Edited Twitter Weekly Updates for 2012-06-10

  • RT @hellNbak_ @adamshostack @derekcslater anything with Scott Blake has to be worth reading. #
  • RT @Beaker Updated BYOD security profile/policy pushed to my iPhone this morning. String passwords on phone unlock (really?) = PiTA. #
  • Bad password policies give no benefit while absorbing your people's willingness to help with security. #Fail (cc @beaker) #
  • RT @moxie If LinkedIn hasn't confirmed the breach, they havent fixed it either. You can change your PW, but attackers can just get it again #
  • RT @aloria Another password breach, another round of "how to create strong passwords" lectures. THEY'LL TOTALLY LISTEN THIS TIME! #adorable #
  • MT @jeremiahg Instincts telling me these incidents are connected. Wondering if all 3 using the same DEV framework. << or same PR checklist? #
  • I'll bet we see 10-20 announcements of password breaches hoping to be in the LinkedIn PR shadow. Reminds me a bit of Heartland/inauguration #
  • RT @451wendy @securityninja That would be fantastic. We need more security card games besides Elevation of Privilege. #
  • RT @MSFTnews To track or not to track? Not just a question, a choice for consumers and industry http://t.co/906dY7D4 #
  • RT @philvenables More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec. http://t.co/SiFpDkxT #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-06-03

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-20

  • RT @votescannell Mother of 3 Arrested for Taking Pictures of Tourist Attraction at Airport http://t.co/Id8TKH9r // I feel safer already. #
  • Freedom gropes for all @seatac! /cc @tsastatus. #
  • RT @ashk4n WiFi Pineapple lets anyone with $90 to "compromise the sh*t out of anyone using WiFi in the area" http://t.co/TnR3n56k #armsrace #
  • Great question for @beaker: why has innovation in sanitation exceeded innovation in security? #
  • RT @DanaEpp In DC @ the security dev conference. Missing you both. Adam, I taught some people EoP at the reception tonight 😉 << cool! #
  • RT @jeremiahg it really is stunning how silly infosec's historical list of "best-practices" look when contrasted with data. #
  • RT @JohnLaTwC Nice job @adamshostack for your work on the Autorun update. Dropping infections by 60+% #
  • RT @jeremiahg RT @adamshostack: @jeremiahg Is that clueless, or cynical that the assessments are assessing the right things? < C) Both #
  • For those at AusCERT, quick pointer to additional Star Wars & Information security content: http://t.co/yfY6F9nl #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-13

