Twitter Weekly Updates for 2012-06-10

  • RT @DeathStarPR Easy way to feel like Darth Vader: stand over a heap of dirty laundry and imagine you've just killed a Jedi. #StarWars #
  • RT @runasand We have managed to determine exactly how Ethiopia blocks #Tor and we have developed a workaround: #
  • RT @derekcslater What I learned when I left security Advice on exec communication – great story, valuable perspectives #
  • RT @hellNbak_ @adamshostack @derekcslater anything with Scott Blake has to be worth reading. #
  • Imma let you finish @asus, but If you get past how sexist & asinine @asus was, you realize it's so bad it's hard to satirize #
  • RT @jeremiahg "Samsung Bug Bounty Program is under maintenance." ooops, did linking to just kill the site? << & will you get bounty? #
  • RT @jeremiahg Interesting twist on CloudFlare breach "..involved breach of AT&Ts systems that compromised oob auth" #
  • This Cloudflare blog shows how much we can learn when we talk about attacks, rather than hiding them. #
  • RT @netik OH: Of course you need extra gorilla suits. You can't wear a white gorilla suit after labor day. Geesh. #
  • doesn't make it easy to opt out (and if you're an AT&T customer, you should). Why not work from a phone #? #
  • New Blog: "On @Cloudflare's post-mortem" #
  • RT @joshcorman follow for DM? << You know, there are email tools that give you 150+ characters, subject lines? 🙂 #
  • RT @451wendy RT @rachelchalmers: There's a little black spot on the sun today. < It's the same old thing as yesterday. #
  • RT @thedarktangent Secretary says Cyber and Aviation security consume more of her time than ever before. #DHS < This juxtaposition scares me #
  • RT @thedarktangent honored to co-chair new task force on #cyber workforce development to develop a long term strategy for #DHS < Congrats! #
  • RT @Beaker Updated BYOD security profile/policy pushed to my iPhone this morning. String passwords on phone unlock (really?) = PiTA. #
  • Intrusive password policies spend compliance #
  • Bad password policies give no benefit while absorbing your people's willingness to help with security. #Fail (cc @beaker) #
  • RT @moxie If LinkedIn hasn't confirmed the breach, they havent fixed it either. You can change your PW, but attackers can just get it again #
  • MT @amrittsering Too bad there've been so few data breaches to help folks deal with the linkedin breach, if only we had a more learning opps #
  • RT @aloria Another password breach, another round of "how to create strong passwords" lectures. THEY'LL TOTALLY LISTEN THIS TIME! #adorable #
  • MT @jeremiahg Instincts telling me these incidents are connected. Wondering if all 3 using the same DEV framework. << or same PR checklist? #
  • I'll bet we see 10-20 announcements of password breaches hoping to be in the LinkedIn PR shadow. Reminds me a bit of Heartland/inauguration #
  • RT @451wendy @securityninja That would be fantastic. We need more security card games besides Elevation of Privilege. #
  • There's a fascinating difference between security people & normal folks when there's a guy on the bus with a test LTE wifi gateway. #
  • RT @AngryBFlay A dash of granola is a great way to add excitement to a dish if you have zero grasp of what the fuck excitement means. #
  • RT @MSFTnews To track or not to track? Not just a question, a choice for consumers and industry #
  • RT @philvenables More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec. #
  • RT @3ricj Now everybody but me has my linked in password. This can only lead to future job offers. #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-06-03

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-20

  • RT @votescannell Mother of 3 Arrested for Taking Pictures of Tourist Attraction at Airport // I feel safer already. #
  • Freedom gropes for all @seatac! /cc @tsastatus. #
  • RT @ashk4n WiFi Pineapple lets anyone with $90 to "compromise the sh*t out of anyone using WiFi in the area" #armsrace #
  • Great question for @beaker: why has innovation in sanitation exceeded innovation in security? #
  • RT @DanaEpp In DC @ the security dev conference. Missing you both. Adam, I taught some people EoP at the reception tonight 😉 << cool! #
  • RT @jeremiahg it really is stunning how silly infosec's historical list of "best-practices" look when contrasted with data. #
  • RT @JohnLaTwC Nice job @adamshostack for your work on the Autorun update. Dropping infections by 60+% #
  • RT @jeremiahg RT @adamshostack: @jeremiahg Is that clueless, or cynical that the assessments are assessing the right things? < C) Both #
  • For those at AusCERT, quick pointer to additional Star Wars & Information security content: #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-13

