Wednesday, February 29, 2012

i'z stuk in ur bak door...

from here (source image)

well, i suppose if you're going to fail at burglary, you might as well give the rest of us something to laugh at.

be careful what you share



wow, when failbook called this creepy, they weren't kidding.

Tuesday, February 28, 2012

if you care about it, put a lock on it

found on There, I Fixed It

ugly though it may be, in the event that there really is someone going around stealing car parts, if the condition of this car doesn't deter them, this security measure actually would raise the bar of difficulty for such thieves.

it seems like it could actually be an effective security strategy, if only the threat didn't seem so imaginary.

tracking devices leave no tracks when turned off

from here (image source)

i couldn't help but laugh upon reading that the FBI had difficulty finding some of the 3000 GPS tracking devices they switched off in response to a recent court ruling.

Monday, February 27, 2012

not above the law


found on failblog

great to see that at least sometimes the police are not above the law. not so great to see an off-duty cop putting peoples lives in danger or not complying with the the officer trying to pull him over sooner, almost like he thought he could get away. you've got to wonder about a cop who thinks he can succeed by acting like a crook.

you're a spambot, harry

found on memebase

this isn't just in funny pictures online. more and more i'm seeing CAPTCHA's that use characters that bare no resemblance to anything i can actually type with my keyboard, leading me to one inescapable conclusion - you need to use magic to solve these things; they're CAPTCHAs for wizards.

Friday, February 24, 2012

self defense

from here (source image and true explanation)

so, they're not actually for self defense, and apparently they're not even really brass knuckles (which is good because then it'd be against the law to carry them, possibly even this way), but i can't be the only one who looked at them and wondered "how can they use those now?"

still entering my password, don't look

from here (source image)

what do you think? would pants like these promote passwords with more complexity, or would he simply be hitting the same small group of keys over and over again?

Thursday, February 23, 2012

malware on stepheniemeyer.com

from here (image found on this avast blog)

really, of all the places you could put malware, someone decided to put some there? haven't her fans suffered enough already?

APT: You keep using that term

from here

APT (advanced persistent threat) is abused and misused so much by security marketing departments (and people who aren't in marketing but are still doing marketing) that abusing the term has itself become a meme. it really needs an anti-body meme to counter it.

Wednesday, February 22, 2012

cybershima

from here (image source, inspiration)

there's a term that gets bandied about in some security circles - cyber-douchery. the coining of this new and decidedly scaremongering sort of term really seems to qualify as cyber-douchery.

that's not to say the topic of SCADA vulnerability to attack isn't real or isn't scary, it is, but cyber hiroshima? really? there's no need to evoke irrational responses from your audience.

crackopoly

from here (unmodified source image)

are you thinking what i'm thinking? 'cause i'm thinking someone should actually make this monopoly variant called crackopoly. no doubt some would prefer to call it hackopoly, but it appears that one's already been done (and with a much more appropriate definition of "hack" it seems).

Tuesday, February 21, 2012

i can haz low profile page?

found on failbook

sometimes i get the feeling that the concept of keeping a low profile (a necessity for a criminal) is more confusing to people now that we have facebook profiles. obviously there's no "low" setting on them, and even if there were, it would probably be talking about privacy where "low" would  be the last thing a crook would want. hurray for dumb criminals.

the more information you put on your phone, the more valuable your phone is to bad people

the more information you put on your phone, the more valuable your phone is to bad people

 just a little reminder that bad things can happen to good features.

Monday, February 20, 2012

who let the cops out

from here

i've heard of cops tailing someone, but i never knew they could chase their own tail.

when someone asks if your system is insecure, you say YES

from here (source image one, two, and three)

while it may not always be the case that gatekeeper + USB key = destruction, the fact that gatekeeper is wide open to USB and other removable media (not to mention LAN) is certainly inviting trouble.

Friday, February 17, 2012

wrong kind of threat

from here (source image)

now, unless microsoft security essentials has begun adding detection for business threats, i think it's safe to assume the alert on google's main page is a false alarm. but you could almost believe this was on purpose, couldn't you?

funny money? who's laughing now?

found on failbook


some things just shouldn't be discussed online. this is one of those things.

(of course it would be even better to not commit crimes in the first place)

Thursday, February 16, 2012

if you think you can prevent laptop theft...

if you think you can prevent laptop theft by attaching a little cable to the plastic housing, you might be a security idiot.

(simply keeping the laptop with you at all times does a much better job of preventing theft)

would you like spies with that?

from here (source image)

just another jab at apple for being so permissive about apps that steal personal info from users.

Wednesday, February 15, 2012

noticing anomalies

from here (thanks to @Rob_OEM for pointing out the source image)
attention to detail is kind of important in security. you've got to be on the look out for things that are out of place, things that don't belong - like those letters don't belong in that order. 

of course, the spelling isn't really important for security, but i suspect the score of that game isn't either.

impersonating a traffic camera?


found on boing boing

this is, of course, prank (and a pretty funny one at that). but it's a prank where the prankster is posing as something that's supposed to represent authority. the authorities don't take kindly to people impersonating them or anything connected to them - the opportunities to damage their credibility is too great.

of course, in some countries, the authorities are quite proficient at damaging their own credibility.

