Friday, November 29, 2013

The perfect crime deserves one of these

from here (source image)

I don't think it's a stretch to imagine he did not get away from the police.

Security Questions



Predefined security questions always run the risk that they aren't necessarily applicable. It's certainly better if you can define your own question, but it's even better if you don't give the true answers that the security guy in this video insisted on, because the true answers are frequently known by others or can be guessed or looked up. The security guy in the video does make a good point about lies being harder to remember, but relying on memory for authentication details doesn't scale anyways. You might as well use your password manager to store your secret questions and the lies you use as answers.

Thursday, November 28, 2013

Anything you view can and will be used against you in the court of public opinion

from here

I can't think of any reason why using porn viewing habits as a political weapon against people shouldn't be viewed as the weaponization of porn.

We stand on the shoulders of giants

tweeted by Wim Remes

Wim Remes tweeted this picture and I thought it was a really nice way to honour some of the great minds who we've lost. There's just one problem - not everyone instantly knows who those people are. I myself could only identify 3 of them with any certainty (I was pretty sure about a 4th, but I had to google it just to be sure).

So, I'm going to put names to these faces for the benefit of those who don't know who they are. Top row, left to right is Cédric Blancher, Peter SzorFlorian Hufsky. Bottom row, left to right is Barnaby Jack, Aaron Swartz, Len Sassaman.

Wednesday, November 27, 2013

Stay terrorized my friends

from here (source Obama image)

I didn't think they'd sink to this level. At least not as part of official policy. Apparently I was wrong.

First they came for...

original tweet

So what would it take to keep everyone silent while this goes on? I can't think of anything other than complete ignorance. Only by keeping everyone in the dark could they do this without causing an uproar.

Tuesday, November 26, 2013

Customer Relationship Management Fail

from here (source image)

Everyone is vulnerable in some way or another through their payment pathway, even crooks. You either need to figure out a way to maintain trust in those connections, or a way to negate the risks associated with untrusted connections.

That seems like a bulletproof argument

tweeted by Tal Klein

No idea where you can buy a shirt like this (let me know in the comments if you find it somewhere) but it makes a good point about trusting what vendors tell you about security.

Monday, November 25, 2013

Maybe just certifiable

from here

Inspired by @aloria. Sorry to say, but she's not the only one thinking that.

Huge Data Collection by the NSA

found on truthdig

It seems to me that if you collect everything (and apparently the NSA and GCHQ do just that) then you're going to have a heck of a signal-to-noise problem to overcome. Spam and other malicious email makes up an outrageous proportion of the email traffic in the world and they need to be able to ignore that junk. Imagine the amount of money they must have thrown at that problem over the years. I wonder if there's anything they could teach us about filtering out junk.

Friday, November 22, 2013

Keeping a slip of paper in a secure place is inconceivable!

from here

Pardon the iconoclasm, but there's nothing inherently wrong with writing down your password. The trouble arises when you do so and then take no steps to keep the paper you wrote it on secure. What most envision when writing down passwords is writing them down on Post-It notes and sticking them to your computer monitor where anyone who gets access to your computer can find and read them. That is certainly the most popular scenario, but it doesn't have to be the only one. Years ago Bruce Schneier suggested writing down your password on a slip of paper you keep in your wallet (and I created something specifically for this task). That way the password would be as secure as your credit card.

Writing passwords down basically changes an information security problem into a physical security problem. The written down password essentially becomes a token, like a key for a lock. So long as people are aware of that, they should be able to deal with the problem effectively. People tend to have a better intuitive grasp of physical security than they do of information security, anyway.

You'd better have a backup shirt

Thanks to Violet Blue for tweeting this

I don't know where you find a shirt like this to buy (maybe here), but I do know that it's always good to have backups.

(How is it I don't have a security fashion tag yet? I was sure this wasn't the first article of clothing I've shown here)

Thursday, November 21, 2013

Yes, you can be too cautious

from here (source image)

In a world of finite resources, using them all against one small threat is going to leave you vulnerable to bigger threats elsewhere.

You keep using the word "hacked"...

found on memebase

I know that feel, bro. Aside from the fact that hacking wouldn't really be the right word for breaking into someone's account anyway, if they don't even have to break in in the first place it DEFINITELY shouldn't count as hacking.

Wednesday, November 20, 2013

Why you shouldn't let your password 'play the field'

from here (source article)

Does your password 'get around'? If it didn't before then this breach won't be so bad, but if it did then you've got a lot of sites to contact in order to change passwords, because now the password you used on all those sites is known.

NSA Shower

found on truthdig

is anywhere really safe from the prying eyes of the surveillance state? they may not have eyeballs in your drain, but if schools can spy on kids in their bedrooms through school-provided laptops, it stands to reason the government can spy on you in the bathroom through that mobile device you just can't leave behind - nevermind the so-called "smart-meters" which keep track of energy consumption (just because they can't see you doesn't mean they don't know when you're taking a shower).

Tuesday, November 19, 2013

Because I like to leave my password everywhere

from here

And it's not just fingerprints, either. I've also heard things like "Your face is your password" - can you imagine how well that works for people who have to deal with paparazzi?

Monday, November 18, 2013

Open your browser and say "Ahhhh"

from here

All I did was go to the site and enter a semicolon in the search box. All those search suggestions come from other users. Clearly a lot of people are testing the security of HealthCare.Gov - hopefully for the benefit of everyone.

(Thanks to Nick Selby for bringing this to my attention)

NSA: National Insecurity



Is this real or fiction? It's getting harder and harder to tell. Maybe this isn't real... yet.

