Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for May 2014

ASSESSMENT: Mujahideen Secrets and the Snowden Affair

leave a comment »

Screenshot from 2014-05-15 05:58:04

 

 

Mujahideen Secrets:

mujahideen_secrets_screen

The Mujahideen Secrets program for crypto has been around for a long time for those who wanted to connect in the jihad online. I looked at it a long time ago and didn’t think much of it to begin with but it has been around a while and in use by some. Recently there has been some tongue wagging that the Snowden Effect has deeply scarred the GWOT because actors (aka the jihadi’s) are not changing their patterns of behaviour and creating new crypto and comms. While this program was out there for use to say communicate with AQAP on their Inspire gmail account it wasn’t as far as I have seen over the years the go to for securing communications for the jihobbyists. In fact, I would preface that people are people and crypto is hard so not many really adopted the technology in the first place.

Since the program had been kicking around the internet so long my assumption was that it was broken already or tampered with more likely to allow for easier reading by security services. So with that said and I think some others within the jihad actually thinking the same it became just another not often used tool in the arsenal for communication between the jiahdi’s on the internet boards. Of course one must also take into account just how many of these people on the boards are “active” in the jihad and not just “jihobbyists” who want to blow smoke online but would never actuate themselves into real terroristic actions.

Pre and Post Snowden:

Screenshot from 2014-05-15 06:14:01

So the articles out there from Recorded Future   which is pretty much a theft of a MEMRI document by the way, purport that since Snowden dropped all his data online people are changing their operational patterns. I say that they perhaps are just seeing the crust of the data and not the innards of the problem statement. There may be a lot of chatter about not using Mujahideen Secrets anymore or of using other technologies but one has to look at the problem from the social/networking standpoint of a fractured AQ/Global jihad now as well. This is where I think they are failing.

GIMF is back and the groups are scrabbling for purchase in the jihad because of things like ISIS causing a stir, Boko Haram as well, and other players out there looking to be the big boss of jihad. Online the boards have been rife with hack attacks, paranoia, and a general malaise of people not actually doing anything but the usual spewing of dogma and posturing. So really, when one starts talking about the online jihad and the use of crypto the reality is on the whole that the online jihad is just a side show to the real deal that happens off the net. Communications are being handled offline now altogether with couriers and paper or USB drives and phones. It has been that way for a long time actually and the general public just doesn’t get this from the press.

ANALYSIS:

The final analysis of this story is pretty simple and it is this; Mujahideen secrets and the other new technologies being offered by GIMF are just fluff. The changing of tactics is only natural post any kind of leak that the nation states are watching and frankly since Snowden this should be a global reality and thus no surprise really. All of the people bemoaning it are just doing so in my mind to tow the party line and aren’t really facing the reality that the game is up. Secondarily, in the case of the jihad the game was pretty much a kids game to boot so please don’t moan about it in the press to make the general populace feel the fear again so you can go on about your business of “surveilling all the things”

This is much more a political power play than it is anything else and reading this tripe in the news makes me gag.

K.

Written by Krypt3ia

2014/05/15 at 10:53

Posted in .gov, .mil, FUD

ASSESSMENT: Operation Saffron Rose/Operation Flying Kitten

with one comment

Screenshot from 2014-05-14 13:10:34

 

The Saffron Rose Narrative:

Screenshot from 2014-05-14 13:23:37

I think it was a slow news day at FireEye or that they felt they needed media attention and thus was born the “Saffron Rose” campaign report that was released Monday. The report makes the evocative implication that Iran is upping their game against other nation states by either state actors or hacking groups who want to be such. I frankly looked at the report and immediately began to see inconsistencies in the claim that this was nation state at all nor advanced any more than anyone with a version of SET and some domains to use.

As I looked into the claims and the details further the more convinced I became that my assessment was more true than the claims made by FireEye in their “Threat Intelligence” on the Ajax Security Team. The net/net of this is that these guys were nothing to write home about and that in my opinion this was just a marketing piece that used Iran as a hot button to garner attention for the company. I am still of that opinion even after talking to DIB players as well as the Federal government about the Ajax Team and their antics over the years to today.