  • RT @Ellen_CK It appears that putting a contest in one's internal newsletter leads to people actually reading it #SEingmycoworkers #
  • RT @bfist I like my risk like I like my steak << with blue cheese sauce? #
  • RT @451wendy "Q: How many of the Fortune 500 are hacked right now? A: 500." http://t.co/I090fJmp <- Lovely example of FUD << "lovely"? #
  • .@451wendy @dakami @attritionorg agree with Dan, we need data; Wendy this is testable Can I have a side helping of confirmation bias? 🙂 #
  • RT @Privacymatters Just updated iOS. More T&Cs include Apple WILL make public a basic profile which I can switch off afterwards #privacyfail #
  • RT @shawnmoyer Defenders: I'm the track chair for the defensive track (yes, there is one) for @BlackHatHQ. We need submissions! #
  • Why does @wsdot not have any "special events" here http://t.co/f1gC6bNq when there's a Mariner's game tonight? #
  • Spending time prepping my AusCERT talk. All that energy watching Star Wars for good examples, it's rough. #
  • New blog: "What Kip Hawley of the TSA Doesn't Understand about Terrorism" http://t.co/IR9yQqvc #
  • RT @AlecMuffett "#Cybersecurity: Demand An Evidence-Based Approach" ( http://t.co/FdyjBU6Q at Computerworld ) http://t.co/8kaIACsl #
  • MT @resnikoff Eagerly awaiting president's evolution on drone strikes, surveillance, drug war, mass imprisonment, secrecy, deportation, etc #
  • RT @aionescu Seriously? Flashing firmware with crap was a "revelation" & "life changing experience" for Dell & HP CEO? http://t.co/vVnEyVDE #
  • .@aionescu The trouble with classified briefings is they exclude skeptics & prevent discussion. #
  • We seem to be made to suffer. It's our lot in life. #
  • Look sir! Droids! #
  • What I really need is a droid that understands the binary language of power converters. #
  • He suggests that if you remove the restraining bolt, he might be able to play back the entire message. #
  • RT @normative U.S. Military Taught Officers: Use ‘Hiroshima’ Tactics for ‘Total War’ on Islam http://t.co/RtjOejEZ << Holy fuck #
  • RT @geekwire Ready Indian food fans? A Vij’s offshoot is coming to ‘Amazonland’ with help from Paul Allen http://t.co/m831HujI << woot! #
  • Just cast my ballot for an open-access set of candidates for the ACM. Thanks to Brighten Godfrey for data: http://t.co/6fNq9qsD #
  • RT @BlackHatHQ Reminder: #BlackHat USA 2012 Call for Papers closes in 4 days on May 15. Time to deliver submissions http://t.co/2GAOdrTg #
  • RT @ericlaw: @jeremiahg: So if I see ".secure" in the URL, I'm good to go right? 😛 << Nah, you also have to look for the lock. #
  • RT @jeremiahg a "lock," how quaint. .secure needs an ominous icon. Like a bigass vault door w/ electric razor …<< TSA's blogger bob? #
  • We should start by understanding mental models, testing what people can learn, then decide how to secure it. #
  • If we spend a dollar educating everyone online about a new security measure, that's $2B. Seems worth a lot of up-front design. #
  • Quick blog on "Why Sharing Raw Data is Important" http://t.co/fFjpWD0Z cc @hrbrmstr #
  • Where do I find the Youtube-nocookie link? Wasn't it under embed, options? #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-06

  • RT @netik You program in Rails? Check out Brakeman from our security team & make your code safer. http://t.co/nFPQ3cxx (go @presidentbeef!) #
  • RT @KimZetter Equipment Maker Caught Installing Backdoor Vows to Fix After Public Pressure – http://t.co/EZfe7s27 #
  • Pro tip: "Blackhat talks get lots of publicity" is not a reason *your* submission will make a great BH talk" #
  • RT @mattblaze "It is a rare foray by Facebook into social engineering…" http://t.co/cIEdwHMk << Not rare at all; eg privacy, timeline. #
  • . @mattblaze maybe they meant it was rare for Facebook's social engineering to be for the public good? #
  • RT @jeremiahg #sansappsec panelist from ADP says the Elevation of Priviledge card game has proved remarkably engaging w/ DEVs & found bugs #
  • RT @Wh1t3Rabbit Just recorded another episode of Down the Rabbithole, this one with @adamshostack on "New School Security" – what a blast. #
  • RT @bccla: Cuts 2 CSIS watchdog actually close the office completely; no more oversight 4 Canada's spy agency: http://t.co/4sXu7bwA #cdnpoli #
  • RT @jatiki Anyone got source for a printed version of EOP card game http://t.co/2uFyX1Jp? My printer will not do less than 108 sets #
  • Added some rough costs to "Please Kickstarter Elevation of Privilege" http://t.co/2ByDWe59 #
  • RT @BlackHatHQ First round of #BlackHat speaker selections has been released! http://t.co/sjs6ZFhg #
  • RT @tqbf We are in year ~32 of "security managed by folks who think strategically, don't break things". How's that going for us? #
  • Call me when he's done something dastardly, like painted the space needle orange, or stolen a bridge. http://t.co/VaaUgLKK (h/t @normative) #
  • RT @jayjacobs We've started a new blog series called "Ask the Data", first post is on Log Analysis: http://t.co/wxQaFsYX << yay, data! #
  • RT @rsingel The story behind the feds seizing a hip-hop site at RIAA behest for a year http://t.co/so3Xz0lM << Very sad abuse of power #
  • New blog: "More than 90% of Americans Take Action on Privacy" http://t.co/WpM8yuiD #
  • May the fourth be with you! I'm spending Star Wars Day on my AusCert talk, "This Technological Terror: Security Lessons from Lord Vader" #
  • New blog: More than 90% of Americans take action on privacy http://t.co/WpM8yuiD #
  • We have a hard enough time writing secure code without needing to code in back doors. http://t.co/8tXoVs73 #
  • Listening to Rhythms Del Mundo cover Bohemian Rhapsody in Spanish and wondering why language classes don't use more music. #
  • RT @dakami http://t.co/lhZWimT9 Everyone's been hacked. Now what? << Now we talk about it, learn from each others mistakes (cc @KimZetter) #
  • RT @dakami there is evidence that we're not wired to trust evidence. << Yeah, but I don't trust it. (Sorry, couldn't resist. 🙂 #
  • RT @csoghoian Facebook ad revenue by region. The company violates American users' privacy for just $9.51/ year. Sad https://t.co/0Xxj59ts #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-22

