Jun 03 2011

My campaign to replace APT with STFU

Published by at 12:03 pm under General

I don’t know about you, but I’m tired of the term Advanced Persistent Threat.  Every time I see “APT”, I cringe and a little part of my soul dies.  So I decided that I never need to see APT on a web page again, I’ve created a little Greasemonkey script that replaces “APT” with “STFU” and “Advance Persistent Threat” with “Standard Tactics Failed Us” on every site except this one.  It was trivial, it’s not that complex, and it’s certainly not Rugged, but it amuses me.  Which is all that really matters.  Just don’t ask me to troubleshoot it. 

Here’s the script for you:

// ==UserScript==
// @name           ReplaceAPT
// @namespace      http://www.mckeay.net
// @description    Replace “APT” with “STFU”
// @include        *
// @exclude           http://www.mckeay.net/*
// ==/UserScript==

textNodes = document.evaluate(
var searchRE = new RegExp(‘Advanced Persistent Threat’,’gi’);
var replace = ‘Standard Techniques Failed Us’;
for (var i=0;i  var node = textNodes.snapshotItem(i);
  node.data = node.data.replace(searchRE, replace)};
var searchRE = new RegExp(‘APT’,’g’);
var replace = ‘STFU’;
for (var i=0;i  var node = textNodes.snapshotItem(i);
  node.data = node.data.replace(searchRE, replace)};

Hat tip to @imaguid for coming up with the term “Standard Techniques Failed Us”

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

6 responses so far

6 Responses to “My campaign to replace APT with STFU”

  1. Danon 03 Jun 2011 at 2:50 pm

    I’m sorry, but it’s not going to work.

    The generic term “STFU” is actually a USAF IA term invented in the mid-2000’s when it wasn’t politically correct to call North Korea out for their ongoing cyber war on the west.

    RTFM may still be available if you act fast.

  2. Scott Wrighton 04 Jun 2011 at 2:30 am

    OK. Love your idea. But in my naive, Canadian way, I have to say two things, Martin:

    1) Give APT more of a chance. It’s not the acronym’s fault if it is misused; it’s that NOT ENOUGH of us used it correctly and appropriately before the starving security vendors latched onto it as their Target-Market-du-Jour (TMdJ); and

    2) When I typed in your program, saved it as RPLCSTFU.BAT, and ran it at the DOS prompt, I received the following error: ‘// is not recognized as an internal or external command, operable program or batch file’. So, I can’t really endorse your script as being a mature technology for battling Advanc… er,… the thing we’re talking about. I predict that it won’t work for the average person who tries it, if I’m any representation of the average person.

    In the words of Sheldon Cooper, “I kid, of course.” (snick, snick). I propose we make only a marginal change to the existing acronym, literally. “Marginally Advanced Persistent Threats (MAPT)”. This way, we won’t be seen as over-hyping it, and no vendor would really want to use it. I’ll keep trying to get your script to work, but I’m going to use my new acronym. (Not surprising that STFU was used already in the military, with the last two letters being “FU”).

  3. Martinon 04 Jun 2011 at 3:58 am


    This isn’t a batch file, it’s a Greasemonkey script. You have to be using Firefox and have the Greasemonkey plugin installed. Then you can add the script to Greasemonkey and it will replace APT with STFU when you’re surfing the net using Firefox. I’m not a GM guy, this was a first attempt and most of the code was stolen from existing code tutorials.

    If I can get a few others to snicker with me about APT and help poison the term for marketing and PR gronks, I’ll feel my work was worth it. Actually, if I can just keep myself amused for a few more hours I’ll feel my work was worth it.


  4. Scott Wrighton 04 Jun 2011 at 9:27 am

    I must confess. I knew it wasn’t a script that would run under DOS. I was just being silly. Fact is, I know nothing about GreaseMonkey.

    But there is great potential for endless hours of amusement in your GM script. What if you could substitute every occurrence of “TSA” on the Web with “Shoe-Sniffing Authority” or “Junk Inspection Agency”? Just thinking about the possibilities makes me snicker.

    BTW – I happened to be just finishing off a blog post about APT when I saw your above post in my inbox. I like using Dilbert cartoons as fodder for my commentaries. (http://www.streetwise-security-zone.com/apt-escape.html) Clearly, I’m not as tired of the term APT as you are yet. Must be the South-to-North latency. But I still see APT as a valid term for security awareness education. Correspondingly, I also think STFU is a good one to describe the vulnerabilities that APT exploits. Let’s try to get some traction with it.

  5. badgeron 04 Jun 2011 at 9:47 am

    Uh, so I had problems with this script too. I put it in a bash file and ran it, and it deleted all my lolcat pictures. Not happy with that.

    But on a serious note that takes more than 140 char’s – I agree that APT has become something to run and cling to, to rid yourself of blame: “Oh, technologically advanced haxxors broke into our network through a, uh, poorly configured server that had $dumb_issue and we had NO IDEA”

    I see this same problem / sense of apathy on the dod side of the house where I work. I’m suprised honestly and it kills me to work with that apathy. But of course, it all depends on who is running the show, and it is not [just] the security guys. It requires a shift in priorities from the entire company, from management to the receptionist.

  6. Peteon 07 Jun 2011 at 4:56 am

    DOS + security = I cringe and a little part of my soul dies as well….

%d bloggers like this: