Learning our EHR vendor is getting rid of VPN in favor of public HTTPS with nothing but username / password for access controls.

by Travis

Finding out the domain I flagged to the client as ‘imminent threat’ was sinkholed

by FML

My reaction when the project leader answered : “But security was not in the specifications !”

by anonymous submission

Heh, is this a compiler bug?

(via @rich0H)

Watching the proxy logs and seeing a user searching to find a warez site that isn’t blocked

by @innismir

Discovering a 0day that cannot be disclosed due to a non-disclosure agreement

by @jczucco

So, this is what happened to MTGox, they say …

by jopi

Interns observing me during pentests

By @Mekanismen_

$vendor still has a critical 0day in their NAS software a year after I told them about it

by anonymous submission

SecLists shutting down…

by @dmartinez7500

Say it with pixels.
By aloria.