Twitter Weekly Updates for 2012-05-20

  • RT @votescannell Mother of 3 Arrested for Taking Pictures of Tourist Attraction at Airport // I feel safer already. #
  • Freedom gropes for all @seatac! /cc @tsastatus. #
  • RT @ashk4n WiFi Pineapple lets anyone with $90 to "compromise the sh*t out of anyone using WiFi in the area" #armsrace #
  • Great question for @beaker: why has innovation in sanitation exceeded innovation in security? #
  • RT @DanaEpp In DC @ the security dev conference. Missing you both. Adam, I taught some people EoP at the reception tonight 😉 << cool! #
  • RT @jeremiahg it really is stunning how silly infosec's historical list of "best-practices" look when contrasted with data. #
  • RT @JohnLaTwC Nice job @adamshostack for your work on the Autorun update. Dropping infections by 60+% #
  • RT @jeremiahg RT @adamshostack: @jeremiahg Is that clueless, or cynical that the assessments are assessing the right things? < C) Both #
  • For those at AusCERT, quick pointer to additional Star Wars & Information security content: #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-13

  • RT @Ellen_CK It appears that putting a contest in one's internal newsletter leads to people actually reading it #SEingmycoworkers #
  • RT @bfist I like my risk like I like my steak << with blue cheese sauce? #
  • RT @451wendy "Q: How many of the Fortune 500 are hacked right now? A: 500." <- Lovely example of FUD << "lovely"? #
  • .@451wendy @dakami @attritionorg agree with Dan, we need data; Wendy this is testable Can I have a side helping of confirmation bias? 🙂 #
  • RT @Privacymatters Just updated iOS. More T&Cs include Apple WILL make public a basic profile which I can switch off afterwards #privacyfail #
  • RT @shawnmoyer Defenders: I'm the track chair for the defensive track (yes, there is one) for @BlackHatHQ. We need submissions! #
  • Why does @wsdot not have any "special events" here when there's a Mariner's game tonight? #
  • Spending time prepping my AusCERT talk. All that energy watching Star Wars for good examples, it's rough. #
  • New blog: "What Kip Hawley of the TSA Doesn't Understand about Terrorism" #
  • RT @AlecMuffett "#Cybersecurity: Demand An Evidence-Based Approach" ( at Computerworld ) #
  • MT @resnikoff Eagerly awaiting president's evolution on drone strikes, surveillance, drug war, mass imprisonment, secrecy, deportation, etc #
  • RT @aionescu Seriously? Flashing firmware with crap was a "revelation" & "life changing experience" for Dell & HP CEO? #
  • .@aionescu The trouble with classified briefings is they exclude skeptics & prevent discussion. #
  • We seem to be made to suffer. It's our lot in life. #
  • Look sir! Droids! #
  • What I really need is a droid that understands the binary language of power converters. #
  • He suggests that if you remove the restraining bolt, he might be able to play back the entire message. #
  • RT @normative U.S. Military Taught Officers: Use ‘Hiroshima’ Tactics for ‘Total War’ on Islam << Holy fuck #
  • RT @geekwire Ready Indian food fans? A Vij’s offshoot is coming to ‘Amazonland’ with help from Paul Allen << woot! #
  • Just cast my ballot for an open-access set of candidates for the ACM. Thanks to Brighten Godfrey for data: #
  • RT @BlackHatHQ Reminder: #BlackHat USA 2012 Call for Papers closes in 4 days on May 15. Time to deliver submissions #
  • RT @ericlaw: @jeremiahg: So if I see ".secure" in the URL, I'm good to go right? 😛 << Nah, you also have to look for the lock. #
  • RT @jeremiahg a "lock," how quaint. .secure needs an ominous icon. Like a bigass vault door w/ electric razor …<< TSA's blogger bob? #
  • We should start by understanding mental models, testing what people can learn, then decide how to secure it. #
  • If we spend a dollar educating everyone online about a new security measure, that's $2B. Seems worth a lot of up-front design. #
  • Quick blog on "Why Sharing Raw Data is Important" cc @hrbrmstr #
  • Where do I find the Youtube-nocookie link? Wasn't it under embed, options? #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-06

