They were just patting down and wanding a severely autistic child in a wheel chair. After sending her through the x-ray imagery twice.
What the fuck.
- email from my girlfriend
This is somehow perceived as thwarting terrorism.
WHY THE FUCK ARE THERE STILL SITES THAT DON’T ALLOW “SPECIAL CHARACTERS” IN PASSWORDS, LET ALONE USERNAMES?
Today I read a review on Threat Level tearing apart Richard Clarke’s new pile of hardbound bullshit. I really hate Richard Clarke. At least when it comes to cyber-anything, he’s full of shit and I don’t know why anyone considers him any kind of expert.
Rather than my usual obscene rant, I’m just going to provide some choice video clips. These are my two favorite segments from the PBS Frontline titled “Cyberwar” from a few years ago.
Update: I found a photographic record of Richard Clarke and his brave three hundred pushing enemy packets off the edge of the internet.
"Those packets look thirsty, boys!"
But don’t take my word for it — take Ross Anderson’s.
I bought Crysis so I could play a Mechwarrior mod with it. When I tried to start it, a window popped up saying:
A required security module cannot be activated. This program cannot be executed (5003).
One of my friends located the explanation. Indeed, I had IDA Pro running in the background.
Good job, guys. That will really prevent piracy, a lot. You are great at what you do.
I’ve ranted about Verified By Visa before. Since then, I’ve had the good fortune of having no dealings at all with the idiotic system – until tonight. Since I’m using a different Visa card for a purchase, it’s harassing me to create myself a new Verified By Visa account which includes my Social Security number for some fucking reason. And when they prompt me for a password?
Passwords must contain at least one lower case alpha character, one upper case alpha character, and one numeric value. Special characters and spaces are not allowed.
You fucking idiots. Go fuck the devil in hell.
A while back I wrote this on another blog.
An open letter to websites that require your registration, then email you your details, including the password, in plaintext.
While I wade through my CISSP study guide and take practice exams, I can’t help but wonder how much useful information I would’ve learned in the past month if I had studied, say, rootkits. Instead of bullshit.
These people are basically telling me that if I don’t know – off the top of my fucking head, mind you, even though the answer is always a four-second Google search away – details of the token ring standard, and what class of fire extinguisher belongs with what fire, then I can’t possibly be an Information Security Professional.
I just took a practice quiz for a Body Of Knowledge I haven’t started to study yet, just to see how I’d do. It’s the Application Security section. I figured it’s the one I’d know offhand more than any of the others, y’know? Because, I actually work with applications. And their security.
Nope. The practice questions were all about Software Capability Maturity Models and Database Design Principles and which features of prototypes are (ISC)2′s favorite. So I only got 50% of the questions right. I guess I’m a Certified Information System Security Retard, because the test said so.
I can’t imagine how many people are making money hand over fist just to have their heads up their asses and come up with this. It’s college all over again.
Update: I decided this post’s original title, “More journalism FAIL,” was unwarranted. The fail in the story is more due to the “security experts” interviewed.
Yesterday’s fail just wasn’t stupid enough. Today, Computerworld brings us a delicious banquet of stupid, each morsel more stupid than the last: “Security experts scramble to decipher Twitter attack.“ I don’t know whether to attribute the stupid to each individual interviewed in the story – maybe it’s not their fault; maybe they were asked really stupid leading questions. All I can do is ruthlessly mock it.
Caroline McCarthy, of CNET News, “a downtown Manhattanite happily addicted to social-media tools and restaurant blogs” whose “pre-CNET resume includes interning at an IT security firm and brewing cappuccinos,” wrote a story about this week’s DoS attacks on Facebook and Twitter. A nice story, with a good timeline and interviews with some experts. Nice until the end:
There has been no indication that a single party, or groups of hackers in tandem, was responsible for the Facebook and Twitter attacks, or whether there was any connection to the other DoS attacks on smaller sites earlier this week. But it’s probably not a coincidence that they all happen to coincide with the annual Defcon hacker convention.
This is not attributed to any of the experts interviewed, probably because they wouldn’t say something that stupid. The linked story doesn’t make it any better, either – it’s just some random CNET story about the Defcon badges.
There were some attacks (not DoSes) that were explicitly related to Blackhat and Defcon – they targeted the sites of some prolific security researchers. But these DoSes? Against Consumerist, Twitter, and Facebook? I don’t see any connection, except that the conferences are about hacking and the use of botnets for DoS may or may not involve some measure of hacking.
Either throw in some evidence to back up that idiotic suggestion, or throw it out.
