Slashdot Mirror
'Robin Sage' Social Hoax Duped Military, Security Pros
ancientribe writes "A social networking experiment of a phony female military security professional known as 'Robin Sage' (named after a US Army Special Forces training exercise) worked way too well, fooling even the most security-savvy professionals on LinkedIn, Facebook, and Twitter. It also led to the leakage of sensitive military information after an Army Ranger accepted 'Robin's' friend request on Facebook and his photos from Afghanistan exposed geolocation information accessible to 'Robin.' The researcher who conducted the experiment will show off his findings at the upcoming Black Hat USA conference in Las Vegas, where the real woman pictured in the profiles is scheduled to introduce him for his presentation."
Is the fake facebook profile: http://www.facebook.com/robin.sage.641a
Posts not to be taken literally. Almost everything is sarcasm.
i thought that facebook resized all uploaded photos... i don't have a facebook account to test... is facebook purposefully copying over the geolocation information from camera-phones into the resized images, or was location determined by surrounding land features?
Cool!
...but anyone who has ever thought about going for the long tab would catch that name. Robin Sage, really? Come on!
THL phish sticks
that anyone in Iraq and Afghanistan could tell you where the soldiers are. It's not like they're hiding or something. The "geolocation" stuff is just silly.
Don't take life so seriously. No one makes it out alive.
If there is sensitive military information on twitter, facebook, or linkedin, its already compromised, and badly. I mean come on, this is a non story.
What he can't kill, he has sex on. Trent.
sage goes in all fields.
Unfortunately, the solution you have identified does not solve the problem that the army as it now exists(for better or for worse) is attempting to solve:
Insurgencies are, particularly if they have the advantage of good suppliers, hostile terrain, culturally clueless enemies, etc. pretty good at holding ground, or at least exacting a nontrivial price for every month the occupying force wishes to "control" the area.
For projecting force into new areas, though, they are nearly useless. Some might argue that this is an advantage; because it keeps foreign military adventurism to a minimum; but it represents a massive change from the capability set of a professional standing army with technology and supply lines and whatnot.
I would have to agree with this AC. If your on facebook you are already lost the idea on computer security.
i thought once I was found, but it was only a dream.
"And we will see this pattern occur again, and again, and again, until we learn that the most effective form of military action is motivated people defending their own land against a foreign invader."
Your military illiteracy is showing. That stuff only works against "foreign invaders" who follow the post-Nuremburg laws that outlaw effective war methods against unconventional opponents. It may help, in concert with other means, tire out an opponent in a non-existential police action, but an opponent who is powerful and free of restraint can make a desolation and call it peace.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Just another indicator that "social networking" sites are complete bollocks and that (stupid) users (are everywhere and) will click on just about everything. "Friend? Sure .. Whatever ... CLICK" ... and if it is a porn model emo goth chick there will be even more clicks.
That was used to dupe all these people again?
I have no idea how this is relevant, and you're probably trolling, but seriously... the 2006 Lebanon war was NOT the first time a guerrilla army turned back regular forces. Look at the Anglo-Irish war from 1918-1921 for an example, or friggin' Vietnam. Or Afghanistan... every time anyone has ever tried to invade Afghanistan (the British twice, the Soviets, Alexander the Great, even). As to the rest of your post, your UID is low enough that you should be old enough to know better. Quit being 16, it's not becoming.
If someone is putting up classified information in a publicly accessible location (even if it's restricted by the user giving explicit permission), isn't that the source of the information leak? Hasn't it already escaped the secure environment? Jeremiah Grossman even points this out. (I do like how they indicate he was duped, when he indicates that it's an automatic facebook bot that runs on his behalf that accepts all requests automatically - that isn't 'his' account.)
Of course, this assumes that the information was considered secure in the first place. I'm not sure you'd call it a security leak if the policy is to allow that information to be accessible to the public.
That aside, isn't this just an online-only update of the standard telephony scam that the military actually sponsored and publicized back in the late 60's/early 70's? To show how social engineering worked, they sat a woman down in a room with a phonebook and a phone, and asked her to get some general's schedule or something, and it took about 40 minutes?
