Flytrap #2 - Possible NSFW Content and WAW fail , Whiskey Bacon and tamale hootch

Status
Not open for further replies.
Yeah. At the time though, I was bummed because I was hoping there would be some way Mac & Childs would make it.

I still believed in happy endings...

I'm better now.

I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.
 
I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.

There was a book.

Both were human at the end.
 
TpoGJ.jpg
 
Ha

"Annual viewing on "The Ice"

The Thing is typically viewed by members of the winter crew at the Amundsen–Scott South Pole Station after the last flight out (usually in a double-feature with The Shining)."
 
I just loved the way you weren't sure if Childs was the thing or not and both him and mac were left there, both armed, with no hope of rescue watching each other. It kept with the paranoid feeling of the movie. No lame twist that made no sense and no happy no way would that happen in real life ending.
Except they found a way to test that and could have easily verified it.
 
Lunch for me will consist of a salad and maybe a half cup of soup and a small piece of 7 grain bread.

Now when I say salad, I mean raw veggies. Period. No dressing, no croutons, no cheese, no olives, no oil, no pasta.

I was called fat last night for having a grilled chicken sandwich on whole wheat bun and sweet potato fries because I had most of the fries and ate the whole bun.

I love my bread :(

Stop being weak.
 
http://nakedsecurity.sophos.com/2011/10/19/researcher-security-flaw-threatened/

Code:
South of the Equator, a yawning security hole is swirling responsibility backwards to the bug finder.

It surely amounts to the Coriolis effect.

Yes, children, it's true: In Australia, flushing insecure bugs out of the toilet drain of investment fund companies results in all the responsibility flowing counterclockwise, completely opposite to that of rational Northern Hemisphere nations where white-hat researchers are lauded and well-enumerated for uncovering ridiculously simple coding errors. (Or not.)

To wit: After Australian security researcher Patrick Webster recently alerted his investment fund First State Super of a glaring, blaring security lapse - a lapse so duh-licious, it ranks at #4 on OWASP’s top 10 list of application security risks - he was thanked with a legal threat and notice that he just might be billed for the security fix.

As brought to light by Patrick Gray on Risky.biz, First State Super's law firm on Oct. 14 sent Webster a letter demanding that he turn over his computer.

According to Gray's account, First State Super threatened to track down the costs incurred "in dealing with this matter" if Webster does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.

Letter to Webster

Webster's sin was to uncover the fact that his pension fund allowed logged-in members to access their online statements via what's known as direct object reference, wherein other members' statements could be accessed by changing a single digit in the displayed browser URL.

Webster says that he cooked up a script to demonstrate the flaw to the investment fund's IT staff, downloading some 500 account statements and then promptly deleting the information in September.

Here's the company's rationale for not only closing his pension fund but also for potentially sending Webster the bill for the security fix:
    Whilst you have indicated that your actions were motivated by an attempt to show that it is possible for a wrongdoer to obtain unauthorised access to Pillar's systems, you actions may themselves be considered a breach of section 308H of the Crimes Act 1900 (NSW) and section 478.1 of the Criminal Code Act 1995 (Cth). You should be aware that due to the serious nature of your actions, this matter has been reported to the NSW Police.

    Further, as a member of the Fund, your online access is subject to the terms and conditions of use which are outlined on the Fund's website. Your unauthorised access also constitutes a breach of those terms and has caused the Trustee to expend member funds in dealing with this matter. Please note the Trustee has the right to seek recovery from you for the costs incurred in accordance with those terms.

    [....]

    In addition, the Trustee reserves its rights to require you to allow it's IT personnel to examine your computer during business hours to verify that all data and records on your computer have been destroyed or deleted.

    In the meantime, the Trustee has suspended your online access to the Member Section of the Fund's website. 

No good deed goes unpunished. But one would hope that most good deeds go without prosecution against the good-deed-doer.

One would most fervently hope that most good deeds don't result in companies with No.-4-On-The-OWASP-Lame-O-Meter scale sending lame-ass demands to punish those who would point out the insufficiency of their security practices. But one would be hoping in vain, evidently.

Josh CormanIt's ironic that this news crosses my desk on the same day in which I had a conversation with Akamai's Josh Corman about the subject of how, in these post-Anonymous days, we have arrived at a place wherein organizations are becoming more transparent about their victimization through security breaches.

"Looking across the swaths of security compromises both in the security and the non-security industries in the last 12-18 months... [and] watching incident response and public relation successes and failures," Corman has noticed that the current state of predation by Anonymous, LulzSec et al. is forcing the industry to re-evaluate best practices for communicating breaches.

"I think there's a shift from 'keep quiet and hide it' to more modern expectations from the installed base," he said.

In other words, we're seeing more transparency about what happened in a given security breach and how the situation was attended to. It's an evolution to a new set of best practices in crisis management, Corman explained.

Are things better? More transparent? In the Northern Hemisphere? Not in Australia?

This isn't even a question of lack of transparency, of course, not a question of a company going mum and hiding under a rock. No, this is a situation in which the company is hurling the rock at an innocent researcher's head.

Coriolis effectThe Anonymous Coward remarked that the first thing you have to understand is that "Australia is hilariously backward when it comes to understanding communications, computers, and the internet."

I don't think Australia would agree with that.

But in this instance, something's certainly flowing backwards.

And if Mr. Webster sets up a legal defense fund, let us all step forward and send a bit of coinage down under, in support of his efforts to point out a simple security error before people's funds were compromised, and to attempt to rectify the cockeyed misdirection of police time and the backwards misflow of blame.

