I was a Yippie. Upon graduating from High School and asking that age-old question “What do I do with my life?” I decided to be part of the Youth International Party! My life plans had an expiration date that Pete Townshend might have approved of when writing “My Generation.”
Like Jerry Rubin, I’ve gone through some changes since, although I recently called one of my projects Steal This Singularity (after Abbie Hoffman’s Steal This Book), so maybe I didn’t change enough.
This is an insanely great book. A mix of author bio and oral history, it’s also a visual treasure trove with lots of archival moments from Jerry’s own. Physically, it’s about the size of New Jersey. And it has a lovely comprehensible story arc that — among other things — might make you feel what it’s like to believe the revolution had come; and then it had gone without bringing about a season of joy and total anarcho-communist transformation (or executions) as was expected by a few of us. And then, what do you for your next act?
If you were Jerry, you exaggerated your conversion from Yippiedom to Yuppiedom — because that’s the sort of clear narrative the media likes, and because he wanted to do cool things. At the same time, he did want to make money, so maybe he wasn’t exaggerating that much.
Anyway, the book has it all. John and Yoko during their political period. Bob Dylan being elusive but friendly. Jerry’s competitive friendship with the more legendary, fellow Yippie leader Abbie Hoffman. It has Black Panthers, the Weather Underground and all the women who didn’t get enough credit — including Jerry’s girlfriend during the thick of the late ‘60s, Nancy Kurshan — during a time when several radical leftist men became pop stars
In addition to Did It! From Yippie To Yuppie: Jerry Rubin, An American Revolutionary, Pat Thomas is the author of Listen, Whitey! The sights & sounds of Black Power 1965-1975 and consulted on the essential film history of the Black Panther Party, The Black Panthers: The Vanguard of the Revolution.
I interviewed him via email.
R.U.: Aside from the fact that there hadn’t yet been a biography – and so many about Abbie Hoffman — what attracted you to Jerry Rubin’s story? You were too young during the Yippie heyday to be a part of it. (Pat Thomas is 53 years old)
PAT THOMAS: My brother was 9 years older than me. He brought Steal This Book into the house in the early 70s – I gravitated toward it despite not even being a teenager yet. I also started listening to rock music several years before my friends did (again, because of my brother). My ‘day job’ is working for folks like the estate of Allen Ginsberg, reissuing lost vintage 1960s and 70s recordings on CD and that sort of thing — so I’m into chronicling the counterculture. Jerry’s story had never been told and needed to be told — before everyone who knew him was dead. Read more “Did It! From Yippie To Yuppie: Jerry Rubin, An American Revolutionary – The Interview”
Documents will reveal that the JFK assassination was an Illuminati Ritual to usher in the Psychedelic Sixties and turn you all into useful idiots. Bwaaahhaahaa!
artwork by Eric White
By Julian Shirley
Lately my nostalgia for 4chan /b/ during the years of 2007 through 2009 4chan has been sneaking up on me pretty hard, as I realize that almost nobody I speak to, with the exception of one or two online friends, experienced this culture. It really was something else during those years, it was a special time and place to be on the internet, nothing like the eventual form it would take, and hard to describe or put into a contemporary cultural context. The culture that exists on the 4chan’s now is vastly different. In fact, the original chan culture is notably antonymic to contemporary chan culture. I am going to try to explain why 4chan culture was so special to me at the time, why it feels so unrepeatable now and why I temporarily invested so much of my identity into a large group of people, a behavior which is generally speaking, personally atypical. To give context and attempt to portray the feeling of the cultural at the time, I will detail my participation in and observations of the Hal Turner raids of 2008.
