Friday, June 30, 2017

You're gonna need backups either way

from here

Hanlon's Razor makes short work of this dilemma, but for some reason it gets used a lot less than you might expect for this sort of thing.

There's more than one way to defeat a cryptosystem

found on ImgFlip


Thursday, June 29, 2017

The thrill of the Chase bank account

from here

I joke about it here but I wonder if there are types of sport phishing out there.

The bane of a travelers' existence

found on Owned

They're not the villain we want but they're the villain we deserve.

Wednesday, June 28, 2017

Baddies are using our tools against us again

from here

One of the arguments in favour of intelligence agencies hoarding exploits is that we supposedly want them to have the information gathering capabilities those exploits give them. To gather information without these cyber capabilities would put spies at greater risk.

What should be clear now, with both WannaCry and NotPetya taking down hospitals (among other things) is that creating those cyber capabilities puts everyone else at greater risk. Is that really the trade-off we should be making? I thought the people who became spies did so with the understanding that they'd be taking risks in order to protect their country, Risking a few to protect the many seems logical, and those who volunteer for that should be lauded, but reversing that (risking the many to protect a few) is both illogical and a perversion of the intent of those who chose to serve their country.

(Thanks to Edward Snowden for pointing out that the NSA's exploit has now impacted some of the most vulnerable people in America - those in need of medical treatment)

The web of spies

found on Fake Posters

When you get right down to it, there's probably something watching you no matter where you are or what you're doing. Maybe that's why some people say privacy is dead

Tuesday, June 27, 2017

How not to make a clean getaway

from here

You'd think the monitoring device would have come up in conversation at some point. Don't they usually stand out?

Bio-pet-ric authentication

found on Sizzle

I bet a little red dot would also work to unlock this laptop.

Monday, June 26, 2017

You've got to think BIGGER

from here

While I doubt enlargement schemes work, spammers and scammers do make their emails intentionally bad in order to weed out the smart people. Think about it, would you bother reporting something that was so bad it seemed ridiculous?

Scamalot : Mary Gary


Watch on YouTube

This is just one episode in an entire web series, and I don't know about you but I want to send my junk mail to this guy just to find out what he does with it.

Friday, June 23, 2017

Thursday, June 22, 2017

Do you even know what your AV looks like?

from here

Hope you enjoy the impending 'enhanced' security screening

link to tweet

I feel like part of this story is missing. You know, the part where the man with the badge abuses his power in order to repair his fragile ego.

Wednesday, June 21, 2017

So much for secure by default

from here

Some people think Linux will protect you against ransomware. Those people are wrong.

My other computer is your computer (merchandise)

found on Teespring

Thanks to Violet Blue for tweeting about the existence of this Bugcrowd shirt. Apparently there are stickers too, but possibly not on Teespring.

Tuesday, June 20, 2017

It's not like PII is important or anything

from here

It's strange how often we here about unencrypted passwords but almost never about unencrypted personally identifiable information.

Parking enforcement done right

found on Love This Pic

Wouldn't you think twice about committing a parking violation if you knew this would be coming for you?

Monday, June 19, 2017

A kernel of truth

from here

If it's too steamy they might squeal, so you should think about buttering them up.

What protects Trump in transit


Watch on YouTube

Part of me is thinking that maybe giving out these details is a bad idea (because then someone might find countermeasures), but I suspect these details could also serve as a deterrent - especially the part about the gatling gun.

Friday, June 16, 2017

They're hacking so hard right now

from here (source image)

People keep attributing cyber attacks against the US to a nation that can't even keep the lights on at night but somehow that just doesn't pass the smell test. Surely they realize that lights and computers require the same thing.

Now that's crappy privacy

found on MemeCenter

I suppose it could be worse. It could be 2 rows of toilets facing each other.

Thursday, June 15, 2017

The most inefficient botnet in the world

from here

I don't know what the person responsible for this raspberry pi based mining botnet was thinking, but they should probably think harder next time.

Silent but deadly

found on The Art Of Trolling

Silence is certainly a part of stealth. I can only imagine why the owner of this vehicle needs to sneak  up on motherf^ckers. Maybe it's because they'd be able to outrun him if they saw him coming.

Wednesday, June 14, 2017

Surveillance in the Shire

from here (source image)

Gee, I wonder what someone could do if they could reach that power cable. Better hope those shorties don't discover they can use a stick, or stand on a chair.

Ruin a crook's day and use a password that's difficult to guess

found on Joke Pack

I'm having a hard time imagining a better explanation for this stock photo than the one given in the caption. It fits really well.

Tuesday, June 13, 2017

Could we not hack the planet?

from here

I mean, as soon as you name one after a character, you've opened the door to all the others. Someone out there wants to be responsible for Acid Burn, hat's a given.

Sometimes the evidence lies

found on The Art of Trolling

When you're looking at evidence to figure out who is to blame for something, don't automatically believe what you see. Attribution is not easy. Check to make sure you're right or you could wind up going on a wild goose chase.

