More xkcdsucks guest blogging.
I provided commentary on the last three xkcd comics for the always delicious xkcdsucks blog. Thanks to Carl for allowing me to guest post.
Netflix “Movies You’ll Love” is epic fail.
Recent gems:
- XXX
- Free Willy
- Look Who’s Talking
- Looney Tunes: Back in Action
- Race to Witch Mountain
- Sweet Home Alabama
- Racing Stripes
- Fired Up
- Something to Talk About
Considering I am neither a fan of children’s movies or romantic comedies, can someone please explain what the fuck is going on here? Did my watching American Psycho 2 and Battlefield Earth (I am a sucker for bad movie night) make Netflix throw up its virtual hands and load me up with the worst crap imaginable?
Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
Finding good books on Information Security tends to be an exercise in “guess and check.” It’s difficult enough to find books that cover the basics well; books that claim to cover more advanced topics are generally more miss than hit. Buying books online offers an additional challenge, as it’s harder to skim the content to see if it sets off one’s BS detector. Fortunately, unless the content is wholly inaccurate or entirely fluff, it’s usually possible to milk at least a little knowledge out of a poorly written book.
To its credit, Chained Exploits: Advanced Hacking Attacks from Start to Finish is fairly well written. However, this is about the extent of its positive virtues– even the title and description of this book are misleading. The use of phishing and trojan horse creation via YAB to install packing sniffing software on a boss’ computer may technically be a “chained exploit.” It is in no way an “advanced hacking attack” any more than my combining beating an egg, sifting flour, and rolling dough is “advanced baking.” Combining several small activities to reach a larger goal is basic problem solving, and humans have been doing it since we stopped walking on all fours. It is only when one combines those smaller steps into something truly remarkable that it approaches the realm of “advanced,” and none of the activities in this book fit that particular bill.
Being a bit ambitious is not entirely unforgivable in the tech-book universe; after all, book covers are often chosen by publishers and promoters who may not completely grasp the technical content contained within. Rolling in at just under 280 pages, this may seem like a good little book to burn through to get acquainted with some basic techniques and the hacker mind set. It is not. Your $50 would be better spent on a week’s supply of Hoffachinos and access to Starbucks wireless. There is nothing in this book that one can’t obtain from dozens of sources across the Internet. You’ll also spare yourself the ham-handed fictional back story that the authors chose to wrap around the technical content, perhaps in some vain attempt to mask how woefully non-technical this book actually is.
Some of the motivations for these attacks are so over-dramatic that they make Hackers seem true to life. In Chapter 4, Phoenix is tasked with corporate espionage and murder-by-hacking to the tune of $150,000. The price for failure, however, is the death of his girlfriend.
“The note says Total payment for failure: 5683 Cherry Street. Phoenix cannot move. He recognizes the address as that of his girlfriend Kate. Now reality sets in. Mr. Dobbs has asked Phoenix to commit corporate espionage, and then kill innocent people lying sick in a hospital to distract attention away from the deed. If he succeeds, he’ll be rich in a sense. If he fails, his girlfriend will end up dead. This is why Mr. Dobbs is paying so much. The stakes are much greater this time.”
(pp. 91-92)
To Phoenix, this is a job for social engineering, RFID cloning, wshwc, and metasploit. These scenarios only get more fantastical and James Bond-esque as the book progresses, ending with Phoenix living a posh lifestyle in South Beach, Florida. You too, can become independently wealthy with the proper mix of moral bankruptcy and Cain & Abel expertise!
I’m being deliberately obtuse here. Obviously the main intent of a book like this is not to glamorize the Black Hat lifestyle, but to warn of the consequences of bad security posture. It might put the fear of God into a boss or colleague who is the kind of person to be terrified by FUD-heavy scare pieces like this 60 minutes segment– a book that includes such gems as…
“Netcat is a backdoor Trojan horse application Phoenix will use to connect to his manager’s computer.”
(p. 29)
…definitely works well in that respect. My expectation (and sincere hope,) though, is that most people with even a drop of cynicism in their blood will be turned off by the authors’ attempts to frame hacking like scenes in a bad action movie. Blowing a situation out of proportion can be just as damaging as ignoring it– because no one will take you seriously.
Even without the fatal levels of cheese running through this book’s veins, it offers nothing new or insightful. The majority of Phoenix’s exploits involve heavy use of social engineering. When he actually manages to hit the keyboard, he does nothing so advanced that couldn’t be worked out in under an hour by the average script kiddie. At the risk of sounding elitist, anyone who needs a 5 page walk-through on analyzing packets in Wireshark is going to require a lot more than this tiny book to get their hacking career started.
