Tuesday, May 31, 2011

beer is dead. long live beer.

beer is a dead technology. it's useless. beer doesn't work as advertised, the way people wish it did. don't believe me? grab yourself a cold one and look around - there's no bevvy of buxom beauties ready to jump out and start fawning all over you. beer is an outdated model, it just can't keep up. beer manufacturers aren't innovating. they need to start innovating so they can find a way to do what they claim they can do.

(inspired by this and just about every other person complaining about how AV doesn't meet the expectations that marketing gave them)

Monday, May 30, 2011

TSA Gangstaz [NSFW]

i don't think i've ever warned about content that was not safe for work before (perhaps i should have) but this is offensive enough that it really deserves the warning.

Friday, May 27, 2011

panda vs the malware invasion

as is usual for marketing material from an anti-malware vendor, this was more than a little over the top - but it's done in such a way that i think that over-the-top quality was actually meant to be obvious.

Thursday, May 26, 2011

clearly breakfast is the most offensive meal of the day

originally from nbcmiami (and there's more than what's shown in the screen shot)

i'm not sure why you'd trust your bagel to the overhead compartment (i'd expect it to get squished by other people's baggage) but jeez, it's just a bagel.

maybe they were worried about that cream cheese - you know how dangerous that can be.

Wednesday, May 25, 2011

t'was the night before scareware

from failbook

some good comments here but someone give that last commenter 100 internets 'cause s/he wins.

Tuesday, May 24, 2011

do the TSA Pokey Pokey

thanks to @InsiderThreats for posting a link to to this.

Monday, May 23, 2011

this isn't the magic kingdom you're looking for. move along.

from boing boing

when i first read the headline i thought they were adding a security checkpoint to control access to the ride. that's pretty ridiculous all by itself and had me imagining what kind of crotch molesting pat-downs would be happening at a place that (lets face it) caters to kids. but as i read further it became clear - the security checkpoint isn't to control access to the ride and keep bad people out, it's actually part of the ride.

it seems someone thinks security checkpoints could be an enjoyable experience worthy of adding to a theme park. that just makes me wonder about what kind of happy endings they've been getting at their regular security checkpoints. and isn't disney the wrong sort of theme park for that?

Friday, May 20, 2011

R.A.M. #infosecbands

with this blog focusing on the intersection of security and memes, i think i'd be remiss if i didn't mention a meme that swept through the information security community on twitter today. if you do a search for #infosecbands (or just follow the link) you'll see what many of us were having fun with for at least part of the day.

if you can come up with a band name that both sounds similar to a real band (or musician) and has terms in it that make it sound like it was made up by someone in the infosec community then you should play along. a couple i came up with (though i'm probably not the only one) were checksum 41 (from sum 41), ping missile (from king missile of "detachable penis" fame), and the tragically HIPAA (from the tragically hip). i also saw ones like barry whitelisting (from barry white), malware manson (from marilyn manson), or green 0day (from green day).

[and the title of this post? think of the band R.E.M.]

some access controls are easier to bypass than others

from failblog

a gate without fencing is about as useful as a door without walls.

Thursday, May 19, 2011

safe ATM use? bring your wife

from the jeff lewis 5 minute comedy hour

quite a clever setup for this gag - it turns out completely opposite from what you expect at the beginning and yet somehow the outcome doesn't seem that far fetched. so much for the meek inheriting the earth, though.

Wednesday, May 18, 2011

i show pruf uv ay dee

from here

must have been trying out for america's dumbest criminals.

Tuesday, May 17, 2011

look who's watching your keystrokes now

from i can has cheezburger

spyware isn't normally this cute and cuddly.

Tuesday, May 10, 2011

bravery or stupidity

from memebase

ok, sometimes doing risky things might be considered brave, but other times it's just plain stupidity.

if you're still using IE6 (whether for browsing free porn or anything else for that matter), guess which camp you belong in.

Monday, May 9, 2011

security small talk

pursuant to a brief discussion i had with @diami03 (aka michelle k.) on twitter earlier today, some thoughts popped into my head.

specifically, with regards to how well known the concept of the nigerian 419 scam is, i said

she was not happy with that. admittedly it was a rather crass way of expressing the principles i had in mind, but i stand by them (even if i also find them disappointing).

put differently there are two things in play. the first (and probably the one most are familiar with) is that people often prefer to be entertained rather than informed. if i'm being totally honest, i feel the same way sometimes.

the second is that (at least to my mind) a good indicator of how well our culture has assimilated a particular piece of information is how easily/frequently that information finds it's way into everyday chatter (i.e. small talk).

now normally my memetic ramblings are intended for the broadest audience i can manage, but this is a special case. injecting security into small talk logically must start with the people who are security aware. many security geeks probably already do this to a certain extent - after all, if people can talk about the weather or last night's game, why not security topics too?

now i'm not the best person to advise on how to engage in small talk (far from it in fact) but there are a few things i think are self-evident. first and foremost is that this is not an opportunity to give a lecture, or to talk like you're presenting at a conference. most people don't want to go back to school and if you start sounding like a teacher they're going to tune you out. so how can you shoot the breeze about security with non-security folks? here's a few strategies:
  1. everybody loves a spectacle so keep your eye out for them and use them opportunistically. database breaches aren't sexy or interesting, but sony's loss of over 100 million private records breaks the boredom barrier by sheer size alone. so much so, in fact that you may well find that people have already heard about it in the mainstream media. that's a bonus, it means you can talk about something they've already heard about.
  2. if they're really your friends then it stands to reason that they have at least a modicum of interest in how your day was. did you see a nigerian 419 scam in your email today? great, mention that in passing. did you see two or more of them in the same day? even better. after all, how many dead princes (or whatever) can there really be out there? if wealth and death are as strongly correlated as those scam emails suggest then i think i'd rather stay poor.
  3. when you mention things that you think might directly affect them, you're showing concern about them, you're showing an interest in their well-being. everyone wants their friends to be interested in them in some way so that display of interest should make them perk up their ears and take notice. i used this strategy myself with the epsilon breach, sending links to to the list of affected merchants to some of my friends so that they could look over the list and see if the breach was likely to affect them personally.
if you're concerned about the quality of information that is passing from person to person, it's up to you to help put better information into the mix. don't be afraid to throw in a few security topics when chatting with friends. they probably already know you're a security geek so they'll understand why you're interested in it, and if you can make it even a little bit interesting for them then they might pass it along.

if you log in as an administrator...

if you log in as an administrator just to do simple tasks like surf the web and check your email then you might be a security idiot.

(hint: "principle of least privilege". log in as a normal user and use right-click->"run as" for those few times when you really need administrative access in your day-to-day computer use)

Wednesday, May 4, 2011

viruses are not like pokemon

from quickmeme

computer viruses are a little like the opposite of pokemon - they're way too easy to catch and you do not want.

Tuesday, May 3, 2011

exposing yourself online

i found this on trend's countermeasures blog and it makes a really clear point about our tendencies to over-share things online without regard for our own privacy.

Monday, May 2, 2011

security software can't fix stupid

from failbook

i hope you weren't under the mistaken impression that anti-virus software can protect people from themselves, because clearly it can't.