On the Twelfth Day of Infosec, the network gave to me...
Twelve hackers hacking,
Eleven spammers spamming,
Ten form injections,
Nine busted authNs,
Eight bad configures,
Seven crap encryptions,
Six plaintext cookies,
Five Pastebin posts!
Four calling cons,
Three Wikileaks,
Two credit cards,
And a forced password change for us all.
Happy Holidays from the Songs of Infosec!
http://www.youtube.com/watch?v=WM8bTdBs-cw
Some days, in the world of Infosec, things seem that scary.
I can't remember my accounts.
They seem to come in large amounts.
Deep down inside, terror mounts.
My Facebook account's gone now.
With all of the hackers through with me,
I'm freaking out, this cannot be!
Just ain't nothin' left, you see.
My data is all but gone now.
Hold me up as I try backups.
Oh, please help, IT!
Banking accounts are there to steal.
They grab all the stuff then make a deal.
Trade your ID for a cheap meal,
And the bank can't figure why.
Spam is flowing from my email:
Tourists in London needing bail,
Stock market hints, amazing kale.
All with a link to malware.
Hold me up as I try backups.
Oh, please help, IT!
Now my phone has gone dead, I mourn.
Oh, please help me!
Hold me up as I try backups.
Oh, please help, IT!
Hackers!
Impersonating
What I can be!
Absolute horror!
I cannot surf,
I cannot stream,
Trapped without hope,
Living with life off-line!
Malware!
Has taken my Mac!
Taken my phone!
Taken my Windows!
Taken my PIN!
Taken my cash!
Taken my soul!
Left me with ID fraauuuudd!
Your mobile phone chimes.
Quick wind knocks screaming branches.
A new text arrives.
Interest falters,
Sun slips behind horizon.
It's a spam message!
Feel empowerment:
Use 7726!
Spite the spamming night.
I've heard all these stories 'bout IPv6.
From what I can tell, we're in a great fix.
Imagine some puzzles, a maze in the mix.
That starts to describe the IPv6.
It gives more addresses than stars in the sky.
It counts them with hexes; makes net tools all die.
If you want to keep going, you'd better be spry.
Don't let this big change-up cause you to cry.
Get used to notation like /44.
You're tracking addresses? Your caches will soar.
Despite all the admins that think it's a bore,
You've got to adopt it, of that you be sure.
Lest one day you'll find someone can't reach your site.
You'll do troubleshooting late into the night,
And you'll find a solution: v6 is it, right?
Your powers that be will have a great fright!
One group of people I newly met are employees of ESPs, Email Service Providers. I kinda knew these sorts of businesses existed, but this is the first time I'm hearing the term, since Higher Ed has traditionally used their own email services. (This is shifting quickly, though, with the promise of The Cloud(tm).)
It turns out, ESPs have the same problems as Higher Ed email and abuse admins.
I have
Something to say and
Something to send you.
I really do.
I am
One of your partners.
I want to do business,
But there's a big mess.
You have
Blocked all my email,
Hung up on my phone calls:
Discussion all stalls.
And you
Send something through us.
Attachments seem fishy.
Oh, you just spammed me?
And no,
It wasn't just to us.
You spammed half of Europe.
In spam traps we're chomped up.
Oh, no!
You included virii,
And ain't that a real shame
We're taking all the blame.
It seems
That email is chaos,
Our goose has been boiled,
Our business is foiled!
Like Dan, I'm an information security pro in higher education. I am currently the Director of Information Security for the Administrative Division of the University of Colorado (for professional info, see http://www.linkedin.com/pub/brad-judy/1/470/7b3). I'm a husband, father, traveler, photographer, wood turner and general geek. I like to sing to my one year old daughter on our walks and have recently been singing her items from The Sound of Music. With thanks to Dan for help on the meter, and apologies to Rogers, Hammerstein and Julie Andrews; I give you the infosec version of "My Favorite Things"
DLP networks and good central logging,
Firewall blocking and infosec blogging,
Checking the uptime with regular pings:
These are a few of my favorite things.
Two factor tokens and HIPAA compliance,
Incident handling and forensic science,
Regex that matches to sensitive strings:
These are a few of my favorite things!
When the bots come!
When the disk's lost!
When the feds have phoned!
I simply remember my favorite things,
And then I don't feel so owned!
Some people say my job is all about FUD.
They think I like to spend my days deep in the mud.
Deep in the mud where the data thrive.
None of your apps will make it out there alive.
You block 16 hosts, and what do you get?
Another day older and goals left unmet.
Don't you call me for a meeting 'cause I can't go!
I'm busy analyzing our Anonymous foe.
The Internet was born in a simpler time.
People didn't think how to use it for crime.
But now every day you're on a hacker's mind.
He'll steal all the data that that baddie can find.
You block 16 hosts, and what do you get?
Another day older and goals left unmet.
Don't you call me for a meeting 'cause I can't go!
I'm busy analyzing our Anonymous foe.
We try to lock it down, and we try to secure.
But some of our diseases just don't have a cure.
New viruses come and find their way home.
Stealin' all the passwords as the users go roam.
You block 16 hosts, and what do you get?
Another day older and goals left unmet.
Don't you call me for a meeting 'cause I can't go!
I'm busy analyzing our Anonymous foe.
"You canna change the laws of physics," said Scott.
And I can't do my job with the budget I got.
You expect me to find all the hackers inside.
But the wave of dangers makes me want to hide.
You block 16 hosts, and what do you get?
Another day older and goals left unmet.
Don't you call me for a meeting 'cause I can't go!
I'm busy analyzing our Anonymous foe.
If you see me walking down the hallway to you,
Don't tell me you have got something better to do.
Security is not just only my job.
Your lack of clue makes me want to sob.
You block 16 hosts, and what do you get?
Another day older and goals left unmet.
Don't you call me for a meeting 'cause I can't go!
I'm busy analyzing our Anonymous foe.
