Friday, June 23, 2017

Thursday, June 22, 2017

Do you even know what your AV looks like?

from here

Hope you enjoy the impending 'enhanced' security screening

link to tweet

I feel like part of this story is missing. You know, the part where the man with the badge abuses his power in order to repair his fragile ego.

Wednesday, June 21, 2017

So much for secure by default

from here

Some people think Linux will protect you against ransomware. Those people are wrong.

My other computer is your computer (merchandise)

found on Teespring

Thanks to Violet Blue for tweeting about the existence of this Bugcrowd shirt. Apparently there are stickers too, but possibly not on Teespring.

Tuesday, June 20, 2017

It's not like PII is important or anything

from here

It's strange how often we here about unencrypted passwords but almost never about unencrypted personally identifiable information.

Parking enforcement done right

found on Love This Pic

Wouldn't you think twice about committing a parking violation if you knew this would be coming for you?

Monday, June 19, 2017

A kernel of truth

from here

If it's too steamy they might squeal, so you should think about buttering them up.

What protects Trump in transit


Watch on YouTube

Part of me is thinking that maybe giving out these details is a bad idea (because then someone might find countermeasures), but I suspect these details could also serve as a deterrent - especially the part about the gatling gun.

Friday, June 16, 2017

They're hacking so hard right now

from here (source image)

People keep attributing cyber attacks against the US to a nation that can't even keep the lights on at night but somehow that just doesn't pass the smell test. Surely they realize that lights and computers require the same thing.

Now that's crappy privacy

found on MemeCenter

I suppose it could be worse. It could be 2 rows of toilets facing each other.

Thursday, June 15, 2017

The most inefficient botnet in the world

from here

I don't know what the person responsible for this raspberry pi based mining botnet was thinking, but they should probably think harder next time.

Silent but deadly

found on The Art Of Trolling

Silence is certainly a part of stealth. I can only imagine why the owner of this vehicle needs to sneak  up on motherf^ckers. Maybe it's because they'd be able to outrun him if they saw him coming.

Wednesday, June 14, 2017

Surveillance in the Shire

from here (source image)

Gee, I wonder what someone could do if they could reach that power cable. Better hope those shorties don't discover they can use a stick, or stand on a chair.

Ruin a crook's day and use a password that's difficult to guess

found on Joke Pack

I'm having a hard time imagining a better explanation for this stock photo than the one given in the caption. It fits really well.

Tuesday, June 13, 2017

Could we not hack the planet?

from here

I mean, as soon as you name one after a character, you've opened the door to all the others. Someone out there wants to be responsible for Acid Burn, hat's a given.

Sometimes the evidence lies

found on The Art of Trolling

When you're looking at evidence to figure out who is to blame for something, don't automatically believe what you see. Attribution is not easy. Check to make sure you're right or you could wind up going on a wild goose chase.

Monday, June 12, 2017

No wonder they're so secretive

from here

That would be an awful lot of work for relatively little payoff. Mac systems are still very much in the minority

He can't bear to pass up an unlocked door


Watch on YouTube

Unless there's some some kind of vulnerability in the locking mechanism such that significant pressure (like that exerted by a bear) causes it to disengage, I suspect this is a case of a car owner failing to lock their door. Maybe they thought their neighbors were trustworthy enough, but they probably weren't considering their wild neighbors.

Friday, June 9, 2017

No bitcoins for you!

from here

Did this happen to me? No, but I'm pretty sure it has happened to other people and I hope they appreciate the good fortune of falling victim at the best possible time (before they've saved anything they would need to recover).

Almost as stealthy as Wonder Woman's jet

found on Boing Boing

Partial stealth isn't really true stealth is, unfortunately, only partially effective.

Thursday, June 8, 2017

You can't go out on the Internet with all your bits showing

from here

I'm proposing the phrase
Data is naked without encryption
as a catch phrase to help get non-technical people to appreciate the need for encryption. They may have heard and repeated the "I've got nothing to hide" meme without realizing the irony of saying that while wearing clothes. This phrase references the clothing rebuttal to the 'nothing to hide' idea (which I sometimes express as "Then why are you wearing pants?") but brings it back around to data instead of leaving it in awkward personal territory, and also offers constructive advice (adopt encryption) instead of just being judgmental.

I haven't done many catch phrases over the years, but who knows, maybe this one will catch on.