  • RT @netik You program in Rails? Check out Brakeman from our security team & make your code safer. (go @presidentbeef!) #
  • RT @KimZetter Equipment Maker Caught Installing Backdoor Vows to Fix After Public Pressure – #
  • Pro tip: "Blackhat talks get lots of publicity" is not a reason *your* submission will make a great BH talk" #
  • RT @mattblaze "It is a rare foray by Facebook into social engineering…" << Not rare at all; eg privacy, timeline. #
  • . @mattblaze maybe they meant it was rare for Facebook's social engineering to be for the public good? #
  • RT @jeremiahg #sansappsec panelist from ADP says the Elevation of Priviledge card game has proved remarkably engaging w/ DEVs & found bugs #
  • RT @Wh1t3Rabbit Just recorded another episode of Down the Rabbithole, this one with @adamshostack on "New School Security" – what a blast. #
  • RT @bccla: Cuts 2 CSIS watchdog actually close the office completely; no more oversight 4 Canada's spy agency: #cdnpoli #
  • RT @jatiki Anyone got source for a printed version of EOP card game My printer will not do less than 108 sets #
  • Added some rough costs to "Please Kickstarter Elevation of Privilege" #
  • RT @BlackHatHQ First round of #BlackHat speaker selections has been released! #
  • RT @tqbf We are in year ~32 of "security managed by folks who think strategically, don't break things". How's that going for us? #
  • Call me when he's done something dastardly, like painted the space needle orange, or stolen a bridge. (h/t @normative) #
  • RT @jayjacobs We've started a new blog series called "Ask the Data", first post is on Log Analysis: << yay, data! #
  • RT @rsingel The story behind the feds seizing a hip-hop site at RIAA behest for a year << Very sad abuse of power #
  • New blog: "More than 90% of Americans Take Action on Privacy" #
  • May the fourth be with you! I'm spending Star Wars Day on my AusCert talk, "This Technological Terror: Security Lessons from Lord Vader" #
  • New blog: More than 90% of Americans take action on privacy #
  • We have a hard enough time writing secure code without needing to code in back doors. #
  • Listening to Rhythms Del Mundo cover Bohemian Rhapsody in Spanish and wondering why language classes don't use more music. #
  • RT @dakami Everyone's been hacked. Now what? << Now we talk about it, learn from each others mistakes (cc @KimZetter) #
  • RT @dakami there is evidence that we're not wired to trust evidence. << Yeah, but I don't trust it. (Sorry, couldn't resist. 🙂 #
  • RT @csoghoian Facebook ad revenue by region. The company violates American users' privacy for just $9.51/ year. Sad #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-22

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-15

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-08

    Things I said:

  • Google continues to hobble their services, push accounts/wallet names, now w/ Scholar (cc @rileycrane @tgoetz @skud) #
  • In other words, why not create timelines for every scholar who's published? That would be organizing the worlds info & making it useful. #
  • You need a Google account to get that citation history, and I think that's unfortunate tying (/cc @walshman23) #
  • RTs that rise to the top

  • RT @philvenables Why people learn about risk. Another Peter Sandman classic read. #
  • RT @jjarmoc The only lesson I've learned so far from the Global Paynents breach is people who post "lessons learned" w/o info are idiots. #
  • RT @normative RT @ericanewland: New blog post: Contrary to Rhetoric, Study Shows Teens Benefit from Pseudonyms #
  • RT @sethmnookin Pertussis outbreak in WA state reaches "epidemic levels," w/close to 700% more cases than '11. < Whoop! #
  • RT @jeremiahg Is there a place a WebDev may go to get standard / template flow charts that account for functionality & security? #
  • Amusements:

  • Cormac's blog comment FTW: Richard Clarke clearly has no fear that he will have to endure the level of fact checking that Mike Daisey did. #
  • 8293574507499520″ class=”aktt_tweet_time”>#

  • RT @oneraindrop Ian G measures the OODA loop in infosec thinking – can you say firewalls & ssl? << There's a loop? #
  • RT @TSAgov Please stop taking pictures of each other faking pleasure during freedom pats. The #TSA does not need another meme. #
  • RT @regvulture Microsoft makes Top 20 list of Linux kernel contributors: Linux Foundation reports.. /via @hypatiadotca #
  • RT @terlin RT @pennjillette They're treating criminals like they wanted to fly on an airline. < Nah, strip searches don't cause cancer #
  • Privacy:

  • RT @chriseng: Apparently @Marriott injects JavaScript into every web page you view over their Wi-Fi network. Sketchy. #
  • RT @csoghoian No anonymity for US rail passengers. Amtrak WiFi blocks Tor Project website. < Whose censorware is that? #
  • RT @cstross Stop the UK from snooping on all our email and Facebook messages #IMP #privacy #bigbrother #CCDP #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-01

