Friday, August 30, 2013

adding complexity where none is needed

from here (source image)

thanks to ben nunney for tweeting this excellent example of what happens when you add needless complexity to something that would otherwise be simple - it crashes.

know your adversaries

posted on google+ by alan lovejoy

everyone seems to be becoming an adversary these days. i don't want to call them enemies, but they definitely are acting against the interests of ordinary people.

Thursday, August 29, 2013

they see me creepin', they hatin'

from here (source image)

not that i want to be giving creepers any pointers, but a ghillie suit is not how you go about going unnoticed at the beach. at least not unless the beach has a lot of seaweed.

your controls are in another silo, mario

tweeted by chris sistrunk

if i'm not mistaken, i believe this graphic is meant to suggest that compromising SCADA systems is about as hard as playing old-school video games - in essence, even a kid could do it.

Wednesday, August 28, 2013

nobody puts AV in the corner

from here (source image)

i don't know why people keep thinking this technology or that technology are going to kill the anti-virus market. you'd think after predicting it for a decade or more and seeing it fail to happen over and over again they'd learn.

sometimes security is just for show

found on thechive

can you see what's wrong with this picture? yeah, that lock doesn't actually lock anything. it's basically a kind of security theatre, and like most security theatre it's related to theatre of the absurd.

Tuesday, August 27, 2013

flying lobsters are the new phish bait?

from here

remember folks: when surfing the internet, avoid the phish and flying lobsters (yes, this was a real email)

user hazard warning label

tweeted by violet blue

just in case you're wondering, cross-site scripting (XSS) has nothing to do with tentacle porn coming alive and reaching out of your computer screen.

Monday, August 26, 2013

trolling scammers

from here (described in this tweet by marco tabini)

game of drones

found on

now it turns out (unsurprisingly, i'm sure) that game of drones is an actual thing, not just political commentary about the current administration. not sure if it's a good or bad thing, though.

Friday, August 23, 2013

who do you trust?

from here (source image)

i suppose in this case darwin will weed out at least some of the untrustworthy ones.

creepy uncle sam's webcam

found on memebase

ordinary people have lost trust in their government. that's what happens when you abuse your power.

Thursday, August 22, 2013

how not to disguise yourself

from here (source image one and two)

people would probably be less inclined to think that was a cop car if it simply didn't say anything. nice touch with the reverse text on the bumper there - so you can deny being a cop even in people's rearview mirrors.

ghost in the machine

tweeted by shari vanderwerf

well, that's one way to teach people the importance of securing their wireless devices.

Wednesday, August 21, 2013

to serve and protect

from here (source image and caption)

in case all the abuse of power amongst authorities has made you forget what a good cop looks, here's one actually trying to help protect his fellow man.

i always feel like obama's watching me

wow, the folks at NMA are really good at song parodies.

Tuesday, August 20, 2013

trust is a fragile thing

from here (source image)

as if you can just tell people who they should trust. that is a decision each of us makes for ourselves, and if you have to say something like that then you've already lost our trust.

keep calm from defcon

tweeted by violet blue

Monday, August 19, 2013

stop reporting, you're scaring us

from here

inspired by this tweet by trevor timm

how times have changed

posted on facebook by anonymous

it's amazing to think about how much more the president can get away with these days. as if the terrorists made whoever holds the office of president much more powerful than they could have been otherwise. when companies use fear that way we call it FUD (fear, uncertainty, and doubt), but when governments use fear that way what should we call it?

Friday, August 16, 2013

will you be my friend?

from here (source image)

social networks are not a competitive sport. you don't need to have the most 'friends'.

bullied online? computers have a way to shut that whole thing down

found on memebase

of course cyber bullying has lead to a number of suicides, which is not funny, but you really do have the final say in whether hurtful online comments reach your eyeballs.

