Archive for the 'Humor' Category

Nov 06 2012

Network Security Podcast, Episode 295

Published by under Government,Humor,Podcast

Rich is M.I.A. again, and we’re left do discuss Russia, “the biggest problem in computer security”, and the perpetual badness of industrial control systems.  And hopefully by the time you read this, all of the Presidential excitement will be over, or you’ll have a drink in hand and won’t care any more.

Network Security Podcast, Episode 295, November 6, 2012

Time:  35:06

Show notes:

No responses yet

Jul 10 2012

Participating in Hacker Hug Bingo

Published by under Humor

I’m still not sure how this got started.  I’m not even sure what the point is.  But in any case I’ve been volunteered for a spot on Hacker Hug Bingo at Black Hat, Defcon and BSides Las Vegas this year.  The point is for participants to meet some of the rogue’s gallery of security people on Twitter and get pictures of hugs with them.  This should be fun for people like @diami03, who’s a little shy to begin with and will be very leery about being hugged.  Which brings up one of the most important rules of the game, ask before getting a hug or taking a picture.  Being the perverse jerk I am, I provided the contest with a 25+ year old picture of myself.  Too bad there’s not a way you could find a better picture.  I’ll be around from Tuesday through Sunday, so please take a moment to introduce yourself before asking for a hug.  BTW, there are prizes of some sort.  BYOP*

*Bring Your Own Penguin!  It’ll make more sense if you read the bonus rules.

No responses yet

Jul 01 2011

Weird Al is brilliant!

Published by under Humor

“Stop Forwarding that Crap to Me!”

Most of my family doesn’t send me much of this stuff any more, but I am still tempted to send it to each and every one of them anyway.

“Weird Al” Yankovic – Stop Forwarding That Crap To Me from Fube on Vimeo.

No responses yet

Mar 29 2011

Network Security Podcast, Episode 235

Published by under Hacking,Humor,PCI,Podcast

Martin and Rich are joined tonight by our new co-host, Joseph Sokoly, formerly of the Southern Fried Security podcast.  Martin leads off the night with a short story about his kids, in which he once again demonstrates his inability to remember the proper names for people and things (it’s Elevation of Privilege by Adam Shostack, not ‘escalation).  We talk about the most recent round of breach disclosures as well as a brief foray into PCI.  But we do keep it mercifully brief.  Welcome again to Mr. Sokoly, it’ll be nice to have someone a bit more reasonable on the show.

Network Security Podcast, Episode 235, March 29, 2011
Time:  28:08

Show Notes:


No responses yet

Nov 11 2010

Nailing the new TSA process

‘Nuff said!

No responses yet

Oct 13 2010

The Friendly, Snuggly Security Bear and the Internet

If you’re not already scared of the people who want to listen in to your phones, then this video won’t worry you.

3 responses so far

Sep 28 2010

Network Security Podcast, Episode 214

We’re all back on the air and Mad Mike Rothman has been put back in his cage.  Okay, maybe not his cage, but between Rich, Zach and Martin, there’s not room for one more loudmouth this week.  Besides, we actually getting the three of us around the virtual coffee table to kvetch.  Zach is on the road, so he phones it in this week and Martin gives a quick review of the PCI Community Meeting without actually revealing anything that went on.  That would be against the rules. 

Network Security Podcast, Episode 214, September 29, 2010
Time:  40:40

Show Notes: 

No responses yet

Sep 09 2010

Just for fun, part 2

Published by under CISSP/ISC2,Humor

Here’s the CISSP Song by Rob Slade.  I’m not going to try to sing it, but I hope someone does.  And I hope that someone sends me the recording to play on the podcast.

Thanks Rob!

Lyrics by Rob Slade

Sung to the tune of “The Major General’s Song,” from
“Pirates of Penzance,” by Gilbert and Sullivan [1]

CISSP (solo):
I am a Certifiable Security Professional
I’ve countermeasures physical, administrative, technical
I know the ports of TCP and backdoors with malign intent
And survey risk analysis to prove the safeguards wisely spent
I’m very well acquainted, too, with matters of the blackhat crew
Attendance on the IRC phrack channel makes my colleagues stew
With viruses and zero days I’m teeming with a lot o’ news,
With many cheerful facts about the weaknesses in Usenet news

CIO Chorus:
With many cheerful facts about the weaknesses in Usenet news (etc.)

