Friday, December 15, 2017

It's the principle of the thing

from here

Have you ever felt like maybe the Principle of Least Privilege could be misinterpreted, and maybe that's why it never caught on?

What else have I been missing out on?

found on Meme Base

This is the kind of thing that makes you question every jaded belief you have about unsolicited emails. Don't worry, though. That pile of cash was probably a scammer's earnings, not something they were looking to share.

Thursday, December 14, 2017

I just want to get 'stuff' done

from here

If someone comes up with a way to make applying updates less intrusive and disruptive, it would go a long way to getting patches applied in a more timely fashion and closing the window of opportunity for exploitation sooner.

(And don't be like some people online and assume this is literally me. I simply know there are people like this out there.)

What to buy for the crypto-phile who has everything

link to online store

Do you know any avid crypto-currency investors? I do and I have a sneaking suspicion that one or more of them might actually like these ugly crypto-currency themed Christmas sweaters. You can buy them at Hodlmoon with (surprise) crypto currency. Yes, someone is actually expecting you to treat crypto currency as real money rather than the volatile stock it more accurately mimics. Don't worry, you can also pay the normal way.

Wednesday, December 13, 2017

How to make public washrooms even less private

from here and here (source image)

I am so glad I've never encountered a washroom like this, but if I did - that looks like a convenient place to hang my jacket.

We take the credibility of your corporate responsibility assurances very seriously

found on the I've Been Mugged blog

If only PR people had Pinocchio noses. That would make corporate messaging about data breaches either more comical or force it to be more honest.

Tuesday, December 12, 2017

Don't even get me started on "hacker" or "virus"

from here

So it appears that "crypto" is joining the long list technical terms that are being redefined by people who don't even know the original definition.

To all those upset about this turn of events, welcome to the club.

Someone ought to make a filter for that

found on PMSLWeb

Can you imagine the fortune you'd make if you invented a spam filter that worked on real life things?

Monday, December 11, 2017

Smile! You're on home-made candid camera

from here

If you want to know how to check for them this article presents some ideas.

Drop dead gorgeous dead drops

found on Imgur

I mean, if I were on the lookout for hidden messages, that kind of hiding place might make me forget what I was looking for.

Friday, December 8, 2017

It sure moves a lot for something chained to a block

from here

For all the engineering that went into protecting cryptocurrencies against double spending, even single spending seems to be a rarity. People just buy, buy, buy, there's not much spending going on.

Be sure to drink your Ovaltine

found on Imgflip

It's pretty sad when the company that was supposed to protect you from unwanted garbage starts pestering you with unwanted garbage. Don't take advantage of your users and treat them like a captive audience, because they aren't one.

You have to be careful about being too commercial or you'll turn people against you, people like young Ralphie here

Thursday, December 7, 2017

There be no scanners here

from here

I kinda think I heard this joke (or one very much like it) somewhere else, but I can't find it.

You may have already won against the dark lord

found on The Meta Picture

If the news that you're a wizard didn't seem like it was too good to be true before, try being told over and over again by a flock of owls.

Wednesday, December 6, 2017

Just enter your credentials here

from here
One day the scammers will figure out the unique email address I gave to PayPal and maybe become mildly convincing, but today is not that day.

There's no such thing as too big to fail for databases

found on FRSecure

Not to long ago I tweeted:
That which is collected will eventually be breached
Large breaches like the one at Equifax prove this point in spades, but it really goes for anything. We can't stop all the breaches, so eventually one is going to succeed and the data we (whoever we happens to be) have collected will be released.

The best way to deal with this is to not collect sensitive data in the first place. The second best way is to not keep it for very long. The more data you have the bigger a deal such a breach becomes, so while some banks may be too big to fail it's actually the opposite that holds true for databases.

Tuesday, December 5, 2017

Only stinkers want to kill privacy

from here

I suppose this is also one of the benefits of living alone. You get lots of privacy that way.

No, but it is quite the weapon

found on The Meta Picture

I don't always agree with what airport security does, but in this case I'll make an exception because quite frankly a bottle of solid water would actually be more concerning to me than a bottle of liquid water. I'd also be concerned if someone came on a plane I'm on carrying a baseball bat, a brick, or a sock full of quarters.

