Web sites compromised:
Stars falling from the heavens,
Their whispers made loud.
Looking to sting true,
SQL injections fly.
Angry summer bees.
A weed will wither
When denied air and water.
Store data offline.
Saturday, June 25, 2011
Monday, June 20, 2011
I couldn't find me without having you
We InfoSec types have been spending lots of time of late catching up to the exploits (and use of exploits) of various hacking groups. These bad, bad people have been hacking websites and services, extracting the logins and passwords for thousands of users, and posting them to the net for all to see. Of course, since password reuse is so common, other bad guys come along, take these logins, and use them to send spam and malware through accounts that might use the same login and passwords as the compromised accounts.
The logic behind the activity is complex, and most users who are affected by it all don't seem to care. They care that their online selves have been violated. They care that these attacks lead to identity theft.
We, as the InfoSec community, have tried to educate people to have better account management practices, such as using complex passwords and not reusing logins. Often this advice falls on deaf ears. There have been many studies as to why this is the case, and not all the blame falls on the end user. That said, an ounce of prevention would be a huge help in the cases of the Sony breach and the other recent website breaches.
And yet we still hear the users singing a sad song...
I Couldn't Find Me Without Having You
I'm lost, I don't know what to do
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
I signed up for Sony's gaming net
Bosses to kill, achievements to get.
But now someone who I've never met
Logged in as me, filling me with regret.
Not only have they my gamer tag
They're causing my credit card to sag
I wish I could blame them for the lag
As I blame them for the creditor's nag.
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
So I look to the net and search for my name.
I find that lulzsec is playing a game.
So what if my logins are all the same?
Who'd want my ID, I haven't got fame!
And an Anonymous group has entered the fray.
They seem to hack sites each and every day.
Now my login and passwords are on display.
If I ever forget them, I will know the way:
I'm lost, I don't know what to do.
Can't find the words, don't have a clue
But Google, you're there, you're always true.
I couldn't find me without having you!
They're on my laptop, they're in my iPod.
All my tech toys seem to act rather odd.
I've lost all control, upon my ego they've trod.
It's a matter of time before they hack my poor bod.
I hear your advice, you say what to do.
But I cannot recall more than a password or two!
And you want it complex, even with symbols too?
You're asking too much, your rules make me boo!
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
The logic behind the activity is complex, and most users who are affected by it all don't seem to care. They care that their online selves have been violated. They care that these attacks lead to identity theft.
We, as the InfoSec community, have tried to educate people to have better account management practices, such as using complex passwords and not reusing logins. Often this advice falls on deaf ears. There have been many studies as to why this is the case, and not all the blame falls on the end user. That said, an ounce of prevention would be a huge help in the cases of the Sony breach and the other recent website breaches.
And yet we still hear the users singing a sad song...
I Couldn't Find Me Without Having You
I'm lost, I don't know what to do
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
I signed up for Sony's gaming net
Bosses to kill, achievements to get.
But now someone who I've never met
Logged in as me, filling me with regret.
Not only have they my gamer tag
They're causing my credit card to sag
I wish I could blame them for the lag
As I blame them for the creditor's nag.
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
So I look to the net and search for my name.
I find that lulzsec is playing a game.
So what if my logins are all the same?
Who'd want my ID, I haven't got fame!
And an Anonymous group has entered the fray.
They seem to hack sites each and every day.
Now my login and passwords are on display.
If I ever forget them, I will know the way:
I'm lost, I don't know what to do.
Can't find the words, don't have a clue
But Google, you're there, you're always true.
I couldn't find me without having you!
They're on my laptop, they're in my iPod.
All my tech toys seem to act rather odd.
I've lost all control, upon my ego they've trod.
It's a matter of time before they hack my poor bod.
I hear your advice, you say what to do.
But I cannot recall more than a password or two!
And you want it complex, even with symbols too?
You're asking too much, your rules make me boo!
I'm lost, I don't know what to do.
Can't find the words, don't have a clue.
But Google, you're there, you're always true.
