Blog Posts
Vulnerabilities: Everybody’s Got One!
In this post, Leigh Metcalf describes how she pulled data from the malvuln project to explore recent vulnerabilities in both malware and non-malware to study the differences.
• By Leigh Metcalf
In CERT/CC Vulnerabilities
Bridging the Gap Between Research and Practice
A fundamental goal for a federally funded research and development center (FFRDC) is to bridge the gap between research and practice for government customers....
• By Leigh Metcalf
In CERT/CC Vulnerabilities
Vulnonym: Stop the Naming Madness!
Spectre. Meltdown. Dirty Cow. Heartbleed.All of these are vulnerabilities that were named by humans, sometimes for maximum impact factor or marketing. Consequently, not every named vulnerability is a severe vulnerability …
• By Leigh Metcalf
In CERT/CC Vulnerabilities
DGA Domains with SSL Certificates? Why?
CertStream is a free service for getting information from the Certificate Transparency Log Network. I decided to investigate the presence of domains....
• By Leigh Metcalf
In CERT/CC Vulnerabilities
Cache Poisoning of Mail Handling Domains Revisited
In 2014 we investigated cache poisoning and found some in some damaging places, like mail-handling domains. It can't be assumed behaviors on the internet continue unchanged....
• By Leigh Metcalf
In Situational Awareness
ACM Digital Threats: Research and Practice... and Columns!
We at CERT are very proud of our collaboration with ACM to create the journal ACM Digital Threats: Research and Practice. One of the goals of the journal is to …
• By Leigh Metcalf
In CERT/CC Vulnerabilities
ACM Digital Threats: Research and Practice
CERT/CC is very excited to announce a new journal in collaboration with ACM called ACM Digital Threats, Research and Practice. The journal (DTRAP) is a peer-reviewed journal....
• By Leigh Metcalf
In CERT/CC Vulnerabilities
Declaring War on Cyber Terrorism...or Something Like That
Buzzwords are a mainstay in our field, and "cyberterrorism" currently is one of the hottest. But how does the definition of "terrorism" change when adding the complexities of the Internet? …
• By Leigh Metcalf, Deana Shick, Eric Hatleback
In CERT/CC Vulnerabilities
Border Gateway Protocol Update Metric Analysis
MRT is a file format used in BGP; in particular, it is used when the router writes updates into a log file....
• By Leigh Metcalf
In CERT/CC Vulnerabilities
Domain Blacklist Ecosystem - A Case Study
Hi all, this is Jonathan Spring with my colleagues Leigh Metcalf and Rhiannon Weaver. We've been studying the dynamics of the Internet blacklist ecosystem....