We are already aware of the fact that organizations have social structures which allow for manipulation. Was there anything constructive about this, like a 'policies to avoid this' list? Or was this just another fluff piece, reiterating what was already well established?
Life imitating art:
http://en.wikipedia.org/wiki/Tuttle_(M*A*S*H)
The world's burning. Moped Jesus spotted on I50. Details at 11.
Or the American Revolution, etc.
I thought Facebook sanitized uploaded photos of their metadata in the process of resizing them for display on the internet?
I just checked an uploaded JPG against an original, and yes indeed Facebook does sanitize the metadata. I wonder where the geolocation info came from?
The IDF never controlled anything of Lebanon except the ground directly under their feet in '06, as opposed to those other examples. To know better than... what? To say a large, bureaucratic organization is not only useless but in fact directly inimical to the interests of its constituents and indeed all of the people of the world? Thus is life - you're allowed to disagree about the conclusion but you're never allowed to question the premises.
When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him.
I think the point may be that they tought the photo to be safe to publish, but forgot to strip them out of geotagging data
We were actually not doing too very well before regular military discipline was brought in by Von Stueben and some other European career officers who came over to help their Freemason brothers further the Enlightenment. The French naval blockade of the Chesapeake Bay and some bad weather up the York River didn't hurt either.
You should really read about the history of Lebanese civil war before you stay things like that. And while we're on the subject, look at the situation in Iraq where various sectarian militias are slaughtering one another, as well as innocent civilians.
Presumably, we'll also see a corollary pattern - former militants deciding to band together to topple the government and force their ideology on the population, a la the Taliban.
Most people are aware that high explosives generate powerful and destructive shockwaves, and can fling shrapnel for startling distances at frightening velocities. However, they'll still watch Mythbusters, because actually seeing high explosives demonstrated is cool.
Anyone who doesn't find a real-world demonstration of social engineering fascinating and instructive is either waaaay too jaded, or is trying waaaay too hard to pose as being jaded because of a mistaken association between cynicism and cool.
Besides, a reminder of the ongoing effectiveness of social engineering is always good, especially in light of all the interesting vectors now available.
Welcome to the Panopticon. Used to be a prison, now it's your home.
There could definitely be a reorganization of forces that the country could benefit from, but as attractive as the proposition of some sort of Libertarian Socialist (aka Anarchist) society devoid of central authority is, the chances of that being able to function for any length of time before faltering itself is pretty low. Catalonia when held by FAI/CNT in the Spanish Revolution (concurrent with the Spanish Civil War) is a prime example.
Like everyone else I'm not suprised I find this to be pretty funny. Units in the army are "required" to have facebook pages and put up pictures of everything that they do. It's not all that hard to know everything you want to know about a commander and his family where he lives and what he drives without leaving your home.
So right now it's not a big concern but just wait until we have another war and I mean a country-on-country someone who can stand up to the USA war and this stuff will become a HUGE problem.
Linkedin profile is gone
It is unwise to ascribe motive
Social engineering works - who knew?
Yeah, if it weren't for the French, Americans would be speaking English today.
I have to take issue with this. Just because you play loose with your "personal" life does not mean you play loose with your security or your privacy. Perhaps you only happen to value privacy in a more limited sphere.
DRM: Terminator crops for your mind!
Not Fucking Up 101 incorporates not believing some random person on the Internet (or in real life) who says they have a particular position. It would also encompass not posting pictures of your location to the Internet.
So the question we really need to ask is not, "How could the military/government be so dumb?" but, "What connections do these researchers have with the government, and what are they actually trying to achieve with this theatre?"
It would be so enticing for the "hacker community" to believe the story because it inflates their already unwarrantedly large egos: we're just so much smarter than the average person at solving puzzles, right? The government surely only employs easily duped idiots - even in significant security positions - whereas we are geniuses operating from our basements.
Bullshit.
All we've learnt from this is that Robin isn't what Robin's page initially claimed she is. As for what's actually going on, independent evidence is appropriately lacking.
Use the hormone appeal weapon of mass population. Works really well with isolated soldiers.
