Edited Twitter Weekly Updates for 2012-06-10

  • RT @hellNbak_ @adamshostack @derekcslater anything with Scott Blake has to be worth reading. #
  • RT @Beaker Updated BYOD security profile/policy pushed to my iPhone this morning. String passwords on phone unlock (really?) = PiTA. #
  • Bad password policies give no benefit while absorbing your people's willingness to help with security. #Fail (cc @beaker) #
  • RT @moxie If LinkedIn hasn't confirmed the breach, they havent fixed it either. You can change your PW, but attackers can just get it again #
  • RT @aloria Another password breach, another round of "how to create strong passwords" lectures. THEY'LL TOTALLY LISTEN THIS TIME! #adorable #
  • MT @jeremiahg Instincts telling me these incidents are connected. Wondering if all 3 using the same DEV framework. << or same PR checklist? #
  • I'll bet we see 10-20 announcements of password breaches hoping to be in the LinkedIn PR shadow. Reminds me a bit of Heartland/inauguration #
  • RT @451wendy @securityninja That would be fantastic. We need more security card games besides Elevation of Privilege. #
  • RT @MSFTnews To track or not to track? Not just a question, a choice for consumers and industry http://t.co/906dY7D4 #
  • RT @philvenables More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec. http://t.co/SiFpDkxT #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-20

  • RT @votescannell Mother of 3 Arrested for Taking Pictures of Tourist Attraction at Airport http://t.co/Id8TKH9r // I feel safer already. #
  • Freedom gropes for all @seatac! /cc @tsastatus. #
  • RT @ashk4n WiFi Pineapple lets anyone with $90 to "compromise the sh*t out of anyone using WiFi in the area" http://t.co/TnR3n56k #armsrace #
  • Great question for @beaker: why has innovation in sanitation exceeded innovation in security? #
  • RT @DanaEpp In DC @ the security dev conference. Missing you both. Adam, I taught some people EoP at the reception tonight 😉 << cool! #
  • RT @jeremiahg it really is stunning how silly infosec's historical list of "best-practices" look when contrasted with data. #
  • RT @JohnLaTwC Nice job @adamshostack for your work on the Autorun update. Dropping infections by 60+% #
  • RT @jeremiahg RT @adamshostack: @jeremiahg Is that clueless, or cynical that the assessments are assessing the right things? < C) Both #
  • For those at AusCERT, quick pointer to additional Star Wars & Information security content: http://t.co/yfY6F9nl #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-22

Powered by Twitter Tools

Twitter Weekly Updates for 2012-04-15

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-08

    Things I said:

  • Google continues to hobble their services, push accounts/wallet names, now w/ Scholar http://t.co/IIQ7xk15 (cc @rileycrane @tgoetz @skud) #
  • In other words, why not create timelines for every scholar who's published? That would be organizing the worlds info & making it useful. #
  • You need a Google account to get that citation history, and I think that's unfortunate tying (/cc @walshman23) #
  • RTs that rise to the top

  • RT @philvenables Why people learn about risk. Another Peter Sandman classic read. http://t.co/y3HknqNe #
  • RT @jjarmoc The only lesson I've learned so far from the Global Paynents breach is people who post "lessons learned" w/o info are idiots. #
  • RT @normative RT @ericanewland: New blog post: Contrary to Rhetoric, Study Shows Teens Benefit from Pseudonyms https://t.co/43LBtx3B #
  • RT @sethmnookin Pertussis outbreak in WA state reaches "epidemic levels," w/close to 700% more cases than '11. http://t.co/1t3y741I < Whoop! #
  • RT @jeremiahg Is there a place a WebDev may go to get standard / template flow charts that account for functionality & security? #
  • Amusements:

  • Cormac's blog comment FTW: Richard Clarke clearly has no fear that he will have to endure the level of fact checking that Mike Daisey did. #
  • 8293574507499520″ class=”aktt_tweet_time”>#

  • RT @oneraindrop Ian G measures the OODA loop in infosec thinking – can you say firewalls & ssl? << There's a loop? #
  • RT @TSAgov Please stop taking pictures of each other faking pleasure during freedom pats. The #TSA does not need another meme. #
  • RT @regvulture Microsoft makes Top 20 list of Linux kernel contributors: Linux Foundation reports.. http://t.co/Ozc4zD6B /via @hypatiadotca #
  • RT @terlin RT @pennjillette They're treating criminals like they wanted to fly on an airline. < Nah, strip searches don't cause cancer #
  • Privacy:

  • RT @chriseng: Apparently @Marriott injects JavaScript into every web page you view over their Wi-Fi network. Sketchy. #
  • RT @csoghoian No anonymity for US rail passengers. Amtrak WiFi blocks Tor Project website. http://t.co/856Mh0Pq < Whose censorware is that? #
  • RT @cstross Stop the UK from snooping on all our email and Facebook messages http://t.co/SFPh7Dk2 #IMP #privacy #bigbrother #CCDP #

Powered by Twitter Tools

Edited Twitter Weekly Updates for 2012-04-01

    That’s what I said:

  • Photographers should check out these awesome lens physics simulations from Stanford http://t.co/hlNrqQT3 #
  • Good article by @elinormills "Why data breach isn't a dirty word anymore" http://t.co/JXtTOTbT #
  • New blog with a TED talk, "Doctors Make Mistakes, can we talk about that?" http://t.co/c00zcvMr #
  • .@RSAConference can we go so far as "highly unlikely to sink you?" (cc @threatpost) #
  • Does PWC have data as an auditor anymore? Why are they issuing surveys, rather than data? cc @jeremiahg, @BillBrenner70 http://t.co/SsfSh9nw #
  • Can we just all agree that it's negligent to email plaintext tax documents containing SSNs? #
  • RT @jack_daniel [MA law] does not specifically forbid SSN in email, but that case is covered by 201 CMR 17.00 rules << thanks! #
  • RT @Walshman23 'tis the season (for SSN worst practices, that is) << Nonsense! I'm sure someone's declared emailing SSNs a best practice! #

And then that’s what Bruce said, or didn’t say. Both worth reading:

  • RT @schneierblog Congressional Testimony on the TSA I was supposed to testify today … http://t.co/R73ZtQ6i < Way to silence critics! #
  • Schneier's closing statement in Economist debate: http://t.co/toRL7IRq #
  • Liberty:

  • MT @SuicideGirls PayPal vs Bookstores > http://t.co/FF2pZarz -> The Tale Of A Bank That Tried To Dictate What You Could Read #
  • RT @arstechnica Boston pays $170k settle cell phone recording lawsuit: http://t.co/QNvHNnEg by @binarybits << When will it be false arrest? #
  • RT @jamisonfoser Kill American citiz– no, wait… RT @AdamSerwer: Scalia: "What is left? If the government can do this what can it not do?" #
  • RT @aaronsw Black Congressman gets kicked off the House floor for donning a hoodie: http://t.co/8MIEJyP3 #
  • RT @rsingel FBI taught agents it was okay to "bend or suspend" the law. Refuses to explain. great stuff by @attackerman http://t.co/6m8MjmNW #
  • Privacy, Girls Around Me:

  • RT @mr_goodwin Ok, people; someone's turned the creepy up to 11. It's time to think seriously about internet privacy: http://t.co/AIJdfkpS #
  • RT @Randominterrupt Lay.Ar also does that- not just with Facebook but with twitter and BBM info, as well. It's a bit creepy. #
  • Cutting off API access to a single app misses the point, @foursquare. What's the systematic fix? http://t.co/QOjPo0Wc #
  • RT @joebeone is there a systematic fix to 4sq API access mashed up with FB promiscuity? ::) << I don't know, but whac-a-moling apps isn't it #
  • Maybe the best thing to do would be for @foursquare to let "Girls Around Me" be what it turns out to be–a great educational tool #
  • Breach disclosure:

  • New quick blog: "How to mess up your breach disclosure" http://t.co/cVsfzsHc /cc @briankrebs #
  • It's not the crime, it's the clamming up: http://t.co/3c3fMZe4 #
  • MT @MasterCard We are investigating a potential data breach & as a result, have alerted card issuers of #s that may be at risk< who knew? #
  • Some work links:

  • RT @jdallman Security Development Conference 2012 lineup is locked! You don't want to miss this. http://t.co/t38YhE4o #security #sdc2012 #
  • RT @k8em0 6 days left to enter the #BlueHatPrize – Shall we play a game? http://t.co/wKCb134e #
  • RT @nickm_tor Not seeing too many applications for Tor's Google Summer of Code positions yet. Hey students: This is a cool thing to do! #
  • Powered by Twitter Tools

    Edited Twitter Weekly Updates for 2012-03-25

    I’m continuing to tweak in the hopes of balancing useful & overwhelming. This week I’m not only cutting down the chaos a bit, but adding the emergent categories. Also, my tweets precede the Re-Tweets. Comments welcome.

