Monday, March 16, 2009

Extending the blog contest through wednesday

Alright guys, because we haven't had enough entries, and because I DID post it on a Friday and my traffic drops to non existent on Fridays and weekends; I'm extending the Blog Contest, either through Wednesday noon, or until we get 10 solid entries, whichever comes LAST; but no later than Thursday noon.

I've had a bunch of stories emailed to me privately with guys saying "I don't think I want to post this" etc... etc...

Guys, I appreciate your dilligence and concern, but it's not hard to sanitize a story, and note that the names have been changed to protect the guilty.

These are some funny stories people are sending me; and they aren't adding any additional security risk to these situations, nor are you violating any law, oath, confidence or trust in sharing them (presuming you clean'em up a bit as I said).

Also, I hate to say this, but the people trying to penetrate security ALREADY KNOW about your vulnerabilities.

Sadly, it's the people trying to keep things secure who are blind to them, which is why they still exist. It's been proven time and time again that it's better for a vulnerability to become widely know so it can be fixed, than buried and not fixed (which is what usually happens).

OK, so once again, the rules of the game:
  1. Submissions accepted as comments to this post, from now through Wednesday morning at 11:59 AM, or until we recieve 10 solid entries, which happens last (but no later than Thursday at 11:59).

  2. At 12:01 I will pick what I think are the top five posts if we get ten or more, or top ten if we get 20 or more. I will them put them up for a vote to the readers of this blog, open from the time I post the stories, until 5pm the following day (at which time I will also be posting a review of Dr. Paglens book).

  3. Entries will consist of one each of the following:

    a. Your best, funniest, most interesting, or scariest (from a security perspective) patch, flash, sign, symbol, or insignia story; preferably with a pic, but at least with a very clear description and detailed story.

    b. Your best, funniest, most interesting, stupidest, or scariest (from a security perspective) security story. It can be infosec, comsec, psec, prosec, opsec, doesn't matter.

  4. Stories do not have to be military or governmental in nature; though I suspect most of the best and funniest will be (governments are even better at absurdity than big corporations), so make it good

  5. Multiple entries from a single individual will be accepted; and if the stories are good, are in fact encouraged.

  6. All entries must be true and correct to the best of your knowledge (notice the out I gave you there).

  7. First hand stories are preferred, and will be given more credit; but a sufficiently good second or third hand story will certainly be considered.

  8. (I'd like to think this one would be obvious, but you'd be amazed... or maybe not) All entries should be either declassified, or sanitized sufficiently to avoid compromise; or in the case of non-military security stories to avoid compromise or disclosure of private or confidential (or higher) information.