Wednesday, October 1, 2014

You Get SSL And You Get SSL And You Get SSL...

tweeted by Nick Sullivan

Thanks to Nick Sullivan for posting this Oprah You Get A Car meme referencing the fact that his company plans on providing SSL to all its customers for free (which is a pretty big deal since it makes it much easier for sites to encrypt their web traffic).

Tuesday, September 30, 2014

Is Bash Safe Yet?

from here

The answer is almost certainly no, so stop asking already. Perhaps the question we should be asking is if any software is ever truly safe.

When All You Have Is A Certification, Everything Looks Like Your Course Material

tweeted by Rob Rosenberger

Thanks to Rob Rosenberger for tweeting this Condescending Wonka meme. Considering that (from what I heard) someone was actually trying to exploit Shellshock to run CMD.EXE, then I can definitely believe there are people out there who think their Microsoft-centric body of knowledge applies to this *NIX-related vulnerability and that certainly deserves some condescension.

Monday, September 29, 2014

Everything Fails Sometimes

from here

Your defenses are going to fail, probably more than once, and if you can't handle that... well... you're gonna have a bad time.

Breaking Bash

tweeted by @naehrdine

Thanks to @naehrdine for tweeting this photo of a t-shirt celebrating the shellshock vulnerability.

I wondered if there was some place people could buy their own but unfortunately all I was able to find was this very similar graphic that Chris Hoth thought would make a good t-shirt (guess what, Chris, it does)

and this t-shirt with a distinctly different graphic but along the same idea

It makes me wonder if @naehrdine got hers custom made or something.

Friday, September 26, 2014

Biometrics Aren't Just For Logging On

from here

This guy's OpSec is really all over the place. What is the threat model he's using to decide how to protect himself?

LangSec Cat Wants Better Parsers Not Bigger Patties

tweeted by @andreasdotorg

Thanks to @andreasdotorg for tweeting this meme highlighting the language-theoretic security perspective on the recently uncovered bash vulnerability. I like the idea of LangSec Cat, and hope it can make language-theoretic security as widely known as LOLCat made cheeseburgers.