    That’s what I said:

  • Photographers should check out these awesome lens physics simulations from Stanford #
  • Good article by @elinormills "Why data breach isn't a dirty word anymore" #
  • New blog with a TED talk, "Doctors Make Mistakes, can we talk about that?" #
  • .@RSAConference can we go so far as "highly unlikely to sink you?" (cc @threatpost) #
  • Does PWC have data as an auditor anymore? Why are they issuing surveys, rather than data? cc @jeremiahg, @BillBrenner70 #
  • Can we just all agree that it's negligent to email plaintext tax documents containing SSNs? #
  • RT @jack_daniel [MA law] does not specifically forbid SSN in email, but that case is covered by 201 CMR 17.00 rules << thanks! #
  • RT @Walshman23 'tis the season (for SSN worst practices, that is) << Nonsense! I'm sure someone's declared emailing SSNs a best practice! #

And then that’s what Bruce said, or didn’t say. Both worth reading:

  • RT @schneierblog Congressional Testimony on the TSA I was supposed to testify today … < Way to silence critics! #
  • Schneier's closing statement in Economist debate: #
  • Liberty:

  • MT @SuicideGirls PayPal vs Bookstores > -> The Tale Of A Bank That Tried To Dictate What You Could Read #
  • RT @arstechnica Boston pays $170k settle cell phone recording lawsuit: by @binarybits << When will it be false arrest? #
  • RT @jamisonfoser Kill American citiz– no, wait… RT @AdamSerwer: Scalia: "What is left? If the government can do this what can it not do?" #
  • RT @aaronsw Black Congressman gets kicked off the House floor for donning a hoodie: #
  • RT @rsingel FBI taught agents it was okay to "bend or suspend" the law. Refuses to explain. great stuff by @attackerman #
  • Privacy, Girls Around Me:

  • RT @mr_goodwin Ok, people; someone's turned the creepy up to 11. It's time to think seriously about internet privacy: #
  • RT @Randominterrupt Lay.Ar also does that- not just with Facebook but with twitter and BBM info, as well. It's a bit creepy. #
  • Cutting off API access to a single app misses the point, @foursquare. What's the systematic fix? #
  • RT @joebeone is there a systematic fix to 4sq API access mashed up with FB promiscuity? ::) << I don't know, but whac-a-moling apps isn't it #
  • Maybe the best thing to do would be for @foursquare to let "Girls Around Me" be what it turns out to be–a great educational tool #
  • Breach disclosure:

  • New quick blog: "How to mess up your breach disclosure" /cc @briankrebs #
  • It's not the crime, it's the clamming up: #
  • MT @MasterCard We are investigating a potential data breach & as a result, have alerted card issuers of #s that may be at risk< who knew? #
  • Some work links:

  • RT @jdallman Security Development Conference 2012 lineup is locked! You don't want to miss this. #security #sdc2012 #
  • RT @k8em0 6 days left to enter the #BlueHatPrize – Shall we play a game? #
  • RT @nickm_tor Not seeing too many applications for Tor's Google Summer of Code positions yet. Hey students: This is a cool thing to do! #
  • Powered by Twitter Tools

    Edited Twitter Weekly Updates for 2012-03-25

    I’m continuing to tweak in the hopes of balancing useful & overwhelming. This week I’m not only cutting down the chaos a bit, but adding the emergent categories. Also, my tweets precede the Re-Tweets. Comments welcome.

    • Where can I send people new to infosec for security mentoring, confident that they'll get broad, data-centered advice? (#newschool) #
    • Just got entranced by (by @infobeautiful?) #
    • RT @alexhutton I wonder how much ISACA spends in SEO. Because unless @adamshostack is spending something, this is funny #
    • RT @bittman Yeh, exactly, by @tlaskawy. ‘Pink slime’ is the tip of the iceberg: #
    • RT @OSVDB 3 new IBM CTSS vulns from 1962 (x2) and 1965 added. << I forgot to ask, do you have working PoC code? #
    • RT @bobblakley Moving on: after 5 great years at Burton & Gartner, I'm moving to Citigroup to become Head of Info Sec Innovation < Congrats! #
    • Hey, Verizon’s DBIR 2012 is now out and available!:

    • RT @wadebaker We're happy to announce that the 2012 #DBIR is out. Hope you enjoy it and find it useful. #
    • "RT" @rmogull "Here's my guide to how to read the Verizon DBIR" #
    • Security and People:

