Archive for the Silly Category

Breach response planning, set to music!

Posted in General Security, Silly on 29 October, 2015 by Alec Waters

It’s the graveyard shift at the SOC. Ana and Elsa are on duty, when suddenly it becomes clear that Bad Things are afoot. The nightmare scenario has come about – the Evil Hackers have come for them, and now the company has got to deal with it. To keep their spirits up, they sing along to the Incident Response plan – now you can sing along too!

The lights glow red on the console tonight
Not a green tick to be seen
A network of desolation,
And our Brand has lost its sheen.

Twitter is howling like this swirling storm inside
Couldn’t keep it in, heaven knows I tried!

Don’t let them in, don’t let them see
The pastebin boasting of the hacking spree
Conceal, don’t feel, don’t let them know
Well, now they know!

We got owned, we got owned
Can’t hold it back anymore
We got owned, we got owned
Journalists are at the door!

I don’t know
What they’re going to say
Can I fob them off..?
The press never bothered me anyway!

We had a load of warnings
Of our impending fall
And the hacks that once seemed far-fetched
Have left us feeling mauled

The hackers showed what they could do
To test the limits and break through
No right, no wrong, no rules for them
They’re free!

We got owned, we got owned
I am suddenly feeling shy
We got owned, we got owned
Today you’ll see me cry!

Here I stand
But not for long
Time for me to hide…

The share price flurries through the air into the ground
It’s time to fire someone and change the branding all around
Re-skin the website, change our name and do it fast
The share price rises back,
The past is in the past!

We got owned, we got owned
You’ll forget by the break of dawn
Who got owned, who got owned?
That memory is gone!

Here I stand
In the light of day
Business carries on,
elsa2

Accepting the Inevitability of Compromise, Spandau Ballet style

Posted in Silly on 14 August, 2012 by Alec Waters

It’s common knowledge that prevention eventually fails. To help spread the Good News to those who haven’t heard it, I present a musical aide memoire on the inevitability of compromise. Get the music playing and sing along!

Thank you for coming in
I’m sorry but the data’s all gone
I left it here I could have sworn
Safe in my database
Slowly being taken away
Just another hack for today
Off to the cloud it blew, to the cloud it blew
Guess I wasn’t quite on the ball
Luck has left me taking the fall

Pwned!
Always believe in your soul
You’ve got the power to know
You are destructible
Always believe in, ’cause you are
Pwned!
Malware is bound to return
There’s something I could have learned
You are destructible, always believe in

After the data’s gone
The ICO delivers his fine
Even though we’re victims of crime
It’s only two years ago
The kid with the spots on his face
The one who set up our database
Now he’s let blackhats through, he’s let blackhats through
Penetrated our firewall
And right under the table I crawl

Pwned!
Always believe in your soul
You’ve got the power to know
You are destructible
Always believe in, ’cause you are
Pwned!
Malware is bound to return
There’s something I could have learned
You are destructible, always believe in…


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Man-In-The-Middle-ing You

Posted in Silly on 22 December, 2011 by Alec Waters

Down at the local wi-fi equipped coffee shop, I couldn’t help but notice the chap in the corner singing merrily to himself as he tapped away at his laptop. Not sure what he was up to, but this was what he sang…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you.

Yes I’m thinking ’bout which tool I should use,
Maybe Mallory or Karma for you,
It’s so hard to keep this smile from my face,
Taking control, yeah, I’m all over the place,
Banks to the left of me,
Email to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Trying to make some use of it all,
Finding pics for “you” to post on your Wall,
Maybe sending some embarrassing Tweets,
Social media was never so sweet!
Twitter to the left of me,
Facebook to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you,
Yes I’m man in the middle-ing  you,
Man in the middle-ing you.


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Blackhat Singing Nun dispenses security tips

Posted in Silly on 21 February, 2011 by Alec Waters

The Blackhat Singing Nun, h@xx0rM4riA, reveals some of the secrets to her success:

Unpatched workstations with no anti-malware,
Firewalls with holes in, my victims beware!
WEP on your wifi, such joy does it bring,
These are a few of my favorite things.