Friday, November 15, 2013

That's too much information, dude

from here (source image)

If you don't want something getting into the wrong hands, then maybe you shouldn't put it on the internet... or your computer... or phone, or tablet, or any number of other devices that are actually just different kinds of computers. As easy and convenient as it is for the right people to see it, it's just as easy and convenient for the wrong people.

The dog didn't eat my homework, a spy agency did

original tweet

Thursday, November 14, 2013

What foreign leaders are afraid of

from here (source image)

My hat is off to whoever did the original photoshop of  Barack Obama peeping on Angela Merkel. It's a bit subtle since many people wouldn't recognize the players, but for those that do it really captures the concerns raised by the revelations of the US spying on the head of the Germany.

Electronics on Flights

found on truthdig

would i be totally paranoid if i suggested that aiding the surveillance state was the real reason the FAA decided to allow the use of electronics during take-off and landing? after all, they've been denying requests to change that policy for years, so it makes you wonder why allow it now?

Wednesday, November 13, 2013

Santa's Secret Surveillance

from here (based on this tweet)

Thanks to Daniel Sandler for the inspiration. The NSA/GCHQ seem to have given us some brand new tools to explain Santa to our kids. It might make him seem a little creepy, though.

Internal Patriot Discovery



mark fiore's videos always seem to capture the absurd essence of what's going on in the world. with the blanket surveillance of everyone, the government is actually already in a position to start using the process of elimination to find the bad guys. it's a wonder they haven't already started to try that.

Tuesday, November 12, 2013

You may not be paying for it, but...

from here (source image)

The popular saying that "If you're not paying for it, you are the product" implies that you can be bought and sold and owned. For most of us it's probably fair to say that no one actually buys, sells, or owns us. We are not property. And those sites that we are supposedly not paying for? We are giving them something of value - information.

Just in case you thought QR codes were safe

found on fail blog

Shortened URLs, QR codes, NFC tags - they're all ripe for sending you to eye-bleach inducing content (or worse). Be careful what you scan.

Monday, November 11, 2013

Who wants to represent the GCHQ (newsletter)?

from here

Poor Graham Cluley. I guess calling his security newsletter "GCHQ" didn't work out that great. Come to think of it, the previous publication he wrote for (Naked Security) kind of had an unfortunate sounding (NSFW?) name as well. I guess that's what happens when you use hot buttons to try to grab people's attention.

Security: you're doing it right (for a change)

found on the art of trolling

There's more than one way to skin a cat. The obvious approaches to security aren't always the best ones. Sometimes it pays to think outside the box.

Friday, November 8, 2013

The Wizard of DoS

They're 3 bad souls. Oh me, oh my.
They'll steal you stuff, they're none too shy.
But never mind those three,
We're protected as you can see,
Just as long as you click safely,
In this scary land called the World Wide Web.

Oh the World Wide Web is a very scary place,
Where everyone wears a very scary face,
And the sites get pwned with ads,
And no one catches the cads.
In that scary land lives the Wizard of DoS
 this was inspired by a tweet by josh corman quoting anthony bourdain. and if you haven't figured it out, it's a lyrical parody of the theme song from the wizard of oz cartoon

the hollow privacy policy

found on fail blog - originally from doghouse diaries

this is the way privacy ends
this is the way privacy ends
this is the way privacy ends
not with a bang but a toggle

Thursday, November 7, 2013

Admiral Ackbar on Silk Road 2.0

from here

(inspiration)

i can't say i blame anyone who distrusts the new silk road site, considering what happened to sellers on the original. it's hard to imagine the authorities turning down the opportunity to capitalize on the brand to nab a bunch more people.

she is master of your domain

found on fail blog

if you have nice domain name for your website, you should probably try to do a better job of protecting it than this. i'm not saying don't trust your girlfriend, but rather don't give your girlfriend any power you wouldn't want an ex-girlfriend to have.

Wednesday, November 6, 2013

the trees are unsafe? what's 'happening'?

from here (source image)

sometimes we dream up threats so outrageous that the only way they can work is as a work of fiction.

and even then, sometimes it's not very good fiction.

Spotted on an ATM in Germany...

tweeted by @MerkelsCell

yeah, we believe you obama. you wouldn't lie or do anything untrustworthy at all. and this is definitely not sarcasm.

in reality of course, if obama could look, it seems he most likely would.

Tuesday, November 5, 2013

the only way a cyberwar will ever happen

from here

there are some scaremongers out there who talk about cyberwar. cyberwarfare, meaning using computer attacks as part of a traditional war, will certainly happen - but a cyberwar? only if we're fighting cybermen.

rethinking physical access control

found on the art of trolling

it's certainly controlling access to someone's electronics. i'll have to keep this in mind if i ever have rugrats.

Monday, November 4, 2013

so this is where sticky fingers come from

from here (source image)

do people not know there's money inside these things? how can you think adhesive tape will keep the money safe?

Mikko Hypponen: Living in a Surveillance State



everybody seems to be sharing this online. it's a good opinion piece about the mass surveillance going on and how imbalanced it is considering all the online services people use are based in the united states. definitely worth a listen.

Friday, November 1, 2013

wheels shall not pass

from here (source image)

... otherwise step right up, and then back down.

can't say i've ever seen steps used as an access control before, but if you wanted to make sure people in wheelchairs couldn't get in, then i suppose this is a good way to go about it.

i dare you to react

found on the art of trolling

even the authorities have problems assigning blame to the proper people, and you think you can get even / hack back without making a mistake? good luck with that.