Thanks to Madfur for sharing the story

Monday, December 4, 2017

Mother's maiden name: purple lunch bag

from here

If we all followed the advice that's going around these days with respect to online security questions, it really shouldn't matter what the questions are or even whether they're actually questions at all.

Feline Bureau of Investigation

found on Dump A Day

I wonder if this one also wants responsible encryption, or if it'll settle for chin scratches.

Friday, December 1, 2017

Nip and tuck your way to security

from here

Changing your traditional password regularly doesn't really prevent any of today's attacks, so why should efficacy stand in the way of applying the same logic to biometrics?

Clear out the DVD burner while you're at it

found on Pinterest

Technically, without the firewall there's an increased chance your computer will become host to unwelcome code that uses up more computing resources than you normally would, which by extension would make your computer slightly warmer than it otherwise would have been.

Thursday, November 30, 2017

How is "too long" still a thing in 2017?

from here and here

Thanks to Paul Gilzow for pointing out how foolish it is to have a password length limit in this day and age, and, incredibly, getting a representative of the company in question to consider the possibility that Paul is right.

How to stop worrying about ransomware

found on Imgflip

Ransomware really shouldn't be the big deal it has become. We should have always been making backups so that ransomware wouldn't have been an issue in the first place, but barring that, once it did become an issue we should have started making backups.

So why haven't we (collectively) started doing that?

Wednesday, November 29, 2017

That's what I call a duh-fault password

from here

There are a lot of things I could say about this monumental cock-up by Apple, but I think the most important thing for people to take away right now is:
Leave no default password unchanged

That goes not just for this particular case but all cases of default passwords. If you find them, change them, because eventually defaults become something that everybody knows, and a password that everybody knows isn't a very good password at all.

(Of course a blank password is even worse)

Would you trust a social network with your life savings?

found on Imgflip

If you use the same password for both then Twitter is essentially in possession of the key that unlocks all your finances, and I don't think that's something they planned to protect when they were devising their defenses. Even if it was something they planned for, that doesn't mean they'd be any good at it. Certainly I wouldn't expect them to be better at protecting that than they were at protecting President Trump's Twitter account.

Tuesday, November 28, 2017

That sounds like phun

from here

If your son or daughter spends a lot of time online "fishing", make sure it's fishing with an F and not phishing with a PH.

One more reason to use 2 factor authentication


found on Google Image Search

Probably best not to use biometrics, though. You don't want to find out how a dog might bypass that. I'm sure it involves teeth.

Monday, November 27, 2017

Don't want home invaders walking in on me

from here

I imagine this is also good for those times when one is entertaining guests, or if one ever stops being alone, but it's weird that the sense of a lack of privacy can persist even when reality is not in agreement.

Somebody is going to get a new wallpaper

found on Quick Meme

I must admit, I've changed a background or two in my time, but never to something so meaningful. I'm going to have to keep this on file for the next time I need to teach someone a security lesson.

Friday, November 24, 2017

It certainly blocks a lot of infections

from here

There's a set of security 'experts' who are pretty vehemently anti-AV and there's a set of security 'experts' who like to make snide comments impugning the integrity of MSWindows. If those two sets overlap, this should make their heads explode.

Scam Detected

found on Meme Center

I wonder what people encounter more often - virus alerts that actually came from their installed AV or fake alerts meant to trick you into installing malware. If only there was something that could protect us from scams the way AV protects us from viruses.

Thursday, November 23, 2017

When guns don't make you feel safe enough

from here

I am completely dumbfounded by this story. I've certainly heard of police abuse of power and the use of unnecessary force before, but this is some next level shit. As much as we need authorities to neutralize attackers so that they can't launch attacks anymore, we also need to keep them in check and this is one of many examples that we aren't doing that.

In government we distrust

found on Imgur

Trust is hard to build, and even harder to rebuild.The government wants citizens to trust them with the keys to all the data (through back doors or front doors or golden keys or whatever)  even though they've proven themselves untrustworthy over and over again. Somehow I don't think that's going to work out for them.

