Friday, March 29, 2013

No SQLi For You!

from here (source image)

this is apparently a pop-up from a banking website. somebody's trying to be naughty. hope the bank kept logs.

control-alt-hack table-top game

found on boing boing - publisher - amazon product page

a table-top game about white-hat hacking? i think i'll have to put this on my wish list.

Thursday, March 28, 2013

better put a lock on it...

from here (source image)

better put a lock on that cage to keep it securely closed.

i can has false flag?

found on i can has cheezburger

it's amazing how easy it is to cast suspicion off oneself and on to others. attribution ain't as easy as you think.

Wednesday, March 27, 2013

Chess CAPTCHA

from here (source image)

when i first heard about this idea from the folks at sophos i thought it was a joke, but apparently it's real. still laughable, though.

be aware of your surroundings



just in case the threat of shoulder surfing isn't enough to make you pay attention, there certainly are more crass things to watch out for at the same time.

Tuesday, March 26, 2013

one of these boxes has never been checked...

from here (source image tweeted by dave marcus)

... and it probably has that important letter you've been looking for

mad-tv on airport security



if only real TSA agents were that patient, understanding, and reasonable.

Monday, March 25, 2013

tainted love

from here (source article)

thanks to @gattaca and @dlitchfield for tweeting this strange tale. if nothing else, this is a method of attack you don't see every day.

dinner and a show, not in that order

found on memebase

security theater and dinner theater just don't mix. gotta keep 'em separate.

Friday, March 22, 2013

the weakest link

from here (source image)

they say security is only as strong as the weakest link, so why can't people see how weak stuff like this is and not do it?

not a good disguise

found on failbook

frankly, i don't think "Not A Cop" is fooling anybody. the authorities need to be smarter than this if they hope to do something about the bad guys.

Thursday, March 21, 2013

guard car

from here (source image)

if you secure your car like it was a dog, you might be a security idiot

deterrence fail

found on i can has cheezburger

don't make the punishment sound so cool and interesting that people actuall want to experience it

Wednesday, March 20, 2013

use all the factors!

from here

if you're already using something you know and something you have, i guess the only thing left is to include something you are.

this was inspired by the following question

Oracle, STAHP!

found on comixed

oracle, we recommend you to stop being such slimeballs. stop booby trapping java with unwanted toolbars.

Tuesday, March 19, 2013

2 factor fail

from here (source image)

did you really think people wouldn't attach the second factor of a 2 factor authentication system to their computer the same way they attach the first factor?

only in japan



only in japan? i wouldn't be so sure.

Monday, March 18, 2013

no laser sharks for you

from here (source image)

i'm not sure what the fascination is with attaching weapons to animals, but i hope people realize that it won't work.

noodle protection

found on picture is unrelated

we protect the things we value, but not everyone values things the same way.

Friday, March 15, 2013

password key-per

product page

you might think this a security fail, but even bruce schneier suggests writing down your password on a slip of paper and putting it in your wallet.

the theory behind this is that writing your password down turns an information security problem into a physical security problem - the written down password becomes like a key for a door. when you write it a post-it note and stick it to your monitor, you've failed to account for the physical security problem, but if you keep it safely with you at all times, such as in your wallet, then it becomes as secure as your keys or credit cards or ID.

just in case schneier's suggestion is a little too nondescript, i designed this business card to be used to write passwords on. business cards are pretty much an ideal size for wallets, and just in case you forget about the physical security aspect of keeping this safe, it's got a big key image on it to remind you of the right way to think about it.

... and it costs 17 cents, which means (when you take shipping and handling into account) buying this on it's own is a waste. but maybe you can find something else (either at the secmeme cafepress store specifically or anywhere else on cafepress) to bundle it with. or maybe you can buy a bunch and hand them out to people who could really use them.

hiding isn't child's play

found on memebase

even though children play a variety of hiding games, actually hiding effectively isn't as simple as one might imagine

Thursday, March 14, 2013

Wednesday, March 13, 2013

confused phish can't make up it's mind

from here (source image)

LinkedIn... UPS... they're almost the same thing. not.

kaspersky fauxtest

Хакеры на грани бедности!!! from KL fan club on Vimeo.



oh, my heart just bleeds for those poor, poor bad guys and gals - wait, no it doesn't.

it's a shame this isn't real, that AV vendors aren't making malware profiteers destitute, but it isn't. it's a faux (false/fake) protest (or fauxtest for short). and why am i not surprised this is tied to kaspersky or that kaspersky himself would be the one sharing it.