The FireEye Data:

FireEye lays out the exploit (as in an exploit not the common vernacular in tech for those of you who know not English)  and the C&C’s as usual with good details on how the mechanics work. The exploit though is in fact modified from a stock “stealer.exe” with some obfuscation crypto and a new pass/log it is still just an off the shelf known trojan and had been seen online since November 2013 if not earlier and there will be more on this below. Overall though FireEye makes a good attempt at nailing down the culprits but makes assumptions as to the level of expertise going from defacement skiddies to APT actors within a year or so.

The fact of the matter is that the primary movers of the group seem to be just two main actors in this phishing campaign and the group broke up and went their separate ways as they lacked money to keep domains and sites online. For that matter the people who own the domains and were active in the Ajax Team previously may have nothing to do with this campaign anyway as their domain was used without their consent. It remains to be seen just who did what but in the end the malware is detectable by AV systems and this is not a clear and present danger to the DIB partners on the whole.

The Exploit:

Screenshot from 2014-05-14 13:32:36

Screenshot from 2014-05-14 13:21:49

The “Stealer.exe” named in the FireEye report as well as the “IntelRS.exe” were reported back in November of 2013 as being seen in the wild and when I began looking at the data from Google it became clear that anyone getting this trojan may well have been able to stop it with AV on board already. This was not overly exotic and in fact the malware is a COTS in the community where you can compile it as you like and use it much like the POS software out there reported on recently.

Malware is malware and of course you can change it a bit making the hashes obfuscated to AV systems or you can build in other security but in this instance it seems that these guys did the minimal work to send out these phishing emails. What they did do however was create the fake aviation site and the like which anyone now can do because it is common knowledge as far as tactics go today after all the APT discussions out there. Honestly these guys may have been looking for credentials to further access to pass on to their government but I am seriously doubting that they were sponsored at all in this endeavour. Is this not one of the tactics that we use in the Red Team industry? Can’t you even do it with just a copy of SET or CoreImpact? Yes.. Yes you can. So it is not advanced nor persistent. Nor a threat really. Admittedly though FireEye does stop at that line and makes no equivocal statement that it is indeed nation state so I give them that. Overall though, still nothing to write home about… Unless you are looking to garner attention for your company with the scary boogey man of Iran that is.

UPDATE: Folks are FE are upset and saying I am wrong about this being a common tool. They cite the hashes below as not being this tool. Yes yes, it is not the same hash and it is not being seen by AV on the whole but is this not the game here? You update the tool or re-write and then recompile to obfuscate the AV? When you look at the calls in the registry you see the same variant behaviour in earlier malware coming from Nov/Dec 2013. So yes, it’s new malware according to the hashes but this is not a new and exotic malware is my point. It’s a re-hash. While  am at this once again here is the INTELIRS.EXE used in 2013 Nov. It’s a replay. So how uncommon is it if it’s already been used?

 

 

The Time Table:

Screenshot from 2014-05-14 13:23:10

Meanwhile, the FBI put out this BOLO on the intelIRS.exe back in December and listed at least “one” company being attacked with it. Since I got this I have talked to DIB people and yes, some saw the activity back in December and generally it was a blip on the radar and that was all. It was not a huge campaign and in the end it did not exfil a lot of data to the adversaries involved. Now if in fact these are the same actors here then either they re-packed their malware and tried again with DIB or FireEye is just catching on to this.. Or maybe they just wanted to let this out now in a lull period on their marketing management calendar… Overall I think that this is much ado about nothing and that this is old news but hey who am I anyway? I’m just the janitor really.

The Players:

Now we get to the interesting bits that FireEye failed to give in their report. They did go as far as looking at who owned domains historically and looked for some ID’s on popular sites but that’s about where they left off. Perhaps they went further and are not reporting it but I am going to right here for you all. The two major players, if the domains were in fact still controlled by them and were behind this phish campaign are  Keyvan Fayaz and Ali Ali Pur (Ali Alipur) Keyvan aka HURR!C4NE! and Ali aka Cair3x are both player from the early days of the Ajax Security Team of defacers and skidz.

As you can see from the data below, their email trails betrayed them eventually through re-use and I got their names. Of course overall these guys are not ninja’s really so it wasn’t all that hard to follow the Google trails to their real identities. In fact Ali is well known by his real name (as seen in a report from the ICT org) Keyvan goes by HURR!C4NE! or bl4ck.k3yv4n and eventually used his real name on a site that he had created early on with the K3yv4n moniker. What interested me further was that Keyvan also is connected with Soroush Dalili who is on LinkedIN as a pentester today. It seems they worked together back in the day finding vulns and publishing them. One has to wonder now if you would want to hire Soroush in any way since he had all this connection to the Ajax Team as recently as 2011.

