Flytrap #2 - Possible NSFW Content and WAW fail , Whiskey Bacon and tamale hootch

Status
Not open for further replies.

b_sinning

Erect Member
Nov 22, 2004
22,790
47
41
44
Savannah, GA
Yeah. At the time though, I was bummed because I was hoping there would be some way Mac & Childs would make it.

I still believed in happy endings...

I'm better now.

I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.
 

Duke

. . first name's "Daisy" boys
May 12, 2008
55,859
18,142
41
Brandon, FL
I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.

There was a book.

Both were human at the end.
 

b_sinning

Erect Member
Nov 22, 2004
22,790
47
41
44
Savannah, GA
TpoGJ.jpg
 

b_sinning

Erect Member
Nov 22, 2004
22,790
47
41
44
Savannah, GA
Ha

"Annual viewing on "The Ice"

The Thing is typically viewed by members of the winter crew at the Amundsen–Scott South Pole Station after the last flight out (usually in a double-feature with The Shining)."
 

Duke

. . first name's "Daisy" boys
May 12, 2008
55,859
18,142
41
Brandon, FL
Honestly, if her ankles can't support her 98 lbs, she's in for a really shitty future if she's doing anything not on her back.
 

tre

My favorite chef is Mike Rowave
Oct 15, 2004
26,281
19,327
823
igloo
Honestly, if her ankles can't support her 98 lbs, she's in for a really shitty future if she's doing anything not on her back.

be fair, there's like an extra 37 lbs of weave in there too
 

Coqui

Piccolo Pete
Oct 14, 2004
35,593
4,667
673
43
Columbus, OH
I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.
Except they found a way to test that and could have easily verified it.
 

OzSTEEZ

¡ɟɟo ʞɔnɟ ʇunɔ 'ᴉO
Nov 11, 2008
35,272
9,368
473
40
Oz
Lunch for me will consist of a salad and maybe a half cup of soup and a small piece of 7 grain bread.

Now when I say salad, I mean raw veggies. Period. No dressing, no croutons, no cheese, no olives, no oil, no pasta.

I was called fat last night for having a grilled chicken sandwich on whole wheat bun and sweet potato fries because I had most of the fries and ate the whole bun.

I love my bread :(

Stop being weak.
 

Josh

Biff Clurton
Oct 9, 2006
7,299
3,615
273
East bumfuck.
http://nakedsecurity.sophos.com/2011/10/19/researcher-security-flaw-threatened/

Code:
South of the Equator, a yawning security hole is swirling responsibility backwards to the bug finder.

It surely amounts to the Coriolis effect.

Yes, children, it's true: In Australia, flushing insecure bugs out of the toilet drain of investment fund companies results in all the responsibility flowing counterclockwise, completely opposite to that of rational Northern Hemisphere nations where white-hat researchers are lauded and well-enumerated for uncovering ridiculously simple coding errors. (Or not.)

To wit: After Australian security researcher Patrick Webster recently alerted his investment fund First State Super of a glaring, blaring security lapse - a lapse so duh-licious, it ranks at #4 on OWASP’s top 10 list of application security risks - he was thanked with a legal threat and notice that he just might be billed for the security fix.

As brought to light by Patrick Gray on Risky.biz, First State Super's law firm on Oct. 14 sent Webster a letter demanding that he turn over his computer.

According to Gray's account, First State Super threatened to track down the costs incurred "in dealing with this matter" if Webster does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.

Letter to Webster

Webster's sin was to uncover the fact that his pension fund allowed logged-in members to access their online statements via what's known as direct object reference, wherein other members' statements could be accessed by changing a single digit in the displayed browser URL.

Webster says that he cooked up a script to demonstrate the flaw to the investment fund's IT staff, downloading some 500 account statements and then promptly deleting the information in September.

Here's the company's rationale for not only closing his pension fund but also for potentially sending Webster the bill for the security fix:
    Whilst you have indicated that your actions were motivated by an attempt to show that it is possible for a wrongdoer to obtain unauthorised access to Pillar's systems, you actions may themselves be considered a breach of section 308H of the Crimes Act 1900 (NSW) and section 478.1 of the Criminal Code Act 1995 (Cth). You should be aware that due to the serious nature of your actions, this matter has been reported to the NSW Police.

