Thursday, August 17, 2017

How I benefit from your privacy

from here

Your privacy is good for you and for me, and I would very much like it if your confidential info didn't intrude into my life.

And the backdoors are gonna be YUGE

found on Sizzle

He knows the best hackers. They hacked the election for him, after all.

Wednesday, August 16, 2017

Not looking so 'smart' anymore

from here

When it comes to failing smart locks, both failing open and failing closed (unlocked or locked) have problem. You need to be able to open the door but you also need to be able to prevent others from doing so. If you can't get in you may be less secure as a result. If everyone can get in you may be less secure as a result. If there is no good failure mode, the possibility of failure should not be accepted.

Terminal Stupidity Authority

found on Webcomic Factory

The scary thing is, a 10 year old girl isn't even the youngest child I've heard of being subjected to a "pat down" at an airport terminal, and because of the nature of the touching, the outcome is often pretty bad. Don't bother trying to figure out what the TSA is thinking, though - they aren't.

Tuesday, August 15, 2017

Did I staple a horse, or the horse, or your horse, or...

from here

I don't know about you but I find that remembered phrases are prone to slight alterations that have little bearing on the meaning of the phrase but make a computer completely fail to match them against the reference phrase that was entered months ago. That's a problem with passphrases that I rarely hear anyone talk about.

I'm feeling so confused right now

found on Memebase

Could someone explain to me what AVG is supposed to be doing? Are they supposed to be making us feel more secure or are they supposed to be making us feel more productive? Because I'm pretty sure booting up 1% faster (who can even tell that?) has precisely no impact on feeling more secure.

Monday, August 14, 2017

Illustrate your point with cave paintings if you like

from here

The catch phrase "There's no patch for human stupidity" is a fairly successful meme within the information security community, but that doesn't make it good. It's actually exotoxic in the sense that it implies that it's not worth the effort to pass on knowledge to people who don't already have it, thereby denying those people the tools with which they could better control their outcomes and by extension thrive.

The fact that we aren't still living in caves proves that it's not just special individuals who are capable of learning but in fact the entire human species as a whole.

How not to make a clean getaway


Watch on YouTube

F&@%ing doors, how do they work? That must be a question that plagues this would-be criminal. I'm sure he lies awake at night in his cell wondering what he could have done differently (although he appears to get away, it seems unlikely he stayed out of the grasp of the long arm of the law).

Friday, August 11, 2017

No logo, no coverage

from here

The fact is, when researchers market the vulnerabilities they discover, they're really marketing themselves. More and more these days security seems to be about satisfying personal needs rather than actually making things more secure.

It might help me unclench

found on Know Your Meme

I mean, if they're going to be sticking things there without a normal lubricant, at least they could try a social lubricant.

Thursday, August 10, 2017

Go directly to jail. Do not pass GO

from here

Normally I'd say something along the lines of "I have no idea what this person was thinking" except the journalists who covered this made sure to include that part. The guy was just looking to get home. That's right, he planned to drive a stolen cop car to his house. Not like having a stolen cop car outside your home to point the finger at you.

Just a lonely little botnet

found on Quickmeme

This is one of the reasons I use a different disposable email address everywhere I go. Not because I have a relationship to protect, or because I post lonely heart ads online, but rather because I know that emails occasionally get harvested by spammers and I want to be able to turn off the spam without losing my real email address.

Wednesday, August 9, 2017

How do I practice cell phone opsec now?

from here

The point of burner phones is that you dispose of them often so that they can't leak information about you or your operation. Chances are you'll need many of them and so they'll have to be cheap.

One wonders, though, at what point does a cheap phones itself cause people to become suspicious.

I'm sure some people are able to use iPhones as burners, but they'd have to be part of some well funded group (perhaps working for a government).

This door seems 'secure'


Watch on YouTube

An excellent demonstration of why blindly using security controls without knowing how they work or whether or not they're suitable to the environment you're using them in is not a good idea.

Tuesday, August 8, 2017

When even attackers don't want anything to do with you

from here

As someone who spends most of their non-work time alone, I think I would like to be so unpopular that attackers wouldn't bother with me. That seems like a silver lining I could get behind.

But it's supposed to be secure

found on Quick Meme

This is actually a really good use of the Everyone Loses Their Minds meme. If you're familiar with this scene in the movie then you remember him talking about 'plans'. Microsoft having vulnerabilities is definitely part of "the plan". It's what people expect. There was even a plan for addressing those vulnerabilities once a month, as regular as clockwork. Unix/Linux/etc having vulnerabilities? That's not part of the plan and for those that are affected by it, it is definitely something that raises their anxiety level (maybe even to the point that they lose their mind for moment).

