Thursday, February 28, 2013

faster is better but more is not

from here (source image)

3 updates in a single month seems a bit much, don't you think? yes it's important to fix vulnerabilities fast, but it's also important not to cause end user burn-out by releasing patches too often.

yoda logs all

originally tweeted by @Shpantzer

skimping on your investment into logging isn't going to save you any money when something happens and you need to know what that something was.

Wednesday, February 27, 2013

are you smarter than a trained monkey?

if you expect security that even a trained monkey could use, then you should expect to be replaced by a trained monkey

some folks seem to think they should be able to get a high amount of security with a low amount of effort. security ain't easy, folks, and it never will be. there are easy parts, of course, but you won't get very far in life if you only do the easy parts.

don't be that guy



yeah, nobody wants to be that guy.

Tuesday, February 26, 2013

there are how many booth babes?

from here

inspired by this tweet by bob rudis

come on, folks. can't you sell your security wares with excellence instead of sex?

mr. johnson, your computer is infected

found on google image search

funny how not only does it take hazmat suits to check an infected computer, it takes multiple people as well. that's not the kind of backup you need in this situation.

Monday, February 25, 2013

java, why can't i quit you?

uploaded here (really wish cheezburger wouldn't cover the bottom with their watermark)

seems like every day is zero day where java is concerned

suki the hacker



yes it's a commercial, and yes it's got some "security solved" nonsense at the end, but it also demonstrates (perhaps not all that inaccurately) how bad some organizations' security is, especially when it comes to industrial control systems. at least some of the time it really is kids who are responsible for the computer attacks you hear about in the news (though perhaps not quite as young as suki).

Friday, February 22, 2013

in my day we had to scan everything by hand both ways

from here

i mean no disrespect to anyone but even though most people (even the pros) think they know and have a handle on AV, the fact is that ignorance of AV is both rampant and profound.

absurdity rules

tweeted by @BrittneyJordan

password complexity rules often seem this absurd to people who are less technical

Thursday, February 21, 2013

cyberwarriors need a time-out

from here

ok, opposite corners the both of you.

wearing your security on your sleeve

found on google image search

post-it notes with passwords are a bad idea, but there are worse ideas

Wednesday, February 20, 2013

phishers gonna phish

from here

it's hard to beat plain-text email for making scammers look like morons. who'd actually click that?

the internet is forever

found on memebase

the very act of putting something on the internet involves sharing it with others, and secrets once shared can never be secrets again.

Tuesday, February 19, 2013

what's new without being new?

from here

ever wonder what comes after the next-generation? yup, just the next generation. might as well be the next iteration.

thumb drives are NSFW



thumb drives are actually a risk for any computer, not just ones at work, because they are how autorun worms spread - but this video is not safe for work because of it's language.

Monday, February 18, 2013

next time on breaking bad: maple meth

from here (source article)

what happens when you try to get actionable intelligence from people who have no training? you often get actionable ignorance instead. that's why "see something, say something" is such a mess.

cuz backing up ain't hard to do


see more hipster robot webcomics and pixel t-shirts

obviously talking about backups doesn't actually cause laptops to die, but if backups had actually been made  maybe this laptop wouldn't have died (or at least it wouldn't have mattered so much)

Friday, February 15, 2013

ai has malishus package 4 u

from here

ah, a classic email link bait-and-switch. totally doesn't work in plaintext mode. sometimes it seems like those guys don't even try.

nuthin' to steal here - move along

found on google image search

this is the "i ain't got nuthin' you want" defense.

Thursday, February 14, 2013

be careful and use protection

from here (source image)

valentines and trojans seem to go well together, but in a different way online than offline.

love in the internet age

from here (source image one and two)

the internet has made a lot of things better, but getting bitten by the lovebug isn't one of them.

Wednesday, February 13, 2013

Tuesday, February 12, 2013

mullet's barber shop of hate

from here (source article)

of all the ridiculous things to go to jail over. then there's the name. and then cutting off the beards and hair of men and women? umm... i'm assuming just the hair when it comes to the women.

are you trying to hide something?

found on techdirt

everyone has something to hide. many things in fact. and for some of those things, you're doing something wrong if you don't hide them.

Monday, February 11, 2013

bit9 to the anti-virus industry

from here (source image)

maybe if you're going to go around pointing out how the AV industry can't stop targeted attacks you should make sure you don't suffer from the same problem first.

password sharing



now there's password security countermeasure you don't hear about very often.

Friday, February 8, 2013

patching: faster is better

from here (source image one and two)

it's always best to apply patches as soon as possible, and apparently adobe has just released a new critical update for flash so get patching

the 1st rule of forensics club

created by gal shpanzter

if you ever want to know what happened, it's a lot easier to find out if you were already recording everything that happens.

Thursday, February 7, 2013

i don't always quote statistics about security...

from here

(inspiration - "i need a dan kaminsky")

not an effective anti-spam technique

tweeted by robert moir

obviously this isn't going to stop spam anymore than crystals could stop computer viruses.

Wednesday, February 6, 2013

if you send fighter jets...

if you send fighter jets to intercept a terrorist/tourist who's already in the air and fast asleep, then you might be a security idiot
(inspiration)

keep calm and wait, what?

tweeted by marcus carey

you've seen those "keep calm and carry on" signs, right? well, this one is exactly what the bad guys would want you to do.

Tuesday, February 5, 2013

i feel safer already

from here (source image tweeted by @mikko)

i don't know about you, but this wouldn't make me feel safer if i were at the super bowl. i don't care how highly trained the snipers are, i just can imagine feeling safer knowing a gun might currently be pointed at me.

how do you picture anti-virus?



of all the things to use to represent your anti-virus client - a sumo wrestler? yes, ok, if that's the image you want to project, you have a fat, bloated client. (no offense to sumo wrestlers out there - please don't flatten me)

Monday, February 4, 2013

weird weapons

found on boingboing

well i suppose many items on the list of things men typically like are things that can hurt or kill you, i just never expected this to be one of those things. pretty much contradicts bowser&blue's song "busting the breast" where they say "if there's one part of the body that does only good, it's the mammary gland".

selective paranoia

found on monday thru friday


it's amazing how divorced we are from the implications of the data people collect about us

(thanks to paul ferguson for pointing this one out)

Friday, February 1, 2013

sometimes being a security hipster pays off

from here

true story - it looked like a train wreck waiting to happen so i've never actually used UPnP because i've never left it enabled

if letterman talked about online security



well it seems like a pretty good imitation of david letterman. not quite as funny as the real thing, though.