Thursday, August 15, 2013

when is a band like a canned meat company

TL;DR phish is still a band (who knew?), they seem to think they own the word "phish", and they're using intellectual property law to take products i made to raise awareness about phishing off of the online retailer site zazzle
when is a band like a canned meat company? when internet culture co-opts their brand and uses it to mean something unsavory and unwanted.

we all know what spam is, right? it's that junk you get in your email trying to sell you penis enlargement pills (among other things). but wait, that's not right. spam is a canned meat product and registered trademark of hormell foods corporation, and they were none too pleased when people on the internet adopted the word to refer to unsolicited commercial email - thanks in no small part to this monty python skit

eventually hormell had to come to terms with the fact that there was really nothing they could do to stop the internet from using the word spam in a way other than they had intended. they couldn't stop language from evolving.

similarly, the word phish has come to represent a technique for tricking users into providing a malicious party with the users' usernames and passwords - much to the consternation of the musical group named phish, no doubt. unlike hormell, however, phish the band haven't managed to come to terms with this yet or perhaps haven't even heard of it yet (though the term phishing is by no means new). apparently they think they still own and control the word phish and will use intellectual property laws to censor others who use the word, even if it's being used in a way that has nothing to do with the band.

and i know this because it happened to me. this afternoon i received an email from the online retail site zazzle stating the following:
Dear secmeme,
Thank you for your interest in,
and thank you for publishing products on Zazzle.
Unfortunately, it appears that your product, Phish, contains content that is in conflict with one or more of our acceptable content guidelines.

We will be removing this product from the Zazzle Marketplace shortly.

Please help us make our content approval process better by taking this short survey.

The details of the product being removed are listed below:

Product Title: Phish
Product Type: photousa_iphonecase
Product ID: 256546457405156553
Result: Not Approved
Policy Notes: Design contains an image or text that may infringe on intellectual property rights. We have been contacted by the intellectual property right holder and we will be removing your product from Zazzle’s Marketplace due to infringement claims.
Image: View the Image

If you have any questions or concerns about the review of your product, please email us at <redacted by blog author> and we'll be happy to provide you with additional support.

—Zazzle Content Management Team      
i was pretty disappointed by this, since this was the second online retailer that had decided this particular design violated someone's intellectual property - the first being cafepress who decided that this
was too similar to this
found using google image search
and lets face it, it was supposed to be similar. the song lyrics that popped into my head and inspired it were a parody of part of the cheers theme song
don't wanna go where people know
my passwords are all the same
don't wanna go where
everybody knows my username
but i don't think just being similar is supposed to qualify as infringement. moreover, zazzle had been just fine with this design for nearly a year, since the post where i announced it's availability was dated august 31 2012. so what changed? i decided to write back and get some more information and that's when i found out what happened:
Hello Zazzler,

Thank you for being a Seller at!

We would love to offer every design that our users submit, however we must abide by all applicable laws and standards as well as our own content guidelines and copyright policies.

Unfortunately, it appears that your product, “Phish”, does not meet Zazzle’s Acceptable Content Guidelines. Specifically, your product infringes upon the intellectual property rights of the band Phish.

We have been contacted by representatives on behalf of Phish, and at their request, have removed the product from the Zazzle Marketplace.

We are sorry for any disappointment, but hope you will understand our position in this regard. For future reference, please review Zazzle’s Acceptable Content Guidelines at:

If you have any further questions, please don't hesitate to contact us.

Thanks for using Zazzle. We look forward to seeing more of your creative designs!
you know what? i do understand their position. they've received a spurious intellectual property claim but they aren't really in a position to judge whether my original artwork (and i use the word artwork loosely; i'm no artist or graphic designer, just a programmer who occasionally plays around with gimp) actually infringes phish's intellectual property, and even if they could the law doesn't really afford them much leeway. they might be able to fight for their users, but it would be expensive and it doesn't bring in enough money to be worth it.

it's really down to phish themselves to get over the fact that the word phish has taken on additional meanings and let people use the word as they see fit. especially if they, like me, are using it to try to raise awareness (albeit through non-traditional means in my case) of a rather widespread security risk.

over the course of the last 2 decades i've spent time and effort, and for the last 5 years even my own money (for the domain and such), trying to raise awareness of security issues and help people become better able to protect themselves and it's really disappointing when someone comes along and interferes with those efforts. it's not like i make any money doing what i do, i do what i do out of a sense of duty. i have an obligation to help those who don't yet know what i know deal with some of the threats that are out there.

although we are talking about something i'm selling on an online retail store, so you might think i am making some money, i set the mark-up as low as possible. i'd like to set it to 0% like i did at cafepress but even if i did give them the details they'd need to be able to pay me, the $16 that's accumulated wouldn't cover my domain registration costs so far. the point of the merchandise isn't to make money but rather to reach beyond the computer screen. trying to make money increases the cost and thus works against the goal of reaching more people.