Chained Exploits fails in a variety of ways. It provides absolutely nothing in the way of “advanced” material. It is too heavy-handed with fear mongering to work as a cautionary tale. It perhaps could be attractive as a very basic “getting started” manual, but $50 is exceedingly steep for the amount and quality of information you’ll get. Snatch this up from a dollar bin for a good laugh or to give to a tech-curious niece or nephew; otherwise, don’t waste your time.
Dear Playtex,
I’d like to thank you for your catty, demeaning remark towards small-breasted women in your latest TV ads. “Double A? Like the battery?” Way to put one body type down to try to elevate another one up. Small breasted women deal with body issues just like our more well-endowed sisters. Open any magazine or turn to any TV show and you certainly won’t see many flat chested celebrities– they’re positively overflowing with cleavage, in fact. I am was a big fan of your “Thank Goodness It Fits” Nearly A bras, but I will no longer be purchasing or recommending them. I’ll get my bras from a company that doesn’t outright insult me.
Sincerely,
aloria
a member of the itty bitty committee
Update (5/5/2010:):
Got the following response from Playtex:
Thank you for taking the time to share with us your concerns regarding our advertising. We spend a great deal of time developing commercials and creating advertisements that will appeal to our consumers and present our products in an effective manner. You probably know, too, that all TV commercials must pass a rigorous clearance process before they are aired on network television.
However, we are still very concerned about the issues you raised. Even though we have received only a few letters and phone calls about these ads, we are conducting additional research with consumers to determine whether some changes in the advertising might be appropriate. This still may not address all of your concerns, but I do want you to know that we are listening to you and responding accordingly.
When we create new advertising campaigns we know that we probably will not please everyone with our choices. But we are always sensitive to objections about the content of our advertising and respect the concerns you have raised.
Again, we appreciate your taking the time to contact us. We truly value your business and your opinion. If you should have any questions or need further assistance feel free to call us at 1-800-537-9955 Monday – Friday 9:00 am to 4:30 pm or email us www.playtexfits.com.
Sincerely,
Patricia Semones
Consumer Care Specialist
While I wish she had addressed the remark a little more specifically (the response still feels a bit form-letter,) it’s still nice to get a response that isn’t dismissive or boiler-plate. I’m also pleased to see that some indication that others have commented on the commercial as well.
The Human Centipede – The Best Movie Ever for a First Movie Review
The biggest hurdle I’ve encountered in creating content for my blog is recognizing the fact that most people really don’t give a damn about my opinions. Sure, I could type up a review of every book, movie, video game, and piece of software I try. However, I’m not so egotistical as to think that I can deliver something that’s particularly useful or insightful in a way that hasn’t been touched upon by a thousand other people. Seeing The Human Centipede this past Monday changed all that. THIS MOVIE MUST BE DISCUSSED.
Despite all the controversy surrounding this film, I actually hadn’t heard of it until an old friend invited me to see it. He had been having some difficulty finding people willing to go, and stated, “you seem like the kind of person who would be into it.” I’m glad I know that I’m someone who can be counted on in times of needing to see coprophagia-themed torture porn.
The classification of “torture porn” isn’t entirely accurate here. Most of the truly nasty moments of THC are implied; other than a few brief shots of the surgical procedures involved (performed under anesthesia, even,), most of the gore takes place off-screen. The experience wasn’t like that of Saw or Hostel, both of which had me squirming in my seat every 20 minutes. In fact, I spent most of the movie cracking up, not being grossed out.
There is quite a bit of debate on the IMDB boards about whether this movie was intended to be serious or a sort of satire/comedy. Truly, I have no idea of Tom Six’s intent. Regardless of whether THC is “so bad it’s good” a-la Showgirls or intentionally hilarious, it’s still immensely entertaining. The entire movie plays out like a “what not to do” catalog of horror movie ineptitudes. Walking through the creepy woods instead of following the road, cowering in the corner instead of using the phone, waiting until the last possible moment to attempt escape– it’s all there. Dieter Laser plays his character more like a weirder, German Christopher Walken than a true monster. It’s my stance that this movie is meant to be funny; how can you explain the opening shot of Laser crying over a butt-to-nose chain of Rottweilers otherwise?
Also, has anyone noticed how awesome some of the last names of the people involved with this movie are? Tom Six, Patrick Savage, Holeg Spies, Jasper de Weerd, Dieter Laser? It’s like a convention of “dudes I would marry just for the awesome driver’s licence.” I really have to tip my hat to THC, even the opening credits were entertaining.
Overall, once you get past the shock value of THC’s central premise– and a mouth-butt-chain of people isn’t half was weird as some of the things floating around the Internet– the movie is more hilarious than scary or gross. Obviously it’s not something you’ll want to sit down to watch with your Bible-thumping grandmother, but all in all it’s a great watch. Three out of three human centipede segments.*
*Thanks to N. Yoshi for the awesome ratings system idea.
I am a 28 year old from NYC who does a lot of nerdy, silly things. You can call me 'aloria.' I am most easily contacted on