Friday, May 30, 2014

If you send a package that starts beeping...

If you send a package that starts beeping like a bomb when the recipient tries to open it, you might be a security idiot

(Inspiration - It's hard to imagine someone actually thought this was a good public relations idea)

Surveillance By Sleight Of Hand

tweeted by the globe and mail

Thanks to The Globe and Mail for tweeting this visual explanation of what Bill C13 has in store for Canadians - sacrificing privacy under the guise of fighting those nasty cyber-bullies.

Thursday, May 29, 2014

Justin Timberlake And The President

from here (source image)

I have a feeling this isn't the first phone President Obama has seen the contents of.

The Slow Descent Into Hell

found on memebase

Couldn't have happened to a more deserving slimeball.

Wednesday, May 28, 2014

Password Security

from here (source image)

Thanks to Kenn White for tweeting the demonstration of how badly ebay is handling password security. Apparently they can't even get password strength calculation right.

The Meaning Of Freedom In America

found on the meta picture

Seems like a perfect place for a surveillance camera if your plan is to link surveillance and national pride together.

Tuesday, May 27, 2014

eBay Fudd

from here (source image)

Inspired by eBay's response to my question about what algorithm they use.
link to tweet

And of course my response pointed them towards Kerckhoff's Principle because apparently they haven't a clue over there.

Safe Neighborhood

found on the meta picture

This is a much better deterrent than that Batman neighborhood watch sign from a while back. Nobody actually believes Batman is real, but drunks with guns? You betcha we believe.

Monday, May 26, 2014


from here (source image)

Congratulations to whoever this guy is for finding a way to turn the latest craze in self-obsession into something more like the latest craze in the intelligence community's obsession.

Security To The Max

found on the meta picture

Wire cutters secured with a piece of wire. Think about, I'm sure you'll see problem.

Friday, May 23, 2014

I # Passwords (merchandise)

product link - category link

Well, I don't know about you but I'm getting tired of hearing about sites who apparently don't know the first thing about keeping passwords secure. So to raise awareness I made this design that says I # Passwords, and the hash symbol has the phrase "WORK FACTOR" all through it to represent a password hashing algorithm rather than a cryptographic hash algorithm (because for passwords you're better off with a work factor slowing things down than with a traditional cryptographic hash that's optimized for speed).
I've also learned my lesson about these shirt printing services so there's both a CafePress version and a Zazzle version.

Password Creation

found on the meta picture

I don't disagree with the caption, it is ridiculous. The rules (there to enforce password complexity, I'm sure) are too complex to follow. Worse still the maximum size limit and restriction on special characters tells me the passwords are probably stored as plain text instead of being hashed.

I sure hope it's just a gag and not a screenshot from a real site.

Thursday, May 22, 2014

Wow, Such Hash, So Secure

from here

This is how passwords should be stored, as salted hashes that have a work factor, where there's no limit to how long the password can be nor on what characters it can contain. If you're running a website and not doing this then you need to ask yourself why, after all this time, are you still failing at password security? I'm looking at you, eBay.

Can You See Everything I'm Doing Now?

shared by Debra Covack

Welcome to the Surveillance States Of America. Feel free to share all your secrets online.

Wednesday, May 21, 2014

Your Login Is About To Go To The Highest Bidder

from here

That's right, it's that time again. Time to change your password. This time it's your eBay password that needs changing.

No, for real this time. This isn't like those scam emails you're eternally getting about needing to change your eBay password. Find eBay in your bookmarks/favorites, log in, and change your password.

No One Can Be That Dumb, Right?

found on memebase

If anyone is having difficulty believing people could be this dumb, checkout the twitter account @NeedADebitCard - this woman (who appears to be real, based on her twitter timeline) is unfortunately not an isolated case.

Tuesday, May 20, 2014

I'll Encrypt My Own Data, Thanks

from here

Remember, there is no cloud, just other people's computers. It doesn't matter where in the world those computers are, they aren't under your control so you better protect your data before you ever put it out there.

I Don't Know if That was Very PC...

found on i can has cheezburger

This is good advice if you're using a public computer, especially if you're logged into your Facebook account from the Apple store or something equally ridiculous.

