From lyger at attrition.org Sat Dec 6 17:39:28 2008 From: lyger at attrition.org (lyger) Date: Sat, 6 Dec 2008 17:39:28 +0000 (UTC) Subject: [attrition] postal: happy holidays... Inotify watch removals suck violently Message-ID: http://attrition.org/postal/p0018.html Happy Holidays - Welcome to Staff Postal For only the fourth time ever, the staff and volunteers at attrition.org reveal our "uber-intellect" and "inner workings" to you, our faithful readers. We sometimes discuss information security, world politics, and things that "really matter". Most of the time, we talk about ass sex, grilled cheese sammiches, and various ways to publicly humiliate our friends without incriminating ourselves. Before we proceed, a few words of holiday cheer from us: [...] pencils and... you know drinking games the jury's out revolutionizing support ticket technology attrition jeopardy the great cultural divide gots the jitters deze nutz we have our priorities if you don't get it, we won't explain From lyger at attrition.org Tue Dec 9 00:37:05 2008 From: lyger at attrition.org (lyger) Date: Tue, 9 Dec 2008 00:37:05 +0000 (UTC) Subject: [attrition] review: Movie: The Dark Knight Message-ID: http://attrition.org/movies/darkknight.html The Dark Knight 2008 Czarina I wasn't sure if I would see The Dark Knight, primarily because of Heath Ledger's death and all of the hype surrounding movies that are released after the death of a key character. "Final Performances" are usually overrated as if saying anything else would trample on the deceased thespian's grave. However, the acclaim and accolades of this movie, particularly Ledger's performance, are well deserved. Christopher Nolan's recent iteration of Batman is probably the darkest screen rendering of the comic book series, far more sullen than Tim Burton's version. Here, we see an uncompromising, rugged, and solid film that substantially exceeds the expectations of a comic book movie. There is no simple good-vs-evil formula here -- no simple story of a city fraught in crime waiting for a their local superhero to save the day -- no predictable hero-vs-villian drama. Yes, there is a good deal of action and good special effects, but this movie escapes the archetype of a comic-book based film. [...] From lyger at attrition.org Wed Dec 10 00:00:09 2008 From: lyger at attrition.org (lyger) Date: Wed, 10 Dec 2008 00:00:09 +0000 (UTC) Subject: [attrition] rant: I hate you, Email Message-ID: http://attrition.org/security/rant/z/email.html Mon Dec 08 20:26:00 EDT 2008 Apacid I fucking hate you, Email. You are worse than the aftertaste of going down on an overused hooker (at least that's what lyger says). At first you were cool. I could communicate instantly with friends around town, family back home, and a whole bunch of strangers with similar geekiness and intelligence to my own. But then you sold out. You started letting just anyone use you. No longer did one have to spend hours debugging 'AT' codes in diald, or even put in some simple strings for Trumpet Winsock. No...you fucking whore...you opened up the floodgates. Now every asshole who can spell 'AOL' (and some who can't) is sending and receiving email faster than politicians can steal from babies. [...] From lyger at attrition.org Sun Dec 21 22:47:14 2008 From: lyger at attrition.org (lyger) Date: Sun, 21 Dec 2008 22:47:14 +0000 (UTC) Subject: [attrition] errata: charlatans: Ankit Fadia, "young hacker" and author Message-ID: http://attrition.org/errata/charlatan.html#fadia Ankit Fadia is a typical charlatan who gets published in one article and rides the wave of not only poor journalism but also his own hype. For years, he has been quoted in low end online publications in India (his home country). Each time he is referenced as an 'expert' despite having no skills or accomplishments other than being quoted in these articles. No matter how bright this kid is, how much of a "prodigy" he is, he simply cannot be considered an 'expert' in security, especially with his FUD-based statements about "computer security" and "terrorism." * Anki Fadia - The Security Guru (Web site dedicated to debunking him) * Fadia's self-written PR piece and 'about' page on his web page. * Wikipedia doubts on authenticity of claims * Fadia Interview (rediff.com) * Another Fadia Interview (SWG) * Ankit Fadia Speaks on Cyber Terror Attack (CXOtoday.com) * More India based flattery w/o citation and dubious claims (Sakaal Times) [...] From jericho at attrition.org Wed Dec 31 10:29:14 2008 From: jericho at attrition.org (security curmudgeon) Date: Wed, 31 Dec 2008 10:29:14 +0000 (UTC) Subject: [attrition] random updates to stuff (tm)(c)(r) Message-ID: Hi Loyal Readers, Tequila [1] and The Pirate's Gospel [2] helped induce a few random updates to the web site. Not much, but it was an excuse to mail you and waste your time, and put my name in your inbox to fulfill my narcissistic nature. Errata: Notice or not, we've actually been updating this page steadily for some time. By 'we' I mean CJI, one of our inmates/interns. We encourage you to mail him (cji@) and offer your condolences and/or pity. He also likes receiving wedding propositions from inmates. Specifically, the irony page and charlatan pages have gotten his sweet tender affection: http://attrition.org/errata/irony.html http://attrition.org/errata/charlatan.html I managed to stay sober long enough to update our relatively new 'Certified Pre Owned' (CPO) page, with a few new incidents: http://attrition.org/errata/cpo/ Dataloss: Yes, we still run it, but not on this TRS-80 these days. Our pet-developer D2D decided to turn it into this fancy Ruby-on-rails based site with more gadgets than his girlfriend uses on him. Check out the OSF driven "DatalossDB" site now. Of particular interest, the 'Primary Sources' page. In short, we're sending out FOIA requests to various states looking for companies that lost consumer information and had to report it due to state law and mandatory disclosure. These FOIA requests range from 'free' to several hundred dollars per state. We'd love it if some of you armchair consumer advocates would throw us a bone while we do the heavy lifting (paperwork). If you won't cough up a single dollar you cheap fuck, at least mail d2d@ and tell him he's cool. http://datalossdb.org/ OSVDB: Another OSF project but that's just a fancy legit way of referring to several of us attrition heathens. Day in and day out, we continue to catalog stupid vulnerabilities in products you probably use. We continue to add new features to help better understand and track vulnerability information. Something that 'professional' outfits don't seem to care about any longer. Some of the other databases have around 10 full time employees, and they are doing the same thing they did 5 years ago. Kind of sad =( Armchair security professionals, make an account and help us mangle the data. You'll be more respected than your local CISSP at least. http://osvdb.org/ Last, a few random updates to the not-so-serious pages like our Staff page, highlighting our qualifications for running this site. To honor the coming of the new year (2008), the updates to the page will really hit home with those of you that read it over 200 times. http://attrition.org/attrition/staff/ I sure hope I sleep through 2008, I bet it's going to suck ass. - jericho [1] http://www.tequilasource.com/grancentenario/index.html [2] http://www.amazon.com/exec/obidos/ASIN/B000I2JTAW/insekurity.orgA/