This isn't really surprising, nor do I think it's worthy of time at Black Hat, IMHO. The U.S. Military set themselves up for failure already a couple months back by allowing soldiers to openly use Twit-Face-book and any other blogging/social-network internet-enabled apparatus on their NIPRNET network and not enforcing any, for a lack of better terms, real punishment for being stupid and giving away whatever the military defines as OPSEC-level information.
I was surprised myself, being a Iraqi war veteran when I got back home that all the time I was told to be very illusive when talking about where you are located overseas was a joke. Giving up that information, like geo-location, really isn't something to piss your pants over considering all the local middle easterners already know where the hell all our camps/FOBs/bases are at and the fact that it's online already. Just another case of a lonely horn-dog Army bush-wacker, flexing his muscles and telling his war stories online, looking to get some 'tang.
Keep your troll comments to yourself, I did my time in the military (and was deployed to Iraq), I know, as well as anyone with any amount of common sense, that this is plausible truth.
I can't imagine why you would find humans from one longitude to be preferable to humans from another longitude.
When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him.
That's hysterical.
Security Nerds 0 Fake Pussy 1
EGOTIST, n. A person of low taste, more interested in himself than in me.
isn't "Libertarian Socialist" a contradiction? Libertarians (as I understand them) want small government and free markets so that individuals can grow on their own strengths and merits. Us socialists want government services and regulations to help the greater good of the nation. Anarchists want no government at all and a communal sense of camaraderie. Correct me if I'm wrong but this is off topic so please don't use this as a springboard for a political debate.
The researcher who conducted the experiment will show off his findings at the upcoming Black Hat USA conference in Las Vegas, where the real woman pictured in the profiles is scheduled to introduce him for his presentation.
when you have to specify that the woman is real ...
I've long wondered if this profile is a sham... m.facebook.com/profile.php?id=1769812164&rf03ff7fd&refid=7
I dont even live in the states, when I got out of the service as an EOD this profile sent me a friends request. At first I thought one of my buddies were pranking me but its been well over three years. She could very well be a model decidedly from her profile pics and seems to only befriend military men... You be the judge.
Man she's hot, I was going to ask her to marry me after seeing FB picture. What testosterone driven male wouldn't accept her friend request. Heck even the chick that looks like a dude on her friends list probably wants to bang her.
Geolocation info posted on Facebook is probably already old or completely useless to enemies. They aren't posting where they are RIGHT AT THIS VERY MINUTE (unless it's an airbase in which case the Taliban probably already knows the location). Non-story that gets you kudos at Black Hat. That's the real story in this mishmash of data.
I think you have to allow him some latitude to form his own opinions.
Yes, and for that I'm eternally grateful, in much the same way my mother once got free dental work in France because her father had fought in the war (though mainly in Belgium and the Netherlands, then into Germany) and the dentist thought it was the least he could do to repay the debt he felt he owed to America. I know its fashionable to make fun of France and whatnot, but they're not bad people, and they are America's oldest friend.
Now that you clicked the link and have a new, hot friend, that might be her in the black suburbans dropping by to say "hi"
Hey, buddy, were you aware that you're on the internet and you could, you know, find the answers to your own questions?
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
No, Libertarian Socialism is the technical term for Anarchism. One of the founding intellectuals of the movement, Mikhail Bakunin, was an outspoken opponent of Marx in the First International, saying that Marxist Communism would lead to a "Red Bureaucracy" and was a betrayal of Socialist principles.
Basically, the idea in Libertarian Socialism is for free individuals to group themselves on direct democratic principles along lines of free association, rather than submitting to a State that is purely an exercise of force. The Libertarian party in the US was infested by Randism and combines the anti-authoritarian aspect of libertarianism with unfettered capitalistic greed. Libertarian Socialism/Anarchism requires that people act in the group interest for the common good, but getting people to do that isn't exactly easy, which is why it wouldn't work on large scale.
Modern Left-Center type of "Social Democrats" were always viewed by both Anarchists and Communists as "counter-revolutionary," but that's the model that won out in most of Europe and which the US Democratic Party tends to lean as well. It's relatively benign, but seems to scare people on the economic right and let down people on the economic and social left quite often for not going "too far enough"
Back when I used to work for the central network operations group on campus, we had a couple of guys on our newly formed security team (this was like 2000, network security was still something we were coming to terms with) who loved to go to all the conferences like Blackhat. Well any time they came back it was with stories of doom and gloom. They talk about the presentations by these people who could do these truly amazing hacks. When this was investigated further, said people turned out to be full of shit.
