logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git

cve.org-disaster.html (5445B)

    

  1. <!DOCTYPE html>
  2. <html xmlns="http://www.w3.org/1999/xhtml" xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" lang="en">
  3. 	<head>
  4. 		<meta charset="utf-8"/><link rel="stylesheet" type="text/css" href="/css/index.css?serial=2023040701"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="vcs-git" href="https://gitlab.com/lanodan/blog.git" title="gitlab"/><link rel="icon" type="text/css" href="/images/favicon.png?serial=2020111201"/><meta property="og:image" content="/images/avatar.png?serial=2020111201"/>
  5. 		<meta property="og:type" content="article"/>
  6. 		<meta property="og:title" content="The new CVE.org website is a security disaster so I made my own"/>
  7. 		<title>The new CVE.org website is a security disaster so I made my own - lanodan's cyber-home</title>
  8. 	</head>
  9. 	<body>
  10. 		
  11. 		<header>Sorry, I do not value($$$) your privacy. :^) — <a href="/privacy%20policy">Privacy Policy</a></header>
  12. 		<nav><details open="">
  13. 			<summary>Links</summary>
  14. 			<ul>
  15. 				<li><a href="/home">Home</a></li>
  16. 				<li><a href="/about">About</a></li>
  17. 				<li><a href="/projects/">Software Projects</a></li>
  18. 				<li><a href="/animelist">Anime List</a></li>
  19. 				<li><a href="/mangalist">Manga List</a></li>
  20. 				<li><a href="/bookmarks">Bookmarks</a></li>
  21. 				<li><a href="/coding%20style">coding style</a></li>
  22. 				<li><a href="/decreases%20of%20usability">Decreases of usability</a></li>
  23. 				<li><a href="/software%20basic%20needs">Software basic requirements</a></li>
  24. 				<li><a href="/recaptcha">Google ReCaptcha</a></li>
  25. 				<li><a href="/git/">/git/</a></li>
  26. 				<li><a href="/kopimi/">/kopimi/</a>: libre data</li>
  27. 				<li><a href="/librism">Désintox’ / FOSS activism</a></li>
  28. 				<li><a href="/notes/">/notes/</a></li>
  29. 				<li><a href="/standards">standards</a>: opinions on them</li>
  30. 			</ul>
  31. 			<ul>
  32. 				<li><a rel="alternate" type="application/atom+xml" href="https://hacktivis.me/feed.atom">Atom feed</a></li>
  33. 				<li><a href="gemini://hacktivis.me/">gemini-space</a></li>
  34. 				<li><a href="https://lanodan.eu/home">Resume</a></li>
  35. 			</ul>
  36. 		</details></nav>
  37. 	
  38. 		<article>
  39. 		<div xml:lang="en">
  40. <a href="/articles/cve.org-disaster"><h1>The new CVE.org website is a security disaster so I made my own</h1></a>
  41. <p>
  42. 	<code>cve.mitre.org</code>, the <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a> database website I was using instead of NIST's website to avoid a bit of JavaScript started showing <q>NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (<a href="http://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG">details</a>)</q> some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.<br/>
  43. 	I mean, just look at <a href="https://github.com/CVEProject/cve-website/pulls?q=is%3Apr+security">the security-related Pull Requests on it's github repo</a>.
  44. </p>
  45. <p>
  46. 	And even if there wasn't security issues in their new website, requiring Automatic &amp; Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a <abbr title="Common Vulnerability Scoring System">CVSS</abbr> on this thing?
  47. </p>
  48. <p>
  49. 	As I'd rather not sit idly while this shit seems to be coming, I made <a href="https://hacktivis.me/git/cve-client/">cve-client</a>, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the <a href="https://gemini.circumlunar.space/">Gemini protocol</a>, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.<br/>
  50. 	I made the gemini interface available at <a href="gemini://hacktivis.me/cgi-bin/cve">gemini://hacktivis.me/cgi-bin/cve</a>, feel free to make copies<br/>
  51. 	I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.
  52. </p>
  53. </div>
  54. 		<p>
  55. 			<a href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271" rel="replies external">Fediverse post for comments</a>, published on 2021-10-02T21:26:57Z, last updated on 2021-10-02T21:26:57Z
  56. 		</p>
  57. 		</article>
  58. 		<footer>
  59. 			<a href="http://endsoftpatents.org/innovating-without-patents"><img loading="lazy" src="/images/patent_free.png?serial=2020111201" alt="Patent Free"/></a>
  60. 			<a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img loading="lazy" alt="CC-BY-SA" src="/images/cc-by-sa.png?serial=2020111201"/></a>
  61. 			<a href="/anybrowser"><img loading="lazy" src="/images/anybrowser.png?serial=2020111201" alt="Anybrowser campaign"/></a>
  62. 			<a href="http://tstzmgqansvqfzr3qrkehszmlhjqbpqp7pwncrzr72ohyygrnbuu26qd.onion/">.onion</a>
  63. 			<a href="/privacy%20policy">Privacy Policy</a>(2019-11-27)
  64. 			This webthing agrees that <a href="https://simpleweb.iscute.ovh/">simple web is cute</a>~ ♥
  65. 		</footer>
  66. 	</body>
  67. </html>