As far as I have seen in my intelligence gathering on the current iteration of the Ajax Security Team, these are the players. The sites all came down due to non payment of domain costs and incidentally the blogs by cair3x are now gone as well post the FireEye report so at least there’s a good bit of intel that at least Ali was part of this phish campaign. It’s just the level at which he was involved that is at question. Overall though I would say that he and Keyvan were the ones doing this and that they certainly have not progressed to 3l337 ninja status or Chinese levels with this showing.

 

Screenshot from 2014-05-14 13:16:57

 

Screenshot from 2014-05-14 13:15:50

Screenshot from 2014-05-14 13:15:50

 

Screenshot from 2014-05-14 12:38:19

 

Screenshot from 2014-05-14 11:31:35

 

Screenshot from 2014-05-14 11:35:48

 

Screenshot from 2014-05-14 11:28:35

-lUn-5bw.png:small

 

Screenshot from 2014-05-14 11:35:32

 

TEXT

Threat Intelligence Report for AJAX SECURITY TEAM:

 

Screenshot from 2014-05-14 13:10:03

Screenshot from 2014-05-14 13:10:17

My final analysis is that this group of guys decided to get in on the action and they schooled up a bit on how APT act. They got some workable malware and set up a phish site with C&C’s to do their work and spammed a company within the DIB. The attack wasn’t overly exotic and the methods were lowest common denominator. If it was in fact something that the state of Iran was backing they certainly weren’t doing it very closely (i.e. monitoring these kids and helping them with technical know how) so my conclusion is that they did it on their own.

I do not think that the group is in fact working with other groups in Iran and evidence shows that even within the Islamic hacking scene these guys are small potato’s and were even prey to the hacking of one site by the JM511 in 2012 (passwords dumped and ID’s loosed) …So really it’s not a homogenous and formidable force we face coming out of Iran. Now that Ali (Cair3x) has been on a deletion spree I am sure that they will back up and take another look at how they might go about this in the future. Perhaps they will learn and get better. What I really would like to know though is just how much if any data was exfiltrated to Ajax with this phish campaign? This is something that FireEye nor anyone else is talking about so I assume that not much was made off with.

So, how does this report from FireEye help anyone other than what to look for as hashes go? No reports on the emails sent (structure, wording etc) to help people look for them in their spam systems. No real intel on who these guys are and why they are doing what they are doing other than the notions of national pride either. What are their targets? What are they looking to take if they are taking anything? What should we all as readers of this report be looking for to stop them?

….. ….. …..

Yeah, thanks FireEye for nothing. I guess it’s just buy our service and we will protect you eh?

This is one of my major beef’s with “Threat Intelligence” hawkers today. There’s barely even a C&C in this report that can be used. I mean this is all after the fact and it’s not a campaign as far as I can tell that is going on today so why report it? A fireside read is it? At the very least NAME THE ACTORS and make them uncomfortable. I guess it’s more about the cool factor along with the button pushing that gets the marketing wheels spinning eh?

Hey Ajax Team (Keyvan, and Ali) I see you.

K.

 

Written by Krypt3ia

2014/05/14 at 20:52

CISO’s CSO’s and Target Debacles

with 3 comments

giphy

 

The Target Debacle & CIO/CEO Separations

Yesterday I had a short conversation with Brian Krebs post the news that the Target CEO was being fired and that his severance was a fat 65 million dollars for the effort. He mentioned that he was asked to do an Oped for the Guardian on this and I vented on the subject of CISO’s and CSO’s not being worth their salt on average as well as that if they do have a clue they are hamstrung by upper management. Brian’s post this morning made some salient points about not only Target but many companies in general that may not even have a CSO or CISO title in their food chain. What does this mean for the “security” of those organizations he mused. Well, in my opinion those companies that don’t have a CSO/CISO are only more nakedly clear about their lack of care on the subject of security than those others who have the titles but hamstring them or have useless individuals in the roles.

