Friday, January 30, 2015

Who Wore It Better?

from here (source image)

I could actually see not seeing her if she covered a bit more. That fabric really does blend in quite well.

The Captchas Have Become Sentient!

found on failblog

I have a sneaking suspicion that Lord Inglip is secretly @SwiftOnSecurity.

Thursday, January 29, 2015

Airport Security Is Brought To You Today By The Numbers 3, 4, 5, and 6

from here (source image)

Thanks to @revrance for tweeting a photo of an airport security door in dire need of maintenance.

Aziz Ansari Ain’t Afraid Of No Ghost

found on the meta picture

I guess it can't be all that modern a ghost if it can't figure out how to shoulder-surf your wifi password. Honestly, if I were a non-corporeal entity, I think that sort of thing would be pretty easy to pull off.

Wednesday, January 28, 2015

Breaking Biometrics Is Child's Play

from here (source image)

Inspired by the real life experience of Matthew Green

Trevor Noah On The Daily Show

found on the meta picture

Raise your hands if you feel like you need protection against those who are supposed to serve and protect you.

Tuesday, January 27, 2015

You Can't Win 'Em All

from here (source image)

No matter what you do, there will always be adversaries with greater capabilities than you and there will always be things you can't prevent. Don't try. Accept the things you cannot change, as the saying goes, and figure out how to get by in spite of these things.

A Solution To A Very Common Problem

found on the meta filter

Well, that's certainly one way to control access to your mug. It'd be terrible if some ne'er do well put a second lock on there, though.

Monday, January 26, 2015

Do You Have A Ransomware Insurance Policy?

from here

It's a shame more people don't make backups just in case. It could save them a lot of grief (and money).

The Best Way to Fight Terrorism in the US

found on memebase

Y'know what? That really does seem like a good way to fight terrorism. If you aren't listening to the people with a financial incentive to help spread that terror then there's a very good chance you won't be terrorized.

The old news motto of "if it bleeds, it leads" has been making people increasingly fearful for a long time, and it’s had a lot of negative consequences. For example, look at how the police treat every interaction as a potential violent altercation even though actual violent crime is at an all time low. Fear of unlikely threats is harming society.

Friday, January 23, 2015

The "Idiot Cord" Of Authentication Mechanisms

from here

I think I've figured out why people still believe in biometrics. You can't forget or lose your own body parts. If you have no faith in your fellow human beings ability to use their brains at least enough to remember to carry a security token then this is the security mechanism you choose.

Jimmy Kimmel : What Is Your Password?

It seems to me that when a television personality like Jimmy Kimmel starts putting spots about password security on his show, that's probably going to have a bigger impact than anything a security pro can do.

Someone needs to figure out a way to get Jimmy Kimmel to cover cyber security more often.

Thursday, January 22, 2015

Until You Boot From A Recovery Disk To Check

from here (source image)

I often wonder about people who say they don't install antivirus and never get infected. How can they know?

Maybe their computers actually occupy both states simultaneously until observed by an antivirus product.

Your Security Code Is Safe

found on the meta picture

Yeah, he's got such an honest face. What could possibly go wrong?

Wednesday, January 21, 2015

Congratulations! Most Of You Drew Straight Lines On Your Keyboards

from here (source image)

Based on those passwords I can see some jocks, some nerds, some text repeaters (see "password", enter "password"), and a whole lot of keyboard finger painters.Hard to believe this is still the quality of passwords we're seeing in the wild after all these years.

They Do It Their Way

found on the meta picture

This is ... not quite as uplifting as the ice bucket challenge I remember.

Tuesday, January 20, 2015

Now Who Do I Disagree With?

from here (source article)

Honestly I don't think there's really a question here, I just thought it was strange to see these two apparently on opposite sides of an intelligence issue.

New World Order

found on the meta picture

Maybe it's time we start addressing the right threats to our safety and security.

Monday, January 19, 2015

I Love The Smell Of Whitelists In The Morning. Smells Like Victory

from here

I know this probably makes me sound like one of those obsessed security geeks that enjoys clicking on prompts from my security software more than doing actual useful work with my computer, but that's not really it. In fact, the prompts I encounter are minimal (I think I saw 1 today) if you get the configuration just right.