but, you know what? there isn't really much i can do except try to turn this lemon of a situation into lemonade. what's done is done. i can't undo the past and i can't make phish come to terms with the new reality any faster than they are (or aren't) right now. however, for the time being, there are still some phish items left in my zazzle store.

hurry up and get 'em because i don't know how much longer they'll be there, and setting up an account with a 3rd online retailer just to keep this design on the internet is more energy than i'm prepared to commit to this enterprise. if this design is too cool for the internet, then i guess that's all there is to it.

witless protection

from here (source images one and two)

people in a position of power aren't going to be very effective protectors if they don't have the proper qualifications (like not being a moron)

super powers

tweeted by @FranklinH3000

you can say that again, but you don't need to because it's probably already been recorded.

Wednesday, August 14, 2013

false sense of security

from here (source image)

you're gonna need a bigger fence. maybe electrified. i guarantee a moat isn't gonna help.


thanks to tom scott for making and sharing this. he assures us it's fiction, but the funny thing about fiction is you never know just how much actually is fiction and how much might just be real.

Tuesday, August 13, 2013

i spy with my little eye something that is true

from here (source tweet)

thanks to javier mechan for what is either an actual retweet of barack obama or a clever ruse (i'm guessing the latter, under the circumstances)

damaging liberties rather than eardrums

found on

that tremor isn't sound vibrations, it's the chill running down your spine.

Monday, August 12, 2013

scumbag fbi director

from here (source article)

how does someone keep a straight face while asking for help stopping the people breaking into computers, stealing secrets, planting malware, etc. when your organization is doing all of those things?

Friday, August 9, 2013

dangerous things come in cute little packages

from here (source image)

if you've spent enough time around kids then you know they aren't harmless, but they are often underestimated, and that is a recipe for a playground hannibal lecter if ever i heard one. underestimating threats (especially the kind that come in cute packages) has been many peoples' undoing.

hacking the hacker conference

original tweet

not as funny as a bobby tables name badge, but probably more effective at subverting security procedures

Thursday, August 8, 2013

the other god-like entity

from here (source image)

spygate gets the pixar treatment

tweeted by @AmberBaldet

i'm sure they could totally do "a bug's life", but it wouldn't be the movie you're thinking of.

Wednesday, August 7, 2013

ain't nobody got time for master passwords

from here (source image)

this may not be the best position to take if you care about security.


manning acquitted but still going to jail forever

gotta love NMA's take on these sorts of things.

Tuesday, August 6, 2013

i'm faaaaaaiiiling in the rain...

from here (source image)

umbrellas can actually be quite good at protecting you from rain, but not if you use it the way you'd use a newspaper in the rain. you can't get the protection you want if you don't use tools properly.

we could use some more whistleblowers

found on memebase

whistle-blowers help to keep organizations honest, and considering the size of any government the number of existing whistle-blowers seems relatively small. guess what that means about the governments' honesty.

actually, it would be pretty cool if whistle-blowing itself became a meme. what do you say, folks?

Monday, August 5, 2013

reel him in gently

from here

unless you personally know a nigerian prince, it's safe to say that nigerian princes will not email you. and phishing is not an alternate spelling of fishing.

surveillance state - what is that, anyway?

found on boing boing

if you, like me, don't know german (at least not well enough to follow this) click the CC button to turn on the subtitles - they've got english in there. subtitles may be a pain, but the video does a great job of explaining the problem with surveillance.

Friday, August 2, 2013

what does privacy mean to you?

from here

i really hope people wake up to the fact that privacy is about more than their banal masturbatory practices.

so that's what PRISM is for

tweeted by @SecurityHumor

thanks to @SecurityHumor for (i suspect) creating this philosoraptor meme about PRISM.

Thursday, August 1, 2013

for everything else, there's opsec

from here (source image)

great story by brian krebs about the crooks who tried and failed to frame him.

(i tried to use the established krebsonsecurity meme at but it was busted and kept giving me errors, so will have to do)

obama the "mean girl"

found on memebase

maybe we'd all be better off if the leader of the free world weren't so "mean".