Friday, July 29, 2011

i don't always get pwned...

from here

inspired by actual events

where's topiary?

from here (original image found here)

this was inspired by the uncertainty as to whether that guy the british police arrested in shetland the other day is really the anonymous/lulzsec personality known as topiary.

Thursday, July 28, 2011

get cracking

yes, now i'm making my own videos.

this was made with goanimate. i also tried to do the same thing with xtranormal, but in spite of the fact that the characters seem more expressive, there are no props i can use and the voices are harder to understand.

giant ant safety guide

thanks to @OctoberJones for posting this to twitter

apparently someone's having a bit of fun putting up fake safety guides in locations where one might expect to see real safety guides. i'm sure hilarity will ensue.

Wednesday, July 27, 2011


from here

y'know, it's one thing when ordinary users are blind to the existence of non-signature-based anti-virus technology, after all who's there to educate them? but the information security community really ought to know better than to think signature-based scanning is all there is to AV. how is the knowledge supposed to trickle down to ordinary folks if the security folks remain willfully ignorant?

for the after-dinner party?

from failblog

it's never really occurred to me before but maybe bathrooms aren't seen by some people as a place that requires privacy. maybe for some people it's a place were you entertain guests - like with a rousing game of musical chairs (i think you can guess which one is the musical one).

Tuesday, July 26, 2011


from here

the thing that should amaze me (but doesn't) in this brief analysis of passwords from the recent sony compromise is how often passwords are getting reused. think about it, folks: if you reuse a password on multiple sites then when i find out your password for one of those sites, i find out your password for ALL of those sites.

police chase INSIDE jail

found on boing boing (originally from times union)

it seems to me that there really ought to be a better way to catch someone who's already in jail. at the end, with all those officers walking the prisoner back to where he belonged, it was almost like watching an incompetence parade. we won't talk about what kind of parade the progressively unclothed prisoner made me think of.

Monday, July 25, 2011


from here

while sony was a prime example of this, it seems to happen with almost every company we hear about getting breached - they all seem to have unencrypted sensitive data in their databases. while encryption may not be a silver bullet, not trying to protect the data at all isn't even a rubber bullet.

don't stick that in there...

from here (original found the image on techcrunch)

this was inspired by a previous post. i was hoping to find a picture of a baby sticking a USB drive in it's mouth, but this worked out even better.

Friday, July 22, 2011

big little dog

found on boing boing but apparently has made more mainstream media (such as the LA times) as well.

obviously even the smallest and simplest of security measures can be surprisingly effective sometimes.

angry brits

thanks to @Luis_Corrons for tweeting this comic commenting on the reaction to the phone cracking scandal in the UK.

i kinda wish this was an actual mod for the angry bird game. who knows, maybe someone will make it.

Thursday, July 21, 2011

zero day video

found on dual core's site

this is apparently a collaboration between mc frontalot, ytcracker, and dual core. maybe i should be paying more attention to the nerdcore genre.

in case of emergency

from here (but thanks to @jadedsecurity for posting the source pic)

i really don't know what to make of this. i want to believe the sign simply means you need to pull the fire alarm to unlock the emergency exit. but that lock on the fire alarm (who does that?) worries me and makes me think the worst; that you actually need a key in order to pull the fire alarm.

seems like a recipe for crispy critters if you ask me.

Wednesday, July 20, 2011

2 factor authentication humour

from here (but thanks to @wikidsystems, @salgado_bruno, and @luizsrabelo for bringing my attention to an alternate language version of the comic)


from here

i actually don't really care why lulzsec came out of retirement to poke fun at rupert murdoch. this is just pointing out that they said they were done and now, well, clearly not so much with the whole being done business.

Tuesday, July 19, 2011

social engineering

from here (original image source here)

it's not just kids that are vulnerable to social engineering of course, we all are to varying degrees. even i've been conned by a smooth talker once or twice in my lifetime.


from here

it would be nice if we could just trust whatever claimed to be security software, but as often as not these days those claims seem to be lies.

Monday, July 18, 2011

catch 22

from the art of trolling

i gotta say, if this is microsoft trolling users they did a good job. i can just picture folks trying to figure out how to click the allow button when the mouse isn't yet a permitted device. i imagine in the end they'd just be saying FFFFFUUUUUUUU!

who watches the watchers

from failblog

this is, of course, not how you oversee the surveillance department.

Friday, July 15, 2011

i can haz strong passwerdz?

from here but the source of the photo is oddly enough blog

maybe this would help people (well ~50% of people anyways) choose stronger passwords.

would you punch you code into that?

from there i fixed it

sure it could be just a really cheap attempt to repair the keypad, or it could be part of the lowest of low-tech card skimmers. i certainly wouldn't feel comfortable using that.

