Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Category Archives: Technology

Filling your RSS reader

As Google is making some changes to Google Reader (I say changes, but I really mean, killing it off by removing the feature we all want and use), I’m not sure what’s going to happen to the shared items feed I provide at the moment (through the blog link above and through Twitter). GReader made sharing the information from other blogs and sites really easy, and as such I’m looking for a good replacement right now… maybe using Tumblr as a replacement… not perfect, but better than a crippled GReader can offer right now.

Still, for those who’ve asked for a list of good blogs to follow I’ve exported my blog list to OPML format for you to download and import or take a look at. It’s not small, so make sure you’re ready for it if you import it into your reader software.

Google Reader Export ==> (OPML)

Temporary Tumblr feed ==> http://feed.c22.cc (RSS)


Klout: Because we’re all special little snowflakes!

I’ve never really been interested in the whole “I’ve got more followers than you” stuff people on twitter sometimes get into. At least, not to some crazy level. Sure, I checked my follower list every now and then (mostly just to cull the spammers etc..) but that’s about as far as it went. Still, when I moved over to using Seesmic I couldn’t help but see these odd little >K symbols and final, curiosity got the better of me.

What I found on Klout when I signed on was interesting, at least interesting enough for me to share with you guys…

Wow.. look, aren’t I special. I’ve got a Klout of 61! Yes, I have no idea what 61 means, there’s no range here… 61 out of 62 is high… 61 out of 1000 not so much. Great start. So far you’ve reduced me to a number and asked me to share that with the world! I’m gonna go out on a limb here and so, no I won’t be sharing that useless fact!

So… lets see what other gems they have for me shall we. Lets start off with the profile and see what they can tell me that I don’t already know about myself. After all, they know things I don’t I’m sure.

Ok, seriously, I get that 61 is a big thing for you, but I’ve still no idea what the scale is, so for me, it’s kinda like a big sign that say “Dunce”. What else do you have for me. Ok I’m an influencer of 1K (I’m guessing that’s 1 thousand, although I doubt that highly… why would anybody listen to a chump like me for goodness sake!). Ok, now this makes more sense… apparently I’m influential about Information Security, hacking, and popcorn! This must be some sort of weird twisted version of me that likes to eat sweat (and/or salty) snacks and talk about them endlessly on social media! It’s a strange world… but wait a minute. It says I’m a specialist! At least it didn’t say thought leader (hint: checkout my Eurotrash Security co-host @CraigBalding’s Klout page).

So what is a specialist, at least according to Klout. Ah such nice words… I’m not a celebrity (thank fuck for that) but I’m still special… it’s like Klout is somehow there to reinforce people’s ego and make them feel less like the people they really are. Lots of tweeting about a single topic doesn’t make you a specialist… it makes you a loudmouth who doesn’t know when to shut up.

I disagree with your opinions here Mr Klout sir… so, some playing around in the DOM will fix this up quick proper I think! A little tweak here, a correction there….

There, that looks so much better than before. I wonder what other misguided ideas they have about me. Lets take a little look in the score analysis. Ooooh look, pretty charts with lines on them. They go upwards, this must mean that something great is happening right? Pity the history only goes back a month or so. Guess they don’t like large (i.e. realistic) data sets. Well at least they give a scale on some of these things. Still, just a chart on its own doesn’t help much. Lets see if I can compare a chart from me to a chart from somebody who really HAS some Klout… HD Moore for example. (sorry HD, first name that came to mind)

Wow… if there was ever a result that made you realize that these sort of sites were as useless as a chocolate teapot, it’s this one.

(Almost) no words come to mind to describe this… but I’ll try, as it is a blog after all.

If you think services like this offer you a realistic outlook on who YOU are, then you really need to rethink these misconceptions.

This whole “everybody is special” thing has been taken to the nth degree. Do you think Klout (or any other such service for that matter) is going to tell you that you suck! That you’re boring and nobody cares what you have to say! No… they’re going to tell you what you want to hear using stats, nice graphs and the virtual pat on the back to tell you that you’re great. You’ve unlocked the “Pat on the back” achievement.

None of this makes a difference. People don’t ignore other people who’s Klout number is less than theirs, and I certainly don’t respect people who have a high Klout number especially. Numbers can say anything you want them to say. They can also lie to you.

TL:DR – Stats like this are based on false logic, bad stats and a desire to make you feel “special” about yourself… be your own little special snowflake and ignore this kind of thing! Talk about what you want to talk about, don’t bow to the pressure to be something you’re not!

Make your voice heard, change (ISC²) for the good!

"The" Wim Remes

Note: What follows are my words and the reasons why I support a change in the way ISC² works and is run… if you find issue with these words, I have a perfectly good contact from on the about me page. Feel free to use it!

First off let me say, I’m not a CISSP (and proud of that fact)… The main reason I’m so proud not to be a CISSP is the crap I see regularly coming out of the ISC² and the slightly skewed “code of ethics”. There’s been a lot of bitching and moaning about how screwed up things are, how the “code” only applies to some and not others… but very little action to actually change it.

It’s time to shit, or get off the pot!

In the last few days a close personal friend™ announced his candidacy for the ISC² board. I think Wim could really make a difference here, so consider this post my backing of his candidacy. Unfortunately, as I don’t subscribe the to code of “ethics” that ISC² assign to their certification holders (i.e I’m not certified by them, therefore must be a heathen or worse yet, a blackhat of some sort!), I’m not permitted to officially sign the petition, but you SHOULD!