    • Where can I send people new to infosec for security mentoring, confident that they'll get broad, data-centered advice? (#newschool) #
    • Just got entranced by http://t.co/tjGKyYj8 (by @infobeautiful?) #
    • RT @alexhutton I wonder how much ISACA spends in SEO. Because unless @adamshostack is spending something, this is funny http://t.co/yp3SmIbk #
    • RT @bittman Yeh, exactly, by @tlaskawy. ‘Pink slime’ is the tip of the iceberg: http://t.co/7fPrAsaT #
    • RT @OSVDB 3 new IBM CTSS vulns from 1962 (x2) and 1965 added. http://t.co/FS5kn3xi << I forgot to ask, do you have working PoC code? #
    • RT @bobblakley Moving on: after 5 great years at Burton & Gartner, I'm moving to Citigroup to become Head of Info Sec Innovation < Congrats! #
    • Hey, Verizon’s DBIR 2012 is now out and available!:

    • RT @wadebaker We're happy to announce that the 2012 #DBIR is out. Hope you enjoy it and find it useful. http://t.co/6xcILGom #
    • "RT" @rmogull "Here's my guide to how to read the Verizon DBIR" https://t.co/0DTyJ19d #
    • Security and People:

    • The New York Times encourages readers to submit the answers to their password recovery questions. http://t.co/TKSah0sO #
    • Fascinating SE technique http://t.co/wxe41Qn3 Where does the dialog get the "Software Update" name? (cc IntegoSecurity) #
    • RT @Beaker Seriously. It's 2012 & banks are STILL using full SSN as USERNAMES!? WTF. Looking @ you, BofA << you'd prefer it as password? 😉 #
    • RT @arstechnica Facebook says it may sue employers who demand job applicants' passwords: http://t.co/bIeqSwOg by @JBrodkin #
    • RT @sambowne: 2-factor auth via cell phone is bad b/c SMS often takes 6 hours to arrive –Facebook Security #hnpworkshops2012 < Details pls? #
    • TSA:

    • RT @mtyka Congress Wants Your TSA Stories @slashdot http://t.co/lNQOpdQP #
    • RT @GreatDismal Above the head of every TSA line, beyond the scanners: the ghostly, smug, perpetually gratified eyes of OBL. #
    • Other jerks: Sqoot.com special edition:

    • Women as a "perk" for a programming event is super-lame. https://t.co/NJi52LUZ #
    • RT @window RT @shanley Copy for @sqoot hackathon: "Women: Need another beer? Let one of our friendly (female) event staff get that for you." #
    • Powered by Twitter Tools

    Edited Tweets for 2012-03-18

    • RT @curphey amazing how many serial entrepreneurs, visionaries & thought leaders in security are wanting to contract @ $75/hour #
    • MT @GammaCounter Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: http://t.co/FFnpdJ9p via @adam_orbit #
    • I really want @robinsage to RT this: Chinese spies impersonated US Navy admiral on Facebook, friended NATO officials: http://t.co/FFnpdJ9p #
    • Britannica to cease publishing physical edition after 244 years: http://t.co/QtHZDNRG #
    • Writing your paper with absolute & % valuations: about .5 €. Not having every story say privacy is worth 50 cents: priceless. #
    • RT @spacerog "Why Aren't There More Women in Tech? I'll Tell You Why I'm Not http://t.co/tTbSRP0u <- the tragedy of most formal education" #
    • RT @alexhutton Measuring the OODA loop of security thinking: Can you say firewalls & SSL? http://t.co/siThqbbZ < Not a loop without feedback #
    • There's a stack of things I'm looking at today where I have exactly the same reaction: "Evidence? Alternate hypotheses?" #
    • An old co-worker of mine is competing to get his product "Zoo Poo" in retail channels. It's entertaining, please vote http://t.co/5MlXNUSK #
    • And they say kids today don't care about privacy: http://t.co/kN8AryXy #
    • RT @RSAConference @neiljrubenking discusses why it’s time to reevaluate your phone’s password manager http://t.co/g5TtvSb8 < cc @1password #
    • RT @teacup Survey Foreign travelers were more afraid of United States immigration officials than of terrorism or crime http://t.co/oaD8b8Ya #
    • RT @blowdart Honestly I am always worried every time I land, visa or not. << I wish the way we treated visitors got more attention #
    • RT @jmason @adamshostack @teacup "2/3rds feared being detained for 'minor mistakes or misstatements'." +1, it's happened to me #
    • RT @dlitchfield This is the St Paddy Day Irish Twitter worm: I need your help to spread so please re-tweet 🙂 #
    • I think @dlitchfield just 0day'd my twitter client. #
    • If a picture is worth 1000 words, does that mean I'm 2376 words into this chapter? #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-11

