Archive for the 'Humor' Category

Mar 29 2011

Network Security Podcast, Episode 235

Published by under Hacking,Humor,PCI,Podcast

Martin and Rich are joined tonight by our new co-host, Joseph Sokoly, formerly of the Southern Fried Security podcast.  Martin leads off the night with a short story about his kids, in which he once again demonstrates his inability to remember the proper names for people and things (it’s Elevation of Privilege by Adam Shostack, not ‘escalation).  We talk about the most recent round of breach disclosures as well as a brief foray into PCI.  But we do keep it mercifully brief.  Welcome again to Mr. Sokoly, it’ll be nice to have someone a bit more reasonable on the show.

Network Security Podcast, Episode 235, March 29, 2011
Time:  28:08

Show Notes:


No responses yet

Nov 11 2010

Nailing the new TSA process

‘Nuff said!

No responses yet

Oct 13 2010

The Friendly, Snuggly Security Bear and the Internet

If you’re not already scared of the people who want to listen in to your phones, then this video won’t worry you.

3 responses so far

Sep 28 2010

Network Security Podcast, Episode 214

We’re all back on the air and Mad Mike Rothman has been put back in his cage.  Okay, maybe not his cage, but between Rich, Zach and Martin, there’s not room for one more loudmouth this week.  Besides, we actually getting the three of us around the virtual coffee table to kvetch.  Zach is on the road, so he phones it in this week and Martin gives a quick review of the PCI Community Meeting without actually revealing anything that went on.  That would be against the rules. 

Network Security Podcast, Episode 214, September 29, 2010
Time:  40:40

Show Notes: 

No responses yet

Sep 09 2010

Just for fun, part 2

Published by under CISSP/ISC2,Humor

Here’s the CISSP Song by Rob Slade.  I’m not going to try to sing it, but I hope someone does.  And I hope that someone sends me the recording to play on the podcast.

Thanks Rob!

Lyrics by Rob Slade

Sung to the tune of “The Major General’s Song,” from
“Pirates of Penzance,” by Gilbert and Sullivan [1]

CISSP (solo):
I am a Certifiable Security Professional
I’ve countermeasures physical, administrative, technical
I know the ports of TCP and backdoors with malign intent
And survey risk analysis to prove the safeguards wisely spent
I’m very well acquainted, too, with matters of the blackhat crew
Attendance on the IRC phrack channel makes my colleagues stew
With viruses and zero days I’m teeming with a lot o’ news,
With many cheerful facts about the weaknesses in Usenet news

CIO Chorus:
With many cheerful facts about the weaknesses in Usenet news (etc.)

I’m very good at ACLs and mandatory access modes
I know the disassembled names of CPU compare opcodes
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

I know our mythic history, LaPadula, Biba, and Bell
I know the biometric facts, memorized CERs as well
I understand the lattice, roles, rules, and discretion base
And pseudorandomize my keys to maximize the address space
I’ve tokens, tickets, one-time passwords, smart cards and a kerberos
And Centralized Remote Authentication to remove the dross
I’m proof against the DoS, Man-in-the-Middle and brute force attacks
My proprietary off-the-shelf stuff’s licenced and it never cracks.

His proprietary off-the-shelf’s all licenced and it never cracks.

My audit logs are analysed, detect intrusions evey time
My legal counsel’s up to date with all the best computer crime
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

In fact when I know what is meant by “data link” and “twisted pair”
When I can tell a fibre optic cable from a trigger hair
When Internet Explorer I no longer use the Web to surf
Or let my users chat on IRC on all my network turf
When I have learnt that firewalls can filter out the packets bad
When I know that the guy with foreign bank accounts might be a cad
In short when I’ve a wee bit of professional paranoia
You’ll say a better CISSP has never addressed yuh.

You’ll say a better CISSP has never addressed yuh.

For my security training, managerial though it may be
Lacks practical direction and real-world applicability
But still, in matters physical, administrative, technical
I am the very model of an infosec professional!

But still, in matters physical, administrative, technical
He is the very model of an infosec professional!

2 responses so far

Sep 09 2010

Just for fun, part 1

Published by under Humor,Social Networking,Video

Last week I joined Chris Hoff, aka Beaker, and Team Squirrel down in Palo Alto to play v0dgeball for the evening.  I can’t say I was of much use, but it was awesome to watch Kim shimmy and twist her way out of almost every ball thrown at her.  And when it came down to the final game, Trey Ford did an awesome job of taking on the other team by himself.  Truly an epic performance.  For more video and pictures, you can visit Virtual Geek.  In the mean time, here’s a small sample of what we went through.  Great game guys!

