Friday, July 29, 2016

That's One Way To 'Exploit' The Market

from here and here

In reality they put vulnerabilities in their software the same way everyone else does - by accident. But that doesn't mean those vulnerabilities couldn't still be useful if the malware writers all decided to move on to other endeavors.

Gibberish So Nice I Type It Twice

found on Memebase

I too find typing my password twice annoying but I suppose the alternative is mistyping it without knowing. Hold on, no, the alternative is to paste it from the keyboard buffer after your password manager puts it there. No mistyping possible that way.

Thursday, July 28, 2016

IoG: The Internet Of Gross

from here

With all the re-use of technologies going on in the IoT world, cross contamination of vulnerabilities seems a likely outcome.

Their Password Policy Is Ruff

found on Wanna-Joke

I wonder if the person who made this realizes the dogs are actually on the wrong side of the door. They can't keep people out, they're the ones on the outside because the bolt is on the inside.

Wednesday, July 27, 2016

Untouchable Security

from here and here and here (source image)

Default Passwords Are Bad, M'Kay?

original tweet

Many things come with default passwords because they need to have some kind of password when you pick them up off the shelf, but if you don't change the default password then it sort of defeats the purpose of having a password at all - anyone could get up to any kind of shenanigans.

(Thanks to Kashmir Hill for tweeting this example of what can happen when you don't change default passwords)

Tuesday, July 26, 2016

Destructive Phishing Practices

from here and here

I wonder if the person who coined the term "botnet" considered how the average person would interpret it.

Practice Your Incident Response Procedures


Watch on YouTube

If a zoo can practice incident response, why can't your organization?

Monday, July 25, 2016

Someone's Got A Case Of The Monday Morning Ransomwares

from here and here

Considering how easy it would be for users to wipe out ransomware makers' business model, they really ought to start saying "Please".

Surveillance Cameras Can't "Watch Over" Everything

found on Fail Blog

The word surveillance comes from French and means 'watch over', but practically speaking there will always be things above whatever does the watching so there will always be things that are missed.

Friday, July 22, 2016

Toilet Paper Caper Goes Down The Drain

from here (source image)

I don't know what's funnier - the fact that someone actually tried to disguise themselves with toilet paper, or the fact that multiple people have tried to disguise themselves with toilet paper.

NSA's Plans To Spy On Him Were Foiled

found on Imgur

Now you too can use the counter-surveillance excuse when you want to pull this prank on someone.

Thursday, July 21, 2016

Defense In Depth Fail

from here (source image)

If you can get past one padlock, chances are the other 3 aren't going to stop you. People add extra security layers thinking it makes things more secure, but if their equivalent to existing security layers they actually add nothing.

At Least They're Honest

found on The Chive

This sign and the dogs that go with it aren't much of a deterrent in the traditional sense. I think they're only going to stop a very particular sort of trespasser.

Wednesday, July 20, 2016

It Should Be Your Business, Though

from here

Whatever you may think of the differences between so-called next-gen endpoint security and traditional AV, customers deserve better than "we're better because we said so". They deserve independent testing, not excuses about why they should be exempt from independent testing.

Future Hacker Bypasses Rudimentary Access Control

found on Imgur

Thanks to Alex Girard for sending me this demonstration that even the youngest of us will find ways around mechanisms that get in our way.

Tuesday, July 19, 2016

It's Gonna Catch 'Em All If You're Not Careful

from here

Anti-malware software - I choose you. You folks might want to do the same.

A Different Kind Of Attack Dog

found on Fail Blog

Usually attack dogs are big and intimidating because their primary purpose is as a deterrent. I'm not sure this dog would deter anyone.

Monday, July 18, 2016

Watch Each Other's Back When It Comes To Augmented Reality

from here

Now that we have a wildly popular augmented reality game, the risks posed by augmented reality are starting to make themselves known. People are wandering into places they shouldn't, and some of them are getting hurt or worse. While the game may augment reality, either the tiny screen is acting as blinders to everything off the screen or virtual reality games (such as 1st person shooters) have trained us to ignore threats when gaming because we can always start over.

Either way, having someone around who isn't playing when you are has the benefit that they aren't in that world and they can warn you or pull you back from walking into a dangerous situation.

The Pry Minister Is Watching You

tweeted by Richard Littler

This poster Richard Littler created is quite good at creeping the viewer out about Theresa May's pro-surveillance position. It's a shame that there doesn't appear to be any way to change the outcome the poster seems to warn about.

Friday, July 15, 2016

Doesn't Seem To Make It More Secure

from here (source image)

Adding security after the fact (bolting it on) ranges from just partially effective to not effective at all and purely just for show.

Skyrim Security

found on Imgur

I suppose if the security is that easy to bypass you really shouldn't hope for much once you break in.

Thursday, July 14, 2016

Automated Theft Mobile

from here (source image)

I don't know about you, but I would definitely never use an ATM that shady looking. It reminds me of certain carnivorous plants that lure their prey in and then don't let them leave.