Update: First State Super has updated its website with a statement about the incident - notifying its broader customer base of the security issue - and explaining that it plans to take no further action against Webster.

Herp derp.
 
http://nakedsecurity.sophos.com/2011/10/19/researcher-security-flaw-threatened/

Code:
South of the Equator, a yawning security hole is swirling responsibility backwards to the bug finder.

It surely amounts to the Coriolis effect.

Yes, children, it's true: In Australia, flushing insecure bugs out of the toilet drain of investment fund companies results in all the responsibility flowing counterclockwise, completely opposite to that of rational Northern Hemisphere nations where white-hat researchers are lauded and well-enumerated for uncovering ridiculously simple coding errors. (Or not.)

To wit: After Australian security researcher Patrick Webster recently alerted his investment fund First State Super of a glaring, blaring security lapse - a lapse so duh-licious, it ranks at #4 on OWASP’s top 10 list of application security risks - he was thanked with a legal threat and notice that he just might be billed for the security fix.

As brought to light by Patrick Gray on Risky.biz, First State Super's law firm on Oct. 14 sent Webster a letter demanding that he turn over his computer.

According to Gray's account, First State Super threatened to track down the costs incurred "in dealing with this matter" if Webster does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.

Letter to Webster

Webster's sin was to uncover the fact that his pension fund allowed logged-in members to access their online statements via what's known as direct object reference, wherein other members' statements could be accessed by changing a single digit in the displayed browser URL.

Webster says that he cooked up a script to demonstrate the flaw to the investment fund's IT staff, downloading some 500 account statements and then promptly deleting the information in September.

Here's the company's rationale for not only closing his pension fund but also for potentially sending Webster the bill for the security fix:
    Whilst you have indicated that your actions were motivated by an attempt to show that it is possible for a wrongdoer to obtain unauthorised access to Pillar's systems, you actions may themselves be considered a breach of section 308H of the Crimes Act 1900 (NSW) and section 478.1 of the Criminal Code Act 1995 (Cth). You should be aware that due to the serious nature of your actions, this matter has been reported to the NSW Police.

    Further, as a member of the Fund, your online access is subject to the terms and conditions of use which are outlined on the Fund's website. Your unauthorised access also constitutes a breach of those terms and has caused the Trustee to expend member funds in dealing with this matter. Please note the Trustee has the right to seek recovery from you for the costs incurred in accordance with those terms.

    [....]

    In addition, the Trustee reserves its rights to require you to allow it's IT personnel to examine your computer during business hours to verify that all data and records on your computer have been destroyed or deleted.

    In the meantime, the Trustee has suspended your online access to the Member Section of the Fund's website. 

No good deed goes unpunished. But one would hope that most good deeds go without prosecution against the good-deed-doer.

One would most fervently hope that most good deeds don't result in companies with No.-4-On-The-OWASP-Lame-O-Meter scale sending lame-ass demands to punish those who would point out the insufficiency of their security practices. But one would be hoping in vain, evidently.

Josh CormanIt's ironic that this news crosses my desk on the same day in which I had a conversation with Akamai's Josh Corman about the subject of how, in these post-Anonymous days, we have arrived at a place wherein organizations are becoming more transparent about their victimization through security breaches.

"Looking across the swaths of security compromises both in the security and the non-security industries in the last 12-18 months... [and] watching incident response and public relation successes and failures," Corman has noticed that the current state of predation by Anonymous, LulzSec et al. is forcing the industry to re-evaluate best practices for communicating breaches.

"I think there's a shift from 'keep quiet and hide it' to more modern expectations from the installed base," he said.

In other words, we're seeing more transparency about what happened in a given security breach and how the situation was attended to. It's an evolution to a new set of best practices in crisis management, Corman explained.

Are things better? More transparent? In the Northern Hemisphere? Not in Australia?

This isn't even a question of lack of transparency, of course, not a question of a company going mum and hiding under a rock. No, this is a situation in which the company is hurling the rock at an innocent researcher's head.

Coriolis effectThe Anonymous Coward remarked that the first thing you have to understand is that "Australia is hilariously backward when it comes to understanding communications, computers, and the internet."

I don't think Australia would agree with that.

But in this instance, something's certainly flowing backwards.

And if Mr. Webster sets up a legal defense fund, let us all step forward and send a bit of coinage down under, in support of his efforts to point out a simple security error before people's funds were compromised, and to attempt to rectify the cockeyed misdirection of police time and the backwards misflow of blame.

Update: First State Super has updated its website with a statement about the incident - notifying its broader customer base of the security issue - and explaining that it plans to take no further action against Webster.

Herp derp.

Australia adopted apples policy to security flaws huh?
 
dave, you're like a beached whale

Just got my health screening today. I an prehypertensive, have elevated cholesterol levels, and am heavier than normal. :(

Also this from Presidential hopeful Rick Santorum (please google)

"One of the things I will talk about, that no president has talked about before, is I think the dangers of contraception in this country. It’s not okay. It’s a license to do things in a sexual realm that is counter to how things are supposed to be. [Sex] is supposed to be within marriage. It’s supposed to be for purposes that are yes, conjugal…but also procreative. That’s the perfect way that a sexual union should happen. This is special and it needs to be seen as special."

Duke, waw, you are doing it wrong. Eileen, however, is a saint.
 
People will no longer care who has sex with whom when this country collapses into Mad Maxian ruin due to elevated levels of retardation, so there's that.
 
Status
Not open for further replies.