The one I remember best was a "security company" who talked about their amazing exploit tool for Windows. They could break in to any Windows domain just with a click. It was all they used anymore when clients needed access to something and had forgot the password. They couldn't release it because MS would sue them, etc, etc. I questioned them more about this and got some sketchy details relating to NT4 and so on. I then went and asked the guy who headed up operations (one of the smartest people I've ever known) if he'd heard about this. He said "Oh ya, it is this old NT4 exploit that only works in certain situation. I've got the tool right here." the security guys were just floored because, indeed it was what had been talked about and it wasn't nearly so cool (more or less you had to have an NT4 domain and not have fixed a problem with it, wouldn't work in our 2k domain).
As a more publicly known example, take Joanna Rutkowska who claimed to have invented amazing undetectable malware using virtualization. Slashdot and so on were all a tizzy about it, and people who are actually VM professionals like VMWare said "No, this won't work like you think it will and could be detected even if you could make it work." Here we are years later and what do you know, there are not all sorts of undetectable VM based malwares running around. She vastly oversold the whole thing.
Shit like this happened all the time, near as I could tell from the stories (I didn't go to the conferences). The haxs0r types going up and crowing about how l33t they are to others and drastically overselling what they were capable of doing. So I am very skeptical. I need to see proof, and not some half-assed presentation where details are kept secret, I mean real proof.
Generally it is not forthcoming.
Libertarian Socialist (aka Anarchist) society
Wat? Did you mean to say Republican Democratic (aka Communist)?
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Being able to "social engineer" someone by lying and convincing them you are someone you aren't doesn't really matter much. So they got to see pictures on Facebook... K. If those pictures WERE classified, then that is the real story (morons posting classified dox on Facebook) if not then it is a non-story. It is a big, wide, gap between convincing someone you are a person you are not, and using that to get them to give you access to sensitive data.
For example: I don't imagine you'd have much trouble using social engineering techniques to convince me you were an employee of the university I work at. Do some background research and so on and you could put up a convincing front, convince me you work here and that you know me through a mutual friend. I'd probably trust you, having no reason not to. You could probably use that to get me to reveal some information that I don't normally post online.
However, all that information would be stuff that is not sensitive. It would be information you could find out yourself anyhow with more investigation.
If you then tried to social engineer your way in to getting access to our switches or root on our servers, you'd find I would become a lot more suspicious, and the police would likely get involved in a hurry. I have a good understanding of what is and is not sensitive here. If someone tries to schmooze their way in to sensitive information, and I haven't been told they are explicitly approved for it, alarm bells go off.
So, basic social engineering doesn't impress me, and shouldn't impress anyone. It isn't hard to lie about the basics. Many people trust fairly easily and they don't see the harm in it. However when you start going after sensitive stuff, that is when it gets hard. If you can succeed there, that is impressive. If not, well then don't go writing a press release about it.
I wish someone would blow up social engineering.
Thats how social engineering works. Sure, maybe you're good enough to never directly compromise working security on your personal facebook account. But if you're a part of special forces command, and stop updating your accounts.. guess what that implies to foreign intelligence agencies?
Even if you manage to avoid that by going long periods without updating randomly, you're still letting information about you out for anybody. Information that can be exploited in an intelligence op to get close to you and the information you guard.
Two of my friends have been over in Iraq for all this recent shit. In many cases, they had Internet access. Usually it was at a net cafe or the like. Where they were was no big secret, and probably could have been traced by IP. In general it wasn't a secret where they were, you could find out where their unit was deployed overall.
Now, when they were out doing something? Well then not so much probably. Could well be classified. However, they weren't posting online about it as, well, they were out doing something.
While the specifics of military operations may be classified, the overall operation is usually not. I mean the military will allow reporters to tag along with them for fuck sake. That our troops have bases in Iraq, and where those bases are is no secret. Not that it really could be, the whole "Tanks and soldiers coming and going," thing kinda gives it away.
