Seriously. When will people (even security pros) ever learn? This is the IRC log between a few security pros who are involved in w00w00.org and BlackOps.org from an insanely long tour de force brag post that seemingly showed up folks from the big guns like Google, through security ISVs such Core Security through several security…
Category: Rants
Security trends for 2012
Folks will continue to use abc123 as their password. They will then be surprised when they’re completely pwned. Folks will continue to not patch their apps and operating systems. They will then be surprised when they’re completely pwned. Folks will continue to use apps as administrator or god like privileges. They will then be surprised when they’re…
Resurrecting the wife’s laptop – Asus hates you and you and you
At Christmas last year, I bought a new laptop for the wife, an Asus K52DR with 4 GB of RAM and 500 GB hard drive. I quote from then: […Asus should…] supply a real copy of Windows 7 installation media, so you can clean install the OS easily instead of wasting hours and hours and…
On APT
Recently, RSA was attacked by adversaries who targeted their two factor authentication fobs. These devices have known MITM issues, but folks still used them because there was so little information out there to say that a better choice is required. RSA liked it that way. RSA chose not to discuss the details of the attack,…
Passwords are neither free nor cheap
I don’t know how many clients over the last decade I’ve been trying to get this basic fact through their very thick business skulls, but here goes again: PASSWORDS ARE NOT FREE PASSWORDS ARE NOT CHEAP PASSWORDS ARE NOT SAFE PASSWORDS ARE NOT ACCEPTABLE FOR HIGH VALUE DATA / APPLICATIONS. EVER. Vodaphone has found this…
CPRS / ETS / “a price on carbon” is back. WTF!
The government never seems to learn. They nearly lost the election, they lost their previous leader, and the opposition lost their previous leader over a money spinning taxation mechanism called “a price on carbon”. No second order mechanism has ever succeeded in their intended effects, and always have unintended consequences. Legislating first order effects is simply much…
Arbib is a spy, or we are the 50-57th states of the USA
Mark Arbib, agent provocateur of the right wing ALP and one of those involved in the coup against Prime Minister Kevin Rudd, turns out to be a protected source of the United States. The Age calls Mark Arbib a “confidential contact” for the USA, but so was convicted spy Jean-Philippe Wispelaere. According to Wikileaks disclosure of…
In defense of Microsoft’s SDL
Richard Richard Bejtlich says on Twitter: I would like fans of Microsoft’s SDLC to explain how Win 7 can contain 4 critical remote code exec vulns this month I am surprised that Richard – an old hand in our circles – can say such things. It assumes defect free commercial code is even possible, let alone what…
Code of Hammurabi – or 4000 years later, we still haven’t got it
The Code of Hammurabi is one of the earliest known written laws, and possibly pre-dates Moses’ descent from the Mount. In it, we get a picture of the Babylonian’s laws and punishments. In particular, there’s this one: If a builder builds a house for someone, and does not construct it properly, and the house which…
FIFA Fraud – Football Federation Australia must be investigated
In today’s Age, there’s an article on how Australian taxpayer money is being used to bribe FIFA and other national soccer body officials to garner support for Australia’s World Cup Bid in 2022. Item 1. It’s is actually illegal to spend Australian government money on bribes, gifts, holidays, and so on. This is contrary to…