Monday, September 25, 2017

Do you want to play a game?

from here

Never underestimate the unusual ways that people view security concepts. Each person sees the world the the lens of their own unique experiences. Sometimes that isn't helping them and you point them down the correct path, but sometimes you might be the one with the crazy ideas and they're trying to set you straight.

Is there anyone this doesn't apply to?

found on Memegenerator

I suspect if you examine people's practices closely enough you'd find that most people (even security people) violate the principle of least privilege at least some of the time, Heck, Microsoft even went so far as to nerf the administrator account because they gave up on the idea of people only using admin sparingly. Does UAC now mean that people don't have to worry about least privilege anymore?  Does it give us a licence to be lazy about security? I don't know, but I'm going to continue using a non-admin account for day-to-day computing, regardless of the presence of UAC on my machine.

Friday, September 22, 2017

Why admin isn't always admin

from here

You know how nowadays when you want to run something that requires administrator access you have to right-click and choose "Run as administrator" even though you're already logged in as a user who is a member of the Administrators group? Yeah, Microsoft had to literally change how administrative users work because people couldn't be trusted to follow the principle of least privilege.

Setting up 2 accounts (a non-admin one for everyday use and an admin one for actual administration) was apparently too complicated for most people so now it's just assumed that everyone is running as admin so to get the REAL administrative you have to "Run as administrator".

Inconvenient truth about the war on cryptography

found on Imgflip

Thursday, September 21, 2017

Security vendors in glass houses

from here (source image)

McAfee really shouldn't be throwing stones here, considering their own intelligence community ties. And you know what? With all the focus on the NSA in recent years, ties to American spies is probably going to carry more weight internationally than Americans might realize.

The song of my people

found on Imgur

Part of me wishes I had found the entire song parody that this meme alludes to, but another part of me is glad I didn't. We don't need to get into details about how things break when you apply patches (necessitating the practice of testing patches on a test system before rolling them out to production systems)

Wednesday, September 20, 2017

Of course pirates want to steal resources

from here

Although the site operators have tried to explain what their intentions were, the fact remains that The Pirate Bay ran miners on people's computers without their consent. The distance between this and distributing mining trojans is vanishingly small.