Correct me if I'm wrong but this is off topic so please don't use this as a springboard for a political debate.
Correction:You must be new here! Slashdot is all about springboards for political debates.:p
Or Afghanistan... every time anyone has ever tried to invade Afghanistan (the British twice, the Soviets, Alexander the Great, even).
Actually, Alexander founded several cities in Afghanistan, and Genghis Khan and Tamerlane would each like to remind you not to believe the Afghans hype about their own inconquerability.
I laughed at the weak who considered themselves good because they lacked claws.
Wow, a socialist offering a definition of libertarianism that's both reasonably accurate and not laden with snide insults. You, sir (or madam), are a rarity among your kind. I salute you.
If you read TFA it basically says that a bunch of people were tricked into "Friending" this person. So what? How is that, by itself any more of a security threat than simply being on Facebook etc. at all? Then there's this
The Ranger then inadvertently exposed information about his coordinates in Afghanistan to Robin with his uploaded photos from the field that contained GeoIP data from the camera.
. What does that even mean? GeoIP usually seems to translate to "an ip address" but not too many cameras even have an IP address much less embed it in a photo. Some cameras do have a gps and can embed the actual latitude and longitude in the photo but that wouldn't be GeoIP anything. Later in the FA they change to this
Ryan says Robin's Facebook profile was able to view coordinates information on where the troops were located.
. So what did Robin actually have? The IP address of the computer used to upload the photo? Actual coordinates of some picture taken months or years ago? Coordinates of some picture grabbed off the Internet? Now unless Robin really is some sort of super hacker simply having someone's IP is NOT the same as having their Latitude and Longitude. Even here in the US the last time I tried looking up the location of my IP it showed me several hundred miles away and I'm somehow not expecting the situation to be much better in Afghanistan.
Except that I didn't know "libertaian Socialist" was an actual term for something as opposed to two dissonant concepts that bsDaemon chose to stick together to try to express some concept he had thought up. Telling someone who doesn't know something exists they should have Googled the definition of it is like asking someone who doesn't know how to spell "knife" to look it up in the dictionary.
"She" sent me a friend request on 2009/12/31, which I accepted, [hey, there's lots of cute hacker women] but we knew in a few days that something was fishy. See my post to "her" facebook wall on 2010/01/07.
http://www.facebook.com/profile.php?id=100000595856619&v=wall&story_fbid=238154768802&ref=mf
After some background discussion with people in security you might recognize, some of us kept her on our friend list, to see what "she" was up to.
Anyway, thanks to all the corporate and government guys who though that someone who was a friend of mine must be trustworthy enough to hire. :!
The latest Slashdot meme.
Your excuse doesn't carry water. What you're trying to avoid admitting to yourself and everybody else is that because you thought term A and term B were contradictions, term AB must be stupid because you were too lazy to look up term AB, and you decided to just roll with your assumption and try to tell the person who used the term that it didn't work because you knew about term A and term B.
It's not like the terms weren't right in front of you, you just couldn't see anything but your own assumptions (which are by themselves incomplete), and instead of looking up any variation of the terms together, you just assumed that must be incorrect, and if it wasn't, well maybe somebody would do your work for you anyway.
You made a lazy assumption. You attempted, to a degree, to call somebody out using this lazy assumption. Now you're upset that somebody is telling you that you're lazy and you make assumptions. Time to grow up, live in reality, and take a little initiative for yourself. Then you won't look so dumb. (I am so not surprised you're a socialist. It's the politics of choice for those who would abdicate initiative and rely on others.)
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
You're over-analyzing it. It's a joke on the cliche that if it weren't for the US, the French would be speaking German now, and the fact that France helped us out, and we still speak English.
I can't imagine why you would excuse illegal behavior from humans of one longitude, and not from another longitude.
Actually, I can't imagine why you think I'm at all concerned about where these humans come from. Indeed, they don't all come from one place. It's not about WHERE they are coming from, it's about HOW they are coming here.
Are you that dense, you don't get it? Illegal is illegal for a reason. If you don't like Federal immigration law, change it.