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-15

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-08

    Things I said:

  • Google continues to hobble their services, push accounts/wallet names, now w/ Scholar http://t.co/IIQ7xk15 (cc @rileycrane @tgoetz @skud) #
  • In other words, why not create timelines for every scholar who's published? That would be organizing the worlds info & making it useful. #
  • You need a Google account to get that citation history, and I think that's unfortunate tying (/cc @walshman23) #
  • RTs that rise to the top

  • RT @philvenables Why people learn about risk. Another Peter Sandman classic read. http://t.co/y3HknqNe #
  • RT @jjarmoc The only lesson I've learned so far from the Global Paynents breach is people who post "lessons learned" w/o info are idiots. #
  • RT @normative RT @ericanewland: New blog post: Contrary to Rhetoric, Study Shows Teens Benefit from Pseudonyms https://t.co/43LBtx3B #
  • RT @sethmnookin Pertussis outbreak in WA state reaches "epidemic levels," w/close to 700% more cases than '11. http://t.co/1t3y741I < Whoop! #
  • RT @jeremiahg Is there a place a WebDev may go to get standard / template flow charts that account for functionality & security? #
  • Amusements:

  • Cormac's blog comment FTW: Richard Clarke clearly has no fear that he will have to endure the level of fact checking that Mike Daisey did. #
  • 8293574507499520″ class=”aktt_tweet_time”>#

  • RT @oneraindrop Ian G measures the OODA loop in infosec thinking – can you say firewalls & ssl? << There's a loop? #
  • RT @TSAgov Please stop taking pictures of each other faking pleasure during freedom pats. The #TSA does not need another meme. #
  • RT @regvulture Microsoft makes Top 20 list of Linux kernel contributors: Linux Foundation reports.. http://t.co/Ozc4zD6B /via @hypatiadotca #
  • RT @terlin RT @pennjillette They're treating criminals like they wanted to fly on an airline. < Nah, strip searches don't cause cancer #
  • Privacy:

  • RT @chriseng: Apparently @Marriott injects JavaScript into every web page you view over their Wi-Fi network. Sketchy. #
  • RT @csoghoian No anonymity for US rail passengers. Amtrak WiFi blocks Tor Project website. http://t.co/856Mh0Pq < Whose censorware is that? #
  • RT @cstross Stop the UK from snooping on all our email and Facebook messages http://t.co/SFPh7Dk2 #IMP #privacy #bigbrother #CCDP #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-01

    That’s what I said:

