Friday, April 29, 2011

i'z in mai drug lab ...

as seen here but i originally saw this picture thanks to stefan esser (and whoever it was that retweeted him)

ah, geolocation technology - you might want to pay attention to how that can be used against you.

Wednesday, April 27, 2011

if remembering a different, complex password ...

if remembering a different, complex password for every site one uses sounds reasonable to you, then you might be a security idiot.

(best practices should include memory aids, and not just as an afterthought)

Thursday, April 21, 2011

convinced me, you have not

as seen here

those spammers have got to step up their game. this 'person' is so obviously a computer it's ridiculous.

Wednesday, April 20, 2011

trust but verify

from very demotivational

it's important for us, socially, to place trust in others - but from a security perspective trust can be easily misplaced. hence the phrase "trust but verify". even more importantly, though, when it comes to the people we trust to protect us someone has to watch the watchers.

Tuesday, April 19, 2011

location, location, location

from the next web

perhaps you've heard the saying "location is everything". normally it has to do with real-estate but as geolocation becomes more pervasive, awareness of the importance of location (and especially the importance of keeping that information private) is bound to become more mainstream.

Monday, April 18, 2011

privacy awareness fail

























from the inimitable failbook

it's important to understand how to protect privacy before you balk at facebook's failure to do so

Saturday, April 16, 2011

warning: don't copy javascript into the URL bar when asked

i don't often come across malicious content online, but when i do i warn people about it.

today's lesson is to not copy javascript into the URL bar when you're in facebook (though that probably holds for other most other social networking websites too). here's an example of what can happen.


while using facebook you might receive an invitation to an event like this

maybe you'll also receive a message like this

or perhaps you'll get a wall post that looks like this

then when you click you find yourself on a page laying out a step by step process like this one

if you're confused by the instructions they even have a nice little youtube video to explain how it's done

all you really need to do is click through the steps

then it takes you back to facebook where you're supposed to paste some javascript into the URL bar, and when you do (along with the other things that happen behind the scenes) you wind up at a page like this

continue doesn't take you anywhere, of course. the only thing you can do here is prove your identity by taking a quiz (yeah right).

of course there's no such thing as proving your identity by taking a quiz. the quiz requires you to sign up to some mobile service in order to get your results, and that mobile service isn't free. and guess what, there's no longer any mention of those 650 facebook credits anywhere at this point.

what you don't realize is that copying that javascript into the URL bar did a lot more than take you to some strange site. it also sent off facebook messages and wall posts and invitations to an event it just created in your name. and each person who falls for this spreads the scam further and further
if there's one thing you should take away from this it's that you shouldn't copy javascript into the URL bar in facebook. it's basically a trick that the bad guys use to get their malicious scripts past facebook's defenses.

Friday, April 15, 2011

up here silly

from whudat.de

now, i'm not trying to say that surveillance is a bad thing, but you should probably have a better clue about where the threat is if you're going to try using surveillance technology.

Thursday, April 14, 2011

i iz in ur stor...

the lolbuilder makes stuff like this a lot easier than trying to do it myself, but i have to hand it to the would-be thief (from this new story) because i wouldn't have been able to stick a chainsaw down my pants.

Wednesday, April 13, 2011

perception of updates

from sticky comics (thanks to nick owen for the link)

keeping up to date is important (security updates, at least, are supposed to close avenues of attack which bad guys might use against you), but obviously different people see updates in a different way.

Tuesday, April 12, 2011

could passwords be too pervasive?


originally found at the art of trolling

people have become accustomed to the idea of passwords unlocking access to special things like their bank accounts or their tree forts, but perhaps some greater thought needs to be put into how passwords work so that social engineering schemes like this one won't fool people quite so easily.

passwords are shared secrets, both the giver and the receiver must know them in order for them to work. if you don't have any reason to think the receiver will know the password other than some strange guy on the street saying they will then probably you should expect them to not know the password you're giving them.

Monday, April 11, 2011

password strength

from memebase after dark (which generally means there's naughty language)

it's not meant as a judgment, it's meant as constructive criticism. weak passwords are easily broken and the people who make password strength meters are just trying to help you keep yourself and your accounts safe. try not to take what they say too personally.

Friday, April 8, 2011

when in doubt, type it out

brian krebs' post detailing ways to stay safe after the epsilon breach has a rather catchy phrase that is also pretty good advice:
when in doubt, type it out
the meaning of which being that when you receive a link in an email that you're unsure of (or maybe even if you are sure) it's safer to visit the company's website by typing out their web address than it is to click on that link.

of course if it's a company you've done business with in the past it's even better if you just follow a bookmark you saved on some previous visit so that you can avoid typos (which some people do exploit). that doesn't fit in a catch phrase, though (at least not yet).

Thursday, April 7, 2011

thought leader


thanks to rob slade for pointing out this hilarious video

Wednesday, April 6, 2011

affordable home what?

from failblog (as if that weren't totally obvious)

with a motto like "affordable home burglary", you really have to wonder what it is they're actually selling. i'm sure they must be good salespeople, though, if they can sell burglary.

Tuesday, April 5, 2011

i'z in ur jale...

you can find this one here but the original source is this bbc page

Monday, April 4, 2011

that's one way to lock your car


while rooting around for an optimal source for this photo, i found this with 49 other pictures on unique scoop in their post 50 ways to fail at security. looks like i'm not the only one who finds ridiculous attempts at security funny.