Author

 Lance Cottrell
Facebook
Twitter
LinkedIn
Google+
RSS
E-Mail

Profile of Lance Cottrell

Chief Scientist, Ntrepid
Member Since: 9/12/2014
Author
News & Commentary Posts: 2
Comments: 10

Lance Cottrell founded Anonymizer in 1995, which was acquired by Ntrepid Corp. (then Abraxas) in 2008. Anonymizer's technologies form the core of Ntrepid's Internet misattribution and security products. As Chief Scientist, Lance continues to push the envelope with the new technologies and capabilities required to stay ahead of rapidly evolving threats. A well known expert on security, privacy, anonymity, misattribution, and cryptography, he speaks frequently at conferences and in interviews. He is the principle author on multiple Internet anonymity and security technology patents, having started development of Internet anonymity tools in 1992 while pursuing a PhD in physics, eventually leaving to work on those technologies full time. Lance holds an MS in physics from the University of California, San Diego, and a BS in physics from the University of California, Santa Cruz. He has served on the advisory board of the UCSD Libraries and the American Public University IT Industry Advisory Council.

Articles by Lance Cottrell
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.