Archive

Archive for the ‘FAIL’ Category

“In the TSA Security check…”

December 26th, 2010 Comments off

They were just patting down and wanding a severely autistic child in a wheel chair. After sending her through the x-ray imagery twice.

What the fuck.

– email from my girlfriend

This is somehow perceived as thwarting terrorism.

Categories: FAIL

“Cannot include special characters”

September 17th, 2010 3 comments

WHY THE FUCK ARE THERE STILL SITES THAT DON’T ALLOW “SPECIAL CHARACTERS” IN PASSWORDS, LET ALONE USERNAMES?

Categories: FAIL

Richard Clarke sucks [updated]

April 23rd, 2010 1 comment

Today I read a review on Threat Level tearing apart Richard Clarke’s new pile of hardbound bullshit.  I really hate Richard Clarke.  At least when it comes to cyber-anything, he’s full of shit and I don’t know why anyone considers him any kind of expert.

Rather than my usual obscene rant, I’m just going to provide some choice video clips.  These are my two favorite segments from the PBS Frontline titled “Cyberwar” from a few years ago.

Update:  I found a photographic record of Richard Clarke and his brave three hundred pushing enemy packets off the edge of the internet.

"Those packets look thirsty, boys!"

Categories: Books, FAIL

No really, Verified By Visa blows

January 27th, 2010 Comments off

But don’t take my word for it — take Ross Anderson’s.

Categories: FAIL

Fuck Securom (Error 5003)

January 2nd, 2010 1 comment

I bought Crysis so I could play a Mechwarrior mod with it.  When I tried to start it, a window popped up saying:

A required security module cannot be activated. This program cannot be executed (5003).

One of my friends located the explanation.  Indeed, I had IDA Pro running in the background.

Good job, guys.  That will really prevent piracy, a lot.  You are great at what you do.

Categories: FAIL

Verified By Stupid Bullshit

December 29th, 2009 Comments off

I’ve ranted about Verified By Visa before.  Since then, I’ve had the good fortune of having no dealings at all with the idiotic system – until tonight.  Since I’m using a different Visa card for a purchase, it’s harassing me to create myself a new Verified By Visa account which includes my Social Security number for some fucking reason.  And when they prompt me for a password?

Passwords must contain at least one lower case alpha character, one upper case alpha character, and one numeric value. Special characters and spaces are not allowed.

You fucking idiots.  Go fuck the devil in hell.

Categories: FAIL

Dear plaintext-email password people,

August 11th, 2009 1 comment

A while back I wrote this on another blog.

An open letter to websites that require your registration, then email you your details, including the password, in plaintext.

Read more…

Categories: FAIL

Thithp

August 10th, 2009 Comments off

While I wade through my CISSP study guide and take practice exams, I can’t help but wonder how much useful information I would’ve learned in the past month if I had studied, say, rootkits.  Instead of bullshit.

These people are basically telling me that if I don’t know – off the top of my fucking head, mind you, even though the answer is always a four-second Google search away – details of the token ring standard, and what class of fire extinguisher belongs with what fire, then I can’t possibly be an Information Security Professional.

I just took a practice quiz for a Body Of Knowledge I haven’t started to study yet, just to see how I’d do.  It’s the Application Security section.  I figured it’s the one I’d know offhand more than any of the others, y’know?  Because, I actually work with applications.  And their security.

Nope.  The practice questions were all about Software Capability Maturity Models and Database Design Principles and which features of prototypes are (ISC)2’s favorite.  So I only got 50% of the questions right.  I guess I’m a Certified Information System Security Retard, because the test said so.

I can’t imagine how many people are making money hand over fist just to have their heads up their asses and come up with this.  It’s college all over again.

Categories: FAIL

Security experts FAIL

August 7th, 2009 Comments off

Update: I decided this post’s original title, “More journalism FAIL,” was unwarranted.  The fail in the story is more due to the “security experts” interviewed.

Yesterday’s fail just wasn’t stupid enough.  Today, Computerworld brings us a delicious banquet of stupid, each morsel more stupid than the last: “Security experts scramble to decipher Twitter attack.”  I don’t know whether to attribute the stupid to each individual interviewed in the story – maybe it’s not their fault; maybe they were asked really stupid leading questions.  All I can do is ruthlessly mock it.

Read more…

Categories: FAIL

Journalism FAIL

August 6th, 2009 Comments off

Caroline McCarthy, of CNET News, “a downtown Manhattanite happily addicted to social-media tools and restaurant blogs” whose “pre-CNET resume includes interning at an IT security firm and brewing cappuccinos,” wrote a story about this week’s DoS attacks on Facebook and Twitter.  A nice story, with a good timeline and interviews with some experts.  Nice until the end:

There has been no indication that a single party, or groups of hackers in tandem, was responsible for the Facebook and Twitter attacks, or whether there was any connection to the other DoS attacks on smaller sites earlier this week. But it’s probably not a coincidence that they all happen to coincide with the annual Defcon hacker convention.

This is not attributed to any of the experts interviewed, probably because they wouldn’t say something that stupid.  The linked story doesn’t make it any better, either – it’s just some random CNET story about the Defcon badges.

There were some attacks (not DoSes) that were explicitly related to Blackhat and Defcon – they targeted the sites of some prolific security researchers.  But these DoSes?  Against Consumerist, Twitter, and Facebook?  I don’t see any connection, except that the conferences are about hacking and the use of botnets for DoS may or may not involve some measure of hacking.

Either throw in some evidence to back up that idiotic suggestion, or throw it out.

Categories: FAIL