Paid Advertising
web application security lab

Security Expert Rehabilitation

In light of my last gloom and doom post, I wanted to turn the tables and add some humor. A while back a bunch of us came up with the concept of a security expert rehabilitation program. Once we give up security and go back to manual labor we need to re-acclimate ourselves to the rest of society. So, in no particular order, here’s what the rehabilitation program might look like:

Step 1: Sign up for a MySpace account. Facebook is fine too. Actually why not all of the social networking platforms? It’s easier to keep in contact with everyone if you do. Make sure to fill out each form field completely and accurately!

Step 2: Pick a password that is easy to remember and make sure to write it down on a sticky note. Feel free to tell your friends in case they want to use your account too. Better yet, make a list of all your passwords and change them all - to “password”. If someone is annoying and makes you use a number, “password1″. An upper case, a number and a special character use “Password+1″. Now tear up that pesky list you just made. You’re living easy now aren’t you?

Step 3: Download every third party widget, gadget, movie, game you can think of onto your social networking profile. Cuz that’s fun. And make sure to put every gory detail about who you are, where you live, what your birthday is, what your mother’s maiden name is, what you like and dislike, etc…. And feel free to update it regularly with any and all personal information that may have changed. That way people can get to know you better.

Step 4: Log into your newly created webmail account and email all your friends your likes and dislikes. Don’t forget to enable HTML rendering so you can see all the neato pictures! And don’t feel afraid of hitting reply to those spam emails. That’ll help them know that you’re not interested.

Step 5: Start downloading toolbars and desktop applications galore so that you can get your real time stock quotes, shop for beanie babies and know what the weather is like in Iceland at all times.

Step 6: Go ahead and remove all that anti-spyware and anti-malware junk. It makes your computer so much faster if you do! Plus, who wants to keep hitting “Ok” and “Allow” to every security warning? Turn `em off!

Step 7: Go ahead and plug that laptop right into the Internet. No need to use a firewall. Those are just complicated anyway. Or better yet, just go to the local cafe and use their public wifi. Hey, cute girls hang out there - that’s what normal people do: they hit on cute girls who are using open wifi. You want to be normal too, don’t you?

Step 8: Don’t bother to lock your computer when you go to the bathroom at your cafe. Let the police worry about crime - it’s not your job anymore.

Step 9: Open all the attachments you get in emails. Hey, they might be important, and you don’t want to be rude to whomever sent them to you, now do you? That’s not what normal people do.

Step 10: And finally, start clicking on all ads everywhere. They wouldn’t give a “special offer” to just anyone!

If I don’t post before then, have a great week and a good Halloween for those of you who celebrate the more pagan of holidays!

22 Responses to “Security Expert Rehabilitation”

  1. thrill Says:

    And don’t forget to go ahead and update all your banking information from those emails you get, even if it’s not your bank, who knows, you might have some money in an account you didn’t open!

  2. Spyware Says:

    brb cafe.

  3. Steve Says:

    Answer that mail from Nigeria! You may make enough money to quit manual labor all together.
    Spend money on expensive security solutions that protect your computer from “those scary hackers”, who can turn your computer into cottage cheese from a distance!
    Allow all scripts to run on your browser, yes you can now see the dancing pigs.
    Stop updating your software, its too hard.
    Finally, Finally, use ROT-13 and feel good about it.
    V’z fraqvat lbh $1 sbe gur svefg cnlzrag gb eryrnfr zl zbarl sebz Avtrevn. V rapelcgrq guvf zrffntr fb gung lbh xabj vg pnzr sebz zr.
    Lat but not least…..
    Call your friends to fix the mess you just made.

  4. Steve Says:

    Repost with trolling comments on websites with comments like “I don’t worry about security as I have a and it can’t be infected unlike your .

  5. a.ban Says:

    sending over bank details to the nice people in Brkina Faso might be a god idea, after all information sharing is the name of the game! :-D

  6. lucas Says:

    what have you got against iceland :(

  7. .mario Says:

    Don’t forget to put your old work laptop on ebay.

  8. plAnadecU Says:

    And periodically check if you credit card account has been stolen in the Internet by filling your data in pages such as: Check if your credit card has been hacked! Insert your cc number and expiration date.

    Imagine you are the visitor 1.000.000 and you don’t have cc to receive the money ^^

    And what about if you can buy the magic diamond ?

  9. crazy_lil_white_guy Says:

    I use lifelock, so im not too worried about identity theft… and I don’t care if my credit card or bank info get’s stolen… pretty soon I’m going to be getting 15 million dollars from helping my friends in nigeria, then I will buy myself a gold rocket car… eat my dust security professionals

  10. mckt Says:

    Stop using your paper shredder, but keep it by your desk anyways. Nobody takes stuff out of the dumpster, that’s like, gross, right?

  11. id Says:

    I’m going to enter my username and password for all my mail accounts into this random website so I can share this funny article with all my contacts automagically!

  12. dc Says:

    All rehab programs must have 12 steps. Even PCI knows that. So, to round out the list:

    11) start using safari for all your browsing. No longer must you use a separate secure browser for ’sensitive’ ops

    12) grow a Schneier beard, open your home wifi net, and start posting rants about how the human factor is the weakest link ;)

  13. Chapter Says:

    Also do not forget to make sure you put all of your information such as address,phone numbers,cars etc On your social network profiles because you never know when somebody wants to contact you. Make sure your box has no password on it so the whole community can use the internet.

    And make sure to use the same password on every single website so you will never forget it.

    stay secure


  14. Jon A. Longoria Says:

    Give your Social Security Number, full name and address to the nice man on the telephone for verification purposes that is involved in the maintenance of your Checking and Savings account… with two separate financial institutions.

    Use Google for anything and everything.

  15. Cagekicker Says:

    Can’t forget to install the P2P software and share out all your folders!

    Great article, by the way. Had me smilin’ while having a “case of the Moooooondays”.

  16. k.elt Says:

    This is just too funny!

    Shouldn’t people get a little nervous when places like Facebook ask for email addresses and the passwords to those so they can add your buddys? No way! Besides we’re all adults here on Facebook and we know that Facebook can be trusted. It’d be a lot different if this social networking website was targeting naive teenagers or something.

    Always use http. That extra ’s’ is just one character and it’s not going to help you at all.

  17. Skoilnogmon Says:

    Very nicely done. LOL. Although I’m not sure it pulls your blog completely out of the previous doom and gloom post :P

  18. Grymstone Says:

    This is great. A don’t list of security stuff!

  19. Jaimie Sirovich Says:

    Looks like someone talks to Quadz :P

  20. mfnano Says:

    and if u r a developper, never forget to leave XSS holes, and some php code injection, and of course a little sql injections too, people want to learn about this stuff but they can’t find somewhere to apply that.
    the coolest is the one about wheather in iceland lol

  21. unpredictable Says:

    Do not forget to uninstall all freeware, shareware programs from your work computers. If you would do so- you would avoid detection and avoid breach of company policy. Also ensure to use gmail chat as you do not have to install it and thus it cannot be detected !! :-)

  22. Minty Says:

    Oh and make sure you download that l33t h4×0rz software that lets you hack your friends’ Myspace. And also download that program that lets you see who views your Myspace the most. You never know who might be interested in you. :)