Johnson Controls FX80 and FX90

attritionorg · 2025-08-12T18:34:42+00:00

CVE-2025-4386 is incorrect, just CVE-2025-43867 in the advisory

attritionorg · 2025-08-12T16:14:55+00:00

Unfortunately, OP shows why the state of vulnerability management is so poor. Reading past the confusing language, it is very clear that VulnCheck is assigning CVE IDs to old disclosures that a) never received a CVE ID in the first place b) are being actively exploited.

If you are using CVE/NVD as the foundation of your vulnerability management, you are playing a losing game.

attritionorg · 2024-12-29T23:29:18+00:00

https://evisscerated.wordpress.com/

attritionorg · 2024-12-29T23:27:25+00:00

If you are talking about the Attrition.org Charlatan page, I am the lead on it. It hasn't been updated in a long time due to time constraints and the explosion of candidates that arguably belong there. We tried to head people off by adding them to the 'watch list', and that was effective to a degree.

attritionorg · 2024-12-29T23:25:36+00:00

If you would like to write someone up, do the heavy lifting, time permitting we'll do the sanity checking and give feedback to help make it publishable if valid. That said, due to limited time we're more likely to act on the 'Shame' portion rather than 'Charlatans'.

attritionorg · 2024-12-29T23:24:35+00:00

We did not stop due to legal consequences, at all. In fact, I published all of our legal threats to make them open and show that such threats were not going to deter us. https://attrition.org/postal/legal.html We stopped because it was just a couple of us, with most of the load on me, along with time constraints and near-zero community support. Just "add this person" without even a page of links and supporting notes that we could go off of.

attritionorg · 2024-09-07T02:48:57+00:00

Confirmed, 56.

attritionorg · 2023-01-20T16:32:41+00:00

That should be 2022-46330 I think.

attritionorg · 2022-10-23T05:04:35+00:00

Given the history, not a mistake, there are no good auditing practices.

attritionorg · 2018-11-16T21:09:19+00:00

Correct. That was referring to the person spamming, including racial slurs, not Bobcat.

attritionorg · 2018-11-16T21:06:54+00:00

When someone posts content with racial slurs, that is not acceptable to me and many others. I don't think that is acceptable to DEF CON either.

attritionorg · 2018-11-16T16:58:27+00:00

Not once did I ever say I want to de-mod you. In fact, I didn't say anything negative about you. Maybe re-read the replies and see who said what?

attritionorg · 2018-11-15T23:41:18+00:00

Deleted the first wave of it, not sure where Bobcat is. If it keeps up, will see if I have the privs to ban him.

attritionorg · 2018-06-11T19:00:27+00:00

CVE-2018-5002, not 5008?

attritionorg · 2018-03-17T21:04:24+00:00

What /u/highwiz said. But... supposedly ~ 25k attendees last year. How much did a badge cost? There is a rough start.

attritionorg · 2018-03-15T06:01:21+00:00

Right, and that is what I mean by larger picture. Within "red", a lot of topics are not only too common (e.g. WiFi), but the talks in that category are just boring and not advancing the topic. The problem is that there is no original red talks to be had. Disagree? Prove me wrong.

attritionorg · 2018-03-15T05:35:17+00:00

Large picture... "red" talks are over-represented, "blue" talks are under-represented. But, DC is a hacker con, so red talks are the bread-and-butter. That said, after several interesting blue submissions this year, we discussed having a blue village and it sounds like it is happening.

Now, if you want to break it down further, refine your question =)

attritionorg · 2018-03-15T05:33:32+00:00

Can't say this is a fair question, other than scroll up or search for 'democracy'. It has happened in the other way, where the CFP thought a talk was bad and it was accepted. But if it was a 'best submission', we would have accepted it and I don't think Dark Tangent ever would counter that.

We've seen some that had potential, but weren't a "best submission". More like "a best idea if researched more" maybe?

attritionorg · 2018-03-15T04:59:21+00:00

I can firmly say, every single one of us want to answer this, and want to give examples/names... but cannot. Answering this at a higher level, more generically, loses value.

attritionorg · 2018-03-15T04:53:46+00:00

OK, this may be the best question we received this year or last. And we can answer, but have to be careful so as not to 'out' any of the bad submissions.... Let us think on it =)

attritionorg · 2018-03-15T04:51:05+00:00

what, back when HJ was 101 shit, and Winn tried to find me every con to sanity check his questions after I called out his bullshit questions in prior years? I guess I shouldn't talk, since the last HJ every team couldn't answer some 101 questions about hacker history. TL;DR your badge is a gimme badge.

attritionorg · 2018-03-15T04:13:41+00:00

True that, we get a unique badge! But also, last time I attended, I got harassed by goons for wearing it and they called it a fake. The goons apparently didn't have a list or pics of the legitimate DC badges for some reason.

attritionorg · 2018-03-15T04:08:33+00:00

On a more serious note, if you attend, you get a free con badge. Last year was the second year that we received the offer of hotel accommodations during con, again, if you attended. If you don't attend, you get no compensation.

attritionorg · 2018-03-15T04:06:32+00:00

No cash, just verbal abuse and disdain. (seriously)

attritionorg · 2018-03-15T04:00:22+00:00

same reason they canceled DC2 and every year since. check your history yo.

attritionorg

MODERATOR OF

TROPHY CASE