    • The New York Times encourages readers to submit the answers to their password recovery questions. #
    • Fascinating SE technique Where does the dialog get the "Software Update" name? (cc IntegoSecurity) #
    • RT @Beaker Seriously. It's 2012 & banks are STILL using full SSN as USERNAMES!? WTF. Looking @ you, BofA << you'd prefer it as password? 😉 #
    • RT @arstechnica Facebook says it may sue employers who demand job applicants' passwords: by @JBrodkin #
    • RT @sambowne: 2-factor auth via cell phone is bad b/c SMS often takes 6 hours to arrive –Facebook Security #hnpworkshops2012 < Details pls? #
    • TSA:

    • RT @mtyka Congress Wants Your TSA Stories @slashdot #
    • RT @GreatDismal Above the head of every TSA line, beyond the scanners: the ghostly, smug, perpetually gratified eyes of OBL. #
    • Other jerks: special edition:

    • Women as a "perk" for a programming event is super-lame. #
    • RT @window RT @shanley Copy for @sqoot hackathon: "Women: Need another beer? Let one of our friendly (female) event staff get that for you." #
    • Powered by Twitter Tools

    Edited Tweets for 2012-03-18

    • RT @curphey amazing how many serial entrepreneurs, visionaries & thought leaders in security are wanting to contract @ $75/hour #
    • MT @GammaCounter Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: via @adam_orbit #
    • I really want @robinsage to RT this: Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: #
    • Britannica to cease publishing physical edition after 244 years: #
    • Writing your paper with absolute & % valuations: about .5 €. Not having every story say privacy is worth 50 cents: priceless. #
    • RT @spacerog "Why Aren't There More Women in Tech? I'll Tell You Why I'm Not <- the tragedy of most formal education" #
    • RT @alexhutton Measuring the OODA loop of security thinking: Can you say firewalls & SSL? < Not a loop without feedback #
    • There's a stack of things I'm looking at today where I have exactly the same reaction: "Evidence? Alternate hypotheses?" #
    • An old co-worker of mine is competing to get his product "Zoo Poo" in retail channels. It's entertaining, please vote #
    • And they say kids today don't care about privacy: #
    • RT @RSAConference @neiljrubenking discusses why it’s time to reevaluate your phone’s password manager < cc @1password #
    • RT @teacup Survey Foreign travelers were more afraid of United States immigration officials than of terrorism or crime #
    • RT @blowdart Honestly I am always worried every time I land, visa or not. << I wish the way we treated visitors got more attention #
    • RT @jmason @adamshostack @teacup "2/3rds feared being detained for 'minor mistakes or misstatements'." +1, it's happened to me #
    • RT @dlitchfield This is the St Paddy Day Irish Twitter worm: I need your help to spread so please re-tweet 🙂 #
    • I think @dlitchfield just 0day'd my twitter client. #
    • If a picture is worth 1000 words, does that mean I'm 2376 words into this chapter? #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-11

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-04

    • RT @tedfrank If you're having trouble getting Sudafed, here's how to make it with more readily available crystal meth. #
    • RT @digiphile "Privacy breaches keep getting worse. Facebook admits reading txt msgs of users who installed phone app" #
    • RT @threatpost #Microsoft partners w/ Good Technology to bring encrypted email to Windows Phone. << "better than bad!" #
    • RT @f5networks @WhiteHatSec says 23% of breaches occurred via a backdoor/control channel #rsac << I want a @wadebaker/@jeremiahg panel #
    • RT @attractr REcon 2012 CFP is out: #recon2012 #
    • It occurs to me that what @sushidude needs is a Bayesian belief engine with belief updates from CVE, DBIR? #
    • RT @MSFTsdl Stop by at the #RSAC #Microsoft SDL station and get a threat modeling card game! #MSFTsdl #
    • RT @MikeIsaac TED 2012: New Browser Add-On Visualizes Who is Tracking You Online #
    • Ron Gula remembers Dom Brezinski asking about NT4 remote at the first @blackhat. #
    • "I don't see anything private about IOC or indicators of fraud." – Roland Cloutier, CSO ADP #
    • Good points from @rongula about automation in data sharing. #
    • RT @DennisF Good talk on incident response and metrics at #bsidessf Turns out measuring stuff works. Who knew? << (me!) #
    • RT @Beaker Marcus (Ranum) just came by with some awesome Guy Fawkes mask balloons. Brilliant. #
    • RT @rsingel Former FBI counter-terrorism officer rips into TSA for being useless: #
    • RT @chriseng Who has the best #rsac booth swag? < Microsoft. You all need to raise your game by shipping some games. 🙂 #
    • I'm saved in part because the @chriseng "Thought Leader" ribbons are not booth swag. #
    • RT @veracode "Tower defense" video game promotes our new reporting capabilities that deliver positive, reports. Play: #
    • RT @moxie I'm happy to announce that @GetAbine will be taking over the #GoogleSharing project: #
    • Maybe "Do Not Disturb" doesn't mean the same thing to me & the Westin Market St San Francisco. Is it under new management? #
    • RT @jnabryant @adamshostack you still need to get your RSA junk mail regardless << Hey, I'm the customer, not the product! 🙂 #
    • RT @ebellis agree w/ @jeremiahg on this, one of the best articles … #RSAC << how to test? Will failures know? Admit? #
    • RT @curphey Break kitten auth knowing dogs are normally photographed on green grass while cats indoors. Genius! #
    • MT @jenvalentino Should gov be able to block cellphone services for "ensuring public safety"? FCC, Egypt want to know. #
    • RT @maxinux @adamshostack And #BART .. << true. Damn it's hard to snark in 140! 😉 #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-02-26