Really. We go through a LOT of trouble to secure air tansport, turn people away at apriports, even at border crossings at every longitude of the U.S., and you think because they WALK over the border it should be excused?
And don't deny me my opinion, either.
deleting the extra space after periods so i can stay relevant, yeah.
As I understand it, the second British invasion of Afghanistan did pretty well. Alexander the great also did pretty well.
The purpose of language is communication, If the idea is clear the grammar ain't important
I've usually seen "libertarian socialist" explained as a synonym for "anarchist," though I imagine many anarchists would not accept that expression. Just as an example, Noam Chomsky refers to himself as a libertarian socialist.
As with many other political terms, "libertarian" is a self-description used by lots of groups with dissimilar or even antithetical political beliefs. In general, it's some sort of reference to a desire for liberty, or for liberation from oppression -- what constitutes oppression is actually the point of contention.
At least with Chomsky, he tends to be critical of states in general, but occasionally expresses support for the UN and international law, and for democratic processes, more or less as conventionally understood. On occasion, he points out non-state actors -- non-profits, community groups, workers' co-operatives, and the like -- as especially praiseworthy models of organization.
My impression is that this is a theme among many anarchists, in which they emphasize small, autonomous groups independent of any state.
(Personally, my idea of socialism has always been that any agreement among people upon a plan of action constitutes government, whether that agreement is free or coerced, and that therefore, a distinction between government and economics is a distinction with an imaginary difference. [States are governments with weapons.] The question is how the agreements are made, and I believe that more democratic decisions are better -- consequently, general economic decisions should be made democratically.)
Wow. So ignoring the attempt to start a political flame war...
It's not laziness at all. If someone says they want "a well regulated free market" I'm not going to run to Google. I'm going to point out that, by definition, a free market lacks regulation. Same as if they say "a communist class structure". Through my understanding of the terms "libertarian socialist" was an intrinsic contradiction so the logical conclusion was that either (A) the OP did not understand one of the terms (B) the OP wrote the wrong word (ie libertarian instead of liberal or some such) or (C) the OP had no idea what he was talking about or (D) the OP was wording his argument poorly. Therefore I asked my question in such a way to cover these options.
No, I got the joke... but it's debatable as to whether or not we really speak English ;-)
from the article quoting Jeremiah Grossman, CTO and co-founder at WhiteHat Security
Grossman says he coincidentally was writing a Facebook bot when Robin's friend request showed up on his placeholder Facebook profile, which he doesn't actually use. The bot program then accepted Robin as a friend. "I look at Facebook and LinkedIn as public record," Grossman says. "What difference does it make if you vet them or not -- you shouldn't be disclosing" private information on these profiles, he says.
LOL... Bullshit. Nice attempt to cover your ass though.
Posting secret military pictures to your Facebook page is a breach of security, even if all your "friends" on Facebook have security clearance. Facebook itself doesn't have clearance. There's no guarantee Facebook staff can't look at the pictures. There's no guarantee someone can't crack Facebook security and look at the pictures without authorization. And now obviously that "friend" you let look at the pictures could be someone unauthorized.
There's got to be a military rule prohibiting posting such secret pictures to Facebook, or rather a rule allowing disclosure to only proper sites which don't include Facebook. If there is, the Army ranger was the security hole. If there isn't, the ranger was still the security hole, though there's a bigger one in the loose rules that didn't prevent their failure.
--
make install -not war
pleeeeease let this be Meg Ryan's comeback with a splash...
Judging from that pic, I wish she was my friend too.
I do like how they indicate he was duped, when he indicates that it's an automatic facebook bot that runs on his behalf that accepts all requests automatically - that isn't 'his' account.
Yeah, I thought the facebook bot that accepts all friend requests explanation was brilliant. By the way, this post was written by my bot, in case it turns out that I typed something really dumb.
.. when I got her friend request.. she was wearing a lot more clothing!
And quoting Kipling...
When you're wounded and left on Afghanistan's plains,
And the women come out to cut up what remains,
Jest roll to your rifle and blow out your brains
An' go to your Gawd like a soldier.
Go, go, go like a soldier,
Go, go, go like a soldier,
Go, go, go like a soldier,
So-oldier ~of~ the Queen!