Official petition page for Wim Remes

On August 19th I received the yearly e-mail from (ISC)2 where they informed me of their
board elections that begin on November 16th. While I respect everyone currently
slated for the ballot, I always cringe a little when I look back at yet another year of
separation between the infosec community of which I am a vocal participant and the
institution (ISC)2. I could spend another year on the sideline OR I can try and BE
the change that MANY of my online and real life friends are waiting for.

This is my official petition page to have my name added to the election ballot on November 16th.

You can support me by sending an e-mail from your e-mail address registered with ISC2 mentioning your NAME, EMAIL ADDRESS and CERTIFICATION NUMBER to wim@remes-it.be .

If I’m to become a member of the (ISC)2 Board of Directors I will strive to do the following in the three years that I will be given the opportunity to be the change you are all looking for:

* A closer collaboration with the information security community at large. This means recognition of what is currently considered to be an outlawish community but what I consider as a treasure trove of knowledge and capability that remains untapped. Either because we are afraid of what we don’t understand or because hackers are still suffering from a bad image. Not in my book!

* A review of the certification requirements for the flagship (ISC)2 certification, the CISSP, in order to bring it back to the level it once was on. Ideally with the incorporation of more in-depth requirements on a technical level, requirements in soft skills and, possibly, the addition of a written paper requirement that would show the knowledge the candidate has acquired during the learning process. This last requirement would feedback into the community becoming a valuable resource for security professionals globally.

* I am from Europe. I still feel that many of the subject covered by (ISC)2 and other organizations are focused on the US. My goal is to widen the efforts to a global approach that brings communities from different continents together instead of seperating them further. While there is a different in laws, culture, etc. across continents, I firmly belief that we have more in common and there needs to be a better collaboration in order to address the security challenges we have coming at us.

* With my work on PTES (http://www.pentest-standard.org), Infosec Mentors (http://site.infosecmentors.com) Brucon (http://www.brucon.org), Eurotrash Security Podcast (http://www.eurotrashsecurity.eu) and other global initiatives I want to encourage the members of (ISC)2 tobecome a part of the community that I consider so valuable.

About Me

This is not about me but apparently I need some kind of bio.
I am Wim Remes (CISSP ;-)), working in IT for 14 years now and passionate about security for over 10 of those. I have not graduated from any posh university but who cares right?

I’m currently working for a Big4 company in Belgium as a Security Consultant. I will add extra information to my bid page as soon as possible.

In the mean time, please take the time to send me that e-mail and spread the link to this page as wide and as deep as possible. I need 500 signatures to my petition before September 19th. If you want passion on the (ISC)2 Board of Directors, you know what to do!

Source: http://blog.remes-it.be/petition.html

Plagiarism: The death of open information sharing?

Warning: What follows is my uneducated rant on plagiarism and the effects I think it’s having on information exchange within the InfoSec community. I don’t claim to have all the answers, but I do have questions! Take it as you will…


[pley-juh-riz-uhm, -jee-uh-riz-]


1. the unauthorized use or close imitation of the language and thoughts of another author
     and the representation of themas one’s own original work.
2. something used and represented in this manner.
source: dictionary.com

Maybe it’s just me, but over the last year or so I’ve seen more websites, blogs and news articles talking about plagiarism than ever before! We’ve seen everything from sites being scraped and content reproduced in it’s entirety, through to information sources plundered for content for low quality books… and copied word for word, without thought or care!

In an age were we’re already seeing a serious decline in active blogs in favour of short 140 character tweets, we can hardly afford to be killing off the enthusiasm of those bloggers we do have left! The InfoSec community has always been built on open information sharing. In this industry we live and die by the information we have to hand. Wether that’s something we research ourselves, or something shared in-kind. For every piece of research somebody shares, there were hundreds more they could rely upon being made freely available. This unspoken information sharing pact has made the InfoSec community what it is, and helped to make the most of the researchers time, skills and dedication.

Staff and student perceptions of plagiarism by jobadge

(CC BY-NC 2.0) by jobadge

Not everybody can reverse engineer the latest Zeus Trojan, but you always knew somewhere, somebody would, because that’s what they did! However that information sharing is lessening as the people really doing the research have their hard-earned work stolen out from under them, and posted on one of a myriad of copy sites… without permission.

Those behind the plagiarism, at least those that have a shred of decency (few and far between), talk a lot about giving credit. What they don’t seem to understand is that regardless, taking someone’s hard work, without their permission, and using it for your own uses is plagiarism, full stop. The problem comes when trying to prove these issues in an Internet, and therefore global, context. As an English citizen, living in Austria, with hosting based in the US… who’s laws (if any) are broken when a third-party takes your content? I’m not a lawyer, so I have no idea. All I know is, I didn’t give you permission…

The Internet is a wonderful thing, filled with great information and sources… copying other people’s hard work, research and abusing their dedication to this community is beyond low.

Resources on plagiarism .:

Note .:

Although I’ve occasionally been the target of plagiarism in the form of copied blog posts from these pages, I’m not writing this rant for that reason. There’s no point. I really see this issue as one of the biggest threats to the InfoSec community currently, and it needs to stop. The only problem is… those who are plagiarizing have no respect for the InfoSec community. They’re just out to make a buck, or ten, on the backs of the hard work done by others… History repeating itself in the digital age! Who’d have thought!


Feel free to plagiarise this blog post.. it serves to prove the point!

Note 2 .:

After a spirited discussion on Twitter about this post, a friend of mine, @krypt3ia, was nice enough to propose a logo to show your disgust at the increase in Plagiarism… I think it’s a good starting point, so include it here for your use! spread the word!