Thursday, September 21, 2017

Security vendors in glass houses

from here (source image)

McAfee really shouldn't be throwing stones here, considering their own intelligence community ties. And you know what? With all the focus on the NSA in recent years, ties to American spies is probably going to carry more weight internationally than Americans might realize.

The song of my people

found on Imgur

Part of me wishes I had found the entire song parody that this meme alludes to, but another part of me is glad I didn't. We don't need to get into details about how things break when you apply patches (necessitating the practice of testing patches on a test system before rolling them out to production systems)

Wednesday, September 20, 2017

Of course pirates want to steal resources

from here

Although the site operators have tried to explain what their intentions were, the fact remains that The Pirate Bay ran miners on people's computers without their consent. The distance between this and distributing mining trojans is vanishingly small.

The secret purpose of The Great Firewall of China

found on Memecenter

On the other hand, perhaps instead of making them smarter, it's designed to help identify the smarter ones so that they can be conscripted into China's cyberwarfare unit.

Tuesday, September 19, 2017

Hope you didn't get taken to the cleaners

from here

If you are a user of CCleaner then you should know that it has had malware embedded in it recently and you probably ought to get the latest version that eliminates that particular problem.

Why not both?

found on Imgflip
There's nothing that says a streaming site won't show you a movie AND infect your computer. They aren't mutually exclusive and just because you saw the video doesn't mean your computer didn't pick up something nasty along the way.

Monday, September 18, 2017

What happens if they're already in the house

from here

A locked door only helps if the baddies are still on the outside, not on the inside with you.

Spying on yourself

found on Chuckles Network

Having spyware on your system would certainly make it an asset, but not in a 007 sort of way. More like a you've been owned sort of way.

Friday, September 15, 2017

For want of a patch our data was lost

from here

Keeping up to date is hard? When you've got that much data that's that sensitive you either keep it safe or you don't keep it at all. I don't care how hard it is, this isn't a valid excuse at this scale.

P is for privacy

found on Meme Generator


Thursday, September 14, 2017

I sense another governmental agency coming

from here

Maybe it's just me but I think if you take 14 months to clean up after a USB worm, maybe banning an antivirus vendor's products from being used in your agencies isn't such a good idea. Honestly, you need all the help you can get.

Perverse incentives for security updates

found on Quick Meme

There's a kernel of truth in this conspiracy theory. When Sun has figured out a way to monetize attempts to update their software (by nagging you and then pre-checking a checkbox to install a 3rd party toolbar) then there's something kind of suspicious about Java requiring a security update - the argument could be made that they have a financial incentive to leave a few vulnerabilities in the product in order to force users to go through the install process all over again and in at least some cases forget to uncheck the checkbox for that toolbar.

Wednesday, September 13, 2017

What happens when your face is your password

from here

Our faces are probably the part of the human body that we change the most often, whether it's with shaving or makeup or surgery or injury. Of all the biometrics one could use to unlock a device, it is perhaps the most problematic.

That's one way to disinfect your computer

found on Chuckles Network

On the one hand, this may very well eliminate biological viruses so the statement could actually be true. On the other hand I now want there to be a malware removal tool called Lysol to take advantage of this kind of misunderstanding.

Tuesday, September 12, 2017

Not the kind of 'friendly' skies you want to fly

from here

Maybe we could fly the professional skies in stead? Or better yet, how about the polite skies? That sounds good to me.

Fraud or not

posted to the Boing Boing forum by forceblink

The complicated problem of figuring out whether something like this is a scam or not is the fact that Equifax seems to have behaved in some decidedly scammy ways in the past. There needs to be a way to protect yourself without giving up the very same sorts of data that was compromised in the first place, and Equifax needs to stop trying to screw victims over.

Monday, September 11, 2017

Identity Theft 'Protection'

from here

I can't imagine how consumers are supposed to trust Equifax now that they've been breached and over 100 million records were exposed. It's a good thing for Equifax that they don't need consumers to trust them, they just need other businesses who get breached to give them their own customers' details in order to offer those customers free credit monitoring in response to their own breach.