Wannacry T-Shirt

found on Zazzle

This design appears to be depicting data being sucked into some kind of singularity, like a black hole or something. That's not a bad visual metaphor for malware that takes your data away from you. I probably would have gone a little more literal if I had designed it.

Wednesday, June 7, 2017

Maybe a unicycle would be more your speed

from here (source image)

Sometimes a security control only protects part of what you want to protect. Learn to recognize when that's the case so you know when to add additional controls.

Security by obscurity or security by not being a dumbass?

found on Texts From Superheroes

The argument is often made that keeping details about how you defend yourself secret amounts to security by obscurity, but if I had to choose between broadcasting my weaknesses and not broadcasting them, I'd choose the latter.

And while telling Batman isn't necessarily the same as broadcasting it, that's info you still shouldn't trust him with. "Just making a list" my ass.

Tuesday, June 6, 2017

Can you say "ticket"?

from here (source image)

That driver probably can't recite the alphabet or walk in a straight line either. Hopefully they don't get mouthy and belligerent or the cop might just have to take them in.

I gather this is almost certainly staged, but look at how serious an expression the cop has. That level of realism isn't necessary here and it reminds me of how mindlessly authorities follow protocols sometimes.

That's one way to raise an alarm

found on reddit

If you follow these instructions you better believe someone's gonna come running as fast as any fire fighter. Traditionally, however, people don't notice a cyberattack until after the damage is done, so I'm not sure how much direct help it would be.

Thanks to Alex Girard for sharing this joke with me.

Monday, June 5, 2017

Maybe if they used paper mache instead

from here

Who redacts documents with paper and scotch tape? Apparently the Canadian government does.

Shouldn't it take more than this to stop a tank?


Watch on YouTube

Martha, go fetch me the garden hose, we're gonna stop us some tanks.

Of course it would probably take more than just ample watering to make a mud pit big enough to stop a tank, but I wonder if this has ever been employed intentionally against tanks.

Friday, June 2, 2017

That ain't no mustang

from here (source image)

I gotta say, I've seen people chaining up their car like it was a bicycle before, but this is the first time I've ever seen someone hitch their car to a rail like it was a horse.

Tainted Leaks

This little gem was posted as a comment on Schneier's blog by someone using the fairly appropriate pseudonym "Soft Sell".


Here's the plain text version (as opposed to the image above).
Tainted Leaks
Sometimes my brain has got a
zero day I've got to
Hack away
at the lies that you drive into the heart of me
The data that you share
you pulled from your derriere
Now I've lost my light
For I toss and turn I can't sleep at night
Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us
Took my tears and that's not nearly all
Ooooooh tainted leaks
Tainted leaks
Now I know I got to
Hack back I've got to
Honey pot
You must really want all the data I've got
To make things right
I'll get Assange to hold it tight
So you'll know love is to prey
Now its my turn to launch the zero day!
Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us
Ooooh tainted leaks
Tainted leaks
 If you don't recognize it, it's meant to be a parody of this song by Soft Cell from the 80's.


Watch on YouTube

Thursday, June 1, 2017

It's not nonsense, it's encrypted facts

from here

Y'know, in the past I tried to battle the copious amounts of misinformation spread by Bruce Schneier about malware, but somewhere along the line I stopped. Truth be told I think I got a little burned out from that sort of thing. Good on Vesselin Bontchev for keeping at it after all this time.

Let's hope it's just a deterrent

found on Memebase

I get the idea of striking fear into the hearts of criminals, but that seems to be taking things a bit too far.

Wednesday, May 31, 2017

Do yo like raining on other people's parade?

from here (source image)

It may seem like security people get a kick out of ruining your day (and maybe some really do) but more often than not they're just focused on one thing (security) and not the context in which it's being applied.

In the above example, the slide could conceivably have been moved or even turned around so that kids wouldn't be turned into french fries when they reached the bottom.

Reason #1498347 why you shouldn't trust strangers on the Internet

found on Fail Blog

Unfortunately the Internet has a great many unscrupulous people trying to trick you in some way in order to get your money.

Also unfortunate is the fact that you are easier to fool when you're desperate.

Tuesday, May 30, 2017

The hole was bigger than they could have possibly imagined

from here

Because of their nature, security failures on billboards are bigger than life and twice as ugly. This is especially true if that billboard is made to show the infamous goatse shock picture as a result.