That the Target CEO leaves with a large sack of money and there is still no CISO/CSO position filled at Target should be a clue for all of you out there that they really don’t get security nor do they really care. Sure they will dump a lot of money at the problem like Brian says in the Oped but that will not change the culture that caused alerts to be ignored will it? Perhaps they will be more sensitive for a while but I am sure they will go back to their somnambulism on security soon enough once the press has died down on this. Of note in the news concerning the CEO’s departure from Target is that he was not only axed because of the hack. In fact the CEO was sent packing because he bungled their strategy of opening stores in Canada. This is the reason he was ousted in my opinion more than the hack. You see, a CEO is at the will of the board and the board was not telling him he needed better security or a CISO were they? Net/net nothing has changed at Target but spend on security to look like their is some magic happening but that’s about it I fear.

CISO’s and CSO’s

Now, about those CSO’s and CISO’s out there. As I have mentioned before I am the Methuselah of INFOSEC (TM) so I have been around a while and seen a lot of things that made me go “hmmmmm” One of the more common issues other than not having any kind of C level security exec in a corporation is the CISO/CSO dunsel. Now these people I have generally found doing my own recollection statistics from assessments over the years have been on average figureheads only. This is a sad and rage inducing fact for me and has been throughout my INFOSEC career. What has come to pass is the recognition that if the CISO/CSO has any credentials it is usually a CISSP and that’s about all the experience they have had. I have not run into too many CISO/CSO’s in general corporate ‘Murica who have actually done the work that would make them a good CSO/CISO and rightfully claim the word “security” as a field of expertise.

I was Tweeting earlier these sentiments so I will just kinda put them into a bullet list here…

  • CSO/CISO’s should have been Network Admins/Security/Auditing people who actually did the job. Anyone who is only a theoretician should not be doing this job unless they listen to their security staff and follow their lead. However, if you haven’t done the job how the fuck are you going to understand what your tech tells you?
  • If your CSO/CISO does not have a good rapport with the security team that actually does the work what good are they? If you have a CISO/CSO that is very “executive” then it’s game over.
  • If your CSO/CISO is too politic and boot licking to his peers within the org or bows to pressure too easily without a fight.. Well what’s the point?

I guess the summary here is that if you have a CSO/CISO that isn’t passionate about the job, understands the technologies and the issues, and generally will listen to the staff under him advising them about the issues of the day then you should get out of that org and find a place where they do. You will not get anywhere and you will be frustrated… unless you let apathy win and just go through your day not caring. Alternatively you will get all that burnout we all have been yapping about lately and that is no way to go through life either is it?

Report To Chains

Another big issue here is the placement of the CSO/CISO in the food chain. I have seen many orgs who actually have a CSO/CISO in the food chain but they are hamstrung because they report to the wrong person. The fact of the matter is no CISO/CSO should report to the CIO alone. Nope, a CSO/CISO should report directly to the CEO and be available to give them the straight dope on what the problems are within the org. I have seen places where the CSO/CISO is just cock blocked by the CIO who takes his reports and files them away for no one to see. Why? Because it may rock the boat or make them look bad in the eyes of his peers that’s why.

The CEO and the board should get an unfiltered channel on the inner workings of security within the company so that they are informed. Unfortunately this is not the case in most places and in fact security as we all well know is the cost center redhead stepchild no one wants to deal with most of the time. If the report to chain is fubar then the poor CSO/CISO’s job is basically to be the fall guy/woman when the shit hits the fan.. sorta like the Target CIO, who coincidentally had no IT experience to start with so there you go. It’s just an illusion of propriety for the shareholders and the media folks and nothing more when this happens.

It is my firm opinion that every org should really take a look at their report to chains and see just how well or not that’s working for them. If they have a CSO/CISO that reports just to the CIO let’s say and is filtered what good is that? There has to be efficacy here but then again the orgs have to care about security in the first place and not just give lip service to it for the media and the audit teams right? Too many orgs are just broken and just don’t really care to change that. I would hazard that Target is even one of those companies post the POS hack and loss of millions of credit cards and personal data.

Speculation On Changes Post Target

While on the subject of Target I would like to say that they will care about security until such time as they are no longer in the news. Sure they have lost money but they will bounce back and the shoppers will return soon enough. You see we all have short attention spans out there and we will soon forget all about this debacle. Our fears will dissipate and we will go on with our lives because we have not really felt the sting here from this hack. What do I mean? Well, who pays for the credit monitoring? Well that would be Target. Who lost their money altogether and wasn’t reimbursed for their credit cards being stolen? Well that would be maybe the banks right?