Thursday, July 14, 2011

WHO wants my location data??

from failblog

i don't know if it's for real, but i have difficulty imagining a better example of why people should be careful about sharing their location data. there are folks in this world you do know want to know your current location, ever.

sometimes crime REALLY doesn't pay

from failbook

if you get the urge to steal something and demand a ransom for it's return, you might want to reconsider. it could end every badly for you. (one might even argue that it should end very badly for you)

Wednesday, July 13, 2011

misplaced priorities

from college humor

you've got to wonder what this guy thinks that hard hat is actually protecting, because it certainly isn't his head. i suspect the ear protection isn't being used because it wont' even reach his ears from there. some things are more important than style, folks.

warning signs

from don't panic

you really shouldn't ignore warning signs or other indicators. they're there for your benefit and protection.

i hope neither of those kids has an 'accident'.

Tuesday, July 12, 2011

little red riding mood

made by facemoods, found on and found thanks to @FSecure

apparently facemoods have a number of videos, but not all of them have to do with social networking security / privacy. the little red riding mood series of videos do appear to be about that topic, however.

scratch and win without the scratch

from failblog

i don't know which is funnier, that the scratch-off film missed the secret box entirely, or that someone still bothered to scratch it. it just goes to show you need to check the quality of your security efforts or your secrets may very well not actually be secret.

Monday, July 11, 2011

you can't trust anything anymore

from justacowboy's photobucket account (i hope he mean to share all that with the entire world)

you gotta admit, goslings are a pretty effective decoy. most people would be looking at the babies rather than the parent.

identity thief did what?

from failbook

normally you can't expect this kind of outcome when someone steals your identity. do not try leaving your own account in the hands of strangers. also, don't accidentally leave your account logged in as clearly other people like to make mischief at the expense of those who do. it would probably be safest to only check your facebook or other accounts from a computer you own/control.

Friday, July 8, 2011

perception of privacy

from picture is unrelated

in theory there actually is privacy in this washroom, but i still think i'd have difficulty using it because it very clearly makes it seem like there is no privacy. i guess the perception of privacy (or for that matter the perception of security) can be important after all.

passwords are like...

thanks to Tomasz Miklas for posting this

i can't decide if the password advice on this shirt is meant to compare passwords to underwear or to diapers. the picture kinda doesn't help. all good advice though.

Thursday, July 7, 2011

privacy awareness win

from allytibbitt's flickr stream

some people think privacy is dead because nobody cares about it anymore. clearly more people care about it than some might like to admit. a concern for privacy is clearly still part of the public consciousness.

what failure to understand protection looks like


oh, if only there were some sort of head mounted sun-blocker so that he wouldn't have to hold his hand up like that through out the entire game.

Wednesday, July 6, 2011

Y U No Remember Password?

from memebase

alright, who's a frustrated tech support person?

scammy UI fail

from the art of trolling

i've always hated those pop-ups that try to plead with me not to leave the current page. i've always thought there must be something unsavoury about the page if they have to do that (like emails that start with the words "you don't know me but..."). it's funny to see one that is so shoddy in it's construction that the button it asks you to press in order to stay isn't even present.

Tuesday, July 5, 2011

make believe security

from game maker chronicles (thanks to paperghost for the find)

although the compromise after compromise after compromise seems to finally be over for sony, the underlying story isn't. we'll have to wait and see what comes out of the law suits, and whether the share holders can force the CEO to step down. the accusation that they fired a bunch of security staff before the problems began is very interesting though.

keep your car on a short leash

from that will buff out

once again people are using the bicycle security model on a car. considering how poorly that works for bicycles (they do get stolen a lot) maybe folks should rethink using this approach on cars.

Monday, July 4, 2011

keeping a lid on things

from there i fixed it

i'm not really sure what they're trying to 'secure' here. it seems like an extreme measure. i almost want to take a hammer to the tank to find out what they've got hidden i there - and that makes this a security fail.

they're either using security tools inappropriately (where security isn't needed) or they're trying to secure the unsecurable (locking the door of a glass house).

stop forwarding that crap to me

thanks to weird al yankovic for this awesome song (and thanks to mikko hypponen for drawing my attention to it's existence)

there are all sorts of things in the song that ring true, from hoaxes to chain letters to social engineering to the importance of BCC:. from your lips to their ears, al. i hope it wakes some people up.

Friday, July 1, 2011

if you think the word "indestructible"...

if you think the word "indestructible" has any place being used to describe malware then you might be a security idiot.


well you can't beat that

from virtual shackles

so if leaking user info really is the goal there are 2 obvious ways to go about it. break into an organization, steal their data, and post it on pastebin like lulzsec did - OR - get hired by an organization which makes leaking user info part of it's business model. what an elegant solution.