logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 1a3cc92d1e0d1b05e17b55ab2db5fe6345817554
parent 3684a38b3aa6b3d9b6c57c00445f5267dab9b289
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun,  3 Oct 2021 00:17:09 +0200

Articles: The new CVE.org website is a security disaster so I made my own


Diffstat:


Aarticles/cve.org-disaster.shtml15+++++++++++++++


Aarticles/cve.org-disaster.xhtml16++++++++++++++++


Mfeed.atom11+++++++++++


Mhome.shtml1+


4 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/articles/cve.org-disaster.shtml b/articles/cve.org-disaster.shtml
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+<!--#include file="/templates/head.shtml" -->
+		<meta property="og:type" content="article"/>
+		<meta property="og:title" content="The new CVE.org website is a security disaster so I made my own"/>
+		<title>The new CVE.org website is a security disaster so I made my own — Cyber-home of lanodan</title>
+	</head>
+	<body>
+<!--#include file="/templates/en/nav.shtml" -->
+<!--#include file="/articles/cve.org-disaster.xhtml"-->
+		<a href="/articles/cve.org-disaster.xhtml">article only(plain XHTML)</a>
+<!--#include file="/templates/en/footer.shtml" -->
+	</body>
+</html>
diff --git a/articles/cve.org-disaster.xhtml b/articles/cve.org-disaster.xhtml
@@ -0,0 +1,16 @@
+<article xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
+<a href="/articles/The%20new%20CVE.org%20website%20is%20a%20security%20disaster%20so%20I%20made%20my%20own"><h1>The new CVE.org website is a security disaster so I made my own</h1></a>
+<p>
+	<code>cve.mitre.org</code>, the <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a> database website I was using instead of NIST's website to avoid a bit of JavaScript started showing <q>NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (<a href="http://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG">details</a>)</q> some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.<br />
+	I mean, just look at <a href="https://github.com/CVEProject/cve-website/pulls?q=is%3Apr+security">the security-related Pull Requests on it's github repo</a>.
+</p>
+<p>
+	And even if there wasn't security issues in their new website, requiring Automatic &amp; Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a <abbr title="Common Vulnerability Scoring System">CVSS</abbr> on this thing?
+</p>
+<p>
+	As I'd rather not sit idly while this shit seems to be coming, I made <a href="https://hacktivis.me/git/cve-client/">cve-client</a>, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the <a href="https://gemini.circumlunar.space/">Gemini protocol</a>, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.<br />
+	I made the gemini interface available at <a href="gemini://hacktivis.me/cgi-bin/cve">gemini://hacktivis.me/cgi-bin/cve</a>, feel free to make copies<br />
+	I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.
+</p>
+<p><a href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271">Fediverse post for comments</a>, published on 2021-10-02T21:26:57Z, last updated on 2021-10-02T21:26:57Z</p>
+</article>
diff --git a/feed.atom b/feed.atom
@@ -11,6 +11,17 @@
 
 	<!-- new.sh: new articles here -->
 	<entry>
+		<title>The new CVE.org website is a security disaster so I made my own</title>
+		<link rel="alternate" type="text/html" href="/articles/cve.org-disaster"/>
+		<id>https://hacktivis.me/articles/cve.org-disaster</id>
+		<published>2021-10-02T21:26:57Z</published>
+		<updated>2021-10-02T21:26:57Z</updated>
+		<content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<!--#include file="/articles/articles/cve.org-disaster.xhtml"-->
+		</div></content>
+	</entry>
+
+	<entry>
 		<title>(Semi-)Automatic opening of Files</title>
 		<link rel="alternate" type="text/html" href="/articles/filetype%20automation"/>
 		<id>https://hacktivis.me/articles/filetype%20automation</id>
diff --git a/home.shtml b/home.shtml
@@ -55,6 +55,7 @@
 			<li>2021-04-07: <a href="/articles/self-hosting">self-hosting</a></li>
 			<li>2021-04-20: <a href="/articles/BadWolf%2C%20two%20years%20later">BadWolf, two years later</a></li>
 			<li>2021-08-22: <a href="/articles/filetype%20automation">(Semi-)Automatic opening of Files</a></li>
+			<li>2021-10-03: <a href="/articles/cve.org-disaster">The new CVE.org website is a security disaster so I made my own</a></li>
 		</ol>
 	</main>
 <!--#include file="templates/en/footer.shtml" -->