Tuesday, December 31, 2013

If it walks like a duck and quacks like a duck

from here

Because the FBI can't stand that the NSA is having all the surveillance fun, they're finding creepy ways to spy on people too.

(inspired by Christopher Soghoian)

Such joke. No laugh.

found on techcrunch

Part of me find it hard to believe people actually took a crypto-currency named after an internet meme serious, but apparently there was enough money in dogecoins to make it worth stealing 21 million of them. Apparently that's about $12,000.

Monday, December 30, 2013

Maybe we shouldn't expect the browser to do EVERYTHING

from here

Ed Bellis tweeted about some research into the security of password managers. Although I am a strong proponent of password managers, I also think you can't trust browsers - I'm sure you can do the math.

What 'smart' TVs are for

found on memebase
Honestly, you have to wonder who thought reporting viewing habits and filenames back to home base would be useful. It's not like TV makers also make content, so who was that data really for?

Friday, December 27, 2013

Inspected by the NSA merch

click here for this item or here for all the items with this design

This is another idea I had for NSA themed merchandise. I figure the NSA are sticking their noses into everything so how best to represent how creepy that is? Maybe by putting "Inspected by the NSA" on things like underwear, or shower curtains, or even a Christmas stocking (surely they'll know what Santa is giving you before you find out). It's also on some more banal things like bags and device covers.

Does it qualify as a conspiracy theory if everyone is thinking it?

found on memebase

I somewhat doubt the government would need to mount cameras on Amazon's drones. I fully expect cameras would be standard equipment (for the purposes of finding out what went wrong when something inevitably does). All the government really has to do is hijack the video feed.

Thursday, December 26, 2013

Not the NSA merch

click here for this shirt or here for all the things with this design on it


This was inspired by a rather widely shared photo of Chris Boyd at a Homeland Security booth. I thought to myself "who is more hated than terrorists now?" and of course the answer was obvious. As usual there's a zero percent mark-up for me, but printing on 2 sides apparently increases the cost, so these are a little more expensive than some of the other shirts I've done.

Someone really put the ANAL in analyst

found on the art of trolling

I suspect if you confronted people with this picture, many would claim it's a fake. It may well be, but considering they spy on porn habits it's also entirely possible. Still think if you've done nothing wrong you've got nothing to hide?

Wednesday, December 25, 2013

That's my malware scanner

from here

There have been a number of acquisitions over the last year or so, and some of them have in fact affected products I use. There isn't really any way to know what to expect from an unknown quantity. Unfortunately this tends to affect the smaller, more innovative shops more than the behemoths like Symantec.

A Christmas Warning From The NSA



Who got coal in their stocking this year? Apparently the NSA did. Hopefully GCHQ, CSEC/CSIS, and others did as well.

Tuesday, December 24, 2013

Terrorizing Santas Administration

from here (source image)

I just thought the title of this Lowering The Bar post could be taken a bit further

Google Blackmail



No, this isn't the next version of GMail (or is it?) but rather a comedic comment on the lengths Google appears willing to go to to strip you of any kind of privacy at what is almost certainly the worst time to be taking user privacy lightly.

Monday, December 23, 2013

I predict next year's predictions will be as bad as this year's predictions

from here

Security predictions always seem rather Shakespearean if you ask me. Tales told by idiots, full of sound and fury, signifying nothing.

What the Government Thinks of Citizens Who Want Their Privacy

found on memebase

Unfortunately, I suspect there's more than a little truth in this. Authorities don't like to be questioned, and they react poorly when they are.

Friday, December 20, 2013

The "Internet Of Things" is going to be weird

from here

Computers that no one use like a computer are computers that no one is monitoring or keeping secure. Maybe there won't be bitcoin mining trojans on pacemakers in the near future, but in fridges? Cars? Phones? Sure, why not? The processing power is certainly there.

Joshua Corman: The hacking of all things



I don't want to promote fear, and I doubt Josh does either, but sometimes there are very real concerns that society as a whole ignores - to their detriment. Maybe the concerns mentioned here are worth a second look. [updated 2013/12/22 because the original video got removed]

Thursday, December 19, 2013

You might even say he PREFers them

from here (source image)

This picture mocking the NSA's use of Google's PREF cookies to spy on and compromise people was originally tweeted by Parker Higgins, I mostly just added his caption into the picture itself.

Hope you don't get indefinitely detained

found on google image search

Isn't it funny how what was once thought of as a savior is now though of as a threat. Almost like a trojan horse.

Wednesday, December 18, 2013

Always look a Trojan Horse in the mouth

Always look a Trojan Horse in the mouth

Inspired by a tweet by SecurityHumor in which he adapted the old idiom about never looking a gift horse in the mouth by replacing "gift" with "trojan". Obviously, though, trojan horses aren't good gifts so you probably want to do the opposite in that case.

[2017-07-15: edited to add this because the Internet loves images]
from here

Don't post photos of your credit/debit cards

source tweet

Regardless of the veracity of this particular instance, people do actually post these kinds of pictures, and those consequences are entirely realistic - someone can and probably will use the information in the photo to make fraudulent purchases.