What I am saying here is that overall the banks should be the ones forcing the companies to tighten their security because they are the ones paying for this in the end. Well, actually, I suspect we all will pay in larger fee’s in the future right? I mean the banks have to re-coup their losses too and who better to fund them than all of their customers right? Hey it’s a win win win here financially in the long run so without an epic flame out no one will really care at the end of the day right? The Targets of the world will live on and go back to what they were doing before because vigilance and doing things right is hard and costs too much in their books. They will just buy the next blinky light appliance that some FUD vendor hawks to them as the new panacea to all hacking and they’ll be good!

K.

 

Written by Krypt3ia

2014/05/06 at 15:04

Posted in Uncategorized

INFOSEC is from the Internet and Executives Are From INITECH

with 3 comments

executivesarefrom

 According to some out there on the Twitters and the con circuit we in INFOSEC don’t communicate well to our corporate masters. I know what you’re thinking right now… here he goes again on this bullshit… but I really think that more could be said to elucidate at least how I feel about it all. So I thought I would attempt to put this down on the blog as it has been sticking in my craw for a while now. After having spent time talking to people like Josh Corman and others out there who decided to harangue me for being an INFOSEC heretic lately I still felt that perhaps some clarity was necessary and I thought what better way could there be than framing this argument in one of my favourite movies context! So I present to you “Infosec is from the Internets and Executives are from Initech”

INFOSEC is from the Internets

Infosec or Information Security to the lay, is the discipline, no not a science, of applying the practices of security principles to an environment. In many cases out there this means that we the professionals are trying to get the companies we work for, to comply with “Best Practices” with a goal of protecting their data, which really much of the time means the clients information. Now oftentimes I hear the haggard cry by my information security siblings that it feels like they are speaking a foreign language when they talk to the “norms” where they work. This failure in communication follows through to the world at large as well but in the microcosm of the “company” the strata is defined and one of the biggest problems that we all have is the elusive executive.

You see, the executive should be a primary concern of ours to communicate with but all too many times we find ourselves either filling out numerous useless TPS reports (with cover page *tm*) or worse, in the basement Milton style muttering to ourselves about burning down the building. Now some of you out there be saying “Now wait a minute! I have access to my executives!” and if you are and you do then please tell me which unicorn company you work for because I wanna work there as will 99% of the people in our business. Let’s face facts here, we are a different animal from the average exec out there and we may also consider ourselves outside the norm within the world at large too right? I mean we are always the smartest people in the room with the know how and the snark to carry it all off right?

Well maybe we are in fact the smartest in the room. Perhaps too we may be to the far end of the disorder spectrum collectively…  at least we fancy we are because that makes us all VERY special fucking snowflakes right? I suspect the reality is much more complex but the feel of it for us all seems to be that we know what we are talking about, take it seriously, and try to tell the magical exec the truth and either are denied the access, not listened to, or just pretty much told to make due with not doing anything you recommend because the business can’t do it. So what is one in this business supposed to do when this happens? Are we to just suck it up and take it? Are we to complain and whine and moan? Are we to get even? Or, dare I say this in the naked cold light of recent derpy events and butthurt?

… Yes… I will…

Are we to internalize it all and get burned out and manifest all kinds of bad self destructive behaviour because of it?

C’mon! YOU are from the INTERNETS you INFOSEC God(dess) YOU are smarter than 20 of those sofaking executives you work for! So come on, stop obsessing about it and just do your job to the best of your abilities. Like I said in my last screedlet; Report the issues, let them sign off or not, then go home at the end of the day. This is all you can do. You are from the Internets and you can either accept this or just hack the system and then tell us all how you did it at some con in some cool PowerPoint right? Enough of the angst and gravitas ok? All this talk about “communicating” better may have some good points but in general I feel that there is much much more thought that needs to go into this and not just puke out some reductive 20 minute con presentation on it. I will continue with my process of reporting, sign off, and home while all you really smart autists geek it out in a better new hacky way.

Executives are from INITECH

The other side of this problem is understanding your executive beast. What you have to disabuse yourself of is the idea that executives are at all like us. Execs come from INITECH and by this I mean watch “Office Space” again and observe this documentary closely on the ways of the corporate executive and social interactions. This movie is not really satire kids and you should really be able to admit this to yourselves. Execs also believe they are the smartest people in the room as well and unfortunately they actually have the power to squash your nuts as well as just not listen to you. I guess let’s just say that the “them vs. us” thing isn’t working for us but one has to ask just how we “could” reach them and make them understand what we know to be true and important.