  • Photographers should check out these awesome lens physics simulations from Stanford http://t.co/hlNrqQT3 #
  • Good article by @elinormills "Why data breach isn't a dirty word anymore" http://t.co/JXtTOTbT #
  • New blog with a TED talk, "Doctors Make Mistakes, can we talk about that?" http://t.co/c00zcvMr #
  • .@RSAConference can we go so far as "highly unlikely to sink you?" (cc @threatpost) #
  • Does PWC have data as an auditor anymore? Why are they issuing surveys, rather than data? cc @jeremiahg, @BillBrenner70 http://t.co/SsfSh9nw #
  • Can we just all agree that it's negligent to email plaintext tax documents containing SSNs? #
  • RT @jack_daniel [MA law] does not specifically forbid SSN in email, but that case is covered by 201 CMR 17.00 rules << thanks! #
  • RT @Walshman23 'tis the season (for SSN worst practices, that is) << Nonsense! I'm sure someone's declared emailing SSNs a best practice! #

And then that’s what Bruce said, or didn’t say. Both worth reading:

  • RT @schneierblog Congressional Testimony on the TSA I was supposed to testify today … http://t.co/R73ZtQ6i < Way to silence critics! #
  • Schneier's closing statement in Economist debate: http://t.co/toRL7IRq #
  • Liberty:

  • MT @SuicideGirls PayPal vs Bookstores > http://t.co/FF2pZarz -> The Tale Of A Bank That Tried To Dictate What You Could Read #
  • RT @arstechnica Boston pays $170k settle cell phone recording lawsuit: http://t.co/QNvHNnEg by @binarybits << When will it be false arrest? #
  • RT @jamisonfoser Kill American citiz– no, wait… RT @AdamSerwer: Scalia: "What is left? If the government can do this what can it not do?" #
  • RT @aaronsw Black Congressman gets kicked off the House floor for donning a hoodie: http://t.co/8MIEJyP3 #
  • RT @rsingel FBI taught agents it was okay to "bend or suspend" the law. Refuses to explain. great stuff by @attackerman http://t.co/6m8MjmNW #
  • Privacy, Girls Around Me:

  • RT @mr_goodwin Ok, people; someone's turned the creepy up to 11. It's time to think seriously about internet privacy: http://t.co/AIJdfkpS #
  • RT @Randominterrupt Lay.Ar also does that- not just with Facebook but with twitter and BBM info, as well. It's a bit creepy. #
  • Cutting off API access to a single app misses the point, @foursquare. What's the systematic fix? http://t.co/QOjPo0Wc #
  • RT @joebeone is there a systematic fix to 4sq API access mashed up with FB promiscuity? ::) << I don't know, but whac-a-moling apps isn't it #
  • Maybe the best thing to do would be for @foursquare to let "Girls Around Me" be what it turns out to be–a great educational tool #
  • Breach disclosure:

  • New quick blog: "How to mess up your breach disclosure" http://t.co/cVsfzsHc /cc @briankrebs #
  • It's not the crime, it's the clamming up: http://t.co/3c3fMZe4 #
  • MT @MasterCard We are investigating a potential data breach & as a result, have alerted card issuers of #s that may be at risk< who knew? #
  • Some work links:

  • RT @jdallman Security Development Conference 2012 lineup is locked! You don't want to miss this. http://t.co/t38YhE4o #security #sdc2012 #
  • RT @k8em0 6 days left to enter the #BlueHatPrize – Shall we play a game? http://t.co/wKCb134e #
  • RT @nickm_tor Not seeing too many applications for Tor's Google Summer of Code positions yet. Hey students: This is a cool thing to do! #
  • Powered by Twitter Tools

    Edited Twitter Weekly Updates for 2012-03-25

    I’m continuing to tweak in the hopes of balancing useful & overwhelming. This week I’m not only cutting down the chaos a bit, but adding the emergent categories. Also, my tweets precede the Re-Tweets. Comments welcome.

