Wednesday, September 29, 2010

i'm safe now

found on verydemotivational.com

see how multiple instances of the same protective layer don't really cover that much more? this is why using multiple scanners doesn't count as defense in depth.

Wednesday, September 22, 2010

he is the very model of an infosec professional

i shall of course link back to the network security blog where i found this, but gems like this require redundancy (plus some minor email obfuscation):
CISSP Song
Lyrics by Rob Slade (slade at victoria dot tc dot ca)
Sung to the tune of “The Major General’s Song,” from
“Pirates of Penzance,” by Gilbert and Sullivan [1]
CISSP (solo):
I am a Certifiable Security Professional
I’ve countermeasures physical, administrative, technical
I know the ports of TCP and backdoors with malign intent
And survey risk analysis to prove the safeguards wisely spent
I’m very well acquainted, too, with matters of the blackhat crew
Attendance on the IRC phrack channel makes my colleagues stew
With viruses and zero days I’m teeming with a lot o’ news,
With many cheerful facts about the weaknesses in Usenet news
CIO Chorus:
With many cheerful facts about the weaknesses in Usenet news (etc.)
CISSP:
I’m very good at ACLs and mandatory access modes
I know the disassembled names of CPU compare opcodes
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!
Chorus:
In short, in matters physical, administrative, technical
He is the very model of an infosec professional!
CISSP:
I know our mythic history, LaPadula, Biba, and Bell
I know the biometric facts, memorized CERs as well
I understand the lattice, roles, rules, and discretion base
And pseudorandomize my keys to maximize the address space
I’ve tokens, tickets, one-time passwords, smart cards and a kerberos
And Centralized Remote Authentication to remove the dross
I’m proof against the DoS, Man-in-the-Middle and brute force attacks
My proprietary off-the-shelf stuff’s licenced and it never cracks.
Chorus:
His proprietary off-the-shelf’s all licenced and it never cracks.
CISSP:
My audit logs are analysed, detect intrusions evey time
My legal counsel’s up to date with all the best computer crime
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!
Chorus:
In short, in matters physical, administrative, technical
He is the very model of an infosec professional!
CISSP:
In fact when I know what is meant by “data link” and “twisted pair”
When I can tell a fibre optic cable from a trigger hair
When Internet Explorer I no longer use the Web to surf
Or let my users chat on IRC on all my network turf
When I have learnt that firewalls can filter out the packets bad
When I know that the guy with foreign bank accounts might be a cad
In short when I’ve a wee bit of professional paranoia
You’ll say a better CISSP has never addressed yuh.
Chorus:
You’ll say a better CISSP has never addressed yuh.
CISSP:
For my security training, managerial though it may be
Lacks practical direction and real-world applicability
But still, in matters physical, administrative, technical
I am the very model of an infosec professional!
Chorus:
But still, in matters physical, administrative, technical
He is the very model of an infosec professional!
like martin mckeay, i'd really like to hear this sung. i'm trying it myself, but it's a bit of a mouthful at times. sometimes it's easier to write things than to say them out loud.

Tuesday, September 21, 2010

security by "i don't want any part of that"

this was found by @snipeyhead.

the anti-theft value is obvious, but what do you call this? security by obscurity? security by perversity? and if you did happen to drop it on the ground and have to go looking for it, would you really want to be seen picking it up? especially if they go with @snipeyhead's suggestion for the version 2 model.

Monday, September 20, 2010

facebook and privacy, together at last - or not

found on failbook. no, not the facebook that failed, that's friendster.

what i love is that apparently nobody made the connection that toph did. maybe zuckerberg really was right about privacy no longer being the norm. excuse me while i check my bathroom for hidden cameras.

Friday, September 17, 2010

web defacer wins...

screenshot originally from the sunbelt blog

Thursday, September 16, 2010

top 9 ways to safer social networking

trend micro's rik ferguson shared a list of 9 ways to stay safer while engaging in social networking. for example:
2 – When you create your profile consider each piece of information that you share and whether if it is necessary or even relevant to that site. Do you need to share telephone numbers for example, maybe if your mail or direct messages come direct to your phone that is enough. Think practically don’t complete a form just because it is in front of you.
check out the whole thing here and stay safe out there.

Wednesday, September 15, 2010

creepy CAPTCHA

found on boingboing

CAPTCHA's are supposed to be for distinguishing humans from machines, but this one looks like it's switched sides

Tuesday, September 14, 2010

PCI data security video



found on graham cluley's blog

i thought for sure i'd already posted this before (because i've definitely seen it before) but i couldn't find it. hopefully it's not a duplicate (i already have to worry about duplicates? wow).

and for you home users who don't know what PCI is, it's a short form of PCI DSS, which is Payment Card Industry Data Security Standards. that's the security standards that people involved in processing credit or bank card purchases are supposed to follow. of course some of them are good for home users to follow too.

Monday, September 13, 2010

dilbert on security

thanks to mikko hypponen for drawing my attention to this. the dilbert archives are searchable and you can find all the cartoons that involve security by searching for "computer security". the results can be found on by clicking here and of course i've added this to the outside media section too.

Friday, September 10, 2010

@SecurityHumor


i'll be adding @SecurityHumor to the 'Links To Other Media' list on the side bar here because, frankly, if there's one security twit who deserves to be linked here it's him/her(/it?). i don't even link to my own twitter account (i have a twitter account? shhhhh, don't tell anyone), but @SecurityHumor (as the username suggests) uses security topics (the new 'Here You Have' mass mailing worm being the topic used above) as grist for the comedy mill.

one of the theories i operate this site on is that by making security topics funny you make them more interesting, and by extension you make people think about them more. i don't mean thinking about security in the sense that people will weigh the security risks and make better choices and maybe even start following best practices - rather, simply that the security topics will enter their bubble of awareness (if only in a tangential way) and result in someone being more receptive to thinking about security on a deeper level. whether or not they actually do think about it on a deeper level is a different matter entirely.

oh and @SecurityHumor, consider this your #followfriday.

Thursday, September 9, 2010

hi and lois on security


found via schneier's blog

i think i've heard of this done with voting machines too. oh, and ATMs. fills you with confidence, doesn't it?

Wednesday, September 1, 2010

sensor x

this piece of apparent packaging comes to the internet thanks to @SecurityHumor.