Archive for the Silly Category

Accepting the Inevitability of Compromise, Spandau Ballet style

Posted in Silly on 14 August, 2012 by Alec Waters

It’s common knowledge that prevention eventually fails. To help spread the Good News to those who haven’t heard it, I present a musical aide memoire on the inevitability of compromise. Get the music playing and sing along!

Thank you for coming in
I’m sorry but the data’s all gone
I left it here I could have sworn
Safe in my database
Slowly being taken away
Just another hack for today
Off to the cloud it blew, to the cloud it blew
Guess I wasn’t quite on the ball
Luck has left me taking the fall

Pwned!
Always believe in your soul
You’ve got the power to know
You are destructible
Always believe in, ’cause you are
Pwned!
Malware is bound to return
There’s something I could have learned
You are destructible, always believe in

After the data’s gone
The ICO delivers his fine
Even though we’re victims of crime
It’s only two years ago
The kid with the spots on his face
The one who set up our database
Now he’s let blackhats through, he’s let blackhats through
Penetrated our firewall
And right under the table I crawl

Pwned!
Always believe in your soul
You’ve got the power to know
You are destructible
Always believe in, ’cause you are
Pwned!
Malware is bound to return
There’s something I could have learned
You are destructible, always believe in…


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Man-In-The-Middle-ing You

Posted in Silly on 22 December, 2011 by Alec Waters

Down at the local wi-fi equipped coffee shop, I couldn’t help but notice the chap in the corner singing merrily to himself as he tapped away at his laptop. Not sure what he was up to, but this was what he sang…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you.

Yes I’m thinking ’bout which tool I should use,
Maybe Mallory or Karma for you,
It’s so hard to keep this smile from my face,
Taking control, yeah, I’m all over the place,
Banks to the left of me,
Email to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Trying to make some use of it all,
Finding pics for “you” to post on your Wall,
Maybe sending some embarrassing Tweets,
Social media was never so sweet!
Twitter to the left of me,
Facebook to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you,
Yes I’m man in the middle-ing  you,
Man in the middle-ing you.


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Blackhat Singing Nun dispenses security tips

Posted in Silly on 21 February, 2011 by Alec Waters

The Blackhat Singing Nun, h@xx0rM4riA, reveals some of the secrets to her success:

Unpatched workstations with no anti-malware,
Firewalls with holes in, my victims beware!
WEP on your wifi, such joy does it bring,
These are a few of my favorite things.

Six letter passwords, no symbols no numbers,
Lazy sysadmins all lost in a slumber,
Unopened logfiles, alarms that don’t ring,
These are a few of my favorite things.

Passwords for Facebook and corporate login,
Why make them diff’rent, why bother with slogging?
Unfiltered Internet, no web blocking,
These are a few of my favorite things,

When I’m locked out,
Exploits failing,
When I’m feeling sad,
I simply remember my favorite things,
And then I don’t feel so bad!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

A new take on “Abuse Reports”

Posted in Silly on 11 May, 2010 by Alec Waters

Abuse Reports are nothing new. But how about this instead – Abusive Reports. What exactly happened at 7am on Saturday to cause our CS-MARS to flip me the bird??


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

An ode to lockdowns

Posted in Silly on 20 April, 2010 by Alec Waters

A quick guest post from a Mr P. Floyd, unhappy with his organisation’s corporate security posture:

We don’t need no Anti-Virus
We don’t need no port control
No harsh restrictions on the desktop
Admins leave PCs alone!

We don’t need no complex passwords
We don’t need no AUP
No blocking YouTube on a Friday
Admins leave PCs alone!
Hey! Admins! Leave PCs alone!!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

‘Twas the night before D-DoS

Posted in Silly on 16 December, 2009 by Alec Waters

The festive season is upon us again, so I hereby present a yuletide tale of the age old battle between Good and Evil…

 

‘Twas the night before D-DoS, when all through the net
Not a rootkit was stirring, no activity yet.
The victims were chosen, the criminals dared
To hope cash from extortion soon would be theirs.

The targets were nestled all snug in their nets,
Protected from dangerous POSTs HEADs and GETs.
Their NSM sensors, all fed from a Tap,
Kept watch for traffic they knew should be zapped.

