Information security is no laughing matter — unless you're one of many infosec accounts on Twitter trying to be funny.
I say "trying to" because some Twitter infosec comics are actually funny, and some are seriously not. They are loved and hated in equal measure. They're foul-mouthed, occasionally offensive, dry and snarky, and some accounts feel like inside jokes of inside jokes... because they're all of that. Some are even automated bots.
But one thing all the parody and humorous information security accounts share is that they just might help make the crushing weight of infosec's tendency to take itself way too seriously a little bit less... crushing.
Infosec Taylor Swift, aka "Swift On Security"@SwiftOnSecurity -- probably everyone's favorite infosec parody account, "she" blends Swift's girlish romanticism with biting security sarcasm.
Bio: "Every single tweet should be good. Founder and CEO of SwiftSec, an elite computer security company. Sumpreme InfoSec Thought Commander."
Your apologies are like updated Cryptolocker definitions. A little too late.
— InfoSec Taylor Swift (@SwiftOnSecurity) July 1, 2014
You ran the new TrueCrypt binary? pic.twitter.com/neLSb6kSNg
— InfoSec Taylor Swift (@SwiftOnSecurity) May 29, 2014
Clueless Security, aka "Bug Bounty King" @CluelessSec — With its "for dummies" logo, this hilarious account mocks money-grubbing, fame-seeking bug hunters with aplomb.
Bio: "Hi ur site has serious security flaw. Plz fix soon!"
Hi if u cant reproduce bug from my one line description let me send it to you again with more exclamation marks so u can get it #bugbounty
— Bug Bounty King (@CluelessSec) June 27, 2014
Hi ur site has a vuln. Not going to say which site or what kind of vuln i found. instead here is a low-rez video. Pls fix ASAP #bugbounty
— Bug Bounty King (@CluelessSec) July 3, 2014
NSA Public Relations, @NSA_PR — Not strictly an infosec parody account, NSA PR straddles security humor and the ongoing security public relations quagmire the NSA has found itself in since we first heard the name "Edward Snowden."
Bio: "We care, we're here to listen. Obvious parody."
TRUECRYPT IS FINE PLEASE CONTINUE USING FOR ALL SECRET DOCUMENTS
— NSA Public Relations (@NSA_PR) May 28, 2014
The Other Grugq, @thegrugq_ebooks — An insider joke and an automated account that carries itself off well, this bot posts remixed "nonsense" clips from the account of a well-known hacker known for his expertise in operational security (among other erudite traits).
Bio: "OPSEC strategist attaché"
That’s officially it, @thegrugq_ebooks now gives better OPSEC advice than I do. I now retire. It was a good run, but software eats the world
— the grugq (@thegrugq) July 6, 2014
Don't forget to test that your OPSEC procedures actually work by red teaming your setup, in my bedroom.
— the other grugq (@thegrugq_ebooks) June 5, 2014
Vice Hacker News, @ViceHN — This intentionally offensive, painfully funny, snarky and pointed account combines the idiocy of Silicon Valley/Hacker News and VICE Magazine headlines, yet somehow doesn't manage to fold the universe in half with all the annoyingness of both in one place at one time.
Bio: "The Definitive Guide to Budding Digital Engineers. Who Will Always Be Cooler Than You."
This YC start-up is just an oversized jpeg of a phallus - and today Yahoo offered to acquire it for $3.7 billion USD.
— VICE Hacker News (@ViceHN) November 14, 2013
Hipster Hacker, @hipsterhacker — All the "before it was cool" Java jokes with a touch of Portlandia, plus zingers conveying the perspective of a hacker/developer who embodies all the ineffectual, arrogant traits of a techie-hipster.
Bio: "My code is poetry, meanwhile yours is oh-noetry."
Works fine for me locally. Sounds like an ops problem. I'm going to lunch.
— Hipster Hacker (@hipsterhacker) November 14, 2013
Lost half my freelance clients when I announced I would only be accepting payment in BitCoins. The lame half.
— Hipster Hacker (@hipsterhacker) May 18, 2011
I Am Devloper, @iamdevloper — a real person who is sometimes mistaken for a parody humor account, and seems fine with it.
Bio: "These views are also the opinions of my employers, any problems, speak to their legal team. *puts headphones back in*"
Fair enough pic.twitter.com/xjNnoAdqaC
— I Am Devloper (@iamdevloper) June 17, 2014
Fake Infosec News, @fakeinfosecnews — the name says it all, delivering fake, mocking and ridiculous infosec-themed headlines to match the ones we're wading through in our news readers every day.
Bio: "Fake infosec news you can use. Up-to-date inaccurate information on all the cybers, as they happen."
Sole Remaining User of orkut Furious About Its Shutdown, Finds Useless Authorization Bug
— Fake Infosec News (@FakeInfosecNews) July 5, 2014
Nokia affirms it made the right choice paying ransom: "She gave the key back on a USB drive and pinky promised there were no other copies."
— Fake Infosec News (@FakeInfosecNews) June 18, 2014
PHP CEO, @PHP_CEO — If PHP had a personality, it would be the PHP CEO. All the stupidity of startups led by a shouty, clueless human version of PHP, in tweet form.
Bio: "CEO OF A PHP COMPANY"
COMPANY UPDATE: THE MARKETING TEAM ARE NOW CALLED GROWTH HACKERS. I AM NOW A DATA SCIENTIST. NO CHANGE IN RESPONSIBILITIES. THAT IS ALL.
— PHP CEO (@PHP_CEO) March 27, 2014
IT HAS COME TO MY ATTENTION THAT SOMEONE CALLED JASON HAS BEEN ENCODING AND DECODING DATA IN OUR APP. PLEASE CHANGE YOUR PASSWORDS
— PHP CEO (@PHP_CEO) February 16, 2014
F Is For Fail, @failymonster — This may not be the hard-hitting humor some people crave, but F Is For Fail manages to swoop in on publicly known security failures as they happen in the news and take "credit" for the fail. Some tease the account for being a roaming fail fairy, dooming everything it touches.
Bio: "I am a security consultant with a reputation that proceeds me! I love to help!"
I am not associated with the Brazil football team. That team has more holes in it than an enterprise SharePoint implementation.
— F is for Fail (@failymonster) July 8, 2014
Security Humor, @SecurityHumor — a classic, well-known account that provides a constant, humorous commentary on the disappointments and inevitabilities of infosec work.
Bio: "Standup Philosopher of Infosec and everything else. No topic too high or too low."
Cultured and genteel civilizations know there are three subjects to never discuss in polite society: Sex, Religion, and #PatchTuesday.
— Security Humor (@SecurityHumor) July 8, 2014
There are other funny Twitter accounts that get a lot of retweeting from hackers, but aren't necessarily about security which should get an honorable mention because they're so damn funny. I'd be remiss not to include Nein Quarterly, Pinboard, CNN Your Mom, and Swearengen CD (warning: like the HBO Deadwood character, this Creative Director uses very explicit language).
Although always, of course, you can't please everyone, and we endure the infosec people who just hate fun.
I'm thinking about a bounty program for people that beat up people running parody infosec twitter accounts.
— Martin Bos (@purehate_) June 27, 2014