Early chan /b/ front pages usually contained at least one thread which could be labeled as a “Raid”. A “Chan Raid” or an internet Raid in general, is when a large group of people from one forum, chat, website or other social network agree to converge on a digital target, such as another forum, chat, website or other social network at the same time, usually with intent on trolling, hacking, or otherwise attacking the specified target. Some of my fondest 4chan and 7chan memories were raiding, the most fond of them being our ongoing raids of the white supremacist “Hal Turner” and his internet and radio talk show. We launched a campaign against him consisting of a creative meshing of psychological warfare and ridiculous meme spouting. About fifty percent of the calls into his show were from us and fifty percent were legitimate calls from his racist fan base, a ratio which was very much intentional and enforced with care so as to increase his paranoia. Inevitably he became hyper paranoid which is when we eased off a little so that we could muse at his inevitable incorrectly assumed accusations of his loyal followers in which he insisted they were “4chan spies” and “were not fooling him for a second”.
Looking back it was rather masturbatory, juvenile and arguably even vaguely sadistic on our part but we were a group of mostly angst and anger filled teenagers and young adults that were also brilliant, talented and marginalized by society, so that was to be expected to some degree as we slowly realized we were not as powerless as we had been told.
We raided Turner as an exercise and test of our various skills and artistry, as a social experiment and because he stood for something we despised. We were not rebelling against his racism as you might guess, although most of us found it very distasteful, but the illogical and authoritarian platform all of his ideals and rhetoric was born from. We targeted him not because we were social justice warriors but because he was an idiot who was profoundly devoid of logic. His lower more base emotions presented themselves so transparently that it frankly disgusted us. His attitude, demeanor and pompous style was eerily similar to that of contemporary Donald Trump. Consistently exuding the shallow embarrassing insecurities and projectionist egotism you might expect from a spoiled middle class 6 year old child feeling threatened or entitled to something they felt they were missing.
The aggressive rhetoric President Trump uses when condemning an enemy as well as his over simplistic proposals for defeating his enemies are strikingly reminiscent of Turner to me, to the point where I sometimes confuse Trump for Turner in my mind briefly. The way Trump speaks aggressively before taking any real action or announcing any plans when asked about defeating formidable enemies such as MS-13 or North Korea is fairly close to verbatim the methods and rhetoric we heard from Turner at the time when he was dealing with anything he felt was threatening him. We were not an exception. When we first started he frequently boasted that he would “destroy us” and made claims we would end up paying the server bills that were financially destroying him as a result of our consistent denial of service attacks on his servers. Once we had doxed him thoroughly we discovered his history of abuse of animals and all sorts of awful things. He was truly was a deplorable, pathetic and hateful human that I had, and still have, very little sympathy or empathy for. In the end we returned his name and career to total irrelevance and obscurity. He was just done.
Towards the end of the raids some hackers managed to compromised his mail servers and some other sources and uncovered emails from and to Turner and his FBI handler, confirming that Turner was indeed an FBI informant, a position which is needless to say, frowned upon heavily to put it mildly by Turner’s Neo-Nazi community and the releasing of these emails undoubtedly led to Turner being shunned by the only community that supported him. Many people believe and assert that Turner was used by the FBI to stir up racial controversy and was effectively an FBI controlled pawn but I am skeptical of this. He was however, an active FBI CI.
Turner represented what we hated about the system that oppressed us, to most of us, who felt we could never easily assimilate to a system so transparently flawed. This sentiment and many of the more radical ideas that we had thought or felt quietly, had been quite militantly and systematically discouraged in our society, especially in the educational system most of us felt captive to. To hear other people say these things we had thought alone but which were never encouraged or validated and to unite behind them to destroy a man who represented and reflected not only our oppression but the majority held beliefs that seemed illogic to us felt very good. More importantly it helped nurture in me, and I can only assume many others, a self confidence which had been taken away by the relentless indoctrination and intellectual suppression of the educational system and our society in general.
Although we shared emphatic distaste for authority and rule, we were not anarchists nor were we nihilistic. Our culture’s core values were not written out neatly in the form of document or dogma but still were, to me, very clearly defined. They consisted of, at their core, a militant adoration and reverence for both logic and humor. We exalted these two values above all other morals in a way that scared the shit out of normies and had them all figuring us for nihilists and shock jockies. Which is unfortunately mainly what the culture eventually digressed into before the SJWism and hacktivism that popularized 4chan in the mainstream media, seeped in, causing our precious short lived cultural bubble to burst and leaking our culture, values and memetics into the ocean of mainstream internet cultures where they were thoroughly bastardized and diluted to impotence.