Execs are often pampered, old, and out of touch with reality because of their job titles. This is a general malaise from my experience and in some cases it just feels like execs have lobotomies when they get their titles and offices anyway. Don’t even get me started on execs who have the titles with “security” in them as well. I have met many who did not have the experience in security in the first place to even speak knowledgeably on basic security issues never mind the intricacies of say an IE 0day. Lately the joke has been that we need popup books to enlighten them on certain concepts and while that is funny, it also is an admission of the futility we all seem to be facing to some degree in our work lives in security.

The base conceit though is that execs are most concerned with the bottom line. Their personal bottom line in their bank accounts and professional reputation bank seem to take precedence over perhaps listening to you INFOSEC Cassandra warning of the latest malware that might cause them to lose data. So do you really need to figure out a way to get that to them? Do you really have to expend all the time and energy trying to persuade them or to learn executive thinkspeak to reach them when plain and simple language or hand puppets won’t? Once again… Report the dangers, get them to sign off if they don’t want to make changes, and then go home. You know that the exec will be going home that night to their large home and their pool with 2.5 kids named Biff and Muffy and not have one scintilla of a thought about your warnings right?

Rinse and repeat.

Do We Need To Be Peter, Michael Bolton, or Milton?

So to follow through on the metaphor a bit more it becomes clear that we all must choose a means to deal with all of this claptrap we deal with daily. Do we want to be one of the archetypes from “Office Space” and sublimate that way? Which would you rather be I wonder?

Peter: Hypnotized into just not giving a shit about anything

Michael Bolton: Tightly wound and talking about pound me in the ass prison?

Milton: The long suffering borderline psychotic mumbling about burning down the business and being a basement dweller?

Honestly I personally have been a Michael Bolton and a Milton in the past but I have resigned myself to be more of a Peter lately. The others may have some catharsis somewhere down the line but in the end we all know they will pop at some point and burn a place down, have a coronary, or go on an office shooting spree. Nope, the not giving a shit is the way to go as long as you do your job and don’t go all INFOSEC JESUS on it. Face the cold hard realities kids, you can tell the truth, you can do it in the most wonderful ways but if the company or exec is not interested in making changes due to money, politics, or just not caring, then you won’t get anywhere. What’s worse is that if you start obsessing on it you will only make yourselves miserable and by proxy, your workmates, your loved one’s and anyone who comes in contact with you.

If your job makes you miserable because you cannot get through to your chain of command then it’s time to move along or just accept it and get a paycheck. Sure, maybe you have spare cycles and want to create the new mousetrap so go right ahead and come up with your very own Rosetta Stone for exec speak. Just let me know when that is all done and for sale and I will pick that shit right up. However, don’t tell me that I  need to learn how to talk to my exec better at some con and expect me to just bow to your great wisdom. Do it first then lead the way! If you can do it and put that shit into a plan that works universally well god dammit I want that book! It’s once again DATA or it never happened.

…Just be a Peter and live better.

Planet Lumbergh

I recently had a conversation with a friend of mine about all of this post my recent heretical post. We agreed that there is so much that needs to be looked at to effectively attempt to even get close to the problem and that to date, the business and community has done nothing. Perhaps the ossification is due to the problem being so hard. It is also possible that the problem has been ignored because the money is too good now to really make a change and tighten things up. I mean that would really put a dent in many a business if everyone was actually doing security right huh? My personal take though is that there are just too many Lumbergh’s out there in charge and there is nothing we can do about it.

I could once again go into the whole cognitive issues around security but I am just sick to death with trying to explain it all. Face the fact that we humans are very flawed and have a real penchant for repeating history so this worm will just turn and turn and turn again. Nope, it’s better to just do the best you can, inform the management and work on the problems you are allowed to. Of course all the while all those things you aren’t allowed to fix have to be signed off on by management and YOU should have a copy of that form squirrelled away for that inevitable day when they try and shit on you.

Harsh you say? Well I am a realist so suck it. You should be too.

Don’t let the Lumbergh’s get you down man….

K.

 

Written by Krypt3ia

2014/05/02 at 19:08

Posted in Infosec