Thursday, December 31, 2015

2015 InfoSec Tweet Awards

It's December 31th so that must mean it's time for the 4th annual InfoSec Tweet Awards!  Over 2,100 of you read last years post (my 2nd most popular to date) so it seems I should continuing the tradition.

As in previous years, there are no actual awards.  These are just funny or thought provoking tweets that I've "favorited" over the year (yes, I know twitter now calls them "likes").  As always, categories are completely arbitrary. I make them up as I go along...

Best Tweet Inspired by a Song (Tie)

Best Tweet Inspired by a Holiday (Tie)

Best Tweet That Should be on a T-Shirt (and already is)

Best Tweet About Phishing

Best Tweet About the Cloud

Best Tweet About the Internet of Things

Best Tweet About Threat Intelligence

Best Tweet About Recruiting

Best Work/Life Balance Tweet

Best "IT is Hard" Tweet

Best InfoSec "Pick-up Line" Tweet

Best InfoSec Parenting Tweet

Best "Out of the Mouth of Babes" Tweet

Best Tweet "That Understands My Pain"

Best Twitter... um... –er

Last but not least we have the "award" for the person who posted the best overall tweets of the year.

And the winner is.... Security Humor (@SecurityHumor)! Security Humor is hardly a new account. This month marks the sixth year s/he has provided funny quips 140 characters at a time. The Security Humor account has been in the running for this coveted(?) award for the last two years and only narrowly lost to InfoSec Taylor Swift (@SwiftOnSecurity) and Info Security Jerk (@infosecjerk)

If you follow one new account this year it should be @SecurityHumor. Below are a few recent gems:

This concludes the 2015 Tweet Awards. Please feel free to share your favorite tweets in the comments below. I wish you and yours a very Happy New Year!

Friday, August 7, 2015

Review: Hacktivist Vol. 1

A year and a half ago I reviewed the first issue of "Alyssa Milano's Hacktivist" (see review here).  With last week's release of Volume 2, Issue #1, I thought it about time to review the rest of the original story arc.

"Hacktivist" re-imagines the event of the Arab Spring uprising that occurred in 2010/2011.  This is the central focus of the story.  The sociopolitical events and accomplishments of the activists are much more important than the "hack" part of "Hactivist".

If you work in InfoSec or any other IT related field, you are going to have to suspend your disbelief when reading this story.  There is some effort to use language familiar to the technically inclined however, it's apparent that the writers don't really have a complete understanding of the lexicon.  Don't get me wrong, "Hacktivist" is not as bad as "Live Free or Die Hard" (a.k.a Die Hard: Hack all the Things) but, let's suffice it to say that some liberties have been taken.

Another aspect of the story I found particularly unrealistic is the interaction between the CIA and the founders of the Facebook-esque company, "Your Life".  The way in which the CIA initially approaches the founders and the nature of the business proposal (while common in entertainment) was not very realistic.  This is a little disappointing for a story that tries to take itself more seriously.  I also find fault with the government's response when things don't go their way.  To avoid any spoilers, let's just say that if Mark Zuckerberg decided to shut down Facebook and sell your personal information, he wouldn't be called the country's #1 threat.

If you can forgive these issues, there is an interesting, albeit somewhat short story.  All-in-all it's an entertaining read and for $1.99 per issue (4 total) there are worse ways to spend your money.

You can pick up "Hacktivist" at your local comic shop or a digital copies at

Monday, June 29, 2015

Book Review: Spam Nation

As an Information Security practitioner I am no stranger to Brian Krebs.  He is undoubtedly the foremost investigative reporter covering "cyber crime" (yes, I said "cyber").  I've followed his work since the mid-90's, first on the "Security Fix" blog at the The Washington Post and (naturally) at I was eager to read this book and finally got around to picking it up a few weeks ago.

Spam Nation is a quasi-autobiographical retelling of Mr. Krebs coverage on the spam industry and pharma-wars.  If you’ve familiar with his work you’ll likely recognize many of the stories.  The book recounts previous news articles with added exposition, provides insights from the author, and includes numerous interviews with both spammers and the people who bought their products.

All in all, Spam Nation is an easy read that is written to appeal to a wide audience.  If you're a seasoned InfoSec professional you won't find a lot of new information however, this book serves as a good review of the golden days of spam and the pharma-wars.  If you are new to the industry (< 10 years) then this is a must read.  It serves as an origin story for spam and it's a good idea to acquaint yourself with its roots.

Lastly, keep in mind that this book wasn't written for the InfoSec community.  It is written for the general public and the language and writing style reflect that.  With that said, I also recommend this book to friends and family.  It provides solid insight into one facet of our world.

Spam Nation is avalable on Amazon here.