(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for December 11th, 2011

The Infosec Naughty List & The Twelve Charlatan’s of Christmas

with 7 comments

Infosec Santa Knows When You’re Naughty and Nice!

WHEW! What a year it’s been and so much has happened in the soap opera that is INFOSEC. We had Stuxnet and all its fuddery, The Ligatt Saga continued to astound and amaze, and then we moved into full Susan Lucci mode in the community!

Wow.. just wow…

After Santa’s (regular, not the infosec santa mind you, he knows how to secure his shit) leak of the “Naughty List” This Santa decided that the naughty list needs to be published, not leaked. So with much fanfare and less ado, let’s take a peek shall we?

*Note, this is not the full naughty list.. If I were to try and cover them all in a post.. Well, there aren’t enough bits in the “internets” to cover them all…

Naughty for Spreading FUD

Joe Weiss…

Joe, you are on the list this year because you did a couple of things. First off, you took an FOUO document and decided to use it to garner attention to yourself with your FUD over the Illinois water hack, that wasn’t. Joe, YOU should know better but it seems that the attention seeking behaviors within you got the best of you huh? Surely you did your homework on the facts before you decided to disclose “sensitive” data to the populace at large thus starting a FUD storm of epic stupidity right? 

Oh.. Yeah, no, you didn’t…

That’s why you are on the naughty list this year…

The Illinois Fusion Center

The Illinois Fusion Center is on the list because you too failed to do your due diligence on the whole “water hack” story that you gave to Joe to publish! Had you done your jobs or had an understanding of forensics you might have first looked at the name of the user logging on from Russia and maybe called him. Then you might have learned that he was in fact in Russia and that he logged in at the behest of a worker at the facility.


That you wrote the super secret report and then leaked it to Joe is all the worse. You guys are supposed to be the guardians at the gate here.. Instead you are the keystone cops.

Craig Wright

Craig, buddy, what can I say about you that I haven’t already said or refuted from your diatribes. You my man are the 2nd in line after Greggy in foolishness and hubris. Please, stay in Australia and I hope that NASA thinks a bit more about your reliability post our debates. For those who do not know Craig, check out InfosecIsland and his posts. He single handedly was able to destroy his own credibility by being unable to control himself.

Naughty for Asshattery

Joseph K Black

JOEY! Dude, you are a real mess. Your recent event of being arrested after the high speed chase shows that you are either very mentally ill, or on some major drugs. I lean toward the mental illness myself. I hope that you do get the help you need Joe and that someday you can normalize and maybe be a contributor to the community instead of being a joke.

Elyssa D

Elyssa, you and Joe are a pair.. Like a really strange set of salt and pepper shakers from some podunk town. You too need more meds and I am pretty certain that you need some psychological help. Infosec Santa hopes that you get the help you need and that you stop being the lesser clown to Joe’s Homey the infosec clown.

Naughty for Not Doing Their Homework

Wired Magazine

Wired.. You more than once failed at doing your homework as journalists and went with hype. This wasn’t too too many times but it was enough to land on Infosec Santa’s radar.  You can and have done better, and in fact the Stuxnet reporting by Kim was great…

Infosec Santa’s watching you.


Reuters, YOU are on the list this year for not vetting the Stuxnet/Conficker story AT ALL. You do not even make an attempt at vetting or mentioning the fact that there was no corroboration at all to the story that Bumgarner was giving to you. Remember  when you used to be a real news service? Infosec Santa does and now you have let him down…

The Mainstream Media

The mainstream media as a whole is on Infosec Santa’s naughty list because you all have sold out.

“If it bleeds it leads” is only really an aphorism that the Enquirer should use.

Naughty for Plagiarism

Gregory D, Evans

Greg, buddy, you are on the list so many years running now that I just have a rubber stamp for you. Your antics with suing people with frivolous law suits is just pedantic now. Please, slink back to your hovel and your “Bently” and crack those spelling books. Though, your plagiarist exploits this year were rather funny! Especially when you stole Ben Rothke’s piece on plagiarism featuring you!

That gave Infosec Santa a belly laugh like a bowl full of jello!