To be clear I am not bitter about these events. The fact that something so pure, self sustaining and artistically and philosophically inspirational existed for as long as this, did is amazing to me. It was a hive mind of people drawn together by a love of logic, intellectualism, humor, art, hacking and technology in general as well as a shared distaste, or even hate, for protocol, dogma, rules, and social constructs. I identified with these people in a very real way because I saw that they recognized our societies consistent and fallacious tendency to normalize and systematize the arbitrary social, political and emotional constructs that we knew in our hearts were just that, constructs.
This article was originally posted on PasteBin
Excerpt from Narrative Machines by James Curio
This Is Not A Game, The Alternate Reality Game Of The Real
“In modern political performances,” writes Richard Sennett in The Culture of New Capitalism, “the marketing of personality further and frequently eschews a narrative of the politican’s history and record in office; it’s too boring. He or she embodies intentions, desires, values, beliefs, tastes — an emphasis which has again the effect of divorcing power from responsibility.”
Consider this in contrast to the scheme presented in “They Live,” where there is one true reality that underlies all the messages that we are bombarded with. Nada puts on the glasses, and those covert messages are rendered overt. OBEY. CONSUME.
Reality, of course, is far more confusing. All messages are “in code”, every collection of data points can be fictionalized in any number of ways. And we must ask to what purpose? All fictions stand in for the truth as they are repetitively performed. This is the central fallacy behind Enlightenment or pop-cultural re-interpretations of the implicit awakening, getting #woke, or taking the Red Pill. There is no one truth hidden beneath propaganda. The rise of conspiracy news should not be mysterious in light of this. One does not “step out of ideology,” one switches one pair of glasses for the next.
We may find no better presentation of the crisis of the hollowness of appearance than Baudrillard’s Simulacra and Simulation — the surface has subsumed the possibility of an essence. The anxiety here is that without some sort of Neo-Platonic ground to rest on, an immoveable point to hang Foucault’s Pendulum from, the whole world will come undone. And people are right to feel anxious, though the fear is ultimately baseless.
…even the Pendulum is a false prophet. You look at it, you think it’s the only fixed point in the cosmos. but if you detach it from the ceiling of the Conservatoire and hang it in a brothel, it works just the same. And there are other pendulums: there’s one in New York, in the UN building, there’s one in the science museum in San Francisco, and God knows how many others. Wherever you put it, Foucault’s Pendulum swings from a motionless point while the earth rotates beneath it. Every point of the universe is a fixed point: all you have to do is hang the Pendulum from it.
All being is ungrounded. That central assertion of existentialism — that existence precedes essence — is not one that we’d like to challenge. Much of Baudrillard’s book seems to react directly with today’s headlines, of the collapse of ‘consensus reality’ (or the sense that there is one), into the event horizon. Consider this rather lengthy passage,
The impossibility of rediscovering an absolute level of the real is of the same order as the impossibility of staging illusion. Illusion is no longer possible, because the real is no longer possible. It is the whole political problem of parody, of hypersimulation or offensive simulation, that is posed here. For example: it would be interesting to see whether the repressive apparatus would not react more violently to a simulated holdup than to a real holdup. Because the latter does nothing but disturb the order of things, the right to property, whereas the former attacks the reality principle itself. Transgression and violence are less serious because they only contest the distribution of the real. Simulation is infinitely more dangerous because it always leaves open to supposition that, above and beyond its object, law and order themselves might be nothing but simulation. But the difficulty is proportional to the danger. How to feign a violation and put it to the test? Simulate a robbery in a large store: how to persuade security that it is a simulated robbery?
