Tuesday, August 31, 2010

toll gate fail

epic losers brings us photographic evidence of why it's necessary to look at context when considering security measures. you can't just add a toll gate without considering the area you're going to add it.

Monday, August 30, 2010

how is your password not like your fiance

courtesy of failbook

passwords: can't live with them, but they're a heck of a lot easier to change than your fiance.

Friday, August 27, 2010

Thursday, August 26, 2010

covet thy password

nick owen pointed this one out. as you can probably guess, nick's got a thing about passwords, and there are valid criticisms of password authentication like this one. sharing passwords is bad security.

Wednesday, August 25, 2010

frustrated anti-virus

found on the doghouse diaries

your anti-virus may not actually hate you if you don't keep it registered and up to date, but it certainly can stop helping you.

Tuesday, August 24, 2010

a new twist on security theatre

this, of course, is the good kind of security theatre - theatre that teaches about security (the threat landscape, the pool of countermeasures, etc), as opposed to supposed security that is really all just for show. this really humanizes the concepts and makes them more relate-able for people.

shame they went heavy on the "we protect you" market-speak, though.

found on f-secure's safe and savvy blog

Monday, August 23, 2010

you have searched me for the last time

found on emergent chaos but originally from upgrade: travel better. adam shostack of emergent chaos is 100% responsible for the funny caption/headline though.

Friday, August 20, 2010

Thursday, August 19, 2010

the devil comes clean

pvp, or player vs. player, had an interesting sub-plot storyline starting here and ending with the punchline above where the security angle was revealed. it doesn't take supernatural or otherworldly powers to know your deepest, darkest, innermost secrets when you blab them through an unsecured email system.

Wednesday, August 18, 2010

security has gone to the dogs

found on security curve, though apparently it was originally from i has a hot dog

yeah dogs can be good security, sometimes, but other times not so much.

Tuesday, August 17, 2010

don't want no short short passwords

via epic losers

this would probably work with biometrics too.

Monday, August 16, 2010

call screening is good for something afterall

failblog never disappoints

really, this is a natural lolthreat if ever i saw one.

Friday, August 13, 2010

making a withdrawl doesn't seem to be in the cards

from hacked in real life

so, um, yeah, how do you feel about ATM's built on windows now? eeek!

Thursday, August 12, 2010

security fail number eleventy bajillion

found on failblog.org

when even this guy can slip through you KNOW you're doing something wrong.

Wednesday, August 11, 2010

waiting for rationality

found on boingboing

alas, airport security theatre is tragic-comedy, sometimes known as theatre of the absurd. but apparently this merchandise it real! i so want one. better put it on my list.

Tuesday, August 10, 2010

who ya gonna call?

i actually don't know where this originally appeared.

Monday, August 9, 2010

w is for wow, which is all i can say

from schneier's blog

The Gashlycrumb Terrors, by Laura
A is for anthrax, so deadly and white.
B is for burglars who break in at night.
C is for cars that, with minds of their own,
accelerate suddenly in a school zone.
D is for dynamite lit with a fuse.
E is for everything we have to lose.
F is for foreigners, different and strange.
G is for gangs and the crimes they arrange.
H is for hand lotion, more than three ounces;
pray some brave agent sees it and pounces.
I is for ingenious criminal plans.
J is for jury-rigged pipe-bombs in vans.
K is for kids who would recklessly play
in playgrounds and parks with their friends every day.
L is for lead in our toys and our food.
M is for Mom’s cavalier attitude.
N is for neighbors — you never can tell:
is that a book club or terrorist cell?
O is for ostrich, with head in the sand.
P is for plots to blow up Disneyland.
Q is for those who would question authorities.
R is for radical sects and minorities.
S is for Satanists, who have been seen
giving kids razor blades on Halloween.
T is for terrorists, by definition.
U is for uncensored acts of sedition.
V is for vigilance, our leaders’ tool,
keeping us safe, both at home and at school.
W is for warnings with colors and levels.
X is for x-raying bags at all revels.
Y is for *you*, my dear daughter or son
Z is for Zero! No tolerance! None!
i don't know who laura is, but this bit of alphabetic poetry is brilliant. do i even a label for security poetry? guess i'll need to add one.

Friday, August 6, 2010

just can't say no

gotta love dilbert, but not his PHB (pointy haired boss), obviously. people really do have some strange ways of adapting, though.

Thursday, August 5, 2010

viruses? how retro

ah, the inimitable xkcd

the premise here was that linux was the future of desktops and that using vulnerable platforms like windows is an anachronism from the past. of course linux gets malware too, just not as much due to how shallow the pool of potential victims is.

Wednesday, August 4, 2010

attention to detail fail

thanks to the folks at blogto for catching this one.

you can't have security without paying attention to details. details like the correct spelling of "Ontario" on this security card might not directly impact security, but it doesn't fill me with a warm fuzzy feeling knowing that this is how much attention to detail went into the 1 billion dollar security joke that was G20.

Tuesday, August 3, 2010

compliance certification fail

found on failblog.org

compliance with safety rules is important, but obviously certification needs to be taken with a grain of salt.

Monday, August 2, 2010

would you like fries with that?

found on thereifixedit.com

i suppose it could work - probably at least as well as any other lock on glass doors. certainly a creative solution to the problem.