads this blog, or follows me on Twitter, is well aware I have beenContinue reading “It’s time to fix CVE”
Episode 261 – DWF is back! Welcome to community powered CVE
Josh and Kurt talk about DWF. It’s back and the intention is to have real community driven security identifiers! Show Notes Committee vs Community dwflist repo dwf-request tooling repo dwf-workflow policy repo CVE plateua graph iwantacve.org
Episode 178 – Are CVEs important and will ransomware put you out of business?
Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. Show Notes Games Done QuickContinue reading “Episode 178 – Are CVEs important and will ransomware put you out of business?”
Episode 83 – XKCD + CVE = XKCVE
Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 51 – All about CVE
Josh and Kurt talk to Dan Adinolfi about CVE. Most anything you ever wanted to know about CVE is discussed. Show Notes CVE The MITRE Corporation Mikko Hypponen CVE Form CVE CNA Rules Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Inverse Law of CVEs
I’ve started a project to put the CVE data into Elasticsearch and see if there is anything clever we can learn about it. Ever if there isn’t anything overly clever, it’s fun to do. And I get to make pretty graphs, which everyone likes to look at. I stuck a few of my early resultsContinue reading “Inverse Law of CVEs”
Episode 21 – CVE 10K Extravaganza
Josh and Kurt talk about CVE 10K. CVE IDs have finally crossed the line, we need 5 digits to display them. This has never happened before now. Show Notes OpenSSH CVE10K assignments CVE-2016-10005 CVE syntax change CVE Numbering Authorities OpenSSH Security Advisory C to HDL Reboot Boeing Dreamliner One person writes most Linux video camera drivers DonaldContinue reading “Episode 21 – CVE 10K Extravaganza”
Episode 13 – CVE: The metric system of security
Josh and Kurt talk about CVE, DWF, and the future of flaw reporting. Show Notes CVE CVE Candidates (CAN) DWF NVD Open Source Security Mailing List Larry Cashdollar’s Defcon talk Metric Inch Comment on Twitter
Episode 344 – Python tarfile – 2022 is nothing like 2007
Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs what’s OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022. Show Notes
Open Source Security 