Damien Hull

@[email protected]
65 Followers
109 Following
77 Posts
Security Engineer, part of a GRC team and recently PCI QSA certified. Always interested in learning more about security and IT.
Websitehttps://section9.us
Damien HullApr 16, 2025
BrianKrebsApr 15, 2025

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

USAspending.gov

Damien HullDec 29, 2022
Sweet! Got /etc up in #github using #etckeeper. Version control for /etc. https://github.com/wertarbyte/etckeeper
GitHub - wertarbyte/etckeeper

Contribute to wertarbyte/etckeeper development by creating an account on GitHub.

GitHub
Damien HullDec 29, 2022
Trying to learn the ways of #github. Need to manage a Linux server configuration. Plus a few other config files. git seems to be a bit of a learning curve for me.
Damien HullDec 24, 2022
Show threadGlyphDec 23, 2022
2. You are still in a way better position, having used a password manager, then you would have been if you just reused passwords or used some predictable scheme for them. This is NOT some kind of proof that password managers (even cloud password managers) are inherently a bad idea. The alternatives are worse.
Damien HullDec 23, 2022
@Johnnie Yeah, AES-256 is a tough nut to crack. I'm not rushing to make any changes. And thanks for the reminder. Helps to have things put into perspective.
Damien HullDec 23, 2022

@Johnnie I was just told that in this case MFA doesn't matter. Someone who knows more about this than I do said MFA is only for online access.

This is soul crushing news if it is true.

Damien HullDec 23, 2022

@dismantl Agreed! Also hoping password managers start encrypting all user data. Seems like more work to encrypt some but not all data.

Just create an encrypted blob and put user data in blob. How hard is that?

Damien HullDec 23, 2022
@astralcomputing Thanks for the info. And yes, I'd say LastPass is easier to use.
Show threadDamien HullDec 23, 2022
@defaultvlan @iamkale Yeah, I had some issues with the bitwarden interface. Need to do some testing with 1Password. I haven't used it in a while.
Damien HullDec 23, 2022
@Johnnie Thank the gods I turned on MFA. I feel much better now. Still shocked that not all my data is encrypted.