  • RT @Ellen_CK It appears that putting a contest in one's internal newsletter leads to people actually reading it #SEingmycoworkers #
  • RT @bfist I like my risk like I like my steak << with blue cheese sauce? #
  • RT @451wendy "Q: How many of the Fortune 500 are hacked right now? A: 500." <- Lovely example of FUD << "lovely"? #
  • .@451wendy @dakami @attritionorg agree with Dan, we need data; Wendy this is testable Can I have a side helping of confirmation bias? 🙂 #
  • RT @Privacymatters Just updated iOS. More T&Cs include Apple WILL make public a basic profile which I can switch off afterwards #privacyfail #
  • RT @shawnmoyer Defenders: I'm the track chair for the defensive track (yes, there is one) for @BlackHatHQ. We need submissions! #
  • Why does @wsdot not have any "special events" here when there's a Mariner's game tonight? #
  • Spending time prepping my AusCERT talk. All that energy watching Star Wars for good examples, it's rough. #
  • New blog: "What Kip Hawley of the TSA Doesn't Understand about Terrorism" #
  • RT @AlecMuffett "#Cybersecurity: Demand An Evidence-Based Approach" ( at Computerworld ) #
  • MT @resnikoff Eagerly awaiting president's evolution on drone strikes, surveillance, drug war, mass imprisonment, secrecy, deportation, etc #
  • RT @aionescu Seriously? Flashing firmware with crap was a "revelation" & "life changing experience" for Dell & HP CEO? #
  • .@aionescu The trouble with classified briefings is they exclude skeptics & prevent discussion. #
  • We seem to be made to suffer. It's our lot in life. #
  • Look sir! Droids! #
  • What I really need is a droid that understands the binary language of power converters. #
  • He suggests that if you remove the restraining bolt, he might be able to play back the entire message. #
  • RT @normative U.S. Military Taught Officers: Use ‘Hiroshima’ Tactics for ‘Total War’ on Islam << Holy fuck #
  • RT @geekwire Ready Indian food fans? A Vij’s offshoot is coming to ‘Amazonland’ with help from Paul Allen << woot! #
  • Just cast my ballot for an open-access set of candidates for the ACM. Thanks to Brighten Godfrey for data: #
  • RT @BlackHatHQ Reminder: #BlackHat USA 2012 Call for Papers closes in 4 days on May 15. Time to deliver submissions #
  • RT @ericlaw: @jeremiahg: So if I see ".secure" in the URL, I'm good to go right? 😛 << Nah, you also have to look for the lock. #
  • RT @jeremiahg a "lock," how quaint. .secure needs an ominous icon. Like a bigass vault door w/ electric razor …<< TSA's blogger bob? #
  • We should start by understanding mental models, testing what people can learn, then decide how to secure it. #
  • If we spend a dollar educating everyone online about a new security measure, that's $2B. Seems worth a lot of up-front design. #
  • Quick blog on "Why Sharing Raw Data is Important" cc @hrbrmstr #
  • Where do I find the Youtube-nocookie link? Wasn't it under embed, options? #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-06

  • RT @netik You program in Rails? Check out Brakeman from our security team & make your code safer. (go @presidentbeef!) #
  • RT @KimZetter Equipment Maker Caught Installing Backdoor Vows to Fix After Public Pressure – #
  • Pro tip: "Blackhat talks get lots of publicity" is not a reason *your* submission will make a great BH talk" #
  • RT @mattblaze "It is a rare foray by Facebook into social engineering…" << Not rare at all; eg privacy, timeline. #
  • . @mattblaze maybe they meant it was rare for Facebook's social engineering to be for the public good? #
  • RT @jeremiahg #sansappsec panelist from ADP says the Elevation of Priviledge card game has proved remarkably engaging w/ DEVs & found bugs #
  • RT @Wh1t3Rabbit Just recorded another episode of Down the Rabbithole, this one with @adamshostack on "New School Security" – what a blast. #
  • RT @bccla: Cuts 2 CSIS watchdog actually close the office completely; no more oversight 4 Canada's spy agency: #cdnpoli #
  • RT @jatiki Anyone got source for a printed version of EOP card game My printer will not do less than 108 sets #
  • Added some rough costs to "Please Kickstarter Elevation of Privilege" #
  • RT @BlackHatHQ First round of #BlackHat speaker selections has been released! #
  • RT @tqbf We are in year ~32 of "security managed by folks who think strategically, don't break things". How's that going for us? #
  • Call me when he's done something dastardly, like painted the space needle orange, or stolen a bridge. (h/t @normative) #
  • RT @jayjacobs We've started a new blog series called "Ask the Data", first post is on Log Analysis: << yay, data! #
  • RT @rsingel The story behind the feds seizing a hip-hop site at RIAA behest for a year << Very sad abuse of power #
  • New blog: "More than 90% of Americans Take Action on Privacy" #
  • May the fourth be with you! I'm spending Star Wars Day on my AusCert talk, "This Technological Terror: Security Lessons from Lord Vader" #
  • New blog: More than 90% of Americans take action on privacy #
  • We have a hard enough time writing secure code without needing to code in back doors. #
  • Listening to Rhythms Del Mundo cover Bohemian Rhapsody in Spanish and wondering why language classes don't use more music. #
  • RT @dakami Everyone's been hacked. Now what? << Now we talk about it, learn from each others mistakes (cc @KimZetter) #
  • RT @dakami there is evidence that we're not wired to trust evidence. << Yeah, but I don't trust it. (Sorry, couldn't resist. 🙂 #
  • RT @csoghoian Facebook ad revenue by region. The company violates American users' privacy for just $9.51/ year. Sad #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-22

