Thursday, January 31, 2013

he shoulda just watched porn

from here (source article)

maybe he should have registered on some porn sites if he likes telling women what to do in front of their webcams so much. there are sites that cater to that sort of thing after all.

as hackers go, missing such an obvious way to get what you're after pretty much makes you a dumbass.

telephonic revenge

found on failbook

the moral to the story is - be careful who you give your phone number to. you might not want to trust the victims of your pranks with that sort of information.

Wednesday, January 30, 2013

buy a mac

from here

kind of a two-fer with this one. not only do people not focus specifically on viruses anymore (they're a small part of the malware problem), but macs have been in the cyber-criminals' cross-hairs for over 5 years.

there are worse things than pervs

found on very demotivational

she seems only to be interested in making sure nobody sneaks up on her while she's doing her business, but she really should be more interested in making sure nothing sneaks up on her.

Tuesday, January 29, 2013

found on road DoS'ed

from here (source article)

when your company inspires such colourful catch phrases as "fix or repair daily" and "found on road dead", maybe you shouldn't invite hacking quite so enthusiastically.

can you have a private life online?



what a dilemma. it would appear that the more friends you have, the more precarious your privacy is. what the video fails to mention is that the social network site itself and the people who work there can see your 'private' stuff.

Monday, January 28, 2013

site is dirty

from here

they see me browsin'
they warnin'
they know from their scans that this site is dirty
don't you know this site is dirty
can't you see this site is dirty
stay away this site is dirty
unless it's not really dirty

i wanna click on
some bad links
but always they sayin' that the site is dirty
don't you know this site is dirty
can't you see this site is dirty
stay away this site is dirty
unless it's not really dirty


that's a parody of just the chorus to this song. i thought of doing more but chamillionaire talks a mile a minute. there are just too many words.

i can see you

found on google image search

perhaps he's hoping to take bad guys by surprise, because i doubt he could chase them down

Friday, January 25, 2013

making internet porn exciting again

from here

long ago i actually heard a theory that suggested some people use computers without protection because they miss having a sense of danger in their lives.

imagined safety

found on very demotivational

i really like camping, but there's a good point here about how remarkably little protection a tent actually provides. basically it stops wind and rain (if you're lucky) and not much else.

Thursday, January 24, 2013

it's ok, we're compliant

from here

it's kinda sad that some people still don't get the difference between compliance and security. it's not like it's even difficult - one covers your ass while the other protects all the other things you value.

the best defense?

found on very demotivational

they often say the best defense is a good offense - but when you're as hopelessly outmatched as a fish against a fisherman, taking that approach probably won't do you much good.

Wednesday, January 23, 2013

the war on bubbles

from here (source image)

the only winning move was not to play, but that's not the move we made.

also, and i mean this with all sincerity:
if you think a 5 year old girl with a hello kitty bubble gun is a terrorist, then you might be a security idiot

(inspiration)

remembering passwords



this just seems like the perfect follow-up to the video about forgotten passwords that was posted yesterday. there's a lot of crummy password advice (whether in text or video form) but this is actually advice normal people can follow in the real world. it also happens to be what i do.

Tuesday, January 22, 2013

assault with a dreadly weapon

from here (source image)

it's amazing the kinds of things people can use as weapons. people are nothing if not creative. imagine trying to prevent that kind of attack (say on a plane or something) before you'd ever heard of it.

forgotten passwords



a rather hilarious take on passwords and related internet security concepts.

Monday, January 21, 2013

i don't always roll my eyes at security companies

from here

a russian security company names a cyber espionage campaign "red october"? really? come on.

no parking

found on very demotivational

cops may seem like they're above the law sometimes, but they're not

Friday, January 18, 2013

we need something better than passwords

from here

it's a familiar pattern in security (and elsewhere, frankly). nothing is perfect, but as soon as something fails people get all in a huff and decide to jump ship for something else, even if there really isn't anything else that's better.

maybe we should say computers aren't good enough anymore, and we need something better.

or maybe we should say that kind of technology hopping isn't good enough anymore and we need something better.

lost laptop

found on google image search

yeah, adults can be just as irresponsible as kids sometimes.

Thursday, January 17, 2013

i can haz antivirus

from here (source image)

maybe you wanna install an antivirus product before you continue trying to provide power for your region. you know, so that you at least have the bare minimum of protection.

(inspiration)

remain seated

found on the art of trolling

security isn't just for protecting physical stuff - security can help protect intangibles as well, like protecting a student's future by forcing them to stay put until they finish their homework.

(of course this case is probably closer to tying someone's shoelaces together than it is to protecting a student's future)

Wednesday, January 16, 2013

oh, java 0-day

from here (source image one, two, three, and four)

so another day another 0-day in java. that didn't take long at all.

don't bring a peashooter to a missile fight

tweeted by ray gonzales

ignoring gun control for a moment (whether you should be able to have guns or not is none of my concern), this picture makes a more immediate point. private citizens can't really defend themselves against the military might of a nation. long ago they could, but not anymore. arming yourself is no longer a viable strategy for defending yourself against a nation.

