Welcome to the aforementioned slinky and sultry Web 2.0 crap.
Navigation
Tags
attrition: advisory errata archive vendor_fail news charlatan lazlo security_comp_fail going_postal rant box_of_shit movie_review book_review music_review contest buy_shit
twitter: technical_difficulties unsolicited_updates foursquare wefollow musings imdb dmfail
hobbies: critter_of_the_day squirrel guinea_pig stalking
related: osf datalossdb conference osvdb
type: quote screenshot photo video tweet audio question chat link
Links
Tools
-
State of the Attrition Address (redux)
As you may *not* have noticed, Attrition has had a little bit of downtime lately. For the most part, this has been limited to business hours, Monday through Friday, from opening to closing bells on the world financial markets. It all began long ago, in a galaxy far, far away…
The last time this happened, there was a slight issue with noise coming from the box. The problem had been dealt with swiftly each time; as the box made sounds signalling its impending doom, it was kicked. Notice that the previous “kicked” was not in quotation marks; it was literally *kicked* with a human foot to make the noise stop. This solution actually worked… for about a month. Much as the way that Cancer Omega kicks liberals, the noises soon stopped, but the whining soon started again. It was then decided that a new box would be deployed, and what we have been using since then has simply been called “New Forced”.
1 year ago -
Book Review: American Conspiracies: Lies, Lies, and More Dirty Lies that the Government Tells Us
It shouldn’t matter whether you believe in one, some, many, or all of the “conspiracy theories” discussed in “American Conspiracies” to be able to take a more critical look at each event and decide for yourself what you believe to be the truth. As we state on attrition.org’s Charlatans page: “Read the material with a grain of salt; don’t implicitly trust us. Make your own decisions based on all the facts you can find, not just what you read here”. Whether or not you agree with Ventura’s take on each chapter of the book, at the very least “American Conspiracies” is an interesting read about some of the most historical (and tragic) events in United States history.
1 year ago -
Ultimate Hacker Sticker Collection on eBay
Update: The auction concluded, with Israel Torres winning the sticker collection, three shirts (OSVDB, DatalossDB, HNN), a flask and a wonderful array of shit. The auction raised $295.00 for the Open Security Foundation and we appreciate all who bid.
Bottom Line
We know you’re too busy to help on OSVDB or DatalossDB, don’t have the interest in volunteering, whatever. But, you can now help out in a small way while benefiting yourself with a unique box of swag.
BID NOW HEATHEN
1 year ago -
Rant: Layman-"Hackers" Driving Up Searches for Beef Jerky
d2d:
A foreword is in order here: To all those people, including acquaintances, who have thoroughly enjoyed the living hell out of ClubBing prizes, I apologize if this causes you stress and discomfort. Fear not though, as I doubt it’ll bring about any substantial change, and I’m certain you’ll continue receiving your “Bing” branded crud in the mail on a weekly basis. Unfortunately for me, I never got around to trying to build a “Bing” prize room, but I can assure you that I’ve lived vicariously through watching your bots run in the background every minute of every day. But I digress…
1 year ago -
Rant: Ejection Seats, Cooking Dinner, and Vuln Disclosure
d2d:
So what is actually responsible or ethical? The lines are blurred quite a bit. The “responsible” method is also the “painful”, “expensive”, and often “ineffective” method that gets little resolved for exponentially more work, time and money. Is all that waste not irresponsible? What about all of the other organizations unknowingly affected by things I’ve found, organizations who never got a heads-up, no less a patch, because my attempts at “responsible” disclosure failed? How is that in any way “responsible” or “ethical”? Sure, you could say “disclose responsibly to responsible vendors”, but you don’t know who is going to handle your findings properly until you start the process. At that point you’ve lost your anonymity and all the simplicity that comes with it. The minute your disclosure is tied to your organization, you have all manner of legalities and politics to deal with, both internally and externally.
I’m losing my patience with doing things “responsibly”.