Ultimately, though, it is the fate of all large databases of valuable information to eventually be breached. We need to rethink what information we compile and hold on to for the long term.

I'd wait too, wouldn't you?

found on Imgur bur originally from Carbon Based Slice

They say patience is a virtue, but I guess it's also a part of good OpSec by helping you avoid entering secrets into computers you don't (and probably shouldn't) trust.

Of course 2 factor authentication could help in this scenario, but many 2 factor authentication schemes these days use the phone, so....

Friday, September 8, 2017

Crooks don't want to work harder than they have to

from here

If you're looking for money then you rob banks because that's where the money is. If you're looking for personal info then you rob Equifax because increasingly that's where the personal info is.

There's actually a couple of reasons why breaching Equifax may have been easier than compiling the data

  1. Equifax may not have done a good job of protecting the data (we don't know yet)
  2. The more breaches there are the more work is required to collect the data from all the various sources

No master keys allowed

found on Imgur

A password that a lot of people use is a password that will get you into a lot of accounts without much effort. Eliminating this is a good thing.

The weird thing is that it would have been harder to do this without all the password breaches because they're what tell us what the commonly used passwords are.

Thursday, September 7, 2017

Now we know why they're so virus prone

from here

Computers running Microsoft operating systems (be they Windows or DOS) were not the only ones to get viruses, but viruses certainly were more prolific on them than any other kind of system. I wonder why that might be.

Jack Vale: Scamming the elderly online


Watch on YouTube

Wow. I knew scammers were greedy, underhanded assholes, but if this is real then that characterization is an understatement. Scamming the elderly is one thing, but trying to take them for virtually everything they have? Despicable.

Wednesday, September 6, 2017

Do you practice safe hex?

from here

There is a school of thought that says a certain kind of browsing is responsible for a great deal of the nastiness people found on their computers, and part of safe hex involved avoiding unsafe sites or at least doing something to mitigate the threat.

But do people even know the term "safe hex" anymore? It was big in the 90's, but it seems like the security community has opted (foolishly in my opinion) for the "users should just be invisibly protected without having to know anything" model so nobody talks about safe hex anymore. Frankly, if people can't be automatically protected from something as simple as biological viruses, I'm not sure how we can expect that kind of protection against intelligent adversaries.

On the other hand, I'm not even sure what constitutes safe hex now. The computing landscape has become so fragmented, it's difficult to keep up with what the best practices are for this platform or that technology, and the more things that get computers put into them the worse that is going to get.

That's not how any of this works

found on Failbook


  1. You should know what your favourite anything is. If you don't then you don't have a favourite
  2. If you don't know the answer now then you won't remember it in the future when you need it
  3. Other people aren't supposed to choose the answer to your security question for you, it's supposed to be personal
  4. If other people know the answer to your security question then it's not very secure
  5. etc...
It's hard to believe so much security fail can fit in such a small Facebook status.

Tuesday, September 5, 2017

Let's see what kitty's been up to today

from here

We don't even try to hide the data collection capabilities of smart devices for animals, why should we be surprised when the smart devices we use have many of the same capabilities?

The security clause has security claws

found on Pinterest

There's actually a ton of cool security cat memes on this Pinterest page. As near as I can tell, many of them came from the Security Awareness Company's Security Cat line of posts, but I can't find the exact link for this (hence the Pinterest link).

Monday, September 4, 2017

Achy Breaky Pacemakers

from here

One of the lessons from this story is that security problems aren't going to simply go away just because they're inconvenient for the business. You will eventually have to deal with it and I can't think of many ways of dealing with it that are worse than waiting a year to issue a warning about problems with pacemakers.

Stop reading my statuses!

found on Some Ecards

Friday, September 1, 2017

What could possibly go wrong?

from here

If this is the kind of fore-thought we can expect from the new FCC, I think we're going to need to find an alternative interpretation for those 3 letters.

A question for all the ransomware victims

found on Imgflip

If you've got ransomware, this is a question you need to ask yourself before you decide to pay the ransom.