The Electric Onion - A satirical take on the world of IT security

Another Wasted Gap Year

My friends make fun of me because I put tape on my mirrors at home so I don’t accidentally walk into another dimension. But you can’t be too careful I say. Just ask one of the 800,000 people who applied for jobs with The Gap this year.

Last month The Gap lost the phone and online job applications for over 800,000 aspiring Gap’ees when a laptop was stolen from the offices of their recruiting company. The Gapster didn't identify the vendor much less why they failed to protect fledgling Gap’ettes data.

Few companies of course disclose details of their losses such as whether the sensitive data was encrypted saying it’s because the release of too much information can tip off criminals. But me thinkest the lack of disclosure doth giveth their lawyers some badly needed wriggle room. Come to think of it, I haven’t visited a decent wriggle room in years.

Of course the story here is not the loss of personal information by yet another uncaring global conglomerate. The real story is that this year at least 800,000 people in the States applied for minimum wage gigs as mall jockeys pushing focus group produced “urban-hip” threads sewn by 10 year old kids in Guatemala. But maybe it’s me. I’m seldom satisfied. I went to a strip mall the other day. Was I ever disappointed…everyone else had clothes on.

Top 10 Signs Your Cat May Be Trying to Kill You

10. Seems mighty chummy with the dog all of a sudden.

9. He actually does have your tongue.

8. You find a stash of “Felines of Fortune” magazines behind the couch.

7. You wake up to find a bird's head in your bed.

6. Droppings in litter box spell out “REDRUM.”

5. Takes attentive notes every time “Itchy and Scratchy” are on.

4. Has taken a sudden interest in the wood chipper.

3. Instead of dead birds, leaves cartons of Marlboros on your doorstep.

2. Ball of yarn playfully tied into a hangman's noose.

1. Now sharpens claws on your car's brake lines.

Joke of the Month

Microsoft launched a “free” online health portal called HealthVault last month that allows users to upload their medical records to the Web and share the information with doctors.

…don’t get me started.

I Love the Smell of NMap in the Morning

I’ve been busier than a beaver in a coffee lake lately but not too busy not to notice this story. I think it’s one to mark on your calendar of world changing events. Last month it was reported that Israeli planes were able to sneak past Syria's defences to bomb a “strategic target” located “deep inside” Syria.

Israeli F-15 and F-16 bombers carrying out the raid are believed to have entered Syrian airspace from the Mediterranean Sea and exited near the border with Turkey where they were briefly engaged by Turkish fighter jets.

This location is deep within Turkey (next to the giblets) prompting questions about how the fighters got in and out like Ninjas without being detected since they were not fitted with any stealth technology. So did they: a) fly in under the radar? b) use some secret squirrel radar jamming techniques? or c) hack into the Syrian airborne system defence network?

That right! Aviation Week reported that the Israelis used the “Suter” airborne network attack system. The technology, developed by BAE Systems, uses a “sophisticated approach of hacking” into enemy defences.

“The technology allows users to invade networks, see what enemy sensors see, and take over as system administrator so sensors can be manipulated into positions so that approaching aircraft can't be seen.”

Wow! So mark this on your calendars: “hacking” as a military strategy has arrived.

Now I come from a military naïve family (during the Civil War in the States my great Uncle fought for the West) but it’s clear that this hack poses some serious questions for arms manufacturers, defense contractors and armies all the way from Washington to Seoul and back again. Welcome to the show gents.

Heard Around the Office

“Despite the high cost of living, have you noticed how popular it remains?”

Sean Bennett, Orthus Sales Monkey

Orthus Launches World’s First Low Carbon Compliance Management Solution

Last month London-based information security consulting firm Orthus Limited launched the world’s first “low-carbon” compliance management solution and set the standard for alternative clean-air consulting and reduced compliance greenhouse gas emissions.

Continuing his historic leadership to reduce greenhouse gas (GHG) emissions and lower England’s reliance on foreign compliance management solutions, Orthus Managing Director Richard Hollis announced the launch of the groundbreaking standard for low carbon software. The eco-friendly software: “i-Carboply“ is designed to reduce the carbon emissions associated with the United Kingdom’s compliance management market by at least 16% by the year 2020. This first-of-its kind solution will support AB 32 emissions targets as part of the information security industry’s overall strategy to fight global warming.

“Sales pitches filled with high amounts of methane account for almost sixty percent of the industry’s annual greenhouse gas emissions, and we rely on petroleum-based specification sheets for an overwhelming 96 percent of our marketing needs,” said Hollis. “This petroleum dependency contributes to climate change and leaves consumers vulnerable to price shocks from an unstable compliance solution market. As a world leader in energy efficient consulting, alternative marketing and reducing greenhouse gases, Orthus’ new low carbon compliance management software is an innovative solution that will diversify our compliance management solution supplies and establish a vibrant market for cleaner-burning consulting.”

Recent research indicates that the typical information security compliance management solution sales presentation produces the CO-2 equivalent to a herd of 1000 cows fed 5000 pounds of baked beans for 300 days. The gas is largely due to the industry’s penchant for vastly overstating effectiveness, scalability and ease of use of their products.

“The reduced methane emissions associated with the Orthus i-Carbonply solution are due to the simple fact that the solution’s value is self evident and as such requires virtually no hot air to sell it. That’s not only good for the consumer – that’s good for the planet” says an emotional Orthus MD Hollis.

The software is expected to replace up to 30 percent of our reliance on gaseous information security sales professionals in the first year alone and lead to a significant increase of renewable or alternative compliance vehicles in the U.K. in the next 10 years. “This is not about selling a compliance management solution that finally works – this is about leaving a safer, cleaner world for the next generation. We owe it to the children” says Hollis.

