Public Disclosure Shaming SO HOT RIGHT NOW

Obviously I'm going to employ that very popular zoolander meme. Because i think InfoSec (not exempt unfortunately in its vulnerability to group think hypnosis) is becoming this meme.

Critically speaking:
The amazing culture that has taken over what seems to be a large section of the InfoSec community is to shame and lambast people who publicly report bugs. This is done with the notion that exposing potential attackers to knowledge of the bug somehow makes matters worse.  (If i understand it correctly)

Couple interesting questions:

Will lambasting and shaming cause more people to make us aware of the bugs?Does it really make things worse for users?How much worse is this worse for users? Can we argumentatively determine the weight of the worse-ness for users?Is it always always better to only report to the vendor?Is every bug when reported publicly immediately worse in effect before the vendor responds? Now that last question is the ringer for me. I'll start with this one: "…

[InfoSec Rant] "Unspecifying" vulnerabilities is a vulnerability for vulnerability specification.

There is a practice in the information security world in which vendors issuing statements about the vulnerabilities reported to them can withhold as much information as they like; reducing what is meant to be helpful identification and declaring of software errata as another place for companies to save face. It is literally like someone writing a book and lying about things they got wrong so the book keeps selling- given the strong language parallels I can make here this analogy is quite applicable! Essentially capitalizing not only on software but also on the errata of their software. Which is to say they make money from making mistakes in the way the have essentially declared they will make money i.e. "We said we would sell you this wonderful software, but it turns out is completely broken and possibly doesn't do anything we initially promised it does; so in order to preserve our rights to say it does the initial stuff we promised we are not really gonna tell you why the s…

I started a youtube channel!

Hi folks!  I started a youtube chanel; check it out in the link below ;) 

[Meta-Analysis] Rick n Morty S1E10 : Broken Authentication Joke

Hi folks! This is a continuation on the blog post I did before about Rick n Morty S1E10's analysis! Enjoy!

The allegorical reference I'd like to get into is the broken authentication protocol used by the Council of Rick's Security Officers in the restaurant. The scene happens after Rick has escaped the council's trail in which he was accused of murdering a bunch of Ricks. This is where he ends up after running through a number of universes to through them off his scent.

Council Of Rick's broken authentication 
In this scene the Rick's try to claim that they are to be securely identified by a simple "X"; a marking they to that the restaurant concierge doesn't confuse them for Rick C137. What is happening is an authority is claiming they are in charge of a given means of identification "they are the only one's with the right signatures (X's)".   In a way this is an expression of something governments do all the time; that is mark p…

[Meta Analysis] Rick n Morty S3E1 : Rick's Anti-Tamper System

In Rick n Morty Season 3 Episode 1, the writers guide us through a dizzying array brilliantly constructed Information Security allegory. I tried to encapsulate all this in a previous post but I missed one! Here I dig into and explain what I think is the information security joke behind Rick's Garage Flies.

[Meta Analysis] Rick n Morty S1E10 : The Internet Privacy Episode (Part 1)

Hi folks! Here's another review of a Rick n Morty episode, this one is filled with a dizzying amount of obvious privacy, anonymity and totalitarianism references. If you like the internet, Tor and your freedom of speech I think this episode has a lot of allegory you would appreciate! There is a lot to explain in this episode so I'm breaking this up into a series of posts. Anyway, Enjoy!

[meta analysis] Rick n Morty S1E4 : Simulation Theory and Machine Learning

Is this even real life?