I’m very good at ACLs and mandatory access modes
I know the disassembled names of CPU compare opcodes
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

I know our mythic history, LaPadula, Biba, and Bell
I know the biometric facts, memorized CERs as well
I understand the lattice, roles, rules, and discretion base
And pseudorandomize my keys to maximize the address space
I’ve tokens, tickets, one-time passwords, smart cards and a kerberos
And Centralized Remote Authentication to remove the dross
I’m proof against the DoS, Man-in-the-Middle and brute force attacks
My proprietary off-the-shelf stuff’s licenced and it never cracks.

His proprietary off-the-shelf’s all licenced and it never cracks.

My audit logs are analysed, detect intrusions evey time
My legal counsel’s up to date with all the best computer crime
In short, in matters physical, administrative, technical
I am the very model of an infosec professional!

In short, in matters physical, administrative, technical
He is the very model of an infosec professional!

In fact when I know what is meant by “data link” and “twisted pair”
When I can tell a fibre optic cable from a trigger hair
When Internet Explorer I no longer use the Web to surf
Or let my users chat on IRC on all my network turf
When I have learnt that firewalls can filter out the packets bad
When I know that the guy with foreign bank accounts might be a cad
In short when I’ve a wee bit of professional paranoia
You’ll say a better CISSP has never addressed yuh.

You’ll say a better CISSP has never addressed yuh.

For my security training, managerial though it may be
Lacks practical direction and real-world applicability
But still, in matters physical, administrative, technical
I am the very model of an infosec professional!

But still, in matters physical, administrative, technical
He is the very model of an infosec professional!

2 responses so far

Sep 09 2010

Just for fun, part 1

Published by under Humor,Social Networking,Video

Last week I joined Chris Hoff, aka Beaker, and Team Squirrel down in Palo Alto to play v0dgeball for the evening.  I can’t say I was of much use, but it was awesome to watch Kim shimmy and twist her way out of almost every ball thrown at her.  And when it came down to the final game, Trey Ford did an awesome job of taking on the other team by himself.  Truly an epic performance.  For more video and pictures, you can visit Virtual Geek.  In the mean time, here’s a small sample of what we went through.  Great game guys!

No responses yet

Aug 27 2010

Certified Application Security Specialist in job description

Last year Rich Mogull and Jeremiah Grossman created a little know certification, the Certified Application Security Specialist or Certified ASS.  To those in the know, or with the intelligence of the average house pet, it should be immediately obvious that this was an April Fool’s joke.  Funny, and it’s been a continuing joke through out the community, but apparently someone took it seriously enough to actually include it in a job description recently on Craigslist.  And strangely enough, the link I had now leads to the scam page on Craigslist.  Luckily I had the foresight to grab a copy of the post before it disappeared.  What were these people thinking?  Don’t they know they’re supposed to save this sort of stuff for the beginning of April?  The full job description after the page break.

Tired of Coding? Become an Application Security Specialist! (san jose south)

We have an immediate opening for a junior application security specialist (ASS) to join our growing consulting company. This permanent, full-time position is a great opportunity for someone with strong web application development skills that would like to move into the interesting and fun field of application security. This is a highly technical hands-on role that will utilize your web application development skills but involves little coding.

We will provide the right candidate with on-the-job training. The goal will be to quickly teach you how to perform detailed web application security assessments (black-box) and penetration tests by pairing you up with seasoned consultants. We have plenty of interesting projects to work on, including a wide variety of web applications (financial, e-commerce, gaming, etc.) and web services. Longer-term, we will train you to perform security code reviews.

This is an opportunity for a team player who would like to move into a new and exciting field, is ready to get started quickly, and is eager to learn some new skills and have fun while doing so.

Continue Reading »

No responses yet

« Prev - Next »