August 18, 2010 at 2158 · Filed under asstarded, commentary, movies
Recent gems:
Considering I am neither a fan of children’s movies or romantic comedies, can someone please explain what the fuck is going on here? Did my watching American Psycho 2 and Battlefield Earth (I am a sucker for bad movie night) make Netflix throw up its virtual hands and load me up with the worst crap imaginable?
Share/Save
June 17, 2010 at 2230 · Filed under asstarded, commentary, nerding out
Finding good books on Information Security tends to be an exercise in “guess and check.” It’s difficult enough to find books that cover the basics well; books that claim to cover more advanced topics are generally more miss than hit. Buying books online offers an additional challenge, as it’s harder to skim the content to see if it sets off one’s BS detector. Fortunately, unless the content is wholly inaccurate or entirely fluff, it’s usually possible to milk at least a little knowledge out of a poorly written book.
To its credit, Chained Exploits: Advanced Hacking Attacks from Start to Finish is fairly well written. However, this is about the extent of its positive virtues– even the title and description of this book are misleading. The use of phishing and trojan horse creation via YAB to install packing sniffing software on a boss’ computer may technically be a “chained exploit.” It is in no way an “advanced hacking attack” any more than my combining beating an egg, sifting flour, and rolling dough is “advanced baking.” Combining several small activities to reach a larger goal is basic problem solving, and humans have been doing it since we stopped walking on all fours. It is only when one combines those smaller steps into something truly remarkable that it approaches the realm of “advanced,” and none of the activities in this book fit that particular bill.
Being a bit ambitious is not entirely unforgivable in the tech-book universe; after all, book covers are often chosen by publishers and promoters who may not completely grasp the technical content contained within. Rolling in at just under 280 pages, this may seem like a good little book to burn through to get acquainted with some basic techniques and the hacker mind set. It is not. Your $50 would be better spent on a week’s supply of Hoffachinos and access to Starbucks wireless. There is nothing in this book that one can’t obtain from dozens of sources across the Internet. You’ll also spare yourself the ham-handed fictional back story that the authors chose to wrap around the technical content, perhaps in some vain attempt to mask how woefully non-technical this book actually is.
Some of the motivations for these attacks are so over-dramatic that they make Hackers seem true to life. In Chapter 4, Phoenix is tasked with corporate espionage and murder-by-hacking to the tune of $150,000. The price for failure, however, is the death of his girlfriend.
“The note says Total payment for failure: 5683 Cherry Street. Phoenix cannot move. He recognizes the address as that of his girlfriend Kate. Now reality sets in. Mr. Dobbs has asked Phoenix to commit corporate espionage, and then kill innocent people lying sick in a hospital to distract attention away from the deed. If he succeeds, he’ll be rich in a sense. If he fails, his girlfriend will end up dead. This is why Mr. Dobbs is paying so much. The stakes are much greater this time.”
(pp. 91-92)
To Phoenix, this is a job for social engineering, RFID cloning, wshwc, and metasploit. These scenarios only get more fantastical and James Bond-esque as the book progresses, ending with Phoenix living a posh lifestyle in South Beach, Florida. You too, can become independently wealthy with the proper mix of moral bankruptcy and Cain & Abel expertise!
I’m being deliberately obtuse here. Obviously the main intent of a book like this is not to glamorize the Black Hat lifestyle, but to warn of the consequences of bad security posture. It might put the fear of God into a boss or colleague who is the kind of person to be terrified by FUD-heavy scare pieces like this 60 minutes segment– a book that includes such gems as…
“Netcat is a backdoor Trojan horse application Phoenix will use to connect to his manager’s computer.”
(p. 29)
…definitely works well in that respect. My expectation (and sincere hope,) though, is that most people with even a drop of cynicism in their blood will be turned off by the authors’ attempts to frame hacking like scenes in a bad action movie. Blowing a situation out of proportion can be just as damaging as ignoring it– because no one will take you seriously.
Even without the fatal levels of cheese running through this book’s veins, it offers nothing new or insightful. The majority of Phoenix’s exploits involve heavy use of social engineering. When he actually manages to hit the keyboard, he does nothing so advanced that couldn’t be worked out in under an hour by the average script kiddie. At the risk of sounding elitist, anyone who needs a 5 page walk-through on analyzing packets in Wireshark is going to require a lot more than this tiny book to get their hacking career started.
Chained Exploits fails in a variety of ways. It provides absolutely nothing in the way of “advanced” material. It is too heavy-handed with fear mongering to work as a cautionary tale. It perhaps could be attractive as a very basic “getting started” manual, but $50 is exceedingly steep for the amount and quality of information you’ll get. Snatch this up from a dollar bin for a good laugh or to give to a tech-curious niece or nephew; otherwise, don’t waste your time.
Share/Save
November 1, 2009 at 1552 · Filed under asstarded, blog stuff
So, about an hour ago, my twitter account was mysteriously suspended. I immediately emailed them to ask WTF was up– I don’t spam, I have very few followed/followers, I never post anything more offensive than strange things made of bacon– so there is really not much, if any reason it should be “suspended for suspicious activity.” The only thing I have been doing different is that yesterday I posted a lot of pictures via twitpic of my Halloween adventures (which I will detail in a later post.) Luckily, my account was soon reactivated, though without any word from Twitter support or any indication why it was axed in the first place.
Normally, I wouldn’t give a crap about a temporary suspension. Twitter has a problem with spammers and other shady types, and they’re doing their best to fight that menace. However, all my followers and people I followed are now completely gone. This means I have to go back through my memory of all the friends I had and manually re-follow them. Oh, and I have to try to do it somewhat slowly, since I don’t want to set off any new red alarms in Twitter’s spam-detection algorithms by mass following a whole lot of people in a short period of time. This wouldn’t bother me as much if I had actually done something wrong, but as I said, Twitter has given me no indication that this was due to anything other than a glitch in their system.
Update (11/01 16:45:) My account is back to being suspended. Maybe I was overzealous in re-adding a handful (maybe 5?) friends? Maybe twitter is borked? Maybe I am the victim of a vengeful person reporting my account? Regardless, I just want my account back.
Balls.
Update (11/01 17:30:) My account is back, with all my followers, followed, and lists back in order. I’m keeping my fingers crossed that this is for good. No word from twitter on what happened… which I’d really like just so I know if there is anything I should do/stop doing to prevent this from happening again.
Update (11/02 13:47:) Response from twitter support: “We mistakenly suspended a set of accounts in the evening of 10/31; accounts affected by this mistake were automatically un-suspended by 1:30PM PST on 11/1. Based on the time you filed your ticket, we think it’s possible you were a part of this group.” So I guess I didn’t do anything wrong… good to know, and good on twitter for getting back to me. Case closed.
Share/Save
October 18, 2009 at 2126 · Filed under asstarded, blog stuff, misc
…but last week I was guest blogger on the fantastic and infamous xkcdsucks blog. I have posted before about attending the xkcd book release party, and I guest the regulars there liked it enough to ask that I do a full review week.
The reviews are here, here, and here. I know I don’t have the most incredible writing skills in the world, but I think it was pretty decent given the subject matter.
Share/Save
May 4, 2009 at 1826 · Filed under asstarded
December 8, 2008
me:Obama’s stimulus package doesn’t even have a provision for supdawg
my bff: what is supdawg?
me: Not much, what’s up with you?
May 4, 2009
me: Happy Star Wars Day
my bff: Star Wars Day?
me: May the 4th be with you.
Share/Save
I am a 28 year old from NYC who does a lot of nerdy, silly things. You can call me 'aloria.' I am most easily contacted on