    • Where can I send people new to infosec for security mentoring, confident that they'll get broad, data-centered advice? (#newschool) #
    • Just got entranced by http://t.co/tjGKyYj8 (by @infobeautiful?) #
    • RT @alexhutton I wonder how much ISACA spends in SEO. Because unless @adamshostack is spending something, this is funny http://t.co/yp3SmIbk #
    • RT @bittman Yeh, exactly, by @tlaskawy. ‘Pink slime’ is the tip of the iceberg: http://t.co/7fPrAsaT #
    • RT @OSVDB 3 new IBM CTSS vulns from 1962 (x2) and 1965 added. http://t.co/FS5kn3xi << I forgot to ask, do you have working PoC code? #
    • RT @bobblakley Moving on: after 5 great years at Burton & Gartner, I'm moving to Citigroup to become Head of Info Sec Innovation < Congrats! #
    • Hey, Verizon’s DBIR 2012 is now out and available!:

    • RT @wadebaker We're happy to announce that the 2012 #DBIR is out. Hope you enjoy it and find it useful. http://t.co/6xcILGom #
    • "RT" @rmogull "Here's my guide to how to read the Verizon DBIR" https://t.co/0DTyJ19d #
    • Security and People:

    • The New York Times encourages readers to submit the answers to their password recovery questions. http://t.co/TKSah0sO #
    • Fascinating SE technique http://t.co/wxe41Qn3 Where does the dialog get the "Software Update" name? (cc IntegoSecurity) #
    • RT @Beaker Seriously. It's 2012 & banks are STILL using full SSN as USERNAMES!? WTF. Looking @ you, BofA << you'd prefer it as password? 😉 #
    • RT @arstechnica Facebook says it may sue employers who demand job applicants' passwords: http://t.co/bIeqSwOg by @JBrodkin #
    • RT @sambowne: 2-factor auth via cell phone is bad b/c SMS often takes 6 hours to arrive –Facebook Security #hnpworkshops2012 < Details pls? #
    • TSA:

    • RT @mtyka Congress Wants Your TSA Stories @slashdot http://t.co/lNQOpdQP #
    • RT @GreatDismal Above the head of every TSA line, beyond the scanners: the ghostly, smug, perpetually gratified eyes of OBL. #
    • Other jerks: Sqoot.com special edition:

    • Women as a "perk" for a programming event is super-lame. https://t.co/NJi52LUZ #
    • RT @window RT @shanley Copy for @sqoot hackathon: "Women: Need another beer? Let one of our friendly (female) event staff get that for you." #
    • Powered by Twitter Tools

    Edited Tweets for 2012-03-18

    • RT @curphey amazing how many serial entrepreneurs, visionaries & thought leaders in security are wanting to contract @ $75/hour #
    • MT @GammaCounter Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: http://t.co/FFnpdJ9p via @adam_orbit #
    • I really want @robinsage to RT this: Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: http://t.co/FFnpdJ9p #
    • Britannica to cease publishing physical edition after 244 years: http://t.co/QtHZDNRG #
    • Writing your paper with absolute & % valuations: about .5 €. Not having every story say privacy is worth 50 cents: priceless. #
    • RT @spacerog "Why Aren't There More Women in Tech? I'll Tell You Why I'm Not http://t.co/tTbSRP0u <- the tragedy of most formal education" #
    • RT @alexhutton Measuring the OODA loop of security thinking: Can you say firewalls & SSL? http://t.co/siThqbbZ < Not a loop without feedback #
    • There's a stack of things I'm looking at today where I have exactly the same reaction: "Evidence? Alternate hypotheses?" #
    • An old co-worker of mine is competing to get his product "Zoo Poo" in retail channels. It's entertaining, please vote http://t.co/5MlXNUSK #
    • And they say kids today don't care about privacy: http://t.co/kN8AryXy #
    • RT @RSAConference @neiljrubenking discusses why it’s time to reevaluate your phone’s password manager http://t.co/g5TtvSb8 < cc @1password #
    • RT @teacup Survey Foreign travelers were more afraid of United States immigration officials than of terrorism or crime http://t.co/oaD8b8Ya #
    • RT @blowdart Honestly I am always worried every time I land, visa or not. << I wish the way we treated visitors got more attention #
    • RT @jmason @adamshostack @teacup "2/3rds feared being detained for 'minor mistakes or misstatements'." +1, it's happened to me #
    • RT @dlitchfield This is the St Paddy Day Irish Twitter worm: I need your help to spread so please re-tweet 🙂 #
    • I think @dlitchfield just 0day'd my twitter client. #
    • If a picture is worth 1000 words, does that mean I'm 2376 words into this chapter? #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-11

