Thanks Warlord for the link! Funny stuff!

Ahh the follies of outsourcing. Read the comments, most of them are PRICELESS!

http://www.getacoder.com/projects/bug_finder_92913.html

*Update: Looks like they removed all the comments. That's quite a bummer as they were really funny. Anyhow... the offer is still funny enough.*

*Update #2: Someone archived the comments before they went down. Classic.. HERE

Yep.. this is our president. Taken straight from the pages of www.whitehouse.gov. If you don't get it, just move on.. there's nothing more to see here.

Highly trained police dog takes down the bad guy! GO LASSIE GO!

One of my favorite movies of all time is "The Thomas Crown Affair" starring Pierce Brosnan as Thomas Crown and Rene Russo as his love interest. (Yes, I know this is a remake, and no I haven't seen the original). In this movie, the character Thomas Crown uses an interesting technique to cover up his final crime. He employs a huge number of identically dressed lookalike people to infiltrate the museum and cover up his escape. It was quite brilliant.. in the movies.

Well, it appears as if someone has decided to attempt this little ruse in real life. Using Craigslist and the concept of flash mobs, 28 year old Anthony Curcio decided it would be a smart idea to mask a robbery of his own. In his ultimate wisdom, Anthony encouraged a group of folks on Craigslist to arrive at a specific time and place wearing a unique and identical set of clothing. He may have gotten away with it too (if it hadn't been for you meddling kids), if he hadn't been made earlier in the week setting up his own clothing stash behind a dumpster.

While this is a funny and interesting story on it's own, I do believe it has merit and meaning within the information security world. The concept he employed is very similar to attacking a target system while covering yourself with a high amount of similar attacks from other remote sources. The idea being that any attempt at discovering the real source of the attack would be obfuscated by the high quantity of chaff that surrounds the pertinent data.

So how do we go about counteracting the "Thomas Crown" threat scenario? As in the news article, we must implement defense in depth and look for ways outside of the normal methods to detect these attacks. We must utilize off system logging, identify behaviors outside of the norm (A flash mob is hardly normal), and view the data from multiple angles to be able to isolate the needle from the haystack. Quick response and a little bit of preparation go a long way to thwarting a wood be "Thomas Crown".

Keeping on the theme of iPhones this week, we have a brief video explaining the top 4 reasons that the iPhone is Evil. Very funny.. and very very true! I'm not quite cool/hip enough to actually OWN an iPhone, but I covet those that do, and am just quite lame enough to own an iPod Touch and pretend it's a phone. Yep... I'm that redonkulous!

Man, why didn't I think of this. I've seen video of people social engineering their way through many restricted areas in the past; some claiming to have forgotten something in the target locations, others claiming to be Jason Biggs from American Pie fame. None of them are quite as simple, and effective, as just claiming your the DJ! Watch as this man gets into every club he tries just by claiming he's the DJ and is spinning shortly. Watch to the end of the video to see some reasonably funny attempts at DJ social engineering in completely random places.

Our favorite quote machine, Linus Torvalds, in a recent email to a linux kernel developers mailing list had this to say:

On Tue, 15 Jul 2008, Linus Torvalds wrote:

> So as far as I'm concerned, "disclosing" is the fixing of the bug. It's the "look at the source" approach.

Well here's to you Linus! Three cheers and a wonderful dirty picture!