That was supposed to be between me and my browser

found on Dilbert

I know it's easy to mistake the privacy of your own home, your own bedroom even, as being private, but if you're online it's not that simple. Everything you do online is recorded so the trick is to find some way to prevent it from being linked to who you are.

Monday, May 29, 2017

If you enter the info then the answer will be yes

from here

It may seem surprising but tricks like that actually work, unfortunately.

A great reason to check who's at the door before opening it


Watch on YouTube

This is the kind of thing that makes me glad I live in a colder climate. I feel somewhat safer from reptiles when there's snow on the ground.

Friday, May 26, 2017

And I'm too old to play in sandboxes

from here

It's a shame I couldn't figure out a way to work in a whitelist reference while I was at it.

You'd think there would be bigger concerns

found on Memedroid

Since they'd probably be able to use your WiFi from outside your home, if any were to come inside I think it's safe to assume they want more than just your WiFi.

Thursday, May 25, 2017

You wouldn't hack a safe

from here

We crack passwords. We crack ciphers. We crack safes. We even crack eggs. Breaking down barriers seems to be called cracking, so why do we persist in calling the breaking of most types of computer related barriers "hacking"?

Is this a store or a forest?

found on Imgur

You know what appears to actually be invisible in this store? The customers.

Wednesday, May 24, 2017

I'm never borrowing Osama's luggage again

from here (source image)

I realize some people like to personalize their luggage, but this is not the way to do it.

The dankest privacy setting

found on Privacy Memes

What I think the take-away here is is that there's a Tumblr dedicated to privacy memes. Clearly I'm not the only one who thinks using memes to promote important concepts like security or privacy is a good idea. I might be the only one persistent enough to keep at it for a decade, however.

Tuesday, May 23, 2017

We can re-purpose it - we have the technology

from here

True story, my computer died recently. It was in fact an XP machine (with a number of things to mitigate the added risks of using an OS that wasn't supported anymore).

Now it's my new banking PC (a computer I boot from a Linux LiveCD exclusively for the purposes of doing online banking), which is good because the previous one (that says Windows 2000 on the case) was frustratingly slow when used that way.

I wonder what I'll use that older one for now. Boat anchor? Space heater? Step stool?

If you really loved your country you wouldn't keep secrets from it

found on George Stephanis' blog

Just a friendly reminder to not let your government agencies act like overly attached girlfriends. They shouldn't need to be creepy and stalk you.

Monday, May 22, 2017

The first sample is on the house

from here



How to make a spare padlock key


Watch on YouTube

So, on the one hand this could be handy for making backup keys in case you ever lose the real ones. On the OTHER hand, since this is so easy, you should basically never trust a padlock that has been previously owned by someone else.

Wednesday, May 17, 2017

Copy&paste attribution for the copy&paste cyber threat

from here

Lately it seems like you can't swing a cat without hitting a cyber attack launched by a country that can't keep the lights on. I understand sometimes all the evidence seems to point that way, but you're talking about something that notoriously copied the tools used by one nation state, there has to be a strong suspicion that signs of other nation state's tools are also copied.

At least it's just a surveillance drone

found on The Very Near Future

I can absolutely see something like this becoming a thing in the near future, and I fully expect some enterprising early adopters have already done something similar. The fact that it's found on a site called The Very Near Future seems really appropriate.

Tuesday, May 16, 2017

The first rule of ransomware

from here

One way or another there's a pretty good chance you're going to have to pay eventually. At least with backups it covers a bunch of other scenarios that you can't use bitcoins for. Also, it doesn't pay for the next round of attacks.

Take a moment to appreciate natural defenses

found on Bloomberg

The natural world has some amazing defenses. Imagine how much we could learn from it if we stepped away from our day to day issues and really looked at the world.

Take the pangolin, for example. It's name refers to it's primary defense technique of rolling up into a ball, but it also has at least 2 other defenses - lashing out with it's tail, and emitting a foul smelling substance like a skunk (source).

Monday, May 15, 2017

Better get patching

from here

When it comes to malware, there's almost never just one of anything. Maybe we'll be lucky and the people responsible for WannaCry won't bother fixing the flaws that the first had, but I wouldn't bet on it.

If you didn't get hit before, make sure it doesn't happen the next time. If you did get hit before, make sure it doesn't happen again. Patch if you can, block those damn ports, and make sure you've got backups.