    Powered by Twitter Tools

    Help Find the People Who Killed Ulf Möller

    The family of Ulf Möller are asking for help in finding the people who murdered him, and asking for help spreading the word:

    They have a web site with details in English, German, Polish and Lithuanian:

    The two men are described as slim, both about 1.75 m to 1.80 m tall, between 20 and 30 years old. One of them was wearing a dark jacket with a fur-like hood. The surveillance cameras took clear pictures of his face. The other killer was wearing a noticeable light blue quilted Nike-brand jacket.

    We are grateful for any help in finding the murderers. Clues can be reported to the German police (Polizeidirektion Sachsen-Anhalt Ost, who are leading the investigation) by calling +49 340 6000 293, by sending e-mail to, or by visiting any German police station. If you prefer, you can email us directly at

    Help us find the people who killed Ulf.


    Twitter Weekly Updates for 2012-02-19

    • RT @csoghoian If Path-like apps that pilfered user contact data suffered a data breach, existing laws wouldn't require disclosure to users. #
    • New quickie blog: Bismark's Voice #
    • RT @paulmadsen Sharingfreude, n. – pleasure derived from inadvertent sharing of personal information on social media by friends & colleagues #
    • .@dakami @jeremiahg @tqbf see also Carl Ellison's work on "Ceremony Analysis"– it's broader than a ux issue, into mental models #
    • Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post so I've updated it #
    • Short form: We still don't know who knew what when about the Verisign breach #
    • Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post so I updated it #
    • RT @lennyzeltser An example of an SMS #phishing message that pursues Verizon Wireless logon credentials: #
    • RT @jeremiahg "Senate Passes Bill Allowing Airports To Evict TSA Screeners" <an airport w/o TSA is very attractive #
    • RT @FAQShop [TechNet Blogs] Elevation of Privilege – we made a card game for developers! Welcome to Tuesday article #
    • I'm looking for interesting analysis of the Collins-Leiberman security bill: #
    • "Cheating is encouraged" #
    • RT @PrivacyMemes Twitter Is The Latest Company To Admit It Uploads Your Address Book < Time for a law? A tort? #
    • Wow, the new Twitter is both ugly and less customer-centered. #FAIL #
    • RT @KimZetter TSA Denies it Targets Attractive Female Passengers for Body Scans << Except the claim was "nice figure" #
    • RT @mtanji @KimZetter Of course there is no "policy" to target the hawtness, that's merely the practice once humans are put in the loop. #
    • RT @BlackHatEvents Black Hat EU 2012 Schedule is out! #
    • RT @MSFTsdl The Evolution of Elevation: Threat Modeling in a #Microsoft World by @danaepp #security #
    • RT @singe Worried about AddressBook privacy on iOS? Check out AdiOS & Gorilla (latter requires JB) #
    • RT @rsingel .@jerrybrito on how transparency might be better for infrastructure security than regulation: < like #
    • RT @singe Have any of you ever worked on a project where privacy controls were part of the requirements spec? << both at ZKS & Microsoft #
    • RT @Wh1t3Rabbit I think I have a new game for those speakers coming to OWASP AppSecAPAC …shoot me a note if you want to play < yay, games! #

    Powered by Twitter Tools