Posted on September 19th, 2009 by David Harley
Filed under: Funny, Virus | No Comments »
As it’s been a while, here’s a little light-ish relief from my semi-recreational blog….
http://dharley.wordpress.com/2009/09/19/a-myth-laid-to-rest/
Posted on September 9th, 2009 by p1
Filed under: Commentary, Culture, Funny, OT, Privacy, Web | 3 Comments »
As part of some research into the security risks of social networking, I did an ego search on myself. (Hey, it’s legitimate research, all right?)
On Altavista, the first hit was the Wikipedia page someone created about me. The second result was http://www.robertslade.com/ which I hadn’t known existed. As well as correctly listing his published books, this page informed him that me that I was mentioned on the Wikipedia entry for the RISKS-Forum Digest (which is a definite ego boost). It also provides a photograph of someone else. As well as two pictures I didn’t take, and three videos I have nothing to do with. Two different boxes provide links to buy books, some of which are mine, and most of which aren’t.
I expected to find entries that weren’t me: I know there are a lot of Robert Slades on the net. But it’s a bit weird to find out that there is a domain about me that I didn’t know about.
I also found the church I’m buried in, so currently I’m not feeling too great …
Posted on September 6th, 2009 by Aviram
Filed under: Commentary, Culture, Funny, malware, Web | 2 Comments »
As the WordPress team scramble around trying to resolve the latest set of security issues, and doing all the wrong things like giving their users a 14-step process for upgrade, the following Jewel came up:
4. WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.
This is funny on so many levels.
(HT: Jericho, AKA security curmudgeon)
Posted on February 20th, 2009 by p1
Filed under: Commentary, Culture, Funny, OT, Web | No Comments »
A new company is telling everyone which new companies are worth investing in. Is this something we should get into?
http://news.bbc.co.uk/go/em/-/2/hi/technology/7900463.stm
“The software measures the “buzz” surrounding a company via blogs and media reports along with a variety of factors including website traffic.”
We should all blog and Twitter about this.
Then we should all blog about how blogging is so last year.
Posted on February 14th, 2009 by p1
Filed under: Commentary, Culture, Funny, Linux, OT | 11 Comments »
This would be hilarious, except for the fact that I think the guy who wrote it (some years back, but still) was serious.
I don’t know if that makes it more funny, or less …
Even the domain name is funny, as in “delusions of adequacy” …
Posted on December 4th, 2008 by p1
Filed under: Commentary, Culture, Funny, OT | 2 Comments »
Virtually everyone has probably heard the “new” term “virtualization.” That’s because virtually every vendor has jumped on the virtualization bandwagon. Virtually anything can be virtualized, it seems.
Also, virtually nobody can again on what virtualization really means. Virtualization seems to be a conflation of two old ideas: virtual machines (what do you think VM and VMS stood for?), and distributed computing. (Which is now being sold as “cloud computing,” an amazingly cloudy concept that’ll be the subject of another post.)
We used virtual machines a lot in the old days, and they were great for security. We used them as goat or bait machines for viruses. Very secure way to protect yourself when dealing with dangerous software.
Of course nowadays they use virtualization in some virtually explosive ways. Like putting your Kerberos KDC on the same physical box as your Web server …
Posted on December 4th, 2008 by Aviram
Filed under: Culture, Funny, Microsoft | No Comments »
I wonder why it took so long.
He even has 2 nice recommendations. Quite an effort was put on his profile:
And it’s only the contact information that tells the sad story. Note how many variations of ‘bill gates’ were taken in gmail that the pranksters had to use this one:
Posted on September 3rd, 2008 by noam
Filed under: Commentary, Full Disclosure, Funny, Web | 5 Comments »
GoDaddy has decided to start giving away security seals to web sites. What is this security seal about? Well, it doesn’t say much beside telling you that GoDaddy verified something – what did they verify? It doesn’t say.
How does it work?
You are supposed to put a script tag inside your site, with the source reference of https://seal.godaddy.com/getSeal?sealID=[removed]
This generates HTML code that contains references to:
https://seal.godaddy.com:443/flash/sitesealgd_t_medium.swf?domainName=www.putyournamehere.com&color=000000
Changing the www.putyournamehere.com to www.re-electbush.com, www.mcainwon.com or even obamaisournewleader.com will show that you have been verified by GoDaddy – yeah!
Try it out yourself and see how you can get a godaddy seal with no effort – joy to the world 
Posted on May 3rd, 2008 by Aviram
Filed under: Corporate Security, Funny, Insider Threat | 1 Comment »
The Daily WTF has a good story that may sound a little too familiar to some:
How the aptly-named Super Hacker had managed to shut down the system remotely and provide a fix so quickly intrigued Kiefer. After poking around the network, he finally found the Python file that contained the Super Hacker’s fix:
#!usr/bin/python
# Paying someone $10 to pull a power cord for $3500
print “(C) [Name Removed] 2008.”
The moral of the story: when all else fails, use social engineering.
Posted on April 2nd, 2008 by Juha-Matti
Filed under: Commentary, Culture, Funny, Web | No Comments »
SANS ISC has collected a very coverage list of April Fool’s Day stories.