There is no “objective” difference: the gestures, the signs are the same as for a real robbery, the signs do not lean to one side or another. To the established order they are always of the order of the real. Organize a fake holdup. Verify that your weapons are harmless, and take the most trustworthy hostage, so that no human life will be in danger (or one lapses into the criminal). Demand a ransom, and make it so that the operation creates as much commotion as possible — in short, remain close to the “truth,” in order to test the reaction of the apparatus to a perfect simulacrum. You won’t be able to do it: the network of artificial signs will become inextricably mixed up with real elements (a policeman will really fire on sight; a client of the bank will faint and die of a heart attack; one will actually pay you the phony ransom), in short, you will immediately find yourself once again, without wishing it, in the real, one of whose functions is precisely to devour any attempt at simulation, to reduce everything to the real — that is, to the established order itself, well before institutions and justice come into play.
Then this tree, like a cosmic vacuum cleaner, went ssssuuuck, and every cell in my body was swept into the root, twigs, branches, and leaves of this tree. Tumbling and spinning, down the soft fibrous avenues to some central point which was just light.
It’s Timothy Leary’s birthday and for your pleasure, here is the original version of a chapter from Timothy Leary’s Trip Thru Time
by R.U. Sirius
Timothy Leary AP (After Psychedelics) — The Harvard Psilocybin Project
Timothy Leary’s First Trip
When David McClellan, director of the Center for Personality Research at Harvard asked Timothy Leary to teach there under his aegis, he told Tim to “stir things up a bit.” In his later years, Leary liked to quip, “I think he got his money’s worth.”
Leary first heard about the effects of psilocybin in 1959 from his friend Frank Barron, who had recently tried the mushrooms and came away impressed by their visionary properties. Tim reacted negatively to Barron’s suggestion that he try them. Lacking any awareness of psychedelic substances — and in spite of Barron’s vivid description — he thought of drugs, along with such gross physical methods as electroshock therapy, as blunt, harmful, coercive tools that behavioral psychology used to force patients to conform. However, the following year — perhaps undergoing one of those much vaunted “midlife crises” as his fortieth birthday was approaching — Leary suddenly got the urge to try the mushrooms.
Timothy Leary’s poolside psilocybin trip on August 9, 1960 in Cuernevaca, Mexico is an oft-told tale — central, as it is, to the history of Western psychedelic culture.
The ‘shrooms were copped by Leary’s friend, historian Lothar Knauth, from “Old Juana,” a disheveled, hunchbacked old woman in raggedy clothes who led him wordlessly out of town and onto an old dirt road before effecting the deal.
Timothy Leary’s first trip began pleasantly. He felt lightheaded “as if from laughing gas.” One of the people who had not taken the drug had been assigned to take notes. He was nerdily-dressed in oddly mismatched clothes. Leary, seeing him scribbling earnestly in his notepad, went into fits of laughter that only increased as he reflected on the pomposity of socialized professionals, himself included.
As the trip intensified, he had a brief moment of panic, worrying that the effects may be too strong, and that his kids, playing blissfully unaware inside the villa shouldn’t be around a bunch of drug-crazed adults. He had one of the straight adults send the kids off to the movies for the afternoon. Then he let himself go.
In High Priest and other autobiographical books, Leary describes visions of “Nile Palaces, Bedouin pleasure tents, mosaics of flaming color, jewel encrusted reptiles, mosaics lit from within.” And then he re-experienced all of evolution; floating “down through snake time, fish time, giant jungle-palm-time, green lacy fern leaf-time” until “hello, I am the first living thing.”
A Conner Habib Twitter Thread
1 We can’t see sex clearly in our culture. That means not only will our culture of harassment be damaging, but also our responses to it.
2 Punitive measures that empower that state and/or deepen sex-stigma make matters worse.
3 We must see perpetrators of harassment as disgusting in actions. But we ALL live in a sex negative culture. What are the implications?
4 How can we formulate responses to unhealthy & damaging actions when our BASELINE — & this is for almost ALL of us — is unhealthy & damaged?
5 The way misogynists/alt-right/bros deal with this? Blame the victims of the harassment. “They’re just fucked up about sex.”
6 Instead we need to support victims AND see how the currents of sexual repression/negativity are still affecting us even as we do so.
7 What are the BEST ways to support victims? How might certain types of support co-create a culture where more sexual harassment occurs?