Great poetry, but not exactly a complete description of the British in Afghanistan. The initial British invasion (1838-1842) did have the famous loss of all but one man retreating from Kabul. The second invasion (1878-1880) was quit successful and secured British interests in Afghanistan for the next 20 years.
The purpose of language is communication, If the idea is clear the grammar ain't important
As the AC said Social engineering goes after your personal life so they can attack your professional one. if your a security professional with drunk photos of yourself on facebook, enemies have a method of simply threatening you with your own job. They also have your habits and favorites listed. Which can drastically limit the potential options one use for passwords, and phrases.
also if you play loose in your personal life you are more likely to play loose in your professional one.
i thought once I was found, but it was only a dream.
I keep hearing about this thing from my pre-teen children and their friends.
Is it like that "myspace" thing my kids used to talk about (but which I've heard nothing of for a while)?
And then there's something called "twitter", which I assumed was something to do with a girl guide Nature badge, but possibly I'm wrong about that.
Ah well, enough with my questions about the obsessions of children, I have work to do.
In what way would mere "drunk photos" be a threat to my job security? And, if something was a direct threat to my job security why on earth would I put it on facebook? The greater risk would be that "friends" uploaded embarrasing photos, but it would take something like me dual-swilling crack and vodka while fucking a pig for it to affect me so much as to be blackmail material. Lastly, do you really think that I would be so inane as to use passwords that could be reasonably predicted from knowing such things? Even more lastly, how do you know that I don't use subtly false information on social networks in order to both defend and keep track of if someone tries to use that information against me in an attack?
Emotions! In your brain!
See, that's 20 years -- a blink of an eye in a country that old, with a history going back thousands of years. Maybe I just have tad more stringent a definition of success.
My employer knows perfectly well they can't fire me for being drunk on my own time. And if I use passwords which can be derived from my 'habits and favorites', which I more or less assume are public knowledge, then I have no business using a secure computer.
if you play loose in your personal life you are more likely to play loose in your professional one.
Pure conjecture.
DRM: Terminator crops for your mind!
you might use subtly false information but your friends probably don't. And that hot lady you kissed while drunk while your buddy's took pictures was the bosses wife/daughter.
you really seem to fail the concept of blackmail. I suggest remedial security and privacy school. blackmail doesn't have to be about you directly only something that will effect you through someone else. while you may not be embarrassed your mother might be, your wife might be, your girlfriend could break up with you over it, etc Good security people are paranoid enough that they keep secrets from everyone.
i thought once I was found, but it was only a dream.
The Irish war of independence was fought with great restrain: check the number of casualties - just a few hundred. Low level insurgency followed by negotiated peace is a better description of it than a war.
Your point stands: you just chose a bad example.
Yes, I was taking all those things into account under the subject of "blackmail". None of what you listed would be blackmail material for me, not under normal circumstances anyway (if the boss in question is extremely well-connected, or might actually try to extract tangible revenge at me for example). As I see it, showing professionalism in the face of things most people would balk at would make me more in demand, not less. I'm not a shameless sociopath by any stretch, nor am I trying to be an internet tough guy - it's just the way I weigh things.
Emotions! In your brain!
...yes, Mohammed?
"I am sitting here in my mud hut and checking facebook, and son of a pig! Did you know we have infidels sneaking around our territory"?
"No way"!
"Way! Praise be Allah we have facebook to tell us these things, else, we would not know"!
Perhaps the fact that you're in a Geographic location is declassified... Perhaps you don't give a shit what people know of your personal life because none of it could be used as leverage against you or your employers... Maybe you have been on the internet long enough to realize that any shit you type on a browser is going to be read by someone somewhere who you didn't think would read it... (Ex's becoming pals with your 3rd cousin twice removed to see your facebook status updates when they sit at the other person's computer etc.) My facebook profile is public.
Didn't anyone get the clue when you first Googled your own name? Don't put shit out there people shouldn't read.
Most of you didn't read the GP's qualifiers well enough.
GP said this:
First, the definition of "native militia" and "modern Western army" is flexible enough to fit anyone's argument.