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-04

    • RT @tedfrank If you're having trouble getting Sudafed, here's how to make it with more readily available crystal meth. http://t.co/THaQZzov #
    • RT @digiphile "Privacy breaches keep getting worse. Facebook admits reading txt msgs of users who installed phone app" http://t.co/v8CMM222 #
    • RT @threatpost #Microsoft partners w/ Good Technology to bring encrypted email to Windows Phone. http://t.co/bE9QC9dN << "better than bad!" #
    • RT @f5networks @WhiteHatSec says 23% of breaches occurred via a backdoor/control channel #rsac << I want a @wadebaker/@jeremiahg panel #
    • RT @attractr REcon 2012 CFP is out: http://t.co/lP9P3bvY #recon2012 #
    • It occurs to me that what @sushidude needs is a Bayesian belief engine with belief updates from CVE, DBIR? #
    • RT @MSFTsdl Stop by at the #RSAC #Microsoft SDL station and get a threat modeling card game! http://t.co/qwekmdGA #MSFTsdl #
    • RT @MikeIsaac TED 2012: New Browser Add-On Visualizes Who is Tracking You Online http://t.co/8O1ZIZsR #
    • Ron Gula remembers Dom Brezinski asking about NT4 remote at the first @blackhat. #
    • "I don't see anything private about IOC or indicators of fraud." – Roland Cloutier, CSO ADP #
    • Good points from @rongula about automation in data sharing. #
    • RT @DennisF Good talk on incident response and metrics at #bsidessf Turns out measuring stuff works. Who knew? << (me!) #
    • RT @Beaker Marcus (Ranum) just came by with some awesome Guy Fawkes mask balloons. Brilliant. #
    • RT @rsingel Former FBI counter-terrorism officer rips into TSA for being useless: http://t.co/lClWev1L #
    • RT @chriseng Who has the best #rsac booth swag? < Microsoft. You all need to raise your game by shipping some games. 🙂 #
    • I'm saved in part because the @chriseng "Thought Leader" ribbons are not booth swag. #
    • RT @veracode "Tower defense" video game promotes our new reporting capabilities that deliver positive, reports. Play: http://t.co/MHwaXGjg #
    • RT @moxie I'm happy to announce that @GetAbine will be taking over the #GoogleSharing project: http://t.co/BrooMkKk #
    • Maybe "Do Not Disturb" doesn't mean the same thing to me & the Westin Market St San Francisco. Is it under new management? #
    • RT @jnabryant @adamshostack you still need to get your RSA junk mail regardless << Hey, I'm the customer, not the product! 🙂 #
    • RT @ebellis agree w/ @jeremiahg on this, one of the best articles … #RSAC http://t.co/mF0iCbwx << how to test? Will failures know? Admit? #
    • RT @curphey Break kitten auth knowing dogs are normally photographed on green grass while cats indoors. Genius! http://t.co/umhVTl39 #
    • MT @jenvalentino Should gov be able to block cellphone services for "ensuring public safety"? FCC, Egypt want to know. http://t.co/kLrpbrlS #
    • RT @maxinux @adamshostack And #BART .. << true. Damn it's hard to snark in 140! 😉 #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-02-26

    Powered by Twitter Tools