Friday, May 29, 2015

Not As Mysterious As You Think

from here (source image)

Dark sunglasses, besides being good protection from the bright light of the sun, are also pretty good at keeping the direction of your gaze secret. This makes it more difficult for people to guess what's on your mind; making your thoughts more private and the image you project more mysterious.

At least, that's how it's supposed to work.

Credit Card Theft? There's An App For That

found on the chive

While the joke was from last September, in the intervening months it appears to have come true in a way (though the fault may lie with parties other than Apple).

Thursday, May 28, 2015

Tonight We Dine On Hashes

from here (source image)

Thanks to @reck0n for tweeting the pun-tastic image of a rainbow-coloured picnic table.

Revenge Isn't Meant To Be That Sweet

found on the meta picture

This isn't actually what deterrents look like in Canada, it's just what people expect from us. Although, we do have enough maple syrup to drown people with - but we would never waste it on something like that. No one wants to pour dead-man syrup on their pancakes, waffles, or french toast.

Wednesday, May 27, 2015

Security Theatre Needs Better Props

from here (source image)

Thanks to Russel Eubanks for tweeting this image of a double security fail at an airport. Not only is the lock relatively easy to unlock, it's also relatively easy to ignore completely by going over the fence instead of through the gate.

Not Available In Stores? I Wonder Why?



As strange as this ad is (and the idea of wearing a rubber thong for additional protection during sex is plenty strange), the strangest part is this appears to be an actual legitimate product you can buy (but only online). There are more videos on their site, this is just their "Official Infomercial".

Tuesday, May 26, 2015

Do As I Say, Not As I Do

from here

When Zuckerberg makes observations about how privacy is regarded these days, we should keep in mind that his actions contradict his words. Words which are, in reality, simply an attempt to justify exploiting humanity's desperate need to connect with someone for his own personal gain.

Military And Police, Church And State

found on memebase

Surprisingly wise words from a fictional military leader. An unfortunate consequence of waging war on crime is there is no justice on the battlefield. The battlefield only knows the concept of "might makes right".

Monday, May 25, 2015

Of Breaches And Breeches

from here

A new breach, a new set of consequences for affected users. It appears that some people are going to learn some uncomfortable truths about their spouses.

White Blood Cells Attacking A Parasite

found on the meta picture

If you ever wondered what biological defenses looked like, here’s an example. I wonder if we could apply analogous approaches to computer security threats.

Friday, May 22, 2015

But At Least I Don't Leave Them Lying Around Everywhere

from here

True story: I have over 400 passwords. 400! Thank goodness for password managers is all I can say because there's no way I could remember them all.

I Sense A Disturbance

found on the meta picture

Sensors for detecting unwanted things don't have to be complicated to be effective. Whether it's detecting earthquakes with googly eyes or a malware infestation using a combination of a zip program and a file comparison program.

Thursday, May 21, 2015

You Can't Come In Unless You Can Read

from here (source image)

Thanks to Ian McNaught for tweeting this picture of one of the least secure security code number pads I've ever seen. Would this even keep out the illiterate? Couldn't they just copy the numeric symbols in the note? I bet even lower primates could figure this one out with a little training.

Could You Please Be A Little More Private

found on the fail blog

Although privacy is something we all deserve, it's something that will always require work on our part to maintain and protect.

Wednesday, May 20, 2015

A License To Hide

from here (source image)

Thanks to @thegrugq for tweeting the image of what I can only imagine is someone trying to avoid being found by authorities. Maybe they should have actually swapped the plates, or at the very least used a better adhesive.

I wonder if they got away with it in spite of this obvious failure.

Too Cute To Cage

found on the meta picture

Well there's your problem. Your barrier is full of holes and your rabbit is good at exploiting them.

Tuesday, May 19, 2015

Maybe Just "I Wish You'd Kept Those Private" Parts

from here

It occurs to me that some parts have natural coverings so nudists could (in theory) still have "private parts", so long as those natural coverings haven't been cut off.

I Can't See The Difference, Can You See The Difference?

found on the meta picture

Disguise is so fundamental that it even occurs in nature. That's why a chameleon can change colours, why a leopard has spots, and why some butterflies look like owls.

Monday, May 18, 2015

Hope You Weren't Using The Same Password Elsewhere

from here

There are all kinds of signs that a company is just paying lip service to the idea of keeping your information secure - sending you your password when you've forgotten it is just one of them.

Over The Top Anti-Theft Technique

found on the meta picture

I've heard of putting a pen on a cord or even one of those tiny beaded chains, but this is ridiculous.

