The Electric Onion - A satirical take on the world of IT security

That Time of the Month

You know those little indestructible black boxes used on planes - I've often wondered why they can't make the whole plane out of the same substance? I also thought they'd be good for Microsoft applications - that way when they crashed and burned, maybe we could get some real answers.

September saw a rash (and heaven knows I've seen my share of those) of security patches rushed to market by our favourite global conglomerate. Just days after releasing their scheduled monthly patch update, Microsoft had to issue an advisory for yet another Internet Explorer vulnerability. Yep, the more things change, the more things stay insane.

“Microsoft found itself investigating new public reports of a vulnerability which may allow attackers to execute code on a user's machine by taking them to malicious Web sites,” a Microsoft spokesman announced. Yeah, that statement and corduroy pillows make big headlines. Is it me, or didn't I just read the same announcement in July (Microsoft PowerPoint flaw)? Or was it June (Microsoft Excel flaw)? Or perhaps both? This is a regular monthly event with these guys. Issue your monthly patch update followed by an emergency security alert. These guys haven't met a ship that hasn't already sailed.

The flaw was apparently discovered by the French Security Incident Response Team (FrSIRT) (insert your own joke here) who said that the flaw is due to a memory corruption error when processing a specially crafted argument passed to the “KeyFrame()” method of a “DirectAnimation.PathControl” (daxctle.ocx) ActiveX object (pardon my French). Sacre freaking bleu!

Reminds me of that old joke where a patient wakes up and says “Doctor, I can't feel my legs” And the doc says: “No wonder, I cut off your arms”.

Sales Monkey Under Cloud

A sad turn of events this month as the Orthus Sales Monkey was put on garden leave pending the investigation of the apparent theft of Orthus intellectual property. A dark shadow of doubt has been cast over our commercial primate as the laptop assigned to him has gone missing.

The kit in question contained data accumulated in the Orthus “Out of Thin Air - WiFi Drive by Hacking Survey”. Allegations have been made that the Monkey may have sold the survey data to RSA marketing personnel over drinks at the bar in the Dorchester Hotel. The incident came to light following publication of suspiciously similar surveys by RSA Marketing Department.

An investigation of this alleged insider theft is underway.

Retail Therapy

I'm a little teapot short and stout. Here is my handle here is my…sh*t, I'm a sugar bowl! Last month IBM paid $1.3 billion in cash to buy ISS. Yep, yet another example of two wrongs making a riot. The all-cash acquisition though put IBM squarely in the IT security market as a force to be reckoned with.

$1.3 billion in cash - wow! Where I come from, that's a lot of scratch. Of course, where I come from - they stopped saying “scratch” back in 1978. I mean where do you even find a billion in cash? Does IBM have that kind of change just sitting in a safe somewhere? Maybe it's me. When I was a kid we were so poor we'd go to KFC to lick other people's fingers. So that's a lot of moola to a guy like me. I remember the time I was kidnapped: they sent a piece of my finger to my mother. She said she wanted more proof.

“This acquisition will help IBM to provide companies with access to trained experts and leading-edge processes and technology to evaluate and protect against threats and enforce security policies,” said Val Rahmani, general manager of infrastructure management services at IBM Global Services. Yeah thanks Val - former Founder, Chairman, President, and Managing Director of the Committee to Help Stamp Out, Delete, and Eradicate Superfluous Redundancies. Welcome to the party Val. While a buy that big had to feel good, I suggest you keep the receipt dude.

While we're on the subject of shopping sprees, did you see that Google paid $1.65 billion for YouTube last month? That's nearly a dollar for every video of a sleeping cat falling off a T.V.

Markets are changing my friends. Just look around you. Did you see CNN reporting that General Motors will cease production on the Hummer H1 truck? As a result, a large number of insecure men have reported a sensation of their members shrinking.

Mr. Quizly

As always, the winner of this months quiz will receive a free security vulnerability assessment of one external facing IP address (terms and conditions apply):

Question: Which of the following actors were NOT members of the 1967 film “Dirty Dozen”?

A. Jim Brown
B. Donald Sutherland
C. Trini Lopez
D. James Coburn
E. Charles Bronson
F. Lee Marvin
G. Pee Wee Herman's Big Adventure

Answers to quiz@electric-onion.com

Quiz Rules:
One: down to the road block we've just begun.
Two: the guards are through.
Three: the Major's men are on a spree.
Four: Major and Wladislaw go through the door.
Five: Pee Wee stays out in the drive.
Six: the Major gives the rope a fix.
Seven: Wladislaw throws the hook to heaven.

Answer to last month's quiz:
The phrase “face down, 9-edge first” refers to.?
Correct answer: A. Insertion of memory cards into a VAX 11/780
Winner of last month's quiz: JBL

Some One To Watch Over Me

California Attorney General Bill (Gnarley Dude) Lockyear revealed last month that the great State of California may actually pursue indictments in their investigation of tactics used by Hewlett Packard board members to find the source of an internal leak. Lot of testosterone in California these days isn't there?