Tuesday, January 15, 2013

i'd APT that

from here (source image)

it occurred to me out of the blue that if i re-arranged the letters in the word "tap" i could get something infosec related.

now the question is, which phrase makes one more of a douche bag for using it - this one or the original?

leaked police training video



i believe i may have posted somegreybloke videos in the past, and this one? well, it could almost be true, couldn't it?

Monday, January 14, 2013

PDF requirements

from here (source tweet)

yeah... that's not a PDF i'd be rushing to open, that's for sure.

that's not very smurfy at all



really, i don't know what's worse - the fact that they actually thought they could get away with any kind of misbehaviour while dressed like that, or the fact that the police had difficulty finding them. (video source)

Friday, January 11, 2013

you're not wanted here anymore, java

from here

i've had enough of java's 0-days. i don't even have it installed anymore, i'm just tired of hearing about it. i can only imagine how tired people who still have it installed must feel.

(inspired by a tweet by Lysa Myers)

what if security is important?

from here (source image)

what a bizarre omission to make. why ask the question if you only accept one answer.

stupidity won't protect you

found on very demotivational

remember kids, intelligence pays, so never stop learning.

Thursday, January 10, 2013

scam mails should be deleted and not endured #InfosecMotherlyAdvice

so if you weren't following @SecurityHumor on twitter today then you may have missed out on a pretty cool idea s/he seems to have come up with - basically remixing stock motherly advice with information security advice. the first one i noticed was
go ahead and check out some of the other ones and maybe even add your own.

doesn't matter, had snacks

from here (source article)

the best part is, this was their 3rd attempt.

redneck riot shield

found on there i fixed it

well, i suppose it is a shield of sorts, but if you show up to a riot with this thing, expect your adversaries to have a "challenge accepted" look on their faces.

Wednesday, January 9, 2013

beware of gringos bearing gifts

from here (source images one and two)

the story is certainly enough to make me think twice about accepting anything from the man.

deterrent fail

found on i can has cheezburger

well, the sign says there's a dog and there is, but i don't for a minute think i need to "beware" of it.

Tuesday, January 8, 2013

doing password resets wrong

from here

to a certain extent, it doesn't even matter if you have the option (or are even forced) to change it afterwards - sending passwords like that simply sets a bad precedent. there are better ways to handle the password reset problem.

candy from a baby

found on failbook

i'm pretty sure that if they are willing to strip search children then they're willing to take candy from a baby. it really doesn't seem like much of a stretch for them.

Monday, January 7, 2013

i don't always use malicious software...

from here (source image)

based on mikko hypponen's sleuthing into what program made the log files mcafee posted on his blog.

i suppose it only makes sense that he'd use something that his namesake AV wouldn't detect. it would be pretty dumb to use something it could detect.

the trouble with stealth

found on very demotivational

the problem with stealth is there's always something that gives it away. no hiding technique is perfect.

Friday, January 4, 2013

the only way to be sure?

from here

another piece of advice that persists for reasons unknown. i could understand if it were 'restore from a known clean image' (which is absolutely NOT the same as 'wipe and reinstall'), but it seems like people like to give advice that isn't predicated on being prepared and guess how well not being prepared is going to work out for people.

chef boy-ar-dee has been apprehended


i couldn't resist this pun. thanks to martin williams for tweeting it.

Thursday, January 3, 2013

Inglip Tables

from here (source image)

Lord Inglip aka Inglip Tables; distant cousin of Little Bobby Tables

thanks to Lars Troen for originally tweeting the SQLi CAPTCHA image. that's something i never really expected to see.

the high cost of security fashion

found on the art of trolling

i suppose if you're going to try and sport some security fashion by wearing a lock in your ear, it might be helpful to know how to pick said lock (or at least have the key).

Wednesday, January 2, 2013

it's a cyberwar out there

a recent tweet by eugene kaspersky really inspired me. i came up with this idea. there should be a situation comedy about a security vendor who's a little 'off', not unlike the TV show "Monk", and it should be called "FUD", and it should have the following theme song
It's a cyberwar out there
Govern-mental malware everywhere
No one seems to care
Well I do
HEY, who's in charge here
It's a cyberwar out there
Poisoning the systems that we need
You know what's in the pages that you read?
Well I do
It's a-ma-zing
People think I'm crazy to scan with AV all the time
If you were smart you'd run my AV too
You better pay attention or the devices you love so much
Might just kill you
I could be wrong now
But I don't think so
'Cause it's a cyberwar out there
It's a cyberwar out there
(of course this should be sung to the following tune)

i think this would be way better than that cybergeddon nonsense symantec was doing.

papparazi protection

found on very demotivational

while some people may genuinely consider people flashing cameras at them as an enemy, even just using this as a deterrent would probably get you in trouble. i'm sure it would be satisfying though - so maybe it's worth it.

Tuesday, January 1, 2013

if you think drug use or the drug trade...

if you think drug use or the drug trade is a form of terrorism then you might be a security idiot (and/or a good candidate for the TSA)

(inspiration)

too absurd to be true

found on the art of trolling

hopefully this doesn't "seem legit" to you. i don't think this even falls under the "too good to be true" heading -  are obvious imaginary things "good"?