    Further, as a member of the Fund, your online access is subject to the terms and conditions of use which are outlined on the Fund's website. Your unauthorised access also constitutes a breach of those terms and has caused the Trustee to expend member funds in dealing with this matter. Please note the Trustee has the right to seek recovery from you for the costs incurred in accordance with those terms.

    [....]

    In addition, the Trustee reserves its rights to require you to allow it's IT personnel to examine your computer during business hours to verify that all data and records on your computer have been destroyed or deleted.

    In the meantime, the Trustee has suspended your online access to the Member Section of the Fund's website. 

No good deed goes unpunished. But one would hope that most good deeds go without prosecution against the good-deed-doer.

One would most fervently hope that most good deeds don't result in companies with No.-4-On-The-OWASP-Lame-O-Meter scale sending lame-ass demands to punish those who would point out the insufficiency of their security practices. But one would be hoping in vain, evidently.

Josh CormanIt's ironic that this news crosses my desk on the same day in which I had a conversation with Akamai's Josh Corman about the subject of how, in these post-Anonymous days, we have arrived at a place wherein organizations are becoming more transparent about their victimization through security breaches.

"Looking across the swaths of security compromises both in the security and the non-security industries in the last 12-18 months... [and] watching incident response and public relation successes and failures," Corman has noticed that the current state of predation by Anonymous, LulzSec et al. is forcing the industry to re-evaluate best practices for communicating breaches.

"I think there's a shift from 'keep quiet and hide it' to more modern expectations from the installed base," he said.

In other words, we're seeing more transparency about what happened in a given security breach and how the situation was attended to. It's an evolution to a new set of best practices in crisis management, Corman explained.

Are things better? More transparent? In the Northern Hemisphere? Not in Australia?

This isn't even a question of lack of transparency, of course, not a question of a company going mum and hiding under a rock. No, this is a situation in which the company is hurling the rock at an innocent researcher's head.

Coriolis effectThe Anonymous Coward remarked that the first thing you have to understand is that "Australia is hilariously backward when it comes to understanding communications, computers, and the internet."

I don't think Australia would agree with that.

But in this instance, something's certainly flowing backwards.

And if Mr. Webster sets up a legal defense fund, let us all step forward and send a bit of coinage down under, in support of his efforts to point out a simple security error before people's funds were compromised, and to attempt to rectify the cockeyed misdirection of police time and the backwards misflow of blame.

Update: First State Super has updated its website with a statement about the incident - notifying its broader customer base of the security issue - and explaining that it plans to take no further action against Webster.

Herp derp.
 

plot

Morning Boehner
Oct 16, 2006
20,031
4,165
323
kansas city
http://nakedsecurity.sophos.com/2011/10/19/researcher-security-flaw-threatened/

Code:
South of the Equator, a yawning security hole is swirling responsibility backwards to the bug finder.

It surely amounts to the Coriolis effect.

Yes, children, it's true: In Australia, flushing insecure bugs out of the toilet drain of investment fund companies results in all the responsibility flowing counterclockwise, completely opposite to that of rational Northern Hemisphere nations where white-hat researchers are lauded and well-enumerated for uncovering ridiculously simple coding errors. (Or not.)

To wit: After Australian security researcher Patrick Webster recently alerted his investment fund First State Super of a glaring, blaring security lapse - a lapse so duh-licious, it ranks at #4 on OWASP’s top 10 list of application security risks - he was thanked with a legal threat and notice that he just might be billed for the security fix.

As brought to light by Patrick Gray on Risky.biz, First State Super's law firm on Oct. 14 sent Webster a letter demanding that he turn over his computer.

According to Gray's account, First State Super threatened to track down the costs incurred "in dealing with this matter" if Webster does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.

Letter to Webster

Webster's sin was to uncover the fact that his pension fund allowed logged-in members to access their online statements via what's known as direct object reference, wherein other members' statements could be accessed by changing a single digit in the displayed browser URL.

Webster says that he cooked up a script to demonstrate the flaw to the investment fund's IT staff, downloading some 500 account statements and then promptly deleting the information in September.