What it's really all about is gaining mastery. Simply running a virus scanner takes literally no skill whatsoever, but figuring out which programs I really need to allow to run, and getting the right balance between the invasiveness of prompting and the permissiveness of the whitelisting policy takes knowledge and skill and occasionally some effort from time to time to fine tune things. If you fiddle with your car engine to get better performance, or your stereo to get better sound, you know the sense of accomplishment when you get it just right. It's kind of like that but with the added advantage of defeating attackers before they even attack.

Idea Channel : The Uncertain Connection Between North Korea and Hackers

Once again, the Idea Channel covers an information security topic, and it's a really different perspective from the ones I've read about inside the information security echo chamber.

Abstraction is, I think, often a useful device for simplifying a subject, or at least glossing over the tiny details that would otherwise slow down the communication of ideas. The danger in doing so, however, is that many people (especially those who are less familiar with the subject in question) aren't aware of or appreciative of those tiny details and wind up building upon the abstraction in questionable ways and even arriving at erroneous conclusions. That's the fear in the information security community - that policy makers don't have the technical knowledge or discipline to use mental shortcuts about technical issues responsibly and are going off half cocked.

Friday, January 16, 2015

And Here We Have The Booty Trap

from here (source image)

Look, even the ladies want to check it out. It appeals to all people, apparently. You might be wondering if maybe a booby trap would be even better, but consider this: wouldn't you be more inhibited about pointing your mobile device in some stranger's direction if you were facing them?

I don't know if it's actually a malicious QR code or not, but the people eagerly scanning it don't either.

Not Even Norton Can Protect You

found on memembase

First of all, look at how big this Norton condom is - bloatware anyone? And then of course there’s the little issue of not being able to stop anything and in fact apparently helping the thing it was expected to stop actually spread further than it otherwise would. These are not entirely unheard of  issues for Norton or other AV vendors.

Thursday, January 15, 2015

Cut & Paste Any Good Links Lately?

from here

One might assume the fact that Obama's proposed cybercrime legislation seems to cover thing like copying links is just an unintended consequence, but it seems equally likely that it's meant to better cover the government's ass when it engages in prosecutorial overreach in future.

Well Somebody Got Sloppy
tweeted by Dave Lewis

Thanks to Dave Lewis for tweeting this meme expressing skepticism over the government's explanation of how they've attributed the Sony hack to North Korea. It's like, either they're a really scary cyber superpower as the government seems to want us to fear, or they're bumbling nincompoops who make stupid mistakes. It's hard to fear bumbling nincompoops, though.

Wednesday, January 14, 2015

If You're Not Catching The Criminals In The First Place, What's The Point?

from here

Is the problem really that we aren't punishing cybercriminals enough or is it that we aren't catching enough cybercriminals? Toughening legislation isn't going to do anything to improve the latter problem.

They'll Make You An Offer You Can't Refuse

tweeted by George V Hulme

Thanks to George V. Hulme for tweeting what seems to have been a fairly accurate prediction. Although the suggestions right now aren't technically for forcing cyber data sharing, they do create incentives that companies are unlikely to say no to.

Tuesday, January 13, 2015

Computer Virus Clean-Up Gone Wrong

from here (source image)

While there is certainly room in security for finding creative solutions, this is not the way to clean-up after a virus infection.

If We Can't Read Your Messages Then The Terrorists Win

tweeted by @TheTakeaway

Thanks to @TheTakeaway for tweeting this reminder of why we can't just blindly give up liberties in an effort to combat terrorism. This isn't just true for the US, either. Things like privacy are unfortunately under attack by people like David Cameron (who seems to labour under the delusion that it's possible to reveal the contents of secure communcations to only the right people with the right legal documentation - because apparently legal documentation is what computers operate on).

Monday, January 12, 2015

How Not To Blend In

from here (source image)

Honestly, this guy could have had the best camouflage science fiction has ever conceived of (ie. the predator's cloaking field) and that horse would still give him away. It doesn't matter how good your techniques and technologies are if you give yourself away with dumb mistakes like that.

So You Think You're A Hacker...

found on the chive

One might make the argument that it’s manual session hijacking, but this is the kind of thing even a house cat can do. It’s not worth mentioning.

Friday, January 9, 2015

Anti-Virus Testing Fail

from here

I imagine I've already done something like this before, but if people keep repeating the mistake of studying AV effectiveness by using VirusTotal then I guess this needs repeating too.

For those who aren't yet aware: VirusTotal is a service that allows you to submit suspected malware samples and have them scanned with over 40 different anti-malware products to see if any of those products thinks your sample really is something bad. Unfortunately, it's not feasible for VirusTotal to use all the detective capabilities of those anti-malware products, so if you try to study the effectiveness of anti-malware products by using VirusTotal your results are going to be profoundly misleading.