Tuesday, December 17, 2013

Sometimes size really does matter

from here (source image)

Sometimes security measures go to far, but sometimes they don't go far enough and are inconsequential as a result.

Thank Snowden

tweeted by Mikko Hypponen

Thank Snowden we've found out about all these abuses of power and surveillance that's been going on.

I wonder how much difference there is between Snowden and a prophet.

Monday, December 16, 2013

Another lie exposed for all to see

from here

Oh, France. Can't you see what kind of problems this sort of thing is already causing the Americans and British? Do you really want a piece of that action?

USB business cards? What could possibly go wrong?

from here (source image)

This is based almost entirely on @hillbrad's tweet, but I did take it upon myself to make a slight correction

First world security problem?

tweeted by Andreas Lindh

I probably would have gone with a different pic for this, but the lesson is the same - doing this is a problem.

Friday, December 13, 2013

NSA is coming to town

You better watch out
You better not try
To keep a secret
I'm telling you why
NSA is coming to town

They're making watch lists
And checking them twice
Grab your data
As you get off your flight
NSA is coming to town

They hear you when you're speaking
They know how you behave
They know if you click on that link
So don't click for goodness sake

Oh, you better watch out
You better not try
To keep a secret
I'm telling you why
NSA is coming to town
NSA is coming to town

I came up with this back in September, but that was way, way too early for Christmas songs. Also, I can't yet execute on song parodies quite as well as organizations can so good on ya ACLU for coming up with a parallel idea.


Maybe it'll still work if it's detached

tweeted by They Might Be Giants

I don't think we've really plumbed the depths of the problems biometrics present us with.

Thursday, December 12, 2013

Three legs and spam

I would not like a giant dong
I would not like it all day long

I would not like your sketchy pill
I would not like to be made ill

I would not like to slow-rub in
Your creams and lotions from a tin

I would not like to impress men
If my towel falls again

I would not like to stop divorce
By being hung like a stud horse

I would not like to drown my date
In juices meant to impregnate

I would not like to make her gasp
Or have my thing exceed her grasp

I do not like enlargement spam
I do not like it Scam I Am

"Green Eggs & Ham" meets enlargement spam. I'm sure I'm not the only person who was heavily influenced by Dr. Suess as a kid.

Remember the good ol' days?

tweeted by @bartblaze

I remember too, Pepperidge Farms Guy. I remember too.

Wednesday, December 11, 2013

Finally, a password worse than '123456'

from here (source article)

It's amazing to me that we managed to survive the Cold War with security practices that bad.

World of Warcraft: NSA Edition

tweeted by @_cypherpunks_

I suppose from that vantage point a spy could see a whole lot.

Tuesday, December 10, 2013

Fear the giant space Kracken

from here (source image)

This is a real logo placed on a real spy satellite by the National Reconnaissance Organization, one of the many organizations overseen by James Clapper (that guy who lied to Congress about government spying), the Director of National Intelligence. Apparently the Office of the Directory of National Intelligence live-tweeted the launch of a classified spy satellite (OpSec?) emblazoned with this logo.

Let me just say, if your organization identifies with a giant space Kracken, there's something wrong with you people.

That's my username

found on memebase

Normally the only one of those you can't actually see is your password, which means you should be able to tell if it's your username that's wrong. That is unless you've forgotten your username and are trying to guess it, but usually the people trying to guess that sort of thing aren't the real account holders and helping them make better guesses kinda makes security worse.

Monday, December 9, 2013

Secret farming

from here (source article)

I think it's telling that there's no indication that this ever foiled a terrorist plot. The idea of terrorists using online games to organize their terror plot seems like something out of the movies rather than real-life. I suspect this has more to do with giving analysts an avenue to goof off than collecting actionable data.

Social Media Experiment



Thanks to Martijn Grooten for tweeting this interesting (and a little scary) demonstration of how people might misuse the information many people are broadcasting on social media sites everyday. Be careful what you post, and see what you can do to take the location info out of it.

Friday, December 6, 2013

So different and yet so similar



They both closely examine planets. They both search for particular kinds of transmissions. It's a shame the one we like is getting less and less money while the one we hate is getting more and more.

I suppose I could have posted this back when attackers defaced NASA's website with anti-surveillance messages, but posting it now in light of the NSA's planetary-scale surveillance of cell phones will just have to do.

Maybe you should use a password manager

found on memebase

If this is how you feel then you should maybe stop trying to do passwords like a caveman and use modern technology to help you.

Thursday, December 5, 2013

Hacker Moms don't need your condescension

from here

Inspired by Alex Hutton. If you're replacing "an uneducated user" with "your mom" then maybe you need to grow up.

Can you solve this puzzle?

tweeted by Kim Zetter

Think you can solve this puzzle? There is already an answer if you look at the replies Kim Zetter received on Twitter, but if you want to try and solve it yourself then don't follow the link to the tweet or it'll spoil the surprise.

