From jericho at attrition.org Tue Sep 14 19:49:21 2010 From: jericho at attrition.org (security curmudgeon) Date: Tue, 14 Sep 2010 19:49:21 -0500 (CDT) Subject: [attrition] Hello MPAA, I'm a Pirate Message-ID: http://attrition.org/security/rant/piracy/ Hello MPAA, I'm a Pirate Tue Sep 14 18:00:54 CDT 2010 jericho Dear Motion Picture Association of America (MPAA), That's right, I am one of those dastardly pirates that engages in Peer-to-Peer (P2P) theft, downloading movies when so inclined. I do not do it because I have a fascination with breaking the law, nor am I struggling for money. I do it because it is convenient, and the movie industry has done an incredibly poor job meeting consumer demands, most notably mine. Until the movie industry provides more reasonable and convenient services, I will continue to break the law. But wait MPAA, there is a silver lining! First, I will write a check for the movies I pirated, based on the value I perceive the viewing to be worth. Second, I will stop my evil ways if your organization is dissolved. Rather than seeking innovative ways to deliver content in a manner that financially benefits the industry you 'protect', you resort to suing individuals, resort to scare tactics, peddle bogus statistics all the while violating copyright law yourselves. Cries of piracy hurting the movie industry and absurd claims of losing billions of dollars come in the midst of a record year in 2007, record sales in 2008 and $10 billion record breaking year in 2009. Further, cries of a hurting industry while increasing ticket prices by 50% over the last 10 years, well above cost of living increases, point to a flawed business model if any part of the industry is really hurting. [..] From jericho at attrition.org Sat Sep 18 19:06:27 2010 From: jericho at attrition.org (security curmudgeon) Date: Sat, 18 Sep 2010 19:06:27 -0500 (CDT) Subject: [attrition] Our latest box of shit.. Message-ID: http://attrition.org/news/content/10-09-18.001/ Aloria sends me a Box of Shit Sat Sep 18 18:49:28 CDT 2010 jericho After sending Aloria a box-of-shit, she felt that something was left unsaid between us. Perhaps my stalking was not firm enough, decisive or just left more questions than answers about my resolve in demonstrating a certain level of 'affection'. Perhaps she just wanted to send a message of "hey, not scared of you pansy". Perhaps she is just excited, and this may finally result in a box being sent without a subsequent TRO. I can hope, no, dream... [..] From lyger at attrition.org Mon Sep 20 06:28:13 2010 From: lyger at attrition.org (lyger) Date: Mon, 20 Sep 2010 06:28:13 -0500 (CDT) Subject: [attrition] rant: 7 Ways That I Can Tell That the Security Industry Bores Me Message-ID: http://attrition.org/security/rants/bored/ Mon Sep 20 06:13:29 CDT 2010 Lyger One of the questions I'm occasionally asked is how long I've been "in security". I guess the answer really depends on your definition of "in security"; I've had a job title of "Security X" or have been employed by a "security vendor" since early 2004, but much like the way other people get involved in security, there were security-related duties in previous positions as early as 2000 and a general interest in the field since about 1998. Those duties and the general interest doesn't necessarily qualify as "in security" time, but I like to think it was a good start. It never hurts to get your feet wet and get some basic experience when choosing a career path, especially one that is considered to be somewhat specialized. Well, over ten years have gone by and the landscape has changed somewhat. Security is a hot topic, much more mainstream than it was several years ago, and has never been a more interesting and exciting field, right? Just like your definition of "in security", that probably depends on your definition of "interesting and exciting" too. Sure, there's "cyber-whatever" now, flavor-of-the-week exploits, the marriage of compliance and security, and dozens of other topics that keep Twitter and RSS feeds humming at all hours of the day and night, but for all of that there's still the debate over vulnerability disclosure, whining about how "Vendor X is still [insert whatever they're still doing here]" and overall whining about the general suckiness of the industry as a whole. To be honest about it, I've come to realize over the last couple of years that *all* of the topics listed above are, well, boring to me. This isn't to say that those topics in and of themselves are inherently boring, or even that the security industry as a whole has nothing of interest to anyone, but to *me* the industry has become the equivalent of a company party that goes... on... forever. You're there and it's supposed to be fun at first, but then you end up hearing the same old rehashed stories from the same people you would rather avoid in the hallways, and just about the time you find the exit and start heading for it, someone stops you to ask if you heard the latest about [insert "hot topic" here] and what you think about it. Again, that's just my take. Other metaphors may work better for you (or not at all), so like the old saying goes, YMMV. Before I go on with how I finally realized that the security industry bores me, I'll address what will possibly be some reader feedback saying "if it bores you or if you don't like it, why don't you just quit?". There's actually a good reason why (besides the obvious need to eat and have shelter): I don't *want* it to be boring. I'd like to be around when something that is interesting *to me* happens, but nothing has in quite a while. Keep in mind that I'd rather not see some sort of cyber-armeggedon happen in my quest for something unique and fun, but anything has to be better than a rehash of any topic that has been popular over the last ten years. Anything. Being bored is, well, boring. There were some warning signs; if you recognize any of these, maybe we're in the same boat. [...]