But.. It still lands you on the naughty list… and NO that is not a good thing, Infosec Santa is denying your Christmas wish of strippers and blow.

David Virgil Dafinoiu

David, you have been a busy boy this year stealing content! You came out of nowhere and began the onslaught of intellectual theft. What’s worse, you got caught at it and then went right on doing it some more after faking contrition.


Naughty for Selling Snake Oil


Infosec Santa has a personal bone to pick with Symantec this year. Your console is “TEH SUCK” and so is your sales team. When you call and ask for a demo on hard drive encryption son, don’t show up only with a DLP sales pitch ok?

As for the rest of you AV vendors.. Cut out the FUD and admit you can’t stop APT ok?

Naughty for Outlandish Claims & Uselessness

Tiffany Rad

Tiffany, Infosec Santa has soured in his opinion of you over the last year. You seem to have an issue with following through with things like law suits and you definitely have a penchant for…

Shall we say “embellishment” ??

Your stories of all your adventures are so very hard to verify.. But.. They just don’t ring true for so many. Why is that? Perhaps its just from Infosec Santa’s personal experiences and his checking of sources with regard to Mr. Evans and FBI connections, but, I am just left with the conclusion that you should at least be on the Attrition pages soon in the watch list.

Infosec Santa lays a majority of the blame on the lack of response to Evan’s plagiarism at your doorstep…

But, that is just Infosec Santa’s opinion… He paid for representation and got at least some satisfaction.. Others who went with you.. Not so much.

Naughty for Being… Well… Bastards and Selling Out


HBGary, a name that will live in infamy now. I mean hey, you guys even ended up on Colbert right? You all are the naughty list because of this one specific action.

Hunton and Williams wanting to smear activists.

That you got caught because you got pwn3d by LulzSec is just sorta fitting really.

Please, since corporations are now “persons” grow a conscience.

Naughty for Being A Self Righteous Gas Bag

Sam Bowne

Sam, dude, you are just a self serving blowhard and Infosec Santa see’s it… Welcome to the naughty list… Just this Infosec Santa’s opinion….

Naughty for Using the Word “CYBERWAR” Repeatedly

Richard Clarke and ALL of the DoD

Dick, DoD, you all need to stop with the jingoism by using the term “Cyberwar” too too much. You guys really don’t even have a real definition for it never mind thinking you have claim to make decisions on kinetic attacks (bombing) on targets you THINK may have something to do with an “attack”

Frankly, Infosec Santa was surprised you didn’t just haul off and bomb the Kremlin over the water facility debacle in Illinois. Must have taken some real restraint there.

Remember, its called “Attribution” and its rather key to knowing who did what where.

Naughty for Making a DOOZY of an Unsubstantiated Claim About STUXNET and Conficker

John Bumgarner

John, Infosec Santa doesn’t know you personally but this latest incident with Reuters and you…


Next time you want some attention, maybe you will forget the wild stories and actually cite real data about your claims. Conficker was the progenitor, or the Swiss Army knife for Stuxnet???


You sir are on the list until you cough up that data so it can be peer reviewed.

Naughty for Missing the Point So Much




Guys, you are all on the list for missing the point. Your dumps of data other than HBGary have been irrelevant. Your dropping of people’s data (doxing) also has been missing the point. You claim you want change but you don’t follow up with substantive actions that will create change.

You are all just a little too ADHD…

The Infosec Community @ Large & the Rockstars of INFOSEC

Finally, we have the INFOSEC community at large. There are so many of you out there and the general feeling that Infosec Santa is left with this year is that you all are too… ehhh… Dramallama

Hell, even this post by Infosec Santa falls into this category so I can place myself on the naughty list.


All of the antics and whining by this community just makes us all look bad. There are many of you out there who maintain a good presence, but generally, this is a young industry. We have alternative lifestyles and we seem to define ourselves by this attitude. However, it’s attitude that only looks foolish to the straights and then they take us at face value and lack respect for us.

Enough digital penis measuring ok?

Look, all Infosec Santa really wants to say here is this..

“You want to be taken seriously? Then grow up.”


Infosec Santa

Written by Krypt3ia

2011/12/11 at 14:58

Posted in Infosec