Monday, August 7, 2017

You shall not pay

from here

There may come a time when you get hit by ransomware, and if you don't want to wind up as lost as Confused Gandalf here you'll make backups, because the only thing paying guarantees is that it'll happen again (either to you or someone else)

The more people do it the more dangerous it becomes

found on Rahul Kumar's blog

There are certainly those who believe AV should be abandoned altogether and cite their own experiences not getting compromised while not using AV as evidence. But those are merely anecdotes and they don't reflect the fact that part of what keeps those people safe is all the other people who ARE using AV and making it harder for malware to flourish long enough for those who aren't to be exposed to it.

In biology this is called herd immunity. It only works so long as a certain minimum threshold is maintained and telling people to abandon their AV threatens to bring the number down below that threshold and make things worse for everyone.

Friday, August 4, 2017

Where'd all that banking trojan money go?

from here

I don't know about you, but I think if I were responsible for a banking trojan, especially one that managed to make it onto the authorities radar, then I'd have enough money to get my own place.

That's one solution to the malware problem

found on Quick Meme

Malicious software won't be a problem anymore if you remove the power. Not being able to use the computer for anything is a bit of a problematic side effect, though.

Thursday, August 3, 2017

You are hereby ordered to stop committing crimes

from here

At least their boss is doing something to curb this abuse of trust the authorities are committing, even if what he's doing is a bit ridiculous.

Hope you didn't have anything to hide

found on Meme Generator

Nobody said staying one step ahead of the authorities was going to be easy.

Wednesday, August 2, 2017

Try not to shoot yourself in the foot

from here

Yes, this is a real thing that happens. People think they know better than their AV vendor what features should be enabled. The problem is most people don't actually know how AV works, so their choices are uninformed and eventually harmful in the long run.


The evolution of a meme

tweeted by Franziska Haaf

Does this meme look familiar to you? The text is identical to this one from years earlier but the art work is clearly superior. I approve.

Tuesday, August 1, 2017

And why the ones they do get don't count

from here

Every time there's another piece of Mac malware in the news the Apple faithful go through mental gymnastics to explain (perhaps to themselves) why that one doesn't count. I wonder what they'll come up with for this new one that's apparently been going on for years.

Geniuses sure ain't what they used to be

found on Sizzle

I have a feeling the "genius"es in the actual Apple store are probably trained not to come up with that interpretation specifically because they don't ever want to give the public the idea that Apple computers get malware like PCs do (even though they do).

Monday, July 31, 2017

The future of health care

from here

Going for my annual checkup is cheaper for me than flying somewhere, but that may be because I'm in Canada.

When best practices should be the only practices

found on Stack Exchange

I know this best practice. I follow it as best I can, but after spending a week trying to figure out a way to use PBKDF2 securely with just ordinary .Net (no  extensions or additional 3rd party libraries) and failing, I'm starting to see why people continue to violate this best practice.

Friday, July 28, 2017

We occupy the enclosures identified by numbers less than 4

from here

Confession time: the style and substance of the memes I create are sometimes randomly selected. When Joseph Ducreux and exploit came up (and after I spent some time making sure I knew exactly how to make a Joseph Ducreux meme, aka an archaic rap meme) there was really only one option - use All The Things by Dual Core.

The Internet of Nagging Things

found on LinkedIn

As more and more things become connected, and as they all seemingly have conditions under which they'll send you a notification or alert or some other kind of message that the makers think needs your attention, just imaging what a home full of smart devices like that will be like. Imagine what it will be like when 2 things are vying for your attention at the same time, or 3 things, or 5, or 10. The more smart devices you have, the more likely the occasional overlap will be and the more devices will overlap with each other attempting to get your attention. It'll be like the film "Cheaper by the Dozen" except instead of a bunch of precocious children it'll be a bunch of appliances with sensors and alerts and updates that need to be applied.

Thursday, July 27, 2017

A Roomba with a view

from here and here

Selling data about the insides of people's homes seems pretty creepy if you ask me. What's next, selling photos from inside people's homes?

Still young enough

found on Memebase

As we get older, our memory starts to fade. If you can still remember  a changed password after a holiday, good for you, but it won't always be that way, so start developing alternative strategies.

Wednesday, July 26, 2017

The FUD was strong with that one

form here

I remember a friend of mine downloading a special (older) version of Norton AV specifically because of it's purported ability detect/disinfect Michelangelo even though by that point the virus was a year or two old and should have been handled just fine by any up-to-date AV.

A lock is a terrible thing to waste


Watch on YouTube

I hope their car upholstery is brown because that would make most people crap their pants. Those two, however, don't seem sufficiently scared of the lumbering threat just outside their car. The bear may not have got them but sooner or later they're going to be food for something the way they're going.