Tuesday, March 12, 2013

fear, uncertainty, and doubt

from here (source image)

hard to imagine a more clear-cut example of FUD than computer viruses spreading to humans.

open sesame



clearly we've all become accustomed to having to perform strange acts in order to get through security. i'm still not sure how that first guy did it, but the second guy didn't even look for another way.

Monday, March 11, 2013

what's in a filename?

from here

what's in a filename? malware by any other filename would smell as foul.

could this be the real truth behind autorun worms? probably not but it's fun to speculate.

i don't think this will fool the colonel

shared by a friend on facebook

i dunno, maybe if colonel sanders is going blind this might fool him, but otherwise i doubt it.

Friday, March 8, 2013

you must be this tall

product category
example product

well, it's certainly been a while since i made one of these. this is a spoof on those signs you see next to amusement park rides telling you how tall you have to be to go on the ride. now, i know there's more to safe browsing than just the 4 things listed, that's why the finger is pointing to a spot above them. what are those other things? i don't know that there's any perfect answer, i just think it's important to show that
you need to do all these things AND MORE to be safe

i put this design on a whole bunch of things. i'm never sure what would appeal to people. this time there are even teddy bears and some other stuffed animals.

passwords and nuclear launch codes



thanks to greg cooper for tweeting this one.

i'm glad the US' nuclear launch code is no longer 00000000. someone must have finally figured out that the default password should be changed.

Thursday, March 7, 2013

i've seen enough security reports to know where this is headed

from here (source tweet)

ok, so maybe it really is legit, it's hard to know one way or the other right now, but i can't be the only one thinking that if you put your trust in this AV you're gonna have a bad time

the rule of duh

found with google image search

i don't think anyone really understands the TSA rules. probably not even the TSA. they just create and enforce them.

Wednesday, March 6, 2013

is elementary school too hard for you?

from here (source image one and two)

it amazes me that a 7 year old can be suspended from school on a weapons violation because of the way he ate his pastry.

maybe elementary school teachers need to be sent back to elementary school themselves.

do you know where your money is?



remember, you entrust some of your most important secrets to these kinds of machines - secrets that control access to your finances - and if it can run angry birds, what else could it run (maybe even without you knowing)?

(thanks to nir goldshlager for tweeting this)

Tuesday, March 5, 2013

your financial security is important to us

from here (found using a google search)

this tweet inspired me to go looking for the actual page where ING is apparently offering to send you your password by snail mail, but i couldn't find it. i did find others, though. any site that offers to send you your password rather than a new password is not storing your password safely. if it were hashed there'd be no way to get the original password back out.

maybe if tasers didn't look like toys

found on memembase

people may be concerned about the safety of their kids while they're at school, but i wonder whether the real threath is some rare and random shooter, or grown-ups exercising their authority without discipline.

maybe if tasers didn't look like toys this officer would have shown his weapon the respect it deserved instead of waving it around like some fisher-price toy.

Monday, March 4, 2013

if you let a convicted hacker take computer lessons

if you let a convicted hacker take computer lessons while in jail, you might be a security idiot

well, this is certainly one of the dumber things i've heard in a while

mandiant report on chinese hacking - animated



well, that's one way of presenting complex news

(found on f-secure's blog though i'm not sure why they didn't use the english version)

Friday, March 1, 2013

they're paid to be persuasive, not right

from here

if they're using bullshit on the experts, what do you think they're using on you?

(inspired by lysa myers' experience at RSA)

the latest in redneck car security

found on there i fixed it

this might actually prevent the car from being driven away, but that's only one of the things you want to prevent.