Jacob Kaplan-Moss jacobian

This is a draft "security hardness scale", desgigned to somewhat roughly quantify the level of effort of a penetration test -- since simply measuing "how many vulns did you find" is a terrible measurement of success

The scale is similar to the Mohs Hardness Scale in that it's simply an ordinal scale, not an absolute one. That is, the "gap" between 3 and 4 doesn't have to be the same "difficulty increase" as the gap between 5 and 6. It's simply a way of rating that one pentest was "harder" than another. (This is in lieu of being able measuing "hardness" in any truely quantitative way).

Initiate
- Where should a (potential) incident be reported?
- How will incidents be tracked?
- What are the roles and responsibilities during an incident?
Communicate
- Where will comms happen? Who will be involved?
- Who will send situation updates? To whom? How often?
Assess
- Where do we collect information? Who follows up?

How do we determine severity?

Buy a nut milk bag
Measure your coffee and water: four parts water to 1 part coffee. I usually use 1lb coffee to 1/2 gallon water.
Grind coffee - fine grind, similar to an aeropress.
Put the coffee in the bag, and the bag in a jug, and pour the water over it all (note that the bags don't close all the way, so you need to figure out how to keep the top out of the water. This is hard to explain in text but makes perfect sense once you see the thing.
Steep for 12 hours, then remove the bag and let the water drain out. Press the water out gently but don't overdo it or you'll get something too bitter.
Pour over ice, or dilute about 2:1 when drinking.

Keybase proof

I hereby claim:

I am jacobian on github.
I am jacobian (https://keybase.io/jacobian) on keybase.
I have a public key whose fingerprint is A98A 7B92 EEEA AD56 F075 9EA9 6966 6DFE B00E 963E

To claim this, I am signing this object:

	import time
	import requests

	class Lanyrd(requests.Session):
	def __init__(self, args, *kwargs):
	super(Lanyrd, self).__init__(args, *kwargs)
	self.headers.update({
	'X-Lanyrd-Auth': str(time.time()),
	'User-Agent': 'Lanyrd-iOS/2.4.0 (iPhone OS 6.1.3; iPhone5,2 N42AP) build/61',
	'X-Lanyrd-Protocol': '4',

	def imgcat(url):
	content = base64.encodestring(urllib.urlopen(url).read())
	text = "\033]1337;File=inline=1;size={0};px:{1}\a"
	return text.format(str(len(content)), content)

	import os
	import json
	import github3
	import logging
	from django.http import HttpResponse
	from django.views.decorators.csrf import csrf_exempt

	gh = github3.login(token=os.environ['GITHUB_TOKEN'])
	log = logging.getLogger(__name__)

	require 'gmail-britta'

	ME = %w{[email protected] [email protected] [email protected]}

	puts(GmailBritta.filterset(:me=>ME) do

	# sputnik - label, keep in inbox; these are alerts
	filter {
	has ['from:sputnik']
	label 'alert/sputnik'

	OpenSSL Security Advisory [19 Mar 2015]
	=======================================

	OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
	=====================================================

	Severity: High

	If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
	invalid signature algorithms extension a NULL pointer dereference will occur.

	#!/bin/bash

	read -p "Enter yubikey: " key
	echo
	curl "http://api.yubico.com/wsapi/2.0/verify?id=87&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad&timestamp=1&otp=$key"