8 Not easy questions to answer. But we must remember: being better than harassers doesn’t mean our actions are right, just not as monstrous.
Check out Conner Habib’s video show Against Everyone. Habib is an author, a lecturer, a porn performer, and a sex workers’ rights advocate. He’s Vice President of the Adult Performer Advocacy Committee and a member of PEN America.
His (Sterling’s) famous introduction for that book (Mirrorshades), describing what cyberpunk was doing in fiction — seemed to express precisely what a truly contemporary transmutational magazine should be about.
the transition from MONDO 2000 to Reality Hackers — excerpt from Freaks in the Machine MONDO 2000 in late 20th Century Technoculture (yes… still in progress)
Some time in 1988, we made a rash decision. Despite High Frontiers relatively successful rise within the ‘zine scene (where 15,000 in sales was solid), we decided to change the name of the magazine itself to Reality Hackers.
It was my idea.
We’d been hipped to cyberpunk SF and I’d read Gibson’s Neuromancer and Sterling’s Mirrorshades collection. His famous introduction for that book, describing what cyberpunk was doing in fiction — seemed to express precisely what a truly contemporary transmutational magazine should be about.
Here are some parts of it: “The term, (cyberpunk) captures something crucial to the work of these writers, something crucial to the decade as a whole: a new kind of integration. The overlapping of worlds that were formerly separate: the realm of high tech, and the modern pop underground.
“This integration has become our decade’s crucial source of cultural energy. The work of the cyberpunks is paralleled throughout the Eighties pop culture: in rock video; in the hacker underground; in the jarring street tech of hip hop and scratch music; in the synthesizer rock of London and Tokyo. This phenomenon, this dynamic, has a global range; cyberpunk is its literary incarnation…
An unholy alliance of the technical world and the world of organized dissent — the underground world of pop culture, visionary fluidity, and street-level anarchy…
For the cyberpunks… technology is visceral. It is not the bottled genie of remote Big Science boffins; it is pervasive, utterly intimate. Not outside us, but next to us. Under our skin; often, inside our minds.
Certain central themes spring up repeatedly in cyberpunk. The theme of body invasion: prosthetic limbs, implanted circuitry, cosmetic surgery, genetic alteration. The even more powerful theme of mind invasion: brain-computer interfaces, artificial intelligence, neurochemistry — techniques radically redefining — the nature of humanity, the nature of the self. The Eighties are an era of reassessment, of integration, of hybridized influences, of old notions shaken loose and reinterpreted with a new sophistication.
Cyberpunk favors “crammed” loose: rapid, dizzying bursts of novel information, sensory overIoad that submerges the reader in the literary equivalent of the hard-rock “wall of sound.” Well, then… Read more “Becoming “Reality Hackers””
by R.U. Sirius & St. Jude (Wired magazine, 1994)
She’s permed, chubby, hose ‘n’ heels… Mom. She stands up when Phil or Sally Jessy or Oprah aims the microphone. Her voice rises. Her face tumesces. She’s outraged by somebody’s sexual behavior. Oprah’s eyes register $$ – the big score. This is the very essence of daytime talk TV.
In fact, this G-rated money shot is set up for you many times every single weekday. It works like this: The sacrificial “guest” is somehow off-center – not quite your married missionary heterosexual. The host announces the deviant’s category – say, “Men Who Love Shoes Too Much” – then turns to the camera and wonders gravely about this group’s impact on society, arming the audience for attack. Then audience and guest have it out over whether or not the guest should exist. After an hour, the shoefucker is led off, back to the Green Room, bleeding profusely. Then everyone is thanked. Commercials play. Credits roll. I imagine cigarettes being lit all around by audience, guest, and host – as most shows seem to build, then climax.
The ritual being observed here on talk television, and on television at large, is a mapping of classic small-town dynamics onto the media global village. Remember the small town – that tiny-minded, busy-bodied, bully-fisted little burg? No you don’t, because your grandpappy scraped it off his shoes in ought-six so he could get himself a life.