1 year ago -
Box of Shit History
Some time ago, Jericho decided to clean house a bit. This involved getting rid of leftovers from the fridge, old computer equipment and a wide variety of ‘shit’ that had accumulated over the years. Just giving it up to the trash or Goodwill wasn’t enough. Instead, he took some of the best items and boxed it up to ship off to Lyger. No documentation exists from this event, but believe me, a certain level of trama was established.
1 year ago -
Movie Review: Precious
cji:
Last night I watched what was probably the most depressing movie I’ve seen since Requiem for a Dream (which was depressing because the Jennifer Connolley scenes weren’t longer). “Precious” is about a sixteen-year-old African American girl, played by newcomer Gabourey Sidibe, growing up in Harlem in 1987. Every time you think “Wow, this girl has the worst life ever”, the plot adds something else to show you how it could, in fact, be worse. First the obvious: she looks dangerously obese (supported by her eating habits of fried chicken and pigs feet). Then you meet her mother, who beats her until she’s unconscious. And then you learn this sixteen-year-old is not only pregnant, but has another baby already - with Down Syndrome. Oh, and both times she got pregnant due to being raped. By her father. The downward spiral doesn’t end there, but I’ll keep from spoiling most of it.
1 year ago -
Lazlo and HNN: We Gotta Talk
So… it looks like Space Rogue from Hacker News Network wanted to be “nice” to me and ACK’d my existence in a HNNCast. about 6:55 in there, he mentions me… and then says “a STUPID NAME for a STUPID LOOKING SQUIRREL!” WTF?!? he said “you know we love you attrition”… well, DUH. if you’re going to pick on attrition, mention Jericho’s peanut butter fetish or make fun of Lyger for… well, for being Lyger, but you can leave ME out of it, i’m a SQUIRREL, dammit. i like nuts. and sprog is just mad because my granpappy used to spell check his news posts on the original HNN back in 1937 or whenever it was. JERK!
[…]
so here’s the deal, space rogue: you mentioned me first, so you must need me. our offer: we’ll give you 4 walnuts, 18 peanuts and 1 flask in return for a 10 second HNN video sponsorship, 3 RED shirts and 13 minutes of squirrel love with Courtnee.
2 years ago -
Mascot named. Meet...
Almost a month ago, those slack ass bastards that call themselves attrition staff figured I need a name. They got a lot of feedback from you worthless lot of heathens and failed to name me. Drunken indecision led to more procrastination and there I was, stuck in hell, still needing a name.
Well, now I have one. Finally… FINALLY, they put their drinks down, put away the blow, and stuffed the hookers into the trunks of their cars so I don’t feel like a major unnamed DOUCHEBAG with no identity of my own and no real reason to exist (like Lyger). I have a name, thanks to you people who actually care about me, and not those staff jerks who sat on this (*COUGH* among other things *COUGH*) for a few weeks.
No need to make a big deal about it, but this feels *good*, like seeing Jericho eating a taco… and a burrito, and another taco, and a burr… (OK, you get the idea), Cancer Omega stocked, locked, cocked, and ready to rock in combat gear, d2d rolling out a new Ruby application that he only coded using his left hand (guess what his right hand was doing), or cji swimming a river and jumping a fence in 37.236 seconds. I’m home.
Sincerely,
p.s. now, bitches, someone make me a walnut pot pie. i’m hongry.
2 years ago -
Contest: Name Our Mascot
Over the past few weeks, we decided that we needed a mascot; a simple visual image to help promote attrition.org’s ideals, and something fun for us that can be easily understood, if not hated. For those of you who already know us, it shouldn’t come as a surprise that we chose a squirrel to be our mascot. Squirrels are cute and fuzzy (like d2d), confusing and perplexing (like Lyger), survivalists (like Cancer Omega), mischievous (like Jericho) and like to stuff their faces full of nuts (like Mal Vu). With that said, we now have a friend of attrition, a squirrel, and he will boldly represent us.
