BlueHat @ Microsoft

March 10, 2006

Recently I attended a cool event at Microsoft called BlueHat, you may have heard about it.  Read about it more here.


I happened to come across this site during some surfin’ and was thoroughly surprised by this page:… because it really is a page of frequently asked questions… there’s no answers!

Security Fix – Brian Krebs on Computer and Internet Security – (

Okay so this article is discussing security flaws published by CERT, 812 for Windows & 2000+ for Unix/Linux.  First of all, you shouldn’t be lumping all *nix bugs together, I’d like to see the breakdown by individual OS and also see what percentage of those bugs are found in multiple systems (i.e. security bugs found in multiple flavors of Linux because of the shared code vs. bugs introduced only into that version’s code).  Working in security myself (mostly application security, for the ACE Team), I have to say that this is basically useless information.  Why?  Because security bugs are wide and varied, with different degrees of severity, exploitability and reproducibility (btw: is that a word?). 

For example, we log lots of low severity bugs, (we have basically 5 severity levels) but only require the high severity bugs to be fixed.  Why?  Because only those bugs can be exploited in someway.  Whats a low severity, non-exploitable bug you say?  One that doesn’t follow best practice, or goes against the doctrine of defense in depth.  More on that in another post.  My point being that security is not a cut and dried, black and white “812 flaws, 2000+ flaws” type of deal, each bug has its own merits and severity resulting in a variety of actions.

More Chuck Norris. Rated.

December 31, 2005

More Chuck Norris.  (some of these you may have already seen, but still interesting to see the top rated Chuck Norris facts).

Chuck Norris & Courage

December 30, 2005

Another Chuck Norris fact.  That’s right, fact.

Lewis Black vs. Chuck Norris

December 30, 2005

Chuck Norris went to school for a degree in Chuck Norris
Lewis Black didn’t go to school, but if he did I’m sure he could have also gotten a degree in Chuck Norris.  However is Chuck Norris able to whoop George W with his linguistic gymnastics?  Advantage: Black.

This is pretty cool.  Sorry I forgot which blog I first found it on… so can’t credit.