In this century the urban drift became a stampede. Why? The bright lights were calling, but your ancestors and mine were ejected out of Hickwad by the peer pressure.
I Get to Be Me
Now, in the TV global village, rites based on small-town traditions like “conform-or-die,” “shut-up-and-take-it,” and “you’ll-braise-in-eternal-torment” are being celebrated just like in the old days. Now the targets offer themselves freely, cheerful as volcano virgins, because these bad boys and girls – criminals, perverts, or cultural dissidents – are working for their camera time.
Camera time is the irresistible bait of a media culture. The victims get to be themselves, get to flaunt being themselves – can even try to make converts, before the little red light goes out. After the hatefest, lighting up, the armchair lynchmob can catch the cleanup actions: see the arrests on Fox’s Cops, follow the trial on Court TV and get the smirking denouement on A Current Affair. Read more “The Medium is the Message and the Message is Voyeurism (1994)”
By: Renketsu Link
You’ve undoubtedly been trying to figure out what to do about what might have been the worst data breach this year, the compromise of the multinational credit bureau Equifax. As it stands now, the credit histories of millions of people in the United States and other parts of the world are now in the wild and undoubtedly being sold on the black market at cost (nowadays, rather less than $20 per dossier) and if you’re reading this you’ve probably got free credit monitoring until the year 2030. But that doesn’t answer the key question here: How the fuck did things get so bad?
The answer is a complex one and involves significant amounts of suck and fail at every level of complexity. Let’s start at the top of the stack.
Instituting a security program requires funding from the company itself as well as buy-in from upper management. Without money, the system administrators at the company can only cobble things together in their spare time – hardening, monitoring, patching, reporting, and deploying the occasional passive security measure. In some companies to this day, they have to do this on the down low because management there is actively hostile toward security and will force the admins to remove “those useless things.” Some measures require the purchase of additional hardware and license keys, and not every budget has a couple of thousand dollars to spare on a few new boxes. If you don’t think places like that exist, they do – I’ve worked at a few, and they make our work much, much easier. Even if they have money, the C-levels (Chief * Officers), V-levels (Vice *), and D-levels (Directors) need to make it public that they support the security program, will abide by it, and officially order everyone who works there to abide by it, too. All it takes is one C-level who doesn’t give a fuck to cut the nuts off of the entire thing.
Second, let’s talk about so-called security practitioners. Probably 80% of the “cybersecurity experts” I’ve butted heads with are barely able to turn on a computer, let alone actually put up a fight. Most of the security industry pimps certifications like the CISSP or Certified Ethical Hacker sheepskin don’t actually know anything useful about security in any way, shape, or form. The Wikipedia pages talk a good game by throwing around words like “provable,” “experts,” “ethical,” and “cyber,” but if you actually read any of their training texts (which, of course, are published by those certification bodies and cost as much as your average college textbook) usable information is pretty scarce. Let’s take the CEH: If you look at what it actually teaches you (things like not running telnet, setting up firewalls, installing patches, and not running all your shit as root) it actually reflects the publically known stuff about security in the late 1990’s. You’d be hard pressed to find a Linux or real UNIX that actually includes in.telnetd these days but doesn’t mention anything about the sorts of vulnerabilities that one finds today (like process injection or memory hardening evasion techniques). As for the CISSP, it tells you up front that the Common Body of Knowledge is a mile wide and an inch deep (or more recently “at the thirty-thousand foot view”) but in the same breath they’ll also tell you that when you actually sit for the exam all you have to do is pick the least wrong answer; if you actually know anything about security, for about 74% (if I did my math right (hey, the book’s a thousand pages, cut me some slack)) of the questions have all incorrect answers, and if you actually did what you were taught… well, you know how I make my living, so by all means, keep doing exactly what you were taught.