Monday, May 19, 2014

You'd At Least Think Their Competition Would Care

from here

You'd think this would be better suited to the Conspiracy Keanu meme, but you'd be wrong because it's not a conspiracy theory.

I'm Behind Seven Proxies!

found on memebase

This probably isn't as effective as some might think it is (at least not against the NSA) but it's good to see this sort of thing still has people's attention.

Friday, May 16, 2014

If you think a baby poses a real threat...

If you think a baby poses a real threat of attempting murder, you might be a security idiot

(Inspiration - and some follow-ups)

Pandora's Inbox

tweeted by Gunter Ollmann

Yes. Yes it can hurt. It only takes one. Don't be like Pandora. Don't release all the ills of the world wide web.

Thursday, May 15, 2014

Locked Cardboard

from here (source image)

Security isn't just about using good locks. It doesn't matter if you have the strongest, most impenetrable lock on the planet - if the walls and door are made of a flimsy material then it's child's play to get through.

Interesting Candy

found on the meta picture

I imagine the lemon flavouring makes it easier to swallow.

Wednesday, May 14, 2014

Watch Out Guys, We're Dealing With A Security Hipster Over Here

from here

Sometimes, security people get so deep into themselves they become legends in their own minds.

Don't Fool Yourself

found on the meta picture

It's always nice to see someone else saying it. It's not hacking. It's not even cracking. It's just being a dick.

Tuesday, May 13, 2014

Tyler Durden Approves Of This Policy

from here (source article)

It's one thing when the intelligence community is being run like something out of George Orwell's "Nineteen Eighty-Four", but when you start running it like Fight Club (which, if you recall from the movie, was the product of a man in the process of losing his mind) then ... Wow. I'm afraid of what that future holds.

I’m Not Falling For That Again Mr. Facehugger

found on the meta picture

It's not always that something is too good to be true (are free hugs too good to be true? that would be sad), sometimes it's just that we don't know about or understand the consequences or hidden costs.

I'm sorry to hear about H. R. Giger's passing, but even that isn't enough to make me accept a free hug from one of those guys.

Monday, May 12, 2014

What Could Possibly Go Wrong With Balconies?

from here (source image)

I guess it must have been a very trusting architect.

The Digital Freedom Manifesto

We all need and deserve freedom in our day to day lives and in our use of the technologies that connect us and bring us together. Find out more about this effort to influence policy from F-Secure's blog.

Friday, May 9, 2014

I'd Regret That Too

from here (source image and caption)

Thanks to B.J. Mendelson for tweeting the screenshot and quite a good accompanying caption.

'Once Upon A Time Skido Life' by @MalwareMustDie

found on bitstrips

Thanks to @MalwareMustDie for creating and tweeting this comic. Listen to this infosec dad and get a legit job instead of trying to game the system. You'll spend less time in jail or on the run that way.

Thursday, May 8, 2014

I am the one who dox (merchandise)

store item & store section

The terrific idea for this shirt came from a tweet by @Transpanik. If you're uncovering people's secrets and exposing the truth, this might just be up your alley. As usual for things I put up on CafePress, the mark-up is 0%. I don't want your money, I just want you to wear things that raise awareness of security/privacy concepts (and then you can explain doxing to people).

Update: Since CafePress has seen fit to take that design down, I once again have turned to Zazzle. They won't let me set the mark-up lower than 5%, but hopefully they'll at least leave the design up and not make nonsense claims about intellectual property infringement.

Update2: Now it appears that Zazzle thinks the design violates copyright as well. For the time being they've simply rejected the batch products I tried to create (but which never actually appeared). They may at some point make the connection between those and the single products I created (shown above) but for now those at least still seem to be available.