Your task: name him. Even though there is no visible penis attached to his groin, it’s a “he”. We haven’t chosen a name yet, so the best name that we (meaning attrition staff) decide upon will win our contest. The winner will receive a public flogging in a future news update, and probably an official attrition.org t-shirt with the mascot printed somewhere upon it once we profit from our 419 mails and get the shirts made.
2 years ago -
Music Review: Cat Power & Juliette Lewis
jericho:
While a nice picture, it doesn’t fully show the overall bad set up. While the summer heat is bearable, the music started at 4:00PM as the sun as beginning to set. By the second act, the sun was behind the stage bearing into the faces of everyone watching. Keeping a stage to the west, there should be a backdrop of some kind behind the stage. Not only did the sun take its toll on viewers, Juliette Lewis’ drummer seemed like he was about to heat stroke out. Chan Marshall of Cat Power had to stop toward the end of her set to take a five minute break; a combination of the heat and altitude apparently had a bad effect.
2 years ago -
Reporting terrorism, affect your credit? (we're doomed)
Sandia to boot behemoth botnet
This article (full GCN article) was disturbing to say the least. A couple of academia researchers, cut-off from the real world, out of touch with reality and how the ‘world’ works, decide they need to control a bot net. Not a 10k node botnet, not a 100k node botnet.. but a 1 million node botnet. In case you haven’t read lately, the threat of a botnet is serious. Some men are charged in botnet related crimes, and the threat of a million-pc botnet is a threat to consumers. (Still don’t believe? Google ‘botnet threat’).
From the article:
Starting in October, a huge botnet will be run not by nefarious underground figures but by the Energy Department’s Sandia National Laboratories.
“If you want to take a look at what is really threatening the Internet, we have to talk about the scale of the network we are working with,” Rudish said. “One million gets us pretty close to understanding these botnets.”2 years ago -
Book Review: The Safety Minute :01
Disclaimer: I “virtually” know Robert Siciliano through email contact over the last 2-3 years. During that time, he has shown wit and charm in his responses to our questions and observations. However, my opinion as to his actual experience / expertise with security as it relates to computers and networks will not be touched on in this review; do your own research and come to your own conclusions.
[…]
The Safety Minute :01 is geared to be a guide to personal safety over many different realms. Physical safety, with an emphasis on home and physical defense, appear to be the overall goals to reach the reader, but they often stray a bit into areas that might come from a “movie of the week”. As you read through it, your judgement is the best one to use, not anyone else’s (as Siciliano points out, to his credit.) The self-assessment on pages 4 and 5 are a big of an early warning red flag, especially #13. “Do you use alcohol or drugs? Even occasionally?” smacks slightly of self-righteousness, and I can think of at least one person (hi, hellnbak) who could probably kick my ass, your ass and Robert’s ass all at once while high and drunk… and while getting blown by a stripper.
2 years ago -
Retriever Software - Providing real time spamming via Twitter
“We like to say that, yes, our technology is better, but it’s our people that make the difference.” - Retriever Credit Card Services
Cliff Torrence is the Founder/President/CEO of Retriever Credit Card Services. If you believe their web page, they have 10 years of experience in security, compliance management and payment processing.
Read More
2 years ago -
[Flash 9 is required to listen to audio.]
Risky Business #100 - Jericho Speaks:
This week’s podcast is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.
It’s a special day for us at Risky Business HQ — we’ve launched our new Web site: http://risky.biz/
We now publish two podcasts, video and written news and opinion. There’s also forums, so by all means go and sign up for an account! We’ll see you in there.
On this week’s show we’re talking to L0pht/@stake/Veracode co-founder Chris Wysopal about the rebirth of L0phtCrack, the legendary password cracking package.
In this week’s sponsor interview, Tenable Network Security analyst and Open Security Foundation dude Brian “Jericho” Martin pops in for a chat about dataloss — are you more likely to lose data through a USB key, lost laptop or an actual attack?
Adam Pointon also pops by for a look at the week’s news.
2 years ago