Friday, May 15, 2015

But They Seemed Like Such Honest Criminals

from here (source article)

What part of "too good to be true" do these guards not understand?

Which Reason Are You?

found on the meta picture

People say security should be invisible to the user but maybe nagging actually works.

Thursday, May 14, 2015

Stop Crying Cyber-Wolf

from here

How many of the vulnerabilities that have gotten the branding treatment have really deserved the attention they've gotten? It just seems like so much hype now.

Or You Could Just Pretend To Not Be There

found on the meta picture


I wonder if this would work as an excuse for not letting cops in (and by work I mean let you stall long enough to do something while not getting additional charges levied against you).

Wednesday, May 13, 2015

Getting Burnt Learning How To Not Burn Your Food

from here (source article)

His site has been found serving malware 3 times in 4 months. Wow. Either his site's security is really, really bad, or his access to desirable targets is really, really good. It makes you wonder which it is.

This Kid Won't Eat Those Armour Hot Dogs

found on the fail blog

This falls under the "too good to be true" category. I’d be suspicious too. It’s virtually free food.

Tuesday, May 12, 2015

As If The Government Can't Use That Data Too

from here

In fact, we already know the government DOES use data from ad companies - remember, Google is an ad company, and the government gets Google's data through the Prism program (among others).

We're All On A List

found on memebase

If you have a government issued ID then you're on some kind of list somewhere. Driver's license, birth certificate, passport, etc. We're on multiple lists and the government has been keeping tabs on all kinds of things about us (such as our income and expenses) for a long, long time.

(Apparently the true source of this comic strip is this page on the Amazing Superpowers webcomic)

Monday, May 11, 2015

You Had One Job, Mail Department

from here (source image)

Thanks to Aaron Morrell for tweeting this astounding account security failure. I wish I knew what company this was so I could tell you all to give it a wide berth.

Bike Lock By Cop

found on the chive

Unfortunately, I've seen some pretty clever thieves too. Some can even ride a bike without it's front wheel.

Friday, May 8, 2015

I Bet Being Friends With A Nigerian Prince Will Impress Her

from here

If you ever find yourself in this position, I suggest introducing the lady to the Nigerian prince, because she will inevitably tell you she needs financial assistance.

What Peace Of Mind Looks Like

found on the meta picture

If I were that well protected, I'd probably sleep pretty peacefully too.

Thursday, May 7, 2015

So Should I Install AlphaCrypt Or VeraCrypt?

from here

What do you think, am I asking for too much?

Perception Vs. Reality

found on memebase

It's important to have some idea of how your adversaries see you, whether you're the attacker or the defender (and maybe you aren't even the one you think you are).

Wednesday, May 6, 2015

Real Attackers Don't Care About DMCA Threats

from here

Hey CyberLock, the 1990s called and they want their anti-disclosure strategy back. Really, what could a security company in 2015 be thinking by using lawyers to respond to security researchers?

Browser Privacy Is Serious Business

found on the meta picture

My superior Google skills (I got lucky) tell me that the real source of this comic is this page on explosm.net. There are lots of good comics there - some even touch on security and/or privacy.

Tuesday, May 5, 2015

That's What Password Managers Are For

from here

There are 2 solutions to the problem of too many passwords: password reuse (which is bad) and password management (which is what all the cool kids are doing).

The Bubble Boy's Car

found on the meta picture

This may protect it from the wind and rain (which it clearly needs) but it definitely won't protect it against theft or vandalism (which proper garages actually do help with).

Monday, May 4, 2015

It's Always Coming

from here

It always seems to be the way things go down. Something bad happens, like an earthquake in Nepal, and the scammers and malware pushers jump on it as a way of attracting new victims for their schemes.

Guess They Never Thought Of That

found on izismile

It is easy to come up with a security system that you can't figure out how to defeat. It's much harder to come up with one that other people can't figure out how to defeat because it is difficult to see past our own assumptions and mental blocks. Other people have different thought processes, though, so they won't get hung up on the same things you do.

Friday, May 1, 2015

How Many Times Do We Have To See The Same Breach At Different Companies?

from here

Sometimes it seems like the biggest problem in infosec is the belief that it won't happen to your organization. What else would cause people to not take obvious countermeasures after the same kind of attack is used over and over and over again?

Tell Me Again How You Take My Security Seriously

found on the meta picture

This is definitely not how you verify you're talking to the right person. If it's not the right person, what are they going to say? "No"? Of course not. This makes me glad I'm not a customer of this company.