Here's the company's rationale for not only closing his pension fund but also for potentially sending Webster the bill for the security fix:
    Whilst you have indicated that your actions were motivated by an attempt to show that it is possible for a wrongdoer to obtain unauthorised access to Pillar's systems, you actions may themselves be considered a breach of section 308H of the Crimes Act 1900 (NSW) and section 478.1 of the Criminal Code Act 1995 (Cth). You should be aware that due to the serious nature of your actions, this matter has been reported to the NSW Police.

    Further, as a member of the Fund, your online access is subject to the terms and conditions of use which are outlined on the Fund's website. Your unauthorised access also constitutes a breach of those terms and has caused the Trustee to expend member funds in dealing with this matter. Please note the Trustee has the right to seek recovery from you for the costs incurred in accordance with those terms.

    [....]

    In addition, the Trustee reserves its rights to require you to allow it's IT personnel to examine your computer during business hours to verify that all data and records on your computer have been destroyed or deleted.

    In the meantime, the Trustee has suspended your online access to the Member Section of the Fund's website. 

No good deed goes unpunished. But one would hope that most good deeds go without prosecution against the good-deed-doer.

One would most fervently hope that most good deeds don't result in companies with No.-4-On-The-OWASP-Lame-O-Meter scale sending lame-ass demands to punish those who would point out the insufficiency of their security practices. But one would be hoping in vain, evidently.

Josh CormanIt's ironic that this news crosses my desk on the same day in which I had a conversation with Akamai's Josh Corman about the subject of how, in these post-Anonymous days, we have arrived at a place wherein organizations are becoming more transparent about their victimization through security breaches.

"Looking across the swaths of security compromises both in the security and the non-security industries in the last 12-18 months... [and] watching incident response and public relation successes and failures," Corman has noticed that the current state of predation by Anonymous, LulzSec et al. is forcing the industry to re-evaluate best practices for communicating breaches.

"I think there's a shift from 'keep quiet and hide it' to more modern expectations from the installed base," he said.

In other words, we're seeing more transparency about what happened in a given security breach and how the situation was attended to. It's an evolution to a new set of best practices in crisis management, Corman explained.

Are things better? More transparent? In the Northern Hemisphere? Not in Australia?

This isn't even a question of lack of transparency, of course, not a question of a company going mum and hiding under a rock. No, this is a situation in which the company is hurling the rock at an innocent researcher's head.

Coriolis effectThe Anonymous Coward remarked that the first thing you have to understand is that "Australia is hilariously backward when it comes to understanding communications, computers, and the internet."

I don't think Australia would agree with that.

But in this instance, something's certainly flowing backwards.

And if Mr. Webster sets up a legal defense fund, let us all step forward and send a bit of coinage down under, in support of his efforts to point out a simple security error before people's funds were compromised, and to attempt to rectify the cockeyed misdirection of police time and the backwards misflow of blame.

Update: First State Super has updated its website with a statement about the incident - notifying its broader customer base of the security issue - and explaining that it plans to take no further action against Webster.

Herp derp.

Australia adopted apples policy to security flaws huh?
 

dbzeag

Wants to kiss you where it stinks
Jun 9, 2006
16,993
453
298
42
dave, you're like a beached whale

Just got my health screening today. I an prehypertensive, have elevated cholesterol levels, and am heavier than normal. :(

Also this from Presidential hopeful Rick Santorum (please google)

"One of the things I will talk about, that no president has talked about before, is I think the dangers of contraception in this country. It’s not okay. It’s a license to do things in a sexual realm that is counter to how things are supposed to be. [Sex] is supposed to be within marriage. It’s supposed to be for purposes that are yes, conjugal…but also procreative. That’s the perfect way that a sexual union should happen. This is special and it needs to be seen as special."

Duke, waw, you are doing it wrong. Eileen, however, is a saint.
 

Sarcasmo

A Taste Of Honey Fluff Boy
Mar 28, 2005
34,396
463
648
43
Austin
People will no longer care who has sex with whom when this country collapses into Mad Maxian ruin due to elevated levels of retardation, so there's that.
 

tre

My favorite chef is Mike Rowave
Oct 15, 2004
26,281
19,327
823
igloo
People will no longer care who has sex with whom when this country collapses into Mad Maxian ruin due to elevated levels of retardation, so there's that.

good, cause i'll totally be sexin up all of your mothers
 
Status
Not open for further replies.