Six letter passwords, no symbols no numbers,
Lazy sysadmins all lost in a slumber,
Unopened logfiles, alarms that don’t ring,
These are a few of my favorite things.

Passwords for Facebook and corporate login,
Why make them diff’rent, why bother with slogging?
Unfiltered Internet, no web blocking,
These are a few of my favorite things,

When I’m locked out,
Exploits failing,
When I’m feeling sad,
I simply remember my favorite things,
And then I don’t feel so bad!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

A new take on “Abuse Reports”

Posted in Silly on 11 May, 2010 by Alec Waters

Abuse Reports are nothing new. But how about this instead – Abusive Reports. What exactly happened at 7am on Saturday to cause our CS-MARS to flip me the bird??


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

An ode to lockdowns

Posted in Silly on 20 April, 2010 by Alec Waters

A quick guest post from a Mr P. Floyd, unhappy with his organisation’s corporate security posture:

We don’t need no Anti-Virus
We don’t need no port control
No harsh restrictions on the desktop
Admins leave PCs alone!

We don’t need no complex passwords
We don’t need no AUP
No blocking YouTube on a Friday
Admins leave PCs alone!
Hey! Admins! Leave PCs alone!!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

‘Twas the night before D-DoS

Posted in Silly on 16 December, 2009 by Alec Waters

The festive season is upon us again, so I hereby present a yuletide tale of the age old battle between Good and Evil…

 

‘Twas the night before D-DoS, when all through the net
Not a rootkit was stirring, no activity yet.
The victims were chosen, the criminals dared
To hope cash from extortion soon would be theirs.

The targets were nestled all snug in their nets,
Protected from dangerous POSTs HEADs and GETs.
Their NSM sensors, all fed from a Tap,
Kept watch for traffic they knew should be zapped.

When into my inbox there arrived a stern warning,
“Give us your cash, or we’ll DoS you by morning.”
Away to the helpdesk I flew like a flash,
Afraid that my website soon would be trashed.

My lack of response to the blackhat’s demands
Caused him to issue the fatal commands.
Sitting alone in his t-shirt and jeans,
With his tower PC, and eight LCD screens.

Then his dusty old keyboard went clickety-click,
His army of trojans heeded his nick.
More rapid than torrents his botnets they came,
And he whistled, and shouted, and called them by name!

“Now Gumblar! now Koobface! now Storm Worm and Ozdok!
On, Clampi! On, Pushdo! On, Cutwail and Rustock!
Use all your ports! Fear no firewall!
Now DoS away! DoS away! DoS away all!”

As dry leaves before the wild hurricane fly,
Packets were inbound, my bandwidth sucked dry.
So back to the helpdesk in panic I flew,
Only to find that they were DoS’d too!

And then, in a twinkling, I heard through the panic
A cry from the desk of a worker less manic.
As he drew on his pad, his colleagues turned round,
Listened intently to what he had found.

“I know this sounds crazy,” he said through the din,
“I can disrupt the botnet, attack from within”.
“I’ve seen it before, in a film with a spy“,
‘send spike’ is the answer; the trojans will die!”

His eyes-how they twinkled! his dimples how merry!
As he hammered away on a keyboard from Cherry.
He pictured the blackhat – alone, unaware –
“Attacking my botnet? Surely no-one would dare!”

The end of a pen he held tight in his teeth,
It leaked ink that encircled his mouth like a wreath.
He sent spike on its way, and sat back from his desk,
Hoping to neutralise botnets grotesque.

He was chubby and plump, was our evil blackhat,
But his face turned to horror, he froze where he sat.
His botnets revolted and cackled with glee,
Changing his wallpaper to pictures of goatse!

He spoke not a word as the bots went to work,
They emptied the bank accounts held by this jerk.
Their final accomplishment was rather extreme –
They framed him for felonies and called in the SWAT team.

The blackhat defeated by our Hero so gallant,
Away to the pub they went – drink to his talent!
But I heard him exclaim, ‘ere he drove out of sight,
“Happy Christmas to all, and to all a good-night!”


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

Follow

Get every new post delivered to your Inbox.

Join 34 other followers