Practically every company out there has some legal or industry-specific guidelines that they have to at least make an attempt to comply with, and there’s no shortage of them: PCI-DSS, NIST SP 800-53, NSA IA, HIPAA, ISO 27001… I could go on and on, but all you need to know is that they all say basically the same thing: Google “how do I harden <insert operating system or appliance here>,” follow the instructions if the link isn’t from a perfectly legitimate Russian or Chinese business conglomerate, patch your shit every couple of days, read your logs and respond to what you see, and generally don’t be a dumbass. In practice, however, they get treated as lists of checkmarks or cells in a spreadsheet. A couple of meetings are scheduled and suffered through by everybody who bothered to show up (of course, at least one Android phone that now belongs to someone like me is on the table) and roadmaps are drawn up that are supposed to act as a timeline for security measures that need to be instituted. Sometimes, once or twice a year, a security assessment is held; rarely a security company is hired to do the work. Then, and here’s the fun part, the remediation loophole kicks in. It goes like this: Every security program has a requirement built into it that basically says, “You now have x months to fix the findings from this assessment, after which time we’ll run another assessment.” You probably see where this is headed. Nothing happens to fix the vulnerabilities found, the next assessment happens, nothing has changed (usually things have gotten worse in the meantime), and during the burndown meeting someone says “Okay, you now have x months to fix the findings from this assessment, after which time we’ll run another assessment.” Over and over and over again.
Of course, there are a few out there who actually have a clue. They’re the ones who don’t last very long because they eventually get tired of being ignored, quit, and occasionally go into business as hired guns with their inside knowledge (come on in, the water’s fine!) They run their scans, tell the sysadmins to patch their shit and harden SQL Server, and read their logs. They’re also the ones who get told that installing patches adds bugs instead of fixing them, get told that complex passwords are unnecessary, get bitched out at all-hands meetings for trying to institute multifactor authentication because it adds an extra step to normal work (meaning that your Battle.net account probably has stronger authentication than your bank), and watch in horror as C-levels plug flash drives they found in the parking lot into workstations where the user’s logged in as the local admin. The lot in life of a real security professional is a sad one that often results in functional alcoholism, endless bitching at hacker cons (attended under the pretext of “vacation” because actually hanging out with hackers can cost someone one of those expensive certifications if anyone finds out) and often early retirement to a log cabin in Appalachia. That’s if they don’t get fired for actually doing their jobs; nobody ever likes being shown that their security program doesn’t actually work and the messenger always gets shot.
Next in line are the sysadmins. As with any group, there is a subset that actually know what they’re doing, and go as far as they need to so they can do their jobs (which, if they know what they’re doing consists of automating everything in the first month, fucking off the rest of the time, and having a boss key set up so they can look busy whenever somebody wearing a tie walks by). The rest are content to stand up a Window or Linux box, throw an app or two on it, and let it go at that. Some don’t bother patching anything, either because it’d be too much work or because the developers won’t let them (“If you patch that you’ll break our production app!”) Most have a patch cycle that’s entirely too long (weeks to months), which leaves them vulnerable for extremely long periods of time. Also, operating system ecosystems are becoming more security hostile in very subtle ways (you’re welcome). There is no shortage of Windows APIs that let a creative user turn off or evade security policy entirely, and systemd has been a godsend to hackers the world over.
Last and certainly not least are the end users, who may as well be on our payroll because they make it all possible. They’re the ones who use Password_1 as their passwords because password complexity guidelines don’t let them use strings like qu;;o5Eey9aiV-ai3FexiC<a7cu2hGhi|g}e (okay, so that’s not entirely their fault but I’m not above a cheap shot now and then (trolled people are people who make exploitable mistakes)), open every document sent to them from a vaguely official looking e-mail address, and are trained from an early age to click on buttons that make error messages go away. Let’s not forget those wonderful people who forward our trojaned documents to entire teams and make it rain shells. App developers are the ones who demand that sysadmins not lock their shit down because they don’t know how to write robust code (you’d be amazed at the e-mail threads where a stupid bug made by a dev was blamed on a security patch) and say that many different classes of RCE are theoretical and thus are wastes of time to mitigate (protip: Getting caught selling 0-days in your own code is a career limiting move.) Analysts that spend more time at work surfing porn than looking at system logs or vuln reports are always fun, plus if you pop their laptops they occasionally have security reports that make life easier for us in the short term.