Second, I see many of you are naming examples of guerilla and/or insurgency strategic victories, as if these are exceptions. These are, in fact, the rule. In modern warfare, the insurgent force with widespread popular support is at an inherent advantage and is almost always the victor in the long run. Examples of the occupying belligerent attains overall strategic victory are extremely rare.
So the GP is a troll, but believe it or not, one of his points is actually valid.
I took that as being its own joke. Americans speaking British English vs American English.
...the future crusty old bastards are already drinking the Kool-Aid.
The Mongols were pretty successful in invading Afghanistan.
if you make your definition more stringent than that, then very few invasions in history have ever been successful.
Personally I prefer to live somewhere where I don't have to spend most of my income on a perpetual arms race against my neighbours.
Also bear in mind no matter how many weapons a single man may have, he is no much for a dozen men even if they have much more modest weapons. And a dozen men are no match for a hundred men... well you can see what the eventual outcome of of your libertarian utopia is.
The Norman invasion of England is still successful. The Norman invasion of England in 1170 mostly ended with names starting in Fitz being inextricably linked with Ireland, because they ended up assimilating (resistance was futile, as beer was involved); the Plantation of Ulster created several hundred years of strife, but Adams and McGuinness seem to be content to more or less surrender.
The European invasion of the New World has been extremely successful as well, as was the American/British/Canadian invasion of Normandy. The North Africa campaign was a success as well.
If Afghanistan were still a stable county, whether or not a Commonwealth member, capable of trading with the UK and the rest of the world, then 20 years of colonial domination and then parting would count as a success as it'd still be paying dividends. As it stands, that's not exactly the case, although at the time I'm sure it seemed to be.
No, my point was that guerrilla tactics are legitimate and will win, more often than not -- assuming, of course, that the regular forces obey some sort of "rules of engagement." I would hardly think the VC would have been successful against the SS, or Caesar's army, adjusting for the technology gap. (I've heard him referred to as Genocide Julius by more than one person on account of the amount of bloodshed during the Gallic Wars)
I think being a follow-on to the Great War, the British people didn't have the appetite for another full-scale attack. To wit: the "Bloody Sunday" in which Michael Collins had the G group men assassinated simultaneously in Dublin. The Tans reacted by shooting up Croak Park during a GAA football match, killing innocent civilians. There were protests in London against the Tans rather than the Sinn Féin action. That brings us to another point, which is a prime guerrilla tactic is to force the larger power into over-reaction in order to create public outcry and morally weaken the position. Effective in Ireland, and obviously so during Vietnam. That's also the name of the game in Palestine: Hammas launches a couple of rockets that don't do any real damage and Israel gang-bangs entire cities, then all the Muslims and hippies through a fit over it and Israel gets all the bad press.
one look at her abs on facebook and i thought, DAYUM girl!
didn't look like a military intelligence professional to me. too damned young.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
"Effective war methods"... such as massacring civilians, perhaps?
Except overwhelming force.
And the Spanish Inquisition.
NOBODY expects overwhelming force!
...I'll come in again.
Overwhelming force and a liar on Facebook.
NOBODY expects overwhelming force and a liar on Facebook
and a guy pretending to be a girl on the internet.
Yes, and for that I'm eternally grateful, in much the same way my mother once got free dental work in France because her father had fought in the war (though mainly in Belgium and the Netherlands, then into Germany) and the dentist thought it was the least he could do to repay the debt he felt he owed to America. I know its fashionable to make fun of France and whatnot, but they're not bad people, and they are America's oldest friend.
If we can't talk shit about our oldest friend, what are we going to talk about?
Be seeing you...
That would do nothing more than turn the conflict into another Vietnam war. Fighting the indigenous population worked well there, didn't it?
According to the Wikipedia page, the total civilian deaths of the Vietnam war was over double that of military personnel, both sides combined. I'd call that a massacre.
Finally had enough. Come see us over at https://soylentnews.org/
I think I said something insightful like "Wow, a decade of network security awareness and we're still surprised that humans are the weak link. Go figure.
Humans are dumb. Humans who are faced with somebody they're sexually attracted to are especially dumb. This is not a revelation.
And for pity's sake get these guys a tool to remove EXIF data from photos.
Finally had enough. Come see us over at https://soylentnews.org/