Wednesday, December 4, 2013

Anti-Virus, Anti-Spyware, Anti-Malware, Anti-Bot, Anti-Rootkit, Anti-...

from here

Really, since "Malware" covers all of it anyway, they should have stopped with Anti-Malware, but you can't make money without something new.

Tactical coffee mug?

found on Incredible Things

This is an actual thing that you can buy. I'm not sure if this would help scare pesky people away from your cubicle at work, but if inflatable tanks fooled Hitler then who knows?

Tuesday, December 3, 2013

Leaking data through the sound card is a different matter entirely

from here

With the attention being paid to badBIOS and new research into covert acoustic networks, there are some people getting the impression that their computers can get infected through sound alone. They can't. Sound can be used for communication between already infected computers, but the actual infection still has to use more traditional methods like clicking on links or plugging in tainted flash drives.

(Inspired by Graham Cluley)

The Internet makes everything more convenient

tweeted by Brian Krebs

Now that's some customer service, right there.  I don't know if it's actually just as easy (I tend to think you'd need to try both ways to know that for sure), but robbing banks online certainly is fairly easy, as Brian Krebs has reported on countless times.

Monday, December 2, 2013

How long before Amazon becomes part of PRISM?

from here

People are already afraid of commercial drones being used to invade their privacy. Some take the threat so seriously they even talk about shooting them down. Could the NSA resist such a tempting new potential spy platform?

Are you feeling plucky, punk?

found on memebase

I don't know if it's really a duck, but I'm sure you don't want to get on it's bad side, whatever it is.

Friday, November 29, 2013

The perfect crime deserves one of these

from here (source image)

I don't think it's a stretch to imagine he did not get away from the police.

Security Questions



Predefined security questions always run the risk that they aren't necessarily applicable. It's certainly better if you can define your own question, but it's even better if you don't give the true answers that the security guy in this video insisted on, because the true answers are frequently known by others or can be guessed or looked up. The security guy in the video does make a good point about lies being harder to remember, but relying on memory for authentication details doesn't scale anyways. You might as well use your password manager to store your secret questions and the lies you use as answers.

Thursday, November 28, 2013

Anything you view can and will be used against you in the court of public opinion

from here

I can't think of any reason why using porn viewing habits as a political weapon against people shouldn't be viewed as the weaponization of porn.

We stand on the shoulders of giants

tweeted by Wim Remes

Wim Remes tweeted this picture and I thought it was a really nice way to honour some of the great minds who we've lost. There's just one problem - not everyone instantly knows who those people are. I myself could only identify 3 of them with any certainty (I was pretty sure about a 4th, but I had to google it just to be sure).

So, I'm going to put names to these faces for the benefit of those who don't know who they are. Top row, left to right is C├ędric Blancher, Peter SzorFlorian Hufsky. Bottom row, left to right is Barnaby Jack, Aaron Swartz, Len Sassaman.

Wednesday, November 27, 2013

Stay terrorized my friends

from here (source Obama image)

I didn't think they'd sink to this level. At least not as part of official policy. Apparently I was wrong.

First they came for...

original tweet

So what would it take to keep everyone silent while this goes on? I can't think of anything other than complete ignorance. Only by keeping everyone in the dark could they do this without causing an uproar.

Tuesday, November 26, 2013

Customer Relationship Management Fail

from here (source image)

Everyone is vulnerable in some way or another through their payment pathway, even crooks. You either need to figure out a way to maintain trust in those connections, or a way to negate the risks associated with untrusted connections.

That seems like a bulletproof argument

tweeted by Tal Klein

No idea where you can buy a shirt like this (let me know in the comments if you find it somewhere) but it makes a good point about trusting what vendors tell you about security.

Monday, November 25, 2013

Maybe just certifiable

from here

Inspired by @aloria. Sorry to say, but she's not the only one thinking that.

Huge Data Collection by the NSA

found on truthdig

It seems to me that if you collect everything (and apparently the NSA and GCHQ do just that) then you're going to have a heck of a signal-to-noise problem to overcome. Spam and other malicious email makes up an outrageous proportion of the email traffic in the world and they need to be able to ignore that junk. Imagine the amount of money they must have thrown at that problem over the years. I wonder if there's anything they could teach us about filtering out junk.

Friday, November 22, 2013

Keeping a slip of paper in a secure place is inconceivable!

from here

Pardon the iconoclasm, but there's nothing inherently wrong with writing down your password. The trouble arises when you do so and then take no steps to keep the paper you wrote it on secure. What most envision when writing down passwords is writing them down on Post-It notes and sticking them to your computer monitor where anyone who gets access to your computer can find and read them. That is certainly the most popular scenario, but it doesn't have to be the only one. Years ago Bruce Schneier suggested writing down your password on a slip of paper you keep in your wallet (and I created something specifically for this task). That way the password would be as secure as your credit card.

Writing passwords down basically changes an information security problem into a physical security problem. The written down password essentially becomes a token, like a key for a lock. So long as people are aware of that, they should be able to deal with the problem effectively. People tend to have a better intuitive grasp of physical security than they do of information security, anyway.