tumblr.attrition.org

Jul 05

Meerkat Scuffle of the Day

(Source: kidskidskids)

Jul 02

That makes book #10 on my plagiarism shelf, with 5 more in the to-do stack. WTB razors, emo music and vodka.

btw.. @jamesattrition is a sock puppet for @cattechie / @vaidehinbc

…and it seems @caks2257 is Greg Evans’ sockpuppet of the day.

Jul 01

Charlatan Update: Gregory D. Evans, Copyright Violations for Over a Year -

Over one year ago, we documented a case where Evans was plagiarizing content for his Twitter feed. Since then, he has demonstrated a clear pattern of plagiarism and copyright violation. Even after his ‘National CyberSecurity’ web site was ousted by GoDaddy for repeated copyright violations (scraping entire articles and re-posting without permission), Evans continues to do it.

@JosephKBlack: My closest Advisor is a Wizard, after that it's a furry Squirrel! ;0 ~Joe Black
@attritionorg: As a furry squirrel, I advise you to seek a competent psychiatrist. Quickly.

“Installing Installation Manager with the Installation Manager installer ” by the Dept of Redundancy Dept.

Lyger has interesting taste in movies.

Even after all this time, Evans still plagiarizes people he hates.

When I file a bug report with a company, I really want a checkbox for “Have the developer explain how wasted he was when coding that ‘feature’.”

Jun 27

Kitten of the Day via tumblrisforlulz

baboonjunk asked: Why hasn't the attrition staff been retained as official infosec skeptics by the past 3 presidential administrations. They need a dose of rant. Is it because they're afraid?

The political system is full of negativity. Injecting us into the mix was deemed a potential national disaster. Supply of anti-depressants was not available to medicate every citizen. As a result, we turned to Twitter to depress a few million at a time.

Jun 25

@postmodern_mod3: osvdb.org doesn't support SSL. #irony
@OSVDB: Login is over SSL, the public data we maintain is not.
@postmodern_mod3: Ah ha. The link to login should probably be https.
@attritionorg: Did you notice http://postmodern.github.com/ isn't HTTPS? Maybe complain to them first...
@postmodern_mod3: You never submit credentials to postmodern.github.com. Also, why are you replying? @osvdb made their point, issue closed.
@attritionorg: saying OSVDB should be 100% HTTPS and running a site that isn't is #hypocrisy
@attritionorg: because OSVDB uses HTTPS for creds, no reason to use it for the rest of the site. You wasted 15 mins of their lives.
@postmodern_mod3: To clarify, I said 100% https would be "ideal". http is fine for a static site.
@postmodern_mod3: I guess your right. Someone on the internet was wrong.
@jcran: am i wrong in thinking i could grab a cookie over http & use that to change pass?
@attritionorg: possibly. then what? you make changes to a database that require moderation to go live? annoyance at best it seems?
@jcran: but yeah, annoyance at best, it seems #wikipediastillfuctions
@jcran: yeah, i'm behind ssl only where it makes sense, but unless @osvdb reqs old pass to change pass, accounts can be comp'd
@attritionorg: doesn't require an old pass to change, will open a ticket on that. overall, the mods consider HTTP for that site acceptable risk
@jcran: thanks!
@attritionorg: no thank you, hadn't noticed that or I would have ticketed it long ago (begin the mocking)
@jcran: no worries, anyone effing w/ it gets the wrath of a thousand rabid squirrels anyway. #notadvisable
@postmodern_mod3: sorry if I'm wasting more of your time, but could you allow https URLs for /show/osvdb/:id ? It redirects me back to http.
@OSVDB: Can you provide a good reason for this? Again, that is part of the public database, nothing sensitive.
@postmodern_mod3: Also, web.nvd.nist.gov seems to support https requests. So I would think OSVDB should too.
@attritionorg: NVD has a lot of bad habits too, doesn't mean @OSVDB should follow them...
@jkouns: maybe best to just use NVD then if it meets your needs =)

Just bought a box of 80 otter pops. See you bitches in a few days.

Jun 24

Security Rebuttal: Ponemon on Network Breaches [Richmond/Ponemon] -

This is a rebuttal piece to “Security Professionals Say Network Breaches Are Rampant” (2011-06-22) by Riva Richmond (@rivarichmond) of the New York Times.

DEF CON Security Charlatan of the Year Nominations -

So many choices!