Tuesday, February 14, 2012

roses are red, violets are blue...

from here
here's a special post to commemorate this unusual conjunction of valentines day and patch tuesday. not sure how often this happens, but i bet it's not often.

Roses are red,
Violets are blue,
Microsoft has
Some patches for you.

maybe you shouldn't spread the love

found with google image search (apparently this is part of the marketing for a video game, so...)

just another reminder to be careful about opening those online valentines. you never know what you'll find inside them.

online valentines are usually all thorn and no flower

something to keep in mind this holiday season is:
online valentines are usually all thorn and no flower.
an unfortunate truth that the love lorn have discovered over and over again. you'd think people would have learned their lesson with the loveletter email worm, but hope springs eternal it seems.

Monday, February 13, 2012

shooting yourself in the foot


found on boing boing

figuratively, shooting yourself in the foot means that you ruin your ambitions or career. presumably that came from a literal case where someone actually shot themselves in the foot and it ruined their plans - not unlike this fellow.

Friday, February 10, 2012

evidence & passwords

from here

if, in 2012, you're still trying to get at data on a laptop you confiscated back in 2010, your chances of success are not good. ramona fricosu, who was ordered by the court to decrypt the data on her laptop, could probably make a pretty compelling argument along these lines right now.

if you expect a defendant to remember...

if you expect a defendant to remember an encryption key years after  you confiscate their data, you might be a security idiot.

(inspiration)

Thursday, February 9, 2012

look at my rogue, my rogue is amazing

i can't really explain how this popped into my head, i can only show you that it did.


look at my rogue
my rogue is amazing
give it a click
-hmm, looks like i need saving


with a change of it's name
it turns into a game
of cat and mouse with the lame
'till i recompile it's source
-ooh that's much worse


do you think so?
well i better not show
you how the fake AV is made
1337 fake AV, mmm 1337 fake AV
1337 fake AV, yeah 1337 fake AV


install my rogue
i'll save you on the internets
and all the other websites too
-i think you'll find that the internet pretty much covers everything
shut up victim, install my rogue
(in case you don't know 1337 is pronouced 'leet' and is a slang version of the word "elite")

this is, of course, a parody of the amazing horse song from the makers of weebl and bob, but this one talks about rogue security software aka fake antivirus aka scareware.


i can haz spyware?

from here (image source)

y'know, by any reasonable, functional definition, downloading personal information without the user's knowledge or consent qualifies an app as spyware. i doubted path was the only company who did this, and in fact it turns out that many have, so it seems to me that there is in fact malware in the iOS app store right this minute. there's no anti-virus though, because apple won't allow it.

all hail the security of the walled garden.

Wednesday, February 8, 2012

if you wave people through security...

if you wave people through security because they happen to have something resembling a badge then you might be a security idiot.

(inspiration)

adware in your pocket

from here

whether or not things like android.counterclank qualify as malware or not (do the intricacies of malicious intent really matter when the unanimous consensus among users is that it's unwanted?) is of secondary importance to me. what really boggles my mind is that mobile app developers are actually falling for this con when desktop adware is still so fresh in people's minds (well, my mind, at any rate).

Tuesday, February 7, 2012

access all the things

from here

i have it on good authority that some employers actually do give contractors more access than their own employees. pretty ridiculous if you ask me.

if you give outside contractors more access...

if you give outside contractors more access than you give your own employees, then you might be a security idiot.

(inspiration - though you have to ask @diami03 for permission to be able to see it)

Monday, February 6, 2012

malware support

from here

just taking a little pot shot at the citadel trojan that brian krebs detailed back in january

Friday, February 3, 2012

veribad, verisign. veribad indeed.



so apparently verisign was breached back in 2010 and has yet to satisfactorily explain the details of what happened. not a good way to behave when much of the security of the web depends on you being trustworthy.

(unmodified image sources one and two)

if you think using a taser...

if you think using a taser is an appropriate response to someone walking their dog without a leash, you might be a security idiot

(inspiration)

Thursday, February 2, 2012

i don't always participate in DDoS attacks...

from here

so apparently someone in anonymous finally figured out how to provide their DDoS minions with plausible deniability, even if they can't provide them with actual anonymity. low orbit ion cannon has been made into a web-based version that people can be tricked into visiting and launching attacks from their browser.

TrueSuccess

from here

inspired by the news that a US court has decided that the 5th amendment can't be used when it comes to encryption

Wednesday, February 1, 2012

windows guilt accuser

from here

sometimes the line between malware and legitimate software isn't as clear-cut as we'd like (such as opt-in adware, or spyware to monitor prison inmates) so i started to wonder (genuinely) whether windows genuine advantage could qualify as a kind of ransomware. after all, it does demand that you (if you have a pirated copy of windows) pay microsoft for a legal copy of their software and prevents certain functions until you do.

ransomware vs. backups

from here

apparently ransomware (malicious software that demands a ransom in order to regain access to your computer or prevent notification of authorities to supposed illegal activity) is on the rise. we'll see if backup media will follow suit.