When into my inbox there arrived a stern warning,
“Give us your cash, or we’ll DoS you by morning.”
Away to the helpdesk I flew like a flash,
Afraid that my website soon would be trashed.

My lack of response to the blackhat’s demands
Caused him to issue the fatal commands.
Sitting alone in his t-shirt and jeans,
With his tower PC, and eight LCD screens.

Then his dusty old keyboard went clickety-click,
His army of trojans heeded his nick.
More rapid than torrents his botnets they came,
And he whistled, and shouted, and called them by name!

“Now Gumblar! now Koobface! now Storm Worm and Ozdok!
On, Clampi! On, Pushdo! On, Cutwail and Rustock!
Use all your ports! Fear no firewall!
Now DoS away! DoS away! DoS away all!”

As dry leaves before the wild hurricane fly,
Packets were inbound, my bandwidth sucked dry.
So back to the helpdesk in panic I flew,
Only to find that they were DoS’d too!

And then, in a twinkling, I heard through the panic
A cry from the desk of a worker less manic.
As he drew on his pad, his colleagues turned round,
Listened intently to what he had found.

“I know this sounds crazy,” he said through the din,
“I can disrupt the botnet, attack from within”.
“I’ve seen it before, in a film with a spy“,
‘send spike’ is the answer; the trojans will die!”

His eyes-how they twinkled! his dimples how merry!
As he hammered away on a keyboard from Cherry.
He pictured the blackhat – alone, unaware -
“Attacking my botnet? Surely no-one would dare!”

The end of a pen he held tight in his teeth,
It leaked ink that encircled his mouth like a wreath.
He sent spike on its way, and sat back from his desk,
Hoping to neutralise botnets grotesque.

He was chubby and plump, was our evil blackhat,
But his face turned to horror, he froze where he sat.
His botnets revolted and cackled with glee,
Changing his wallpaper to pictures of goatse!

He spoke not a word as the bots went to work,
They emptied the bank accounts held by this jerk.
Their final accomplishment was rather extreme -
They framed him for felonies and called in the SWAT team.

The blackhat defeated by our Hero so gallant,
Away to the pub they went – drink to his talent!
But I heard him exclaim, ‘ere he drove out of sight,
“Happy Christmas to all, and to all a good-night!”


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

A summary of today’s threats…. set to music!

Posted in Silly on 25 August, 2009 by Alec Waters

Given the threat landscape in which we live, I personally think it’s far too dangerous to even consider switching on a computer, let alone using it to surf the web. Whilst I’m finishing up reading my copy of “Luddite Hermitry for Dummies”, I present a little ditty sung to the tune of “Money for Nothing” by Dire Straits:

Now look at them blackhats that’s the way you do it
Finding holes in your security
That ain’t workin’ that’s the way you do it
Mutating malware very frequently

Now that ain’t workin’ that’s the way you do it
Lemme tell ya them guys ain’t dumb
Maybe get a virus on your little palmtop
Maybe get a virus on your phone

We gotta install fake anti virus
Custom malware deliveries
We gotta move these stolen credentials
Gotta move these identities

See the little blackhat with the Gumblar and the KoobFace
Yeah buddy, they’re his own bots
That little blackhat got his own jet airplane
That little blackhat he’s a millionaire

We gotta install hidden keyloggers
Banking trojan deliveries
We gotta move these injected iframes
‘Sploit some code that’s written in C

I shoulda learned blackhat SEO
I shoulda learned to smash the stack
Look at that pointer, she got it pointin’ anywhere you like!
Man we can have some fun
And he’s up there, what’s that? PCI audit?
Does it get you much of that “security“??
That ain’t workin’ that’s the way you do it
Get your bad press for nothin’ or redundancy

We gotta install fake porno codecs
XOR’ed shellcode deliveries
We gotta DDOS a Georgian blogger
We gotta DDOS this ISP

Now that ain’t workin’ that’s the way you do it
Infecting websites via FTP
That ain’t workin’ that’s the way you do it
Pagerank for nothin’ and your clicks for free


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

Follow

Get every new post delivered to your Inbox.

Join 33 other followers