I couldn't find me without having you!
Friday, June 17, 2011
The Question of Bitcoin
I've been watching this one closely. The question of Bitcoin is being considered more frequently and publicly by economists, politicians, technologists, and more and more users.
To me, from my layperson point of view, economies are one part math, one part sociology, one part psychology, and many parts luck. Bitcoin seems to be behind the 8-Ball on all of those factors. It will be interesting to see how it all works out.
Bitcoin, Bitcoin,
What are we to do?
They wanted a revolution,
Created a new solution.
An economy built for me and you.
But me and you have bills to pay.
And mining coins won't be a way
To pay a mortgage,
Settle a loan,
Buy an apple,
Recharge a phone.
But if you wanted some crazy drugs,
Or asked a hooker for more than hugs,
Or wanted to purchase endangered pets,
Or wanted to place some baseball bets,
My Uncle couldn't track me.
That's happy freedom, baby!
No, wait, it's not about that.
Open source is where it's at!
Power to the people!
Down with the State!
We can engineer any problem.
Algorithms are great!
It's peer-to-peer
It's in The Cloud
Not valued by fiat,
Sourced by the crowd.
The crowd that's learning to game the system.
Mine the coins in someone's browser
While they're streaming Doogie Howser.
Hack a computer, a server or two,
Those stolen cycles are free to you.
Or find a way to steal a wallet.
If unencrypted, "wide open" you'd call it.
All investment has some risk
Those on the ground floor hold most of it.
But is that risk worth the gain?
Is this new system really sane?
To me, from my layperson point of view, economies are one part math, one part sociology, one part psychology, and many parts luck. Bitcoin seems to be behind the 8-Ball on all of those factors. It will be interesting to see how it all works out.
Bitcoin, Bitcoin,
What are we to do?
They wanted a revolution,
Created a new solution.
An economy built for me and you.
But me and you have bills to pay.
And mining coins won't be a way
To pay a mortgage,
Settle a loan,
Buy an apple,
Recharge a phone.
But if you wanted some crazy drugs,
Or asked a hooker for more than hugs,
Or wanted to purchase endangered pets,
Or wanted to place some baseball bets,
My Uncle couldn't track me.
That's happy freedom, baby!
No, wait, it's not about that.
Open source is where it's at!
Power to the people!
Down with the State!
We can engineer any problem.
Algorithms are great!
It's peer-to-peer
It's in The Cloud
Not valued by fiat,
Sourced by the crowd.
The crowd that's learning to game the system.
Mine the coins in someone's browser
While they're streaming Doogie Howser.
Hack a computer, a server or two,
Those stolen cycles are free to you.
Or find a way to steal a wallet.
If unencrypted, "wide open" you'd call it.
All investment has some risk
Those on the ground floor hold most of it.
But is that risk worth the gain?
Is this new system really sane?
Wednesday, June 15, 2011
I Sing of Spam
I sing of spam,
Not meat like ham.
It comes in bits
And gives us fits
So much comes in,
flooding our bin.
We cannot read
the stuff we need
It's not all fun,
games to be won.
There are bad guys,
criminal lies.
It's about cash,
money, your stash.
They want to trick,
Just have to click.
Or choose "Reply".
Let your words fly
Tell them your name,
You are to blame.
Credit card lost,
Drugs for low cost.
4-1-9 scams,
All come from spams.
Should we give up?
One string, two cup?
Filter or read?
It's help we need.
Not meat like ham.
It comes in bits
And gives us fits
So much comes in,
flooding our bin.
We cannot read
the stuff we need
It's not all fun,
games to be won.
There are bad guys,
criminal lies.
It's about cash,
money, your stash.
They want to trick,
Just have to click.
Or choose "Reply".
Let your words fly
Tell them your name,
You are to blame.
Credit card lost,
Drugs for low cost.
4-1-9 scams,
All come from spams.
Should we give up?
One string, two cup?
Filter or read?
It's help we need.
Subscribe to:
Posts (Atom)