Tag Archives: Vulnerability Disclosure

Fare Timing Attacks on the Long Island Railroad (LIRR)

January 31, 2008 – 6:00 am – The Long Island Rail Road (map) is run by the MTA and is the primary way for the majority of people who live on Long Island commute into NYC for work. I noticed the same phenomena occurring a number of times and then realized that people were using timing attacks to get free rides on […] …
By | Posted in CSO/CISO Perspectives, Human Elements, InfoSec Economics, Risk Analysis, Technical | Also tagged , , | Comments (0)

Why I no longer report website vulnerabilities that I stumble upon…

November 19, 2007 – 6:00 am – I wrote this in July 2007 but decided against publishing it at the time. In July, I felt that I did not have a significant, publicly known case to help make the argument legitimized. The Dan Egerstad case prompted me to change my opinion. —- There was a time that if I found a vulnerability…
By | Posted in General | Also tagged , , , , | Comments (5)

Exclusive: Tribeca Film Festival has Software Glitch

April 7, 2007 – 11:10 am – (Update 4/8/2007 – 3:12PM): A representative from TFF contacted me as a professional courtesy and explained the measures they are taking to correct the issue and prevent it in the future. As an organization they are really responsive and care about their customers. It’s my professional…
By | Posted in Information Security News, Security in Popular Culture, Technical | Also tagged , , | Comments (2)

Patent No. 7,124,197: ARP Poisoning Hack!

February 2, 2007 – 7:23 am – Can one patent a hack? Great question: report here. …
By | Posted in General | Also tagged , | Comments (1)

Week of Oracle Bugs Canceled

November 29, 2006 – 6:54 pm – While I pointed out my concern regarding the Week of Oracle Bugs, I speculate that this was canceled due to legal reasons. I have no proof though. …
By | Posted in General | Comments (0)