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-03-04

    • RT @tedfrank If you're having trouble getting Sudafed, here's how to make it with more readily available crystal meth. http://t.co/THaQZzov #
    • RT @digiphile "Privacy breaches keep getting worse. Facebook admits reading txt msgs of users who installed phone app" http://t.co/v8CMM222 #
    • RT @threatpost #Microsoft partners w/ Good Technology to bring encrypted email to Windows Phone. http://t.co/bE9QC9dN << "better than bad!" #
    • RT @f5networks @WhiteHatSec says 23% of breaches occurred via a backdoor/control channel #rsac << I want a @wadebaker/@jeremiahg panel #
    • RT @attractr REcon 2012 CFP is out: http://t.co/lP9P3bvY #recon2012 #
    • It occurs to me that what @sushidude needs is a Bayesian belief engine with belief updates from CVE, DBIR? #
    • RT @MSFTsdl Stop by at the #RSAC #Microsoft SDL station and get a threat modeling card game! http://t.co/qwekmdGA #MSFTsdl #
    • RT @MikeIsaac TED 2012: New Browser Add-On Visualizes Who is Tracking You Online http://t.co/8O1ZIZsR #
    • Ron Gula remembers Dom Brezinski asking about NT4 remote at the first @blackhat. #
    • "I don't see anything private about IOC or indicators of fraud." – Roland Cloutier, CSO ADP #
    • Good points from @rongula about automation in data sharing. #
    • RT @DennisF Good talk on incident response and metrics at #bsidessf Turns out measuring stuff works. Who knew? << (me!) #
    • RT @Beaker Marcus (Ranum) just came by with some awesome Guy Fawkes mask balloons. Brilliant. #
    • RT @rsingel Former FBI counter-terrorism officer rips into TSA for being useless: http://t.co/lClWev1L #
    • RT @chriseng Who has the best #rsac booth swag? < Microsoft. You all need to raise your game by shipping some games. 🙂 #
    • I'm saved in part because the @chriseng "Thought Leader" ribbons are not booth swag. #
    • RT @veracode "Tower defense" video game promotes our new reporting capabilities that deliver positive, reports. Play: http://t.co/MHwaXGjg #
    • RT @moxie I'm happy to announce that @GetAbine will be taking over the #GoogleSharing project: http://t.co/BrooMkKk #
    • Maybe "Do Not Disturb" doesn't mean the same thing to me & the Westin Market St San Francisco. Is it under new management? #
    • RT @jnabryant @adamshostack you still need to get your RSA junk mail regardless << Hey, I'm the customer, not the product! 🙂 #
    • RT @ebellis agree w/ @jeremiahg on this, one of the best articles … #RSAC http://t.co/mF0iCbwx << how to test? Will failures know? Admit? #
    • RT @curphey Break kitten auth knowing dogs are normally photographed on green grass while cats indoors. Genius! http://t.co/umhVTl39 #
    • MT @jenvalentino Should gov be able to block cellphone services for "ensuring public safety"? FCC, Egypt want to know. http://t.co/kLrpbrlS #
    • RT @maxinux @adamshostack And #BART .. << true. Damn it's hard to snark in 140! 😉 #

    Powered by Twitter Tools

    Twitter Weekly Updates for 2012-02-26

    Powered by Twitter Tools

    Help Find the People Who Killed Ulf Möller

    The family of Ulf Möller are asking for help in finding the people who murdered him, and asking for help spreading the word:

    They have a web site with details in English, German, Polish and Lithuanian:

    The two men are described as slim, both about 1.75 m to 1.80 m tall, between 20 and 30 years old. One of them was wearing a dark jacket with a fur-like hood. The surveillance cameras took clear pictures of his face. The other killer was wearing a noticeable light blue quilted Nike-brand jacket.