Monday, June 12, 2017

No wonder they're so secretive

from here

That would be an awful lot of work for relatively little payoff. Mac systems are still very much in the minority

He can't bear to pass up an unlocked door


Watch on YouTube

Unless there's some some kind of vulnerability in the locking mechanism such that significant pressure (like that exerted by a bear) causes it to disengage, I suspect this is a case of a car owner failing to lock their door. Maybe they thought their neighbors were trustworthy enough, but they probably weren't considering their wild neighbors.

Friday, June 9, 2017

No bitcoins for you!

from here

Did this happen to me? No, but I'm pretty sure it has happened to other people and I hope they appreciate the good fortune of falling victim at the best possible time (before they've saved anything they would need to recover).

Almost as stealthy as Wonder Woman's jet

found on Boing Boing

Partial stealth isn't really true stealth is, unfortunately, only partially effective.

Thursday, June 8, 2017

You can't go out on the Internet with all your bits showing

from here

I'm proposing the phrase
Data is naked without encryption
as a catch phrase to help get non-technical people to appreciate the need for encryption. They may have heard and repeated the "I've got nothing to hide" meme without realizing the irony of saying that while wearing clothes. This phrase references the clothing rebuttal to the 'nothing to hide' idea (which I sometimes express as "Then why are you wearing pants?") but brings it back around to data instead of leaving it in awkward personal territory, and also offers constructive advice (adopt encryption) instead of just being judgmental.

I haven't done many catch phrases over the years, but who knows, maybe this one will catch on.

Wannacry T-Shirt

found on Zazzle

This design appears to be depicting data being sucked into some kind of singularity, like a black hole or something. That's not a bad visual metaphor for malware that takes your data away from you. I probably would have gone a little more literal if I had designed it.

Wednesday, June 7, 2017

Maybe a unicycle would be more your speed

from here (source image)

Sometimes a security control only protects part of what you want to protect. Learn to recognize when that's the case so you know when to add additional controls.

Security by obscurity or security by not being a dumbass?

found on Texts From Superheroes

The argument is often made that keeping details about how you defend yourself secret amounts to security by obscurity, but if I had to choose between broadcasting my weaknesses and not broadcasting them, I'd choose the latter.

And while telling Batman isn't necessarily the same as broadcasting it, that's info you still shouldn't trust him with. "Just making a list" my ass.

Tuesday, June 6, 2017

Can you say "ticket"?

from here (source image)

That driver probably can't recite the alphabet or walk in a straight line either. Hopefully they don't get mouthy and belligerent or the cop might just have to take them in.

I gather this is almost certainly staged, but look at how serious an expression the cop has. That level of realism isn't necessary here and it reminds me of how mindlessly authorities follow protocols sometimes.

That's one way to raise an alarm

found on reddit

If you follow these instructions you better believe someone's gonna come running as fast as any fire fighter. Traditionally, however, people don't notice a cyberattack until after the damage is done, so I'm not sure how much direct help it would be.

Thanks to Alex Girard for sharing this joke with me.

Monday, June 5, 2017

Maybe if they used paper mache instead

from here

Who redacts documents with paper and scotch tape? Apparently the Canadian government does.

Shouldn't it take more than this to stop a tank?


Watch on YouTube

Martha, go fetch me the garden hose, we're gonna stop us some tanks.

Of course it would probably take more than just ample watering to make a mud pit big enough to stop a tank, but I wonder if this has ever been employed intentionally against tanks.

Friday, June 2, 2017

That ain't no mustang

from here (source image)

I gotta say, I've seen people chaining up their car like it was a bicycle before, but this is the first time I've ever seen someone hitch their car to a rail like it was a horse.

Tainted Leaks

This little gem was posted as a comment on Schneier's blog by someone using the fairly appropriate pseudonym "Soft Sell".


Here's the plain text version (as opposed to the image above).
Tainted Leaks
Sometimes my brain has got a
zero day I've got to
Hack away
at the lies that you drive into the heart of me
The data that you share
you pulled from your derriere
Now I've lost my light
For I toss and turn I can't sleep at night
Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us
Took my tears and that's not nearly all
Ooooooh tainted leaks
Tainted leaks
Now I know I got to
Hack back I've got to
Honey pot
You must really want all the data I've got
To make things right
I'll get Assange to hold it tight
So you'll know love is to prey
Now its my turn to launch the zero day!
Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us
Ooooh tainted leaks
Tainted leaks
 If you don't recognize it, it's meant to be a parody of this song by Soft Cell from the 80's.


Watch on YouTube

Thursday, June 1, 2017

It's not nonsense, it's encrypted facts

from here

Y'know, in the past I tried to battle the copious amounts of misinformation spread by Bruce Schneier about malware, but somewhere along the line I stopped. Truth be told I think I got a little burned out from that sort of thing. Good on Vesselin Bontchev for keeping at it after all this time.

Let's hope it's just a deterrent

found on Memebase

I get the idea of striking fear into the hearts of criminals, but that seems to be taking things a bit too far.