Posts

Showing posts from January, 2021

2021-01-26: Summary of "CVExplorer: Multidimensional Visualization for Common Vulnerabilities and Exposures"

Image
Figure 1: Overview of 110,766 CVEs reported from 1998 to 2018 obtained from the NVD. Layers are severity classification: low, medium, high, and critical. (Source: Pham et al.) Computing network facilities and data storages in national, industry, academic research labs, and offices are all possible targets of cyber attacks. A network vulnerability analysis, remediation, and alerting tool that can help enhance the security against cyber attacks caused by human error can potentially reduce network vulnerabilities. Even though human error is the most significant cybersecurity vulnerability (e.g., falling for phishing , unrestrained web browsing, and weak passwords ), most commercial  vulnerability scanners are not designed to detect vulnerabilities introduced by humans interacting with the system. In their paper, CVExplorer: Multidimensional Visualization for Common Vulnerabilities and Exposures , Pham et al. introduce a novel interactive system for visualizing cybersecurity threats

2021-01-22 Twitter rewrites your URLs, but assumes you’ll never rewrite theirs: more problems replaying archived Twitter

Image
Figure 1: The tweet replayed in Internet Archives’s Wayback Machine has the t.co URI-M (“/web/20210106213519/https://t.co/Pm2PKV0Fp3”) displayed in the memento . URLs shared on Twitter are automatically shortened to t.co links . Twitter does this to track its engagements and also protect its users from sites with malicious content. Twitter replaces these t.co URLs with HTML that suggests the original URL so that the end-user does not see the t.co URLs while browsing. When these t.co URLs are replayed through web archives, they are rewritten to an archived URL (URI-M) and should be rendered in the web archives as in the live web, without displaying these t.co URI-Ms to the end-user. However, as shown in Figure 1, the tweet replayed in Internet Archive’s Wayback Machine has the t.co URI-Ms (or at least the relative URL, “/web/20210106213519/https://t.co/Pm2PKV0Fp3”) displayed in the tweet itself.  We first noticed the t.co URL displayed in the memento while exploring the archived Twitte