    We are grateful for any help in finding the murderers. Clues can be reported to the German police (Polizeidirektion Sachsen-Anhalt Ost, who are leading the investigation) by calling +49 340 6000 293, by sending e-mail to lfz.pd-ost@polizei.sachsen-anhalt.de, or by visiting any German police station. If you prefer, you can email us directly at mail.ulfm@googlemail.com.

    Help us find the people who killed Ulf.


    Twitter Weekly Updates for 2012-02-19

    • RT @csoghoian If Path-like apps that pilfered user contact data suffered a data breach, existing laws wouldn't require disclosure to users. #
    • New quickie blog: Bismark's Voice http://t.co/zk01Biec #
    • RT @paulmadsen Sharingfreude, n. – pleasure derived from inadvertent sharing of personal information on social media by friends & colleagues #
    • .@dakami @jeremiahg @tqbf see also Carl Ellison's work on "Ceremony Analysis"– it's broader than a ux issue, into mental models #
    • Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post http://t.co/iAZKFX1g so I've updated it #
    • Short form: We still don't know who knew what when about the Verisign breach http://t.co/iAZKFX1g #
    • Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post http://t.co/iAZKFX1g so I updated it #
    • RT @lennyzeltser An example of an SMS #phishing message that pursues Verizon Wireless logon credentials: http://t.co/Gk0o1IUh #
    • RT @jeremiahg "Senate Passes Bill Allowing Airports To Evict TSA Screeners" http://t.co/VvdXyxo8 <an airport w/o TSA is very attractive #
    • RT @FAQShop [TechNet Blogs] Elevation of Privilege – we made a card game for developers! Welcome to Tuesday article http://t.co/I3z7Oj2S #
    • I'm looking for interesting analysis of the Collins-Leiberman security bill: http://t.co/ARsWtIn6 #
    • "Cheating is encouraged" http://t.co/YvUqbaY2 #
    • RT @PrivacyMemes Twitter Is The Latest Company To Admit It Uploads Your Address Book http://t.co/QFUxSezG < Time for a law? A tort? #
    • Wow, the new Twitter is both ugly and less customer-centered. #FAIL #
    • RT @KimZetter TSA Denies it Targets Attractive Female Passengers for Body Scans http://t.co/MT4SPWCN << Except the claim was "nice figure" #
    • RT @mtanji @KimZetter Of course there is no "policy" to target the hawtness, that's merely the practice once humans are put in the loop. #
    • RT @BlackHatEvents Black Hat EU 2012 Schedule is out! http://t.co/d1zdTqQD #
    • RT @MSFTsdl The Evolution of Elevation: Threat Modeling in a #Microsoft World http://t.co/SScd3vWW by @danaepp #security #
    • RT @singe Worried about AddressBook privacy on iOS? Check out AdiOS http://t.co/SS38Aha8 & Gorilla http://t.co/8l1K0mnF (latter requires JB) #
    • RT @rsingel .@jerrybrito on how transparency might be better for infrastructure security than regulation: http://t.co/dHShX23e < like #
    • RT @singe Have any of you ever worked on a project where privacy controls were part of the requirements spec? << both at ZKS & Microsoft #
    • RT @Wh1t3Rabbit I think I have a new game for those speakers coming to OWASP AppSecAPAC …shoot me a note if you want to play < yay, games! #

    Powered by Twitter Tools

    Bismark’s Voice

    Tucked away for decades in a cabinet in Thomas Edison’s laboratory, just behind the cot in which the great inventor napped, a trove of wax cylinder phonograph records has been brought back to life after more than a century of silence.

    The cylinders, from 1889 and 1890, include the only known recording of the voice of the powerful chancellor Otto von Bismarck. Two preserve the voice of Helmuth von Moltke, a venerable German military strategist, reciting lines from Shakespeare and from Goethe’s “Faust” into a phonograph horn. (Moltke was 89 when he made the recordings — the only ones known to survive from someone born as early as 1800.)

    Restored Edison Records Revive Giants of 19th-Century Germany” NYTimes, Jan 30, 2012.

    Nothing to add. Just way cool.