Cars have locks for a reason. Use them.

Tuesday, July 25, 2017

This post gave my computer AIDS

from here

Just in case you thought ransomware was a relatively new phenomenon, the AIDS trojan dates back decades.

I love free things!

found on Memebase

Sometimes "free" is all the enticement a person needs to fall for a trap.

Monday, July 24, 2017

Traveler's Jackpot

from here

No security is perfect. Something (or someone) always falls through the cracks, so if you happen to be one of the lucky few, count your blessings and maybe buy a lotto ticket.

Encrypted USB Flash Drive

product page on Amazon

I'm not trying to say this is the best option. I know there's software-based full disk encryption products that can create encrypted volumes on flash drives, and that's probably the way I would go, but I also know that those kinds of approaches can be complicated and difficult for some people to use. There's no one-size-fits-all security, and this might just be the best option for some people. As weak as I'm sure the PIN code the average person enters is likely to be, it's probably still better than no encryption at all. This isn't going to protect your secrets from the government, but it might just protect them from a sibling, a spouse, or a thief of some sort.

Plus, it can serve as the thin edge of the wedge that gets people thinking more about securing their data.

Thursday, July 20, 2017

Cheaper locks mean fewer knocks

from here

They say that locks just keep honest people honest, but they don't say anything about creepy (though I suppose picking your lock in the middle of the night while you're asleep is pretty creepy).

Not all locks are created equal, though, so next time you have to pay for a lock you might want to think of it as an investment and not skimp on it.

MD5 is not alive

found on Meme Generator

The cryptographic hash function MD5 has been deprecated for over 2 decades and people still use it. We tell end users to keep their software up to date, but where's the hand wringing over software vendors keeping their security knowledge up to date? MD5 is dead, stop trying to bring it back in your software projects.

Wednesday, July 19, 2017

F-ing Mathematics, How Do They Work?

from here

This is one of the most absurd image macro memes I've ever used, but it fits well with one of the most absurd statements I've ever heard a politician make about encryption.

That moment when you realize you should have had a password

found on Randowis

Passwords can prevent more than just someone pretending to be you.

Be sure to check out the other excellent comics on Randowis.

Tuesday, July 18, 2017

Let digital Darwinism sort things out

from here

Do you ever get tired of trying to convince people not to do dumb things? I sometimes do and I wonder if maybe it would be better to just let nature take it's course. I try to be more optimistic most of the time, though.

Giving three fingers to scareware

found on Meme Generator

It is possible, at least in theory, to interrupt the execution of malware before it has a chance to do anything. Better to not let it open in the first place, though.

Monday, July 17, 2017

The Internet is full of strangers

from here

A recurring theme in cyber security is that the lessons we learn in real life don't seem to get applied to the online world. We need to do a better job of drawing parallels between the two worlds.

String beats car lock


Watch on YouTube

Did you know it was that easy to break into a car? Maybe this is why that style of car lock seems to have gone out of fashion.

Friday, July 14, 2017

Hollow promises are hollow

from here

It seems to me that AV conspiracy theories are a little on the simplistic side. There is literally no reason for a government to try to compel an AV company to ignore their malware. There are lots of ways to make it ignore the malware without contacting the AV company at all.

Criminal Customer Service

found on Amazing Super Powers

People say the ransomware business model has good customer service (and it needs to because it's basically trying to convince people to pay), but I don't think ransomware makers ever offered their victim's tea before.

Thursday, July 13, 2017

AV firms aren't the Russian hackers you're looking for

from here

Why is it that, when the Russian government is believed to have launched cyber attacks against the U.S., they take it out on private Russian businesses instead of the Russian government?

If we're going to go back to wringing our hands about The Red Threat again, maybe hold leaders responsible instead of giving them a pass while sticking it to their constituents.

Safe and secure, living the pug life

found on iFunny

If one dog can serve as a deterrent, surely 7 dogs can be even more of a deterrent.

Wednesday, July 12, 2017

Funny how that keeps happening

from here

I wonder how many people have gotten out of trouble because ransomware eliminated the evidence for them. It's not just trouble with parents, either. I could imagine something like this happening with law enforcement as well.

At least it's more private now

found on The Art of Trolling


Tuesday, July 11, 2017

Dear sir/madam, your assistance is required

from here (source article)

You actually should take scam emails more seriously. Not because they might be legit (they aren't) but because the scams get shut down sooner if people actually do something about them instead of dismissing them as obvious scams.

What I think of when I hear the term "Security Evangelist"

found on Imgur

Considering how much faith is involved in IT security, perhaps this is appropriate.