Sunday, November 1, 2015

Don't believe everything you read on the Internet...

This is pretty universally true. Take everything you read on the Internet with a grain of salt.  This morning, more than 741k Twitter followers of the "History in Pictures" account (@HistoryInPix) were treated to this completely fictional rendition of poor President Lincoln (who along with Jefferson is one of the most oft misquoted historical figures ever).

One problem - it isn't real...

The problem of people misquoting historical figures is so huge that John Oliver recently launched his own website where I "learned" that famous physicist Albert Einstein weighed in on genital herpes.

Thanks HBO. I had no idea until now Einstein cared so much about STDs!
But the original offending image (which has almost 1400 retweets) is from the book "Abraham Lincoln, Vampire Hunter" and the picture is just as fictional as the book.  What's the infosec hook here?

First off, a Twitter account with 741,000+ followers was distributing garbage.  If an attacker took it over and posted a random link (say to an exploit kit), how many people would click on the link?  My guess is the number would be at least as many people as retweeted the fake picture (so minimum 1400).

The second infosec hook has to do with half-truths.  At Rendition Infosec, we regularly work with clients who have read some half truth on the Internet but take it as gospel.  One of my personal favorites is "we use SSL, so our web applications are safe."  Wow.   SSL only prevents outsiders from snooping on your web traffic.  No other protections are offered by SSL.  SSL definitely doesn't protect you from XSS, SQLi, or CSRF, contrary to popular belief in some circles.  Another favorite half truth is that if you deploy a WAF, you don't need to remediate issues in your vulnerable web applications.  This is a really bad idea for a whole number of reasons, but it's a truth that some clients have clung to with nearly religious zeal.

The moral of the story?  I'll defer back to Lincoln for this - he sums it up as well as I ever could.


  1. “It ain’t what a man don’t know know that makes him a fool, but what he does know that ain’t so.”
    -- Henry W. Shaw .... or was it Mark Twain

  2. Don't believe everything you read, see or hear for that matter. The role of the internet is mere a catalyst for a very old principle.

    For context:,_the_one-eyed_man_is_king

  3. This comment has been removed by a blog administrator.

  4. This comment has been removed by a blog administrator.

  5. Howdy, its particular post concerning media print, we in general understand media is a magnificent wellspring of assurances.
    Free vpn account


Note: Only a member of this blog may post a comment.