@attritionorg I entered "web security" in 2000, so can't speak much about 1999, but even then, SQLi vulns were very rare to hear about.
@jeremiahg @stevewerby thinking about writing more on the history of vulns (the diff classes), as well as a preso on it w/ a diff slant.
-
-
@attritionorg the history of vuln classes, especially on the web, is rather colorful. that's for sure. even the names are funny.@stevewerby -
@jeremiahg@stevewerby I'd do more than web-based vulns as well. More fascinating to me given longer histories.
End of conversation
New conversation -
-
-
@attritionorg@jeremiahg I was digging for the the history of CSRF after I read your post. A lot of those newer to the field would likely -
@stevewerby oh man, CSRF has had like 4 different names and dates back a LONG time.@attritionorg -
@jeremiahg@attritionorg I'm just glad someone hasn't renamed it something ending in "jacking" and bombarded media with their new discovery. -
@stevewerby pardon me for a moment, I've got to send an email to our marketing dept. and halt a press release. ;)@attritionorg
End of conversation
New conversation -
-
-
@attritionorg@jeremiahg be surprised how long some vuln classes have been around and how much more quickly they're widely exploited. -
@stevewerby@jeremiahg That is kind of the idea behind the preso I have in mind, along with many other points people seem to miss. -
@attritionorg@stevewerby@jeremiahg I'd be curious as to vuln[0] for various weaknesses. First discussion of BO that I know of is 1972... -
@gdead@attritionorg@stevewerby@jeremiahg 1972? First one I ever saw was the USAF's 1974 multics security paper http://seclab.cs.ucdavis.edu/projects/history/papers/karg74.pdf … -
@youbetyourballs@gdead We have a lot of historic MULTICS vulns from 74 - 79, no "overflow" though. http://bit.ly/12TWvws
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.