Welcome to the aforementioned slinky and sultry Web 2.0 crap.
Navigation
Tags
attrition: advisory errata archive vendor_fail news charlatan lazlo security_comp_fail going_postal rant box_of_shit movie_review book_review music_review contest buy_shit
twitter: technical_difficulties unsolicited_updates foursquare wefollow musings imdb dmfail
hobbies: critter_of_the_day squirrel guinea_pig stalking
related: osf datalossdb conference osvdb
type: quote screenshot photo video tweet audio question chat link
Links
Tools
-
I really need to start up a security rebuttal blog somewhere. Several articles every day now, raise my hackles.
yes, I just wanted to use the word “hackles”
Notes: 4 / 8 months ago -
Security Rant: Absolute Sownage; A concise history of recent Sony hacks
Security Curmudgeon:
Over the last two months, the multi-national Sony Corporation has come under a wide range of attacks from an even wider range of attackers. The backstory about what event prompted who to attack and why will make a mediocre made-for-TV movie someday. This article is not going to cover the brief history of hacks; readers can find details elsewhere. Instead, the following only serves to create an accurate and comprehensive timeline regarding the recent breaches, a cliff notes summary for easy reference.
8 months ago -
Really Core?
Please read -> http://attrition.org/security/rants/fsck_sun_tzu/
1 year ago -
7 Ways That I Can Tell That the Security Industry Bores Me
Lyger:
One of the questions I’m occasionally asked is how long I’ve been “in security”. I guess the answer really depends on your definition of “in security”; I’ve had a job title of “Security X” or have been employed by a “security vendor” since early 2004, but much like the way other people get involved in security, there were security-related duties in previous positions as early as 2000 and a general interest in the field since about 1998. Those duties and the general interest doesn’t necessarily qualify as “in security” time, but I like to think it was a good start. It never hurts to get your feet wet and get some basic experience when choosing a career path, especially one that is considered to be somewhat specialized.
1 year ago -
Hello MPAA, I'm a Pirate
Dear Motion Picture Association of America (MPAA),
That’s right, I am one of those dastardly pirates that engages in Peer-to-Peer (P2P) theft, downloading movies when so inclined. I do not do it because I have a fascination with breaking the law, nor am I struggling for money. I do it because it is convenient, and the movie industry has done an incredibly poor job meeting consumer demands, most notably mine. Until the movie industry provides more reasonable and convenient services, I will continue to break the law. But wait MPAA, there is a silver lining! First, I will write a check for the movies I pirated, based on the value I perceive the viewing to be worth. Second, I will stop my evil ways if your organization is dissolved.
1 year ago -
Rant: Layman-"Hackers" Driving Up Searches for Beef Jerky
d2d:
A foreword is in order here: To all those people, including acquaintances, who have thoroughly enjoyed the living hell out of ClubBing prizes, I apologize if this causes you stress and discomfort. Fear not though, as I doubt it’ll bring about any substantial change, and I’m certain you’ll continue receiving your “Bing” branded crud in the mail on a weekly basis. Unfortunately for me, I never got around to trying to build a “Bing” prize room, but I can assure you that I’ve lived vicariously through watching your bots run in the background every minute of every day. But I digress…
1 year ago -
Rant: Ejection Seats, Cooking Dinner, and Vuln Disclosure
d2d:
So what is actually responsible or ethical? The lines are blurred quite a bit. The “responsible” method is also the “painful”, “expensive”, and often “ineffective” method that gets little resolved for exponentially more work, time and money. Is all that waste not irresponsible? What about all of the other organizations unknowingly affected by things I’ve found, organizations who never got a heads-up, no less a patch, because my attempts at “responsible” disclosure failed? How is that in any way “responsible” or “ethical”? Sure, you could say “disclose responsibly to responsible vendors”, but you don’t know who is going to handle your findings properly until you start the process. At that point you’ve lost your anonymity and all the simplicity that comes with it. The minute your disclosure is tied to your organization, you have all manner of legalities and politics to deal with, both internally and externally.
I’m losing my patience with doing things “responsibly”.
1 year ago