If Only State Sponsored Hackers Worked That Way

found on Memebase

Sometimes hackers help people (see Anonymous' actions in the Middle East), but I rather doubt China would have their unofficial hacking army give assistance to the citizens of other nations.

Wednesday, July 13, 2016

The Evolving Meaning Of "Bomb Squad"

from here (source image)

There is no better example of the increasing militarization of the police than their latest tactic of using a bomb disposal robot to plant an explosive device near a suspect in order to kill him. Apparently American streets are a war zone that justify more indiscriminate uses of deadly force (bombs are unquestionably less discriminate than bullets about what and who they damage or kill).

How Not To Snatch A Purse

found on 22 Words

I'm pretty sure there's nothing of value in a statue's purse, and if the statue happens to let go then that woman is going to fall on her ass and potentially break something.

Tuesday, July 12, 2016

Gotta Catch'Em All

from here

While I generally try to avoid giving bad guys ideas, I think this one is pretty much a foregone conclusion. Whoever came up with the game mechanic of buying lures to draw out the pokemon basically figured out how to turn pay-to-play into pay-to-prey.

A LITTLE Extra Security

found on The Meta Picture

A password and a token (the door key) would make for a 2 factor authentication scheme if the password and key were meant to prove you were really you. In this case, however, they're only meant to prove you're authorized to enter, so I guess it's a 2 factor authorization scheme.

Monday, July 11, 2016

I Hope No One Attacks Symantec's Products Before Mid-July

from here

Symantec certainly aren't doing themselves or their public perception any favours by delaying fixing their product line.

This Isn't A Private Dressing Room

found on Imgur

Truth, justice, and the American way. Someone ought to tell Superman that the American way includes privacy - at least when it comes to changing clothes.

Friday, July 8, 2016

One Of The Reasons Why Metadata Matters

from here

It's frequently not enough to just keep the contents of a message or archive secret because there's frequently information outside of it that can give an observer all kinds of clues about the contents.

Evasion Training Starts Early

found on MemeBase

It's a shame we 'grow out of' exercises like this. Not only can evasion be a useful skill under the right circumstances, but staying in the practice of thinking about how to foil an adversary so that we don't forget how is even more useful.

Maybe we should devise ways to teach other security skills through children's games.

Thursday, July 7, 2016

It's Going To Be An Interesting Four Years

from here (source image one and two)

Whether it's communicating top secret information using your own personal email server or expecting Mexico to pay for the giant wall of America, I'm not sure I like where this choose your own adventure series seems to be ending up.

The Limits Of Hotel 'Privacy'

found on Dump A Day

It may not be easy to maintain your privacy in a situation like this. Since it's a hotel you don't really have the option of choosing more soundproof building materials. That leaves 3 main options

  1. Turn up the TV or a stereo full blast to mask the noise
  2. Rent the adjoining rooms to keep them empty so that sound has to travel further and through more walls before it can get to someone (might want to select a room at the end of a hall in order to also make sure no one will be passing by - or you could rent the entire floor)
  3. Recognize that hotels aren't all that private and elect to engage in those activities elsewhere.

Wednesday, July 6, 2016

Doesn't One Lead To The Other?

from here (source image)

Sometimes the consequence of too much security is that it becomes an obstruction. Exhausting your resources and making security useless is another possibility, however.

You're Embarrassed To Be Seen With Me? I Can Fix That

found on Slightly Warped

Y'know, I have a family member who loves to wear clothing with camouflage print. I'm told that he's just like me and yet I don't have a single article of clothing with camouflage print and can't imagine what is going through this guy's head, except maybe that if she doesn't see him then she can't dump him.

Tuesday, July 5, 2016

Truth In Advertising

from here (source image)

It's a weird way to think about it but, I suppose if you eat because you feel insecure, eventually you should start feeling more secure.

The Unluckiest Smuggler

found on Bored

If you can't make your package look like it belongs in your undies, maybe you shouldn't be smuggling things in your undies.

Monday, July 4, 2016

Next It'll Be Cracked Free Antivirus

from here

It amazes me that people could be so focused on getting paid antivirus software for free that they overlook the existence of legitimately free alternatives which often compare favourably in independent testing.

Craziest Things Found By Airport Security



It's weird to say it, but sometimes airport security actually succeeds. Perhaps not when it comes to stopping terrorists, but certainly when it comes to stopping criminals and contraband.

Friday, July 1, 2016

Lets Put It With The Anti-Rootkits, Anti-Spywares, Anti-Adwares, Etc...

from here

I don't even know what they would call something like this (antii-anti-virus-exploit?) but I feel certain something like this is coming.

Don't Make Passwords Your Last Words

found on Toonhole

If there's one reason to ignore ancient (false) wisdom about not writing down your passwords, this is it. We fail, our bodies fail, our minds fail. It's good to have backups in case of such failures.