One Clue To Fool Them All

tweeted by George V. Hulme

Thanks to George V. Hulme for tweeting this meme expressing doubt that we can ever figure out who committed an online attack with any accuracy. As @thegrugq has said, the attackers control too much of the forensic information we'd have access too in the online world, they can easily deceive us.

Now, if there's offline evidence about who did what, that could be a lot more compelling than pointing at a map and saying "we saw their IP address(es) in traffic related to the attack".

Thursday, January 8, 2015

What Not To Wear For Criminals

from here (source image)

Maybe this shirt has IANAL (I am not a lawyer) on the tag next to the washing instructions.

Crypto Reporting Broken

tweeted by Tony Arcieri

Thanks to Tony Arcieri for tweeting this comic about how even technology reporters take complex issues and twist them into something that is either entirely wrong or at least grossly misleading all in the name of simplifying things or grabbing the readers' attention.

(Hopefully there's just the right amount of irony in the title)

Wednesday, January 7, 2015

Whatever Happened To "Private Parts"?

from here (source image)

I don't know where to begin.

First: This is a real thing and if you google "outdoor urinal" you'll see a number of pictures of these.

Second: These are actually somewhat modest - many of the examples that google shows of this style are missing that little wrap-around part.

Third: No. Just NO! The insanity has to stop. It's bad enough there's no privacy at ordinary urinals, but at least those are in a dedicated room rather than out on display in the city streets. This trend towards public displays of male genitalia is something no one wants to see reach it's final horrifying conclusion. If you think you do want to see it, stop picturing some fantasy dude and imagine some wrinkly old fat guy because there's a lot more of those in the world. This is where the argument that "privacy is dead" eventually leads. We won't be calling them "private parts" for much longer if this keeps up.

Finally: Where do they wash their hands?

I Can Has Fresh Undies?

I have a feeling he probably soiled himself a little, and if you look closely after he's thrown to the ground it kinda looks like he was wearing a pair of tighty whities as a mask too.

Tuesday, January 6, 2015

The Internet Plays For Keeps

from here

It's kinda sad how people think best practice is all they need to do. Practicing is what you do BEFORE doing it (whatever it is) for real. You don't win races on practice laps, you don't get graded on practice tests, and you don't secure yourself with best practice.

Have You Tried Turning It Off And On Again?

found on the chive

Yes, North Korea really does have just one connection to the Internet, so just about anybody could be responsible for taking the entire country offline - even some pimply-nosed teenager sitting in his parent's basement.

Monday, January 5, 2015

If You Use Anti-Terror Laws To Spy On Toddlers, You Might Be A #SecurityIdiot

If you use anti-terror laws to spy on toddlers, you might be a security idiot (and quite possibly insane)

I can't imagine how the UK government thinks child care workers are going to figure out which toddlers will become terrorists, but apparently this is a real thing the government wants to see happen.

Folks in the UK, aren't you glad your government is protecting you from 'terror tots'?

Who Needs Sophisticated Attackers?

found on the chive

While I don't believe North Korea had anything to do with the hack, I gather that not only were some of Sony's passwords literally "password", but thousands of them were stored unprotected documents in a folder called "Passwords". It's almost like someone wrote a playbook on how to make computer systems easy to break into and then gave it to Sony as an example of a security policy.

Friday, January 2, 2015

Those Sunglasses Aren't Fooling Anybody

from here (source image)

With her on the job, I feel safer already. Not.

In Regards To The Recent Uprising Across The Country

found on the meta picture

I imagine the current outrage over abuse of power by authorities is as potent as it is because police killing people is kinda worse than the government simply spying on people.

Thursday, January 1, 2015

And Get Off My LAN!

from here

There were whitelists, and behaviour blockers, and integrity checkers - oh my.

And now I feel old because I'm recalling AV suites from 20+ years ago.

From The Unintended Consequences Department

(via boing boing)

It’s sad that interaction with the authorities has become so dangerous that we need to invent safety devices for it.

Unfortunately, this is the kind of idea that would actually nullify the safety benefits of putting your hands up, because the same kinds of cops that mistake hair brushes for guns aren't going to be able to tell if your hands are really up and will shoot you just to be on the safe side (because their number one concern isn't public safety anymore, it's their own).