There's a limit to how much intellectual property bullshit I'm willing to tolerate, however. The text is not a quote from the TV show Breaking Bad, and the graphic was not copied, borrowed, or spliced together (I used GIMP's path tool and fill tool to make it). As such, here's the PNG file I uploaded to both services, so if you can't buy the Zazzle shirts anymore (or maybe you can find a cheaper place) you can upload the graphic and have your shirt made to order. Also, here's the XCF file for anyone who wants to modify it in GIMP to make something new (I'm considering changing the hat to a jester's cap and the text to "I am the one who mocks"). Consider it my parting "fuck you" to services who seem to think copyright extends beyond copying and apply it to such things as simply making reference to pop culture icons.

A Flaw In Internet Explorer

found on the meta picture

There's some truthiness, right there.

Wednesday, May 7, 2014

George Orwell Vs. Big Brother: Guess Who Wins

Thanks to @pharmagossip for tweeting the original photo of a surveillance camera at the home of the late great George Orwell, author of the dystopian novel "Nineteen Eighty-Four" about a totalitarian surveillance state.

(There's no link to cheezeburger here because their automatic resizing was making it difficult to read the memorial, so I made this manually with GIMP. This image has been resized to fit the screen, but the full-sized image is available.)

Heartbleed? Ehh...

found on memebase

I hope this isn't your reaction to Heartbleed, but I'd understand if it was. To be honest, it seems to me that a lot of organizations were too lazy to send out alerts to advise people to change their passwords. I only got 1 notification, and I'm sure there were more that patched their systems.

Tuesday, May 6, 2014

Have You Heard The Latest 'Chadder'?

from here (source image)

I don't know if McAfee is going for irony points or what, but naming a secure messaging technology "Chadder" seems a little weird.

Dogs And Cats Guarding Together. Which Is Scarier?

found on the zooom

I actually think mentioning the cat here sabotage's the effectiveness of the dog as a deterrent (the dog might not be good enough so we've also got a cat). But if you happen to have a big cat (a lion, or tiger or something) then I suppose anyone who breaks in can't say they weren't warned.

Monday, May 5, 2014

Lonely Fence Is Lonely

from here (source image)

While there is such a thing as too much of a good thing, there's also such a thing as too little. If you cut corners too much you won't be able to keep the bad things out.

Do You Choose To Have Your Privacy Invaded By Using Technology?

It's nice to see PBS Idea Channel try to tackle the issue of online privacy. There are certainly those who will claim that you do make this choice when you use technology, but I tend to agree with Mike that the choice isn't as simple as it sounds and in some ways isn't really much of a choice at all (unless you're OK with cutting yourself off from a lot of the ways people interact with each other nowadays).

One nit pick, though, is that although Mike framed it this way, it's not the Internet that's necessarily insecure, it's computers themselves that are necessarily insecure. As the infosec saying goes:
If it runs software then it's vulnerable. If it's connected then it's exposed.

Friday, May 2, 2014

Big Brother's Worst Enemy

from here (source image)

Thanks to Jenni Leder for tweeting about this great face painting story. I've seen pictures before where people painted lines and funny angles on their face with the idea that it could foil facial recognition, but this example of faces within faces looks like it could make a computer throw a fit.

I Heartbleed NSA

found on Hackajar on Everything

It appears that Robert Imhoff has come up with quite a nice looking graphic that you can put on stickers (and presumably other things) to commemorate the Heartbleed bug and the theories about the NSA using it.

Unfortunately, it appears he's only doing the image and not actually setting up a store for you to buy the stickers themselves like I would have done. I guess if you want it on a sticker (or a T-shirt, or something else) you'll just have to upload the image to a printer yourselves and have it made that way.

(Hint for Robert: it doesn't cost you anything to set up a store at CafePress or Zazzle or any number of other similar sites)

Thursday, May 1, 2014

There's Only One Person Creating Fear Here

from here (source image one and two)

I don't know what it is with Eugene Kaspersky and the Die Hard 4 movie plot, but as I recall from the movie, the person who vehemently warned that the country was vulnerable to attack subsequently went on to prove it by attacking the country.  He wasn't the hero that Kaspersky likes to style himself as, he was the villain. Maybe Kaspersky should keep that in mind the next time he gets the impulse to mimic the character Thomas Gabriel's reputed behaviour.

Keep It In Your Pants

found on the meta picture

The best place to hide something is somewhere that people won't or don't want to look.