From lyger at attrition.org  Sat Sep 10 21:51:54 2011
From: lyger at attrition.org (lyger)
Date: Sat, 10 Sep 2011 21:51:54 -0500 (CDT)
Subject: [attrition] rant: Dear Habanero, an open letter by d2d
Message-ID: <alpine.LNX.2.00.1109102149320.23032@forced.attrition.org>


http://attrition.org/~d2d/rants/habanero.html

Dear Habanero,

It has been about 5 years since we first met. Our relationship started as 
many do, some brief flirting, followed by a romantic attraction. It 
quickly got intense, and we'd meet more than perhaps we should have. It 
was all smiles and happiness at first. I'll admit, in the early days, I 
flirted with others: Serrano, Cayenne, even a brief but intense run-in 
with the infamous "Ghost Pepper", but you were the sweet spot, and I kept 
coming back. You were hot, but not so hot that you'd drown out flavors. 
You made me laugh, cry, and sweat profusely, as a good lover should. We 
had ups, and downs, but mostly ups. You were rare, but not so rare that I 
couldn't find you if I needed you; essentially, you were always there when 
I needed you most.

[..]

Time has changed me. You are still the fiery lover that teased my senses 
five years ago, but now my digestive system has aged, and the years of 
romance between us has stripped away any protective lining my colon ever 
knew.

[...]

From lyger at attrition.org  Sun Sep 18 16:06:24 2011
From: lyger at attrition.org (lyger)
Date: Sun, 18 Sep 2011 16:06:24 -0500 (CDT)
Subject: [attrition] review: Movie: Hanna
Message-ID: <alpine.LNX.2.00.1109181605060.9786@forced.attrition.org>


http://attrition.org/movies/hanna.html

By: Martums

Brace yourselves, kiddies.

There is something extraordinary about Cate Blanchet, and I am almost 
ashamed that I cannot identify it. She is mysterious, powerful, and a 
performer talented beyond measure. I challenge you to find someone who can 
equal her in her vast arsenal of skills. Of course, limiting you to mere 
mortals makes the challenge futile.

The story of Hanna itself is interesting, beguiling to follow, and yet 
unremarkable. A genetically engineered soldier, nearly perfect in 
strength, tactics, and cunning (yes, the clich? hammer just slammed into 
the side of my head). Buffy meets Universal Soldier, (UGH, I just vomited 
in my mouth a bit, thinking of the latter). While Seth Lochhead and David 
Farr have done pretty decent work to differentiate themselves from those 
of similar material, it is the stunning visual presentations of scenery 
and sets which, coupled with a handful of enthusiastically entertaining, 
if not mesmerizing, performances that will satisfy your demand for 
continual stimulation and prevent you from popping another Prozac or 
Adderall until the credits roll.

[...]

From jericho at attrition.org  Mon Sep 26 04:05:27 2011
From: jericho at attrition.org (security curmudgeon)
Date: Mon, 26 Sep 2011 04:05:27 -0500 (CDT)
Subject: [attrition] Is your "cyber security expert" full of shit?
Message-ID: <alpine.LNX.2.00.1109260405000.26280@forced.attrition.org>


This is a great read and very accurate.

---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>

http://www.haftofthespear.com/?p=1913

By Mike
Haft of the Spear
August 7, 2011

Hundreds if not thousands of cyber security practitioners converged on Las 
Vegas this past week. They came to see and be seen, to occasionally share 
some newfound insight, but largely for the same reason everyone goes to 
Vegas . . . do I really need to elaborate?

The media love these conferences because it?s easy to get quotes from 
"experts" since, well, no one admits to not knowing everything once they 
realize a reporter is within earshot. Therein we find a serious problem: 
how to tell the difference between a real expert and a pseudo one. Who 
truly has a broad base of knowledge about a wide range of related topics 
(exceedingly rare), or who is a mile deep in one area of emphasis 
(plentiful)? Who is the actual, technical guru (mildly Asperger-ish), and 
who is the security celebrity (glib, speaks in sound bites, blindingly 
white smile)?

He calls something "sophisticated" or "advanced" without justification

Just about every adjective applied to things-malicious online cannot be 
supported in any objective fashion. If the analysis applied to malicious 
software or attack methodology were applied to any other phenomenon that 
we apply scientific methods or practices to, it would be treated like 
astrology. There is no commonly accepted lexicon for what is advanced or 
difficult or sophisticated or complex. You could focus on a threat actor?s 
motivations and ascribe something more complicated at play than simple 
profit (say, Stuxnet, for which there are pretty clear political-military 
implications) but it has been a very long time since anyone has done 
something truly original (read: for which we have no defense -- no matter 
how woefully inadequate -- and is a complete surprise to everyone) or 
something has been discovered that is not simply evolutionary, in the 
cyber security realm.

[...]