The US government has announced it is replacing the infamous pyramid of food with a pie. Oh, wait, I mean a plate cut up into pieces that look like pie.

Eating healthy never looked so good.

However, I am a bit confused by the text they have below their new illustration.

Switch to fat-free or low-fat (1%) milk.

First, what? Switch from pie to milk? I just adopted the new pie diet and already they are asking me to switch?

Second, if I’m going to drink any milk at all, I’m going to drink healthy milk — whole raw milk — and not some rehydrated reconstituted dried lint from dirty socks blue-tinted water low-fat milk substitute. I’d drink camel milk long before I would agree to poison myself with the stuff left over when you remove the milk (fat) from milk.

Research clearly shows [http://www.ncbi.nlm.nih.gov/pubmed/18831752] that whole milk causes more lean body mass gains than non fat milk. Which proves fat doesn’t make you fat [http://stronglifts.com/the-4-most-popular-fat-myths-debunked/]. Excess calories do. As long as you have a caloric deficit, it doesn’t matter if you drink non fat or whole milk.

It doesn’t matter as long as you know the risks from the process used to make milk non fat and what you are missing.

Michele Orru just presented “Dr. Strangelove or: How I Learned to Stop Worrying and Love the BeEF” at the 2011 CONfidence in Krakow.

What will you do during a pentest if you should get access to some target internal resources while having no exploitable external ones for the escalation? Well, there could be many responses on this provocative sentence, starting from Social Engineering techniques to the exploitation of victims browser inside the target.

We will see how BeEF can help resolving almost impossible pentest situations while directly exploiting the victims inside the target, using their machines as pivot to gather access to internal as well external resources, and how it’s much easier now to extend BeEF functionality writing your own modules to suit your needs.

Great stuff, and not just because every conference should have at least one presentation modelled after Dr. Strangelove. This could actually spark a contest that spans security conferences — each one gives an award for best Dr. Strangelove security talk.

Although I’m obviously biased I would like to think my comparison to Stuxnet hysteria I presented earlier this year was more historically aimed and made more sense as a threat analysis.

Is anyone, and I mean anyone, really so worried about the Browser Exploitation Framework (BeEF) that they are proposing changes to national security? I don’t see it. Seems to me more of the opposite reaction to the BeEF — browser exploits are out there, and BeEF is doing what BeEF does…mooing and grazing and dumping excrement (filling logs).

If it were my choice I might have tried “BeEF, the other pentest meat”, “BeEF, it’s what’s for pentests”, “What’s on your (zombie) grill?” or even “Ground BeEF: Cutting the legs off a browser”.

But on the other hand I admit I’m still in favour of as many presentations using Dr. Strangelove as possible to drive the message. The more Strangelove the better.

In related news, the presentation talked about the effort to port BeEF from PHP to Ruby. I vote they rename the new Ruby version “DeCalf” (e.g. not written in Java).