Up Coming Gigs

Who: MD Get Safe On-Line, Orthus NED (and former Benny Hill stunt double) Tony (You talking to me?) Neate
What: From Russia With Love: Organised Hacking Groups, Targets, Methodologies & Trends
When: November 28, 2007 14:00 to 15:00
Where: Park Hotel, Amsterdam, The Netherlands

Who: Orthus CEO (and former AC/DC sound check engineer) Richard (Huh? What!?) Hollis
What: CISO Summit 2007: Death by PowerPoint: An Excruciatingly Slow, Monotonous, Boring, Over-Stated, Tediously Repetitive and Pointlessly Hyperbolic PowerPoint Slide Presentation on the Current State of Commercial Electronic Eavesdropping
When: November 30, 2007 17:00 to 18:00
Where: Park Hotel, Amsterdam, The Netherlands

Who: Orthus MD (and former 1977 Mr. Universe Runner-Up) Richard (Bronco) Hollis
What: eBusiness Wales Seminar: Zen & the Art of Risk Management
When: October 23, 2007 09:00 to 10:00
Where: Cymru Llandudno, Wales

Other News Of Note

According to Internet security firm CardCops Inc., online credit-card hacking brokers stole the identity of a “Herman Munster”, whose “personal data” appeared in chat rooms. Apparently a Russian hacker unfamiliar with the 1960’s American TV show “The Munsters”, stole a bogus MasterCard application he found in a chat room under Herman's name and TV address, 1313 Mocking Bird Lane. [Miami Herald, 9-20-07]

Oral-B's Triumph SmartGuide toothbrush, available in the United Kingdom for about £140, uses navigation technology to transmit the exact location of the toothbrush to a base unit so that the user can see which areas in his mouth the brush might have missed. The wireless LCD mouth display can be mounted on a mirror or held in the free hand. [Daily Telegraph (London), 8-31-07]

Last month, the Houston School District, citing student privacy laws, declined to release the season's Bellaire High School baseball statistics when requested by a player's parent. [Houston Chronicle, 9-19-07]

Mr Quizly

As always, the winner of our monthly quiz will receive a .001% cotton Orthus Sales Monkey - Witness Relocation Programme T-Shirt (terms and conditions apply):

Question:Which of the following Stooges was a high school basketball star? Mr Quizly

A. Moe
B. Curly
C. Larry
D. Shemp

Answers to quiz@electric-onion.com

Quiz Rules:
1. Nyuk
2. Nyuk
3. Nyuck
4. Oysters!

Answer to last Onion quiz: Which one of the following is not a Marx Bros film: Correct answers: C An Afternoon at InfoSec and F. Pee Wee’s Big Adventure. Winner of last month’s quiz: Congrats LBY !

“I Meant How’s Your Cat?!”

This story makes me more nervous than Eddie Murphy on Fathers Day. Last month, Pudding Media (a subsidiary of Tea Cakes International, Parent company of Sweet Cheeks Chocolaty Biscuits Inc. no affiliation with Sweaty Cheeks Chocolaty Treatz Ltd.), introduced an Internet phone service that’s supported by advertising linked to callers discussion content. Hmmm.

What does this mean you ask? This means that the free web-based phone service (similar to Skype’s) monitors all of your conversations and sends you real time adverts related to your discussions. For example, if your spouse calls and tells you not to forget the milk, you will suddenly see milk adverts in your browser window.

Clever huh? Well I invented the cordless extension cord but try pitching that to a venture capitalist… Clever by half I think. I don’t know who would be suitably enamoured by the idea of their telephone provider eavesdropping in on their conversations (with the exception of the current US and UK administrations of course) to subscribe to this service. I mean at least Skype has the decency and discretion not to publicly announce that they give your transcripts to eBay (in addition to the current US and UK administrations). Grow up!

This steady erosion of privacy in the products and services coming to the market makes me nervous indeed. I’ve got other problems though. I just plugged my phone in where the blender used to be and called someone. They went “Aaaaahhhh...”

The Finest Print We Can Afford

Any way you cut it, the eOnion is still copyrighted to Orthus Ltd. so may not be used to mock, ridicule, tease, scorn, scoff, deride, disrespect or disparage other ICT security service or product vendors unless of course when it’s in our best commercial interest to do so or when it’s done in good clean fun. Either way, it’s our call so suck it up.

The eOnion may cause arrogance or involuntary spasms of smug self righteousness which may lead to public smirking or prolonged bouts of condescending behaviour (sort of like being a Royal). Symptoms include unexplained disdain for information security product vendor marketing managers and an itchy flaking on the scalp. If drowsiness or nausea occurs, try reading SC Magazine. If symptoms persist, you try writing something funny for a cheesy monthly newsletter because it’s the only job you can get after 20 years of formal education. Not laughing now are you funny boy?

To unsubscribe go to the nearest window, stick your head out and yell “I’m not going to take it anymore”. Alternatively, send an e-mail to security-unsubscribe@electric-onion.com. All Information provided shall be processed in accordance with the Data Protection Act 1998 (and we don’t say that just because we have to - but yes, we have to).

Feeling Insecure?

The Electric Onion is an Orthus publication. If you're feeling a little lonely, vulnerable, exposed or insecure, tell us about it. Contact us at: +44 (0) 20 3170 8955 for information security consulting services, therapy, advice or assistance. Thoughts, feedback, comments, questions, veiled or unveiled threats? Send an e-mail to getalife@electric-onion.com