Wednesday, November 22, 2017

So it was a snooty Nigerian prince?

from here

It's almost never a very sophisticated attacker, unless your metric for very sophisticated includes typing with more than 2 fingers.

Checking my door now

found on Imgflip

I have a confession to make. Sometimes when I leave my home in the morning I discover that the door isn't locked. I've certainly considered the possibility that someone might break in while I slept but it never occurred to me that they might still be there when I wake up. Good thing there's 24h security in my building.

Tuesday, November 21, 2017

HR is not amused

from here

Honestly, even with an HR department that isn't insane and/or completely stupid, work really isn't the kind of place I'd want to be thinking those kinds of thoughts. It would just be weird.

Not even his friends and family

found on Imgur

Email is used for so much junk these days it's a wonder any email is taken seriously anymore.

Monday, November 20, 2017

Grandma fixes everything

from here

If only Grandma could fix Internet privacy. Sadly it's not as easy as mending socks, although I suppose some kind of knitted article could be placed over your webcam, so there's that.

Whenever there's a new privacy setting

found on Meme Center

I couldn't find the true original at Shoeboxblog.com, unfortunately, but don't let that stop you from checking if there are any new Facebook privacy settings you don't remember that need to be turned off.

Friday, November 17, 2017

Peter Piper on security

from here

That's right, botnets are not nets for catching bots.... and yet, I think if you really wanted to, you could probably find a way to use a botnet to catch other bots.

Maybe it's confused by all the BACN

found on ImgFlip
This is one of those things that makes spam filtering hard - messages that under other circumstances would definitely qualify as spam but because you intentionally signed up to receive them they aren't spam (they're bacn). How is a spam filter supposed to know you want to see that junk?

Thursday, November 16, 2017

LiveCD Girls Girls Girls

from here
The reason booting from a LiveCD is good for online banking is that it provides an environment that couldn't have been infected during past usage because the CD is read-only. It occurs to me that an environment you can be fairly certain won't get infected in the present would likewise be of benefit when visiting sites that have traditionally been considered "unsafe".

Just don't do both in the same boot session.

Who even remembers the NSA anymore?

found on Quick Meme

With everything that's been going on in the US government, has anyone remembered to keep an eye on what the NSA is doing? I have a feeling that the importance of intelligence oversight may have gotten lost in amongst the importance of a variety of other things.

Tuesday, November 14, 2017

And it shouldn't have been "Password1!"

from here

Reusing passwords may make things easier for you, but it makes things a lot easier for attackers too.

There are other ways of making passwords easy for you while not making them easy for attackers.

That's some quick thinking

original tweet

This is a much better alibi than that whole "a virus ate my homework". Who knows, maybe you can even say you got caught in a pornado when HR comes around wondering why you were looking at porn on the job.

Monday, November 13, 2017

No peepshows for you, webcam hacker

from here

You didn't think the baddies were just interested in encrypting your computer or making it mine bitcoins did you? Some have more lascivious interests.

Did you roll your own crypto?

found on Quick Meme

If there's one thing that every developer who deals with cryptography should know it's that you shouldn't roll your own. It may sound elitist, but people will come to rely on the security your product offers and unless you're an expert the chances of you making something that actually is secure enough is basically nil. Instead, use existing cryptography libraries that have undergone rigorous review and verification.

Friday, November 10, 2017

Who wouldn't trust Facebook to protect their privacy?

from here

The idea to have people upload their nude photos to Facebook is definitely a weird one, and the admission by Facebook's head of security that employees would actually be looking at those nudes would certainly make me think twice even if I'd forgotten about all the privacy controversies, the ethically dubious psychological experimentation, and that old quote from Mark Zuckerberg himself - "They trusted me, dumb fucks".

If you're not in a hurry I guess that could work

found on Reddit

Often times people are in a hurry and want things cleaned up immediately, but free decryption tools aren't always available so you might think that  your only options are restore from backups or pay the ransom. There is a third option, however - hope and wait. Hope is not a great strategy for data recovery and you'd certainly not want to rely on it, but sometimes all it takes is time for a decryption tool to be developed.