No responses yet

Aug 27 2010

Certified Application Security Specialist in job description

Last year Rich Mogull and Jeremiah Grossman created a little know certification, the Certified Application Security Specialist or Certified ASS.  To those in the know, or with the intelligence of the average house pet, it should be immediately obvious that this was an April Fool’s joke.  Funny, and it’s been a continuing joke through out the community, but apparently someone took it seriously enough to actually include it in a job description recently on Craigslist.  And strangely enough, the link I had now leads to the scam page on Craigslist.  Luckily I had the foresight to grab a copy of the post before it disappeared.  What were these people thinking?  Don’t they know they’re supposed to save this sort of stuff for the beginning of April?  The full job description after the page break.

Tired of Coding? Become an Application Security Specialist! (san jose south)

We have an immediate opening for a junior application security specialist (ASS) to join our growing consulting company. This permanent, full-time position is a great opportunity for someone with strong web application development skills that would like to move into the interesting and fun field of application security. This is a highly technical hands-on role that will utilize your web application development skills but involves little coding.

We will provide the right candidate with on-the-job training. The goal will be to quickly teach you how to perform detailed web application security assessments (black-box) and penetration tests by pairing you up with seasoned consultants. We have plenty of interesting projects to work on, including a wide variety of web applications (financial, e-commerce, gaming, etc.) and web services. Longer-term, we will train you to perform security code reviews.

This is an opportunity for a team player who would like to move into a new and exciting field, is ready to get started quickly, and is eager to learn some new skills and have fun while doing so.

Continue Reading »

No responses yet

Feb 22 2010

SecurosisTV: Three faces made for podcasting

Published by under General,Humor,Social Networking

The horror! These guys should never be allowed to show their faces! Teasing aside, Rich, Adrian and Mike do a great job of laying out the three basic themes you should expect to see at RSA this year.  Cloud computing, Advanced Persistent Threat and Compliance are going to rule the floor at RSA.  Cloud computing and APT are this year’s big buzzwords that are poorly understood by the majority of the industry, therefore vendors and their marketing departments hop on the bandwagon in an attempt to define these new terms in their favor.  And compliance is going to be big because it’s what everyone has to do, whether they want to or not.

Given what I do by day, don’t be surprised that most of the podcasts coming out at RSA are going to be about compliance.  But I hope to step outside my little box at least a little and bring you some other interesting interviews.  I may even get a chance to catch up with Rich for a few moments or at least grab one of his Securosis cronies for next week’s podcast (I’ll probably hear it for calling them that).  Zach can’t make it, he muttered something about finances and his birthday. 

No responses yet

Oct 06 2009

NSFW: The Cloud Computing Consultant

Published by under Humor

This is brilliant, but it contains language that you don’t want playing at any volume from your cube.  Samj6n created a hypothetical conversation between a Cloud Computing Consultant and his victim … er… client.  It’s a little harsh, but it does highlight how much confusion there is surrounding Cloud Computing.  And I’m going to have to take some time to check out xtra normal when I have some spare time.  As if that will ever happen.

2 responses so far

Jul 11 2009

You lick it, you keep it

Some encounters are almost too strange to believe.  That doesn’t make them any less real.

I was walking down the street in San Francisco at lunch time Friday afternoon.  As I came up to a busy street corner I saw a paper grocery bag sitting on a bench with no one around it.  I walked up to the bag and peeked in to find three external hard drives, one Maxtor and two brands I didn’t recognize.  The drives looked like they were either well used or the product of a dumpster dive.  I knocked on the door of the one business nearby, but no one answered.  After a few minutes someone came out who worked in the building; he said there’d been a break-in recently but that he didn’t know anything about the drives.  I tried to call Rich for advice, but he was busy so I decided I’d finish my walk to lunch and think on the situation for a little while.

One burrito later, I walked up on the scene again.  This time a homeless man in dirty, ripped slacks was surveying the bag of hard drives.  He looked around much like I had done thirty minutes earlier, then scuttled up to the bag and pulled out one of the external hard drives.  After sniffing it for a second, he licked one side of the drive and put it back in the bag.  He then ran over to a parking meter and licked it, licked the taillights on both sides of an SUV and vanished from my sight behind the car. 

I lost any interest in the hard drives at that point.  That takes mom’s caution of “you don’t know where that’s been” to a whole new level.

Saliva incident aside, what would you do if you found a bag of hard drives in a park or public place?  Calling 911 didn’t seem appropriate, though there is a slim possiblity of explosives.  Taking the drives home and performing some forensics research on them crossed my mind; I have the technology if not much skill in the area.  I tried to turn them in to the business, but there was no one there.  I guess the gentlemen with the inquisitive taste buds saved me from a moral dilema. 

What would you have done?

15 responses so far

« Prev - Next »