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-15

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-08

    Things I said:

  • Google continues to hobble their services, push accounts/wallet names, now w/ Scholar (cc @rileycrane @tgoetz @skud) #
  • In other words, why not create timelines for every scholar who's published? That would be organizing the worlds info & making it useful. #
  • You need a Google account to get that citation history, and I think that's unfortunate tying (/cc @walshman23) #
  • RTs that rise to the top

  • RT @philvenables Why people learn about risk. Another Peter Sandman classic read. #
  • RT @jjarmoc The only lesson I've learned so far from the Global Paynents breach is people who post "lessons learned" w/o info are idiots. #
  • RT @normative RT @ericanewland: New blog post: Contrary to Rhetoric, Study Shows Teens Benefit from Pseudonyms #
  • RT @sethmnookin Pertussis outbreak in WA state reaches "epidemic levels," w/close to 700% more cases than '11. < Whoop! #
  • RT @jeremiahg Is there a place a WebDev may go to get standard / template flow charts that account for functionality & security? #
  • Amusements:

  • Cormac's blog comment FTW: Richard Clarke clearly has no fear that he will have to endure the level of fact checking that Mike Daisey did. #
  • 8293574507499520″ class=”aktt_tweet_time”>#

  • RT @oneraindrop Ian G measures the OODA loop in infosec thinking – can you say firewalls & ssl? << There's a loop? #
  • RT @TSAgov Please stop taking pictures of each other faking pleasure during freedom pats. The #TSA does not need another meme. #
  • RT @regvulture Microsoft makes Top 20 list of Linux kernel contributors: Linux Foundation reports.. /via @hypatiadotca #
  • RT @terlin RT @pennjillette They're treating criminals like they wanted to fly on an airline. < Nah, strip searches don't cause cancer #
  • Privacy:

  • RT @chriseng: Apparently @Marriott injects JavaScript into every web page you view over their Wi-Fi network. Sketchy. #
  • RT @csoghoian No anonymity for US rail passengers. Amtrak WiFi blocks Tor Project website. < Whose censorware is that? #
  • RT @cstross Stop the UK from snooping on all our email and Facebook messages #IMP #privacy #bigbrother #CCDP #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-01

    That’s what I said:

  • Photographers should check out these awesome lens physics simulations from Stanford #
  • Good article by @elinormills "Why data breach isn't a dirty word anymore" #
  • New blog with a TED talk, "Doctors Make Mistakes, can we talk about that?" #
  • .@RSAConference can we go so far as "highly unlikely to sink you?" (cc @threatpost) #
  • Does PWC have data as an auditor anymore? Why are they issuing surveys, rather than data? cc @jeremiahg, @BillBrenner70 #
  • Can we just all agree that it's negligent to email plaintext tax documents containing SSNs? #
  • RT @jack_daniel [MA law] does not specifically forbid SSN in email, but that case is covered by 201 CMR 17.00 rules << thanks! #
  • RT @Walshman23 'tis the season (for SSN worst practices, that is) << Nonsense! I'm sure someone's declared emailing SSNs a best practice! #

And then that’s what Bruce said, or didn’t say. Both worth reading:

  • RT @schneierblog Congressional Testimony on the TSA I was supposed to testify today … < Way to silence critics! #
  • Schneier's closing statement in Economist debate: #
  • Liberty:

  • MT @SuicideGirls PayPal vs Bookstores > -> The Tale Of A Bank That Tried To Dictate What You Could Read #
  • RT @arstechnica Boston pays $170k settle cell phone recording lawsuit: by @binarybits << When will it be false arrest? #
  • RT @jamisonfoser Kill American citiz– no, wait… RT @AdamSerwer: Scalia: "What is left? If the government can do this what can it not do?" #
  • RT @aaronsw Black Congressman gets kicked off the House floor for donning a hoodie: #
  • RT @rsingel FBI taught agents it was okay to "bend or suspend" the law. Refuses to explain. great stuff by @attackerman #
  • Privacy, Girls Around Me:

  • RT @mr_goodwin Ok, people; someone's turned the creepy up to 11. It's time to think seriously about internet privacy: #
  • RT @Randominterrupt Lay.Ar also does that- not just with Facebook but with twitter and BBM info, as well. It's a bit creepy. #
  • Cutting off API access to a single app misses the point, @foursquare. What's the systematic fix? #
  • RT @joebeone is there a systematic fix to 4sq API access mashed up with FB promiscuity? ::) << I don't know, but whac-a-moling apps isn't it #
  • Maybe the best thing to do would be for @foursquare to let "Girls Around Me" be what it turns out to be–a great educational tool #
  • Breach disclosure:

  • New quick blog: "How to mess up your breach disclosure" /cc @briankrebs #
  • It's not the crime, it's the clamming up: #
  • MT @MasterCard We are investigating a potential data breach & as a result, have alerted card issuers of #s that may be at risk< who knew? #
  • Some work links:

  • RT @jdallman Security Development Conference 2012 lineup is locked! You don't want to miss this. #security #sdc2012 #
  • RT @k8em0 6 days left to enter the #BlueHatPrize – Shall we play a game? #
  • RT @nickm_tor Not seeing too many applications for Tor's Google Summer of Code positions yet. Hey students: This is a cool thing to do! #
  • Powered by Twitter Tools

    Edited Twitter Weekly Updates for 2012-03-25

    I’m continuing to tweak in the hopes of balancing useful & overwhelming. This week I’m not only cutting down the chaos a bit, but adding the emergent categories. Also, my tweets precede the Re-Tweets. Comments welcome.

    • Where can I send people new to infosec for security mentoring, confident that they'll get broad, data-centered advice? (#newschool) #
    • Just got entranced by (by @infobeautiful?) #
    • RT @alexhutton I wonder how much ISACA spends in SEO. Because unless @adamshostack is spending something, this is funny #
    • RT @bittman Yeh, exactly, by @tlaskawy. ‘Pink slime’ is the tip of the iceberg: #
    • RT @OSVDB 3 new IBM CTSS vulns from 1962 (x2) and 1965 added. << I forgot to ask, do you have working PoC code? #
    • RT @bobblakley Moving on: after 5 great years at Burton & Gartner, I'm moving to Citigroup to become Head of Info Sec Innovation < Congrats! #
    • Hey, Verizon’s DBIR 2012 is now out and available!:

    • RT @wadebaker We're happy to announce that the 2012 #DBIR is out. Hope you enjoy it and find it useful. #
    • "RT" @rmogull "Here's my guide to how to read the Verizon DBIR" #
    • Security and People:

    • The New York Times encourages readers to submit the answers to their password recovery questions. #
    • Fascinating SE technique Where does the dialog get the "Software Update" name? (cc IntegoSecurity) #
    • RT @Beaker Seriously. It's 2012 & banks are STILL using full SSN as USERNAMES!? WTF. Looking @ you, BofA << you'd prefer it as password? 😉 #
    • RT @arstechnica Facebook says it may sue employers who demand job applicants' passwords: by @JBrodkin #
    • RT @sambowne: 2-factor auth via cell phone is bad b/c SMS often takes 6 hours to arrive –Facebook Security #hnpworkshops2012 < Details pls? #
    • TSA:

    • RT @mtyka Congress Wants Your TSA Stories @slashdot #
    • RT @GreatDismal Above the head of every TSA line, beyond the scanners: the ghostly, smug, perpetually gratified eyes of OBL. #
    • Other jerks: special edition:

    • Women as a "perk" for a programming event is super-lame. #
    • RT @window RT @shanley Copy for @sqoot hackathon: "Women: Need another beer? Let one of our friendly (female) event staff get that for you." #
    • Powered by Twitter Tools

