Tag Archives: Jericho

Numb3rs

I’ve been with the OSVDB project for 1000 days. I am responsible for creating 20,667 entries, moderating 7,791 mangler submissions, and mangling 3,480 vulnerabilities myself. The database contains vulnerabilities dating back to 1965, spanning over 40 years. The database contains over 3,800 cross-site scripting, 2,500 SQL injection and 990 remote file inclusion vulnerabilities. Microsoft enjoys around 1,450 entries while Oracle only has 596, with another 75 or so coming when I catch up with my backlog. Since the addition of a Bugzilla system we have filed 807 bugs, 176 of which are still open. Since opening our doors 337 accounts have been created to work on the project, but 293 are now considered M.I.A., 1 is disabled and 20 are considered ‘abducted by aliens’ (meaning they never logged in once). As of this post, there are 28,319 entries in the database; 13646 Stable, 13928 New, 65 being Mangled, 5 Pending moderator review, and 6 Locked. I can’t even begin to count the e-mail we’ve sent and received related to the project and we’ve written 136 entries on this blog.

Social Implications of Keysigning

http://attrition.org/security/rant/z/keysigning.html

Social Implications of Keysigning
Raven & Jericho
Tue May 23 01:41:20 EDT 2006

The use of strong public encryption has always been popular among geeks. Perhaps the most commonly used and most beloved encryption for e-mail is Pretty Good Privacy (PGP); started as a free method for protecting emails or other sensitive information, later turned into a cornerstone for a large company. As PGP became more corporate, costly and used patented algorithms, another project, GnuPG, sprung up to continue to offer strong encryption to the masses.

One foundation of reliable encryption is trust. The use of encryption between two or more people relies on you being sure that the message you sent is properly encrypted to and able to be decrypted solely by the intended recipient. When using a friend’s GPG key, you must be sure that the key was created by and belongs solely to your friend. Otherwise, you may send mail that your friend cannot read (if they don’t have the key you encrypted to), or worse, mail that some other party can read (if that party does have the key you encrypted to).

[..]

Follow

Get every new post delivered to your Inbox.

Join 5,026 other followers