It can be found here:
isc.sans.org/diary.html?storyid=4225
My own favorite is Gmail’s new Custom Time feature 
Posted on March 20th, 2008 by Aviram
Filed under: Cisco, Commentary, Culture, Funny | 4 Comments »
I’d love to hear the background story behind this one:
[CiscoWorks IPM] version 2.6 for Solaris and Windows contains a process that causes a command shell to automatically be bound to a randomly selected TCP port.
Why on earth? And why a random port?
And if you’re still wondering, yes – it’s a remote root shell with no authentication
Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with casuser privileges on Solaris systems and with SYSTEM privileges on Windows systems.
Cisco is being cruel and only disclosing the technical info. Common Cisco, share the juicy parts! We want Full Disclosure!
Posted on August 31st, 2007 by SecuriTeam
Filed under: Commentary, Culture, Funny, OT | No Comments »
i just wrote an ot post to my personal blog about the ccc camp, but i figured it was a security camp after all, so i will link to myself here:
http://sunshine.livejournal.com/8859.html
Posted on July 23rd, 2007 by Sid
Filed under: Commentary, Corporate Security, Full Disclosure, Funny | 5 Comments »
Foxnews.com has taken an unsuspected turn and become an open wiki site. For more info see http://linuxinit.net/site/?id=664. Summary:
While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it’s a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox’s part. And seriously, what kind of password is T1me Out. This is just pathetic.
http://www.foxnews.com/admin/xml_parser/zdnet/grab_zd_files.sh
And here’s something just too funny, something I hope will turn up on xkcd.com
(originally located at http://www.foxnews.com/images/root_images/071907_velociraptor1.jpg, this is a mirrored copy)
Posted on July 16th, 2007 by SecuriTeam
Filed under: Commentary, Funny, Spam | No Comments »
1. phish an hotmail acount.
2. send email from the stolen acount to all the friends listed for the person, saying you are stuck in nigeria and are in an emergency, asking your friends for money to be wired.
http://www.rediff.com///news/2007/jul/16tps.htm
hillarious!
(thanks suresh)
gadi evron,
ge@beyondsecurity.com.
Posted on July 5th, 2007 by SecuriTeam
Filed under: Botnets, Commentary, Culture, Funny, Phishing | No Comments »
just last week we were throwing jokes on funsec@, of calling botnets terrorism to get some action going. of course, we decided that’s an extremely bad idea as people are already starting to discount issues when “terrorism” or “2.0″ are attached.
no, i am not going to say it, you are going to put these two together on your own!
today, fergie (paul ferguson) sent this to funsec:
brian krebs writes in the washington post:
[snip]
the global jihad landed in linda spence’s e-mail inbox during the summer of 2003, in the form of a message urging her to verify her ebay account information. the 35-year-old new jersey resident clicked on the link included in the message, which took her to a counterfeit ebay site where she unwittingly entered in personal financial information.
ultimately, spence’s information wound up in the hands of a young man in the united kingdom who investigators said was the brains behind a terrorist cell that sought to facilitate deadly bombing attacks against targets in the united states, europe and the middle east.
investigators say spence’s stolen data made its way via the internet black market for stolen identities to 21-year-old biochemistry student tariq al-daour, one of three u.k. residents who pleaded guilty
http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/ar2007070501153.html
enjoy. funny, i just had fun with online forums and terrorism with this a few days ago.
buzzwords for fud are generally a bad idea. botnets are not terrorism. :p but of course, like most malicious activity, they are used.
sunshine.
Posted on June 29th, 2007 by SecuriTeam
Filed under: Botnets, Commentary, Culture, Funny, OT | No Comments »
So, someone sent this to NANOG:
An IPv6 address for new cars in 3 years?
From: Rich Emmings
Date: Thu Jun 28 17:47:46 2007Mark IV systems has a spec for OTTO. Mark IV makes automatic
toll collection and related systems O(Not to mention other
automotive products)The system spec’s show support for IPv6 and SNMPv3. Notably
absent was IPv4 as far as I could tell. No notes on if the IPv6
would be used for Firmware updates or live data collection.
802.1p radio is the spec’d LLP. O/S is VxWorks.The expectation is for 100% of new cars to have OTTO around
2010.http://www.ivhs.com/pdf/FactSheet_OTTO_FactSheet1_101105.pdf
Topicality: Looks like someone, somewhere intends to be live
with IPv6 in 3-5 years.
Off Topic: The privacy and security ramifications boggle the
mind….
Which I didn’t read.
Then, this thread happened:
> – — “Suresh Ramasubramanian” wrote:
>
> >On 6/29/07, Rich Emmings
> >>
> >> Topicality: Looks like someone, somewhere intends to be live with
> >> IPv6
> >> in 3-5 years. Off Topic: The privacy and security ramifications
> >> boggle
> >> the mind….
> >>
> >
> >Fully mobile, high speed botnets?
>
> *bing*
That last bing was from Paul Ferguson, our Fergie.
If I was drinking coffee, I’d have dropped it!
Other followups included Chris Morrow’s:
> I can’t help it:
>
> “If a bot-car is headed north on I-75 at 73 miles per hour for 3 hours
> and a bot-truck is headed west on I-90 at 67 miles per hour, how long
> until they are 129 miles apart?”
And Steve Bellovin’s:
Hmm — I was going to say 127.1 miles apart, but that’s not a v6
address… 1918 miles apart?
Subscribe
More Securiteam