    Edited Tweets for 2012-03-18

    • RT @curphey amazing how many serial entrepreneurs, visionaries & thought leaders in security are wanting to contract @ $75/hour #
    • MT @GammaCounter Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: via @adam_orbit #
    • I really want @robinsage to RT this: Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: #
    • Britannica to cease publishing physical edition after 244 years: #
    • Writing your paper with absolute & % valuations: about .5 €. Not having every story say privacy is worth 50 cents: priceless. #
    • RT @spacerog "Why Aren't There More Women in Tech? I'll Tell You Why I'm Not <- the tragedy of most formal education" #
    • RT @alexhutton Measuring the OODA loop of security thinking: Can you say firewalls & SSL? < Not a loop without feedback #
    • There's a stack of things I'm looking at today where I have exactly the same reaction: "Evidence? Alternate hypotheses?" #
    • An old co-worker of mine is competing to get his product "Zoo Poo" in retail channels. It's entertaining, please vote #
    • And they say kids today don't care about privacy: #
    • RT @RSAConference @neiljrubenking discusses why it’s time to reevaluate your phone’s password manager < cc @1password #
    • RT @teacup Survey Foreign travelers were more afraid of United States immigration officials than of terrorism or crime #
    • RT @blowdart Honestly I am always worried every time I land, visa or not. << I wish the way we treated visitors got more attention #
    • RT @jmason @adamshostack @teacup "2/3rds feared being detained for 'minor mistakes or misstatements'." +1, it's happened to me #
    • RT @dlitchfield This is the St Paddy Day Irish Twitter worm: I need your help to spread so please re-tweet 🙂 #
    • I think @dlitchfield just 0day'd my twitter client. #
    • If a picture is worth 1000 words, does that mean I'm 2376 words into this chapter? #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-11

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-04

    • RT @tedfrank If you're having trouble getting Sudafed, here's how to make it with more readily available crystal meth. #
    • RT @digiphile "Privacy breaches keep getting worse. Facebook admits reading txt msgs of users who installed phone app" #
    • RT @threatpost #Microsoft partners w/ Good Technology to bring encrypted email to Windows Phone. << "better than bad!" #
    • RT @f5networks @WhiteHatSec says 23% of breaches occurred via a backdoor/control channel #rsac << I want a @wadebaker/@jeremiahg panel #
    • RT @attractr REcon 2012 CFP is out: #recon2012 #
    • It occurs to me that what @sushidude needs is a Bayesian belief engine with belief updates from CVE, DBIR? #
    • RT @MSFTsdl Stop by at the #RSAC #Microsoft SDL station and get a threat modeling card game! #MSFTsdl #
    • RT @MikeIsaac TED 2012: New Browser Add-On Visualizes Who is Tracking You Online #
    • Ron Gula remembers Dom Brezinski asking about NT4 remote at the first @blackhat. #
    • "I don't see anything private about IOC or indicators of fraud." – Roland Cloutier, CSO ADP #
    • Good points from @rongula about automation in data sharing. #
    • RT @DennisF Good talk on incident response and metrics at #bsidessf Turns out measuring stuff works. Who knew? << (me!) #
    • RT @Beaker Marcus (Ranum) just came by with some awesome Guy Fawkes mask balloons. Brilliant. #
    • RT @rsingel Former FBI counter-terrorism officer rips into TSA for being useless: #
    • RT @chriseng Who has the best #rsac booth swag? < Microsoft. You all need to raise your game by shipping some games. 🙂 #
    • I'm saved in part because the @chriseng "Thought Leader" ribbons are not booth swag. #
    • RT @veracode "Tower defense" video game promotes our new reporting capabilities that deliver positive, reports. Play: #
    • RT @moxie I'm happy to announce that @GetAbine will be taking over the #GoogleSharing project: #
    • Maybe "Do Not Disturb" doesn't mean the same thing to me & the Westin Market St San Francisco. Is it under new management? #
    • RT @jnabryant @adamshostack you still need to get your RSA junk mail regardless << Hey, I'm the customer, not the product! 🙂 #
    • RT @ebellis agree w/ @jeremiahg on this, one of the best articles … #RSAC << how to test? Will failures know? Admit? #
    • RT @curphey Break kitten auth knowing dogs are normally photographed on green grass while cats indoors. Genius! #
    • MT @jenvalentino Should gov be able to block cellphone services for "ensuring public safety"? FCC, Egypt want to know. #
    • RT @maxinux @adamshostack And #BART .. << true. Damn it's hard to snark in 140! 😉 #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-02-26

    Powered by Twitter Tools