Archive for lame

The Twitter Hack That Wasn’t

Posted in security with tags , , , , on July 17, 2009 by hellnbak

By now, seeing how it takes me forever to write blog posts, everyone has heard the press about the “Twitter Hack”.

Since when is guessing someones password hacking?  If that is the case someone call the feds on my 11 year old son as he once guessed a siblings Windows password.  Sorry to all the want-to-be 1337 h4x0rs out there but guessing a password is not really a hack.  Sure it is amusing, but not hacking.

The fact that a couple of different email accounts that happened to belong to people associated with twitter has easy to guess passwords has really no bearing on the security or insecurity of twitter.  Yes it demonstrates that those compromised were idiots but no its not a Twitter issue.

Is Twitter insecure?  Probably.  Do these “hacks” demonstrate that — of course not.  What I find even more amusing is that this made the general media, I read about it on CNN and so did a lot of my friends who are not necessarily computer savy but do use Twitter.  Yet the only people who actually cared and made noise about this were security companies looking to get quoted and beat up on web 2.0 and cloud computing.

Don’t get me wrong, I do think cloud computing and Web 2.0 are both bad ideas from a security perspective but they are the inevitable path that the web will take.  Features, performance, price, and functionality will always trump security.

Anyways, random thoughts first thing in the morning for me.  Can we get back to hacking the important targets?

Advertisements

So much LOL over this post

Posted in Random, security with tags , , , on March 1, 2009 by hellnbak

This is amusing on a few different levels:

http://www.the-interweb.com/serendipity/index.php?url=archives/118-IT-Security-Girl-of-the-Year.html&serendipity

and then

http://www.the-interweb.com/serendipity/index.php?/archives/119-FRHACK-organizers-are-now-threatening-to-sue-me.html

Oh and the image in question:

DLP – Not just your spiffy flatscreen TV anymore..

Posted in security with tags , , , , on May 13, 2008 by hellnbak

DLP no not Digital Light Processing but Data Loss Prevention.  Yes, you read that right.  Not only has our industry, which by the way still has a huge credibility problem, attempting to steal an acronym from the consumer electronics industry but we have created an entire line of products based on ambulance chasing and fear.  Oh wait, ambulance chasing?  Fear?  Credibility problem?  Go figure…..

Ignoring the fact that one of the original purposes of Information Security is to prevent sensitive data loss our industry has created a whole new line of business catered to cashing in on scaring people by invoking the ghosts of <pick your favorite data loss story from http://attrition.org/dataloss >

So now, instead of following security best practices and common sense, vendors want you to buy their new wizbang product that in reality really does nothing more than the garbage you have already wasted your money on.

Sigh….