HP as you know hired a private investigative firm to find out how intellectual property was leaking out of the company (they should have paid one to find out how it ever leaked in). The bottom line is that HP paid an outside firm to come in and spy on their employees for them. Not something that's normally done (or at least acknowledged) in these days of data protection.

The private dicks (you just knew I was going to use that term) employed classic social engineering and not so classic “pretexting” (you didn't know I was going to use that one though) techniques to retrieve the personal phone records of both board members and employees. Investigators “allegedly” lied about their identities to solicit the records and see who was calling journalists. Essentially, this was identity theft 101 stuff and the media - rightfully so - had a field day with it.

The decision to use the gum shoes to find the “leaker” was made by the HP Board Chair(wo)man Patricia Dunn who as a result of the associated fallout has announced that she will be stepping down from her post. In a nice plot twist to the story Board member George Keyworth, who will step down as well, is alleged to have been the source of the information leaks that prompted the investigation. “The invasion of my privacy and that of others was ill-conceived and inconsistent with HP's values,” Keyworth said.

This guy's righteous indignation puts a bee in my bonnet. I hope he gets what's coming to him. My therapist says I have an obsession with revenge… we'll just see about that.

Top 10 Signs That Your Boss May Be Spying On You

10. Always volunteers to empty your rubbish bin.

9. You turn up the thermostat and hear your supervisor scream from the air vent.

8. Every morning, some guy puts a new roll of film in your stapler.

7. Company PowerPoint presentations include photos of you flossing.

6. Greets you in the elevator with, “Boy, that was some call from your urologist”.

5. The “O” on your keyboard looks a lot like his eyeball.

4. Keeps repeating the same phrase: “Please speak directly into my pants”.

3. His screensaver is you in the men's room.

2. When your wife wears a negligee, his voice comes out of the lamp asking, “Is that new?”.

1. Advises you to get that mole on your ass looked at.

Herd Around The Water Cooler

“Having a smoking section in a restaraunt is like having a peeing section in a pool”

Tom Harrison
Orthus Project Manager

Scent of a Woman?

The Tokyo Institute of Technology said last month that it is building a database of 9600 scents that will be machine-reproducible, with uses ranging from helping online shoppers smell a product before buying, to helping doctors diagnose illnesses by sniffing a patient's bile. Sensors will trigger a library of chemicals to accurately reproduce “almost any odour, from old fish to gasoline,” according to one researcher, and that recipe of chemicals would remotely re-create the scent.

I've been wondering, if someone can't see, they're blind and if someone can't hear, they're deaf, but what exactly do you call people who can't smell?

U.S. Homeland Security Updates

(1) Undercover investigators for the Government Accountability Office reported last month that they were able to purchase, on the open market from Pentagon contractors, surplus body armour, mounts for shoulder-fired missiles, and missile radar test devices. (nearly 2,700 “sensitive” military items had been bought by 79 other buyers).

(2) Last month, an FBI computer consultant, who said he was frustrated by bureaucratic delays in obtaining legitimate access to certain bureau files, was able to hack into the files surreptitiously via the FBI director's secret password, which the consultant figured out using software found on the Internet.

(3) Indiana state homeland security officials told Vermillion County officials last month to stop using the special emergency-only highway message boards to advertise their charity fish fries and spaghetti dinners. I'm not making this stuff up.

(4). Finally, national police study published last month showed that you were more likely to get shot by a fat cop if you ran. (Okay, I made that one up).

The Finest Print We Can Afford

Even on the worst of days, the eOnion is copyrighted to Orthus Ltd. and may not be used to mock other IT security service or product vendors unless of course when it's in Orthus' best commercial interest to do so or when it's done in good clean fun. Either way - our call.

Keep away from open flames. Hold the eOnion upright and shake vigorously prior to reading. Do not ingest on a full stomach and wait 30 minutes after eating before you go swimming. If drowsiness or nausea occurs, try reading the Register. If symptoms persist, you try writing something moderately funny for a cheesy monthly newsletter because it's the only job you can get after 23 years of formal education. Not laughing now are you?

To unsubscribe stick your head out of the nearest window and yell “I'm not going to take it anymore”. Alternatively, e-mail unsubscribe@electric-onion.com. All Information provided shall be processed in accordance with the Data Protection Act 1998 (more or less).

Feeling Insecure?

The Electric Onion is an Orthus publication. If you're feeling a little lonely, vulnerable or insecure, tell us about it. Contact us at: +44 (0) 207 929 1253 for information security consulting services, therapy, advice or assistance. Thoughts, feedback, comments, questions, veiled or unveiled threats? Send an e-mail to getalife@electric-onion.com