Tuesday, October 31, 2017

Infosec fit for a Queen

from here

The infosec the Queen actually has is apparently not fit for a Queen.

The latest privacy innovation

found on Memes.com

You can't really tell much about this tiny privacy champion, but I can't wait until they're big enough to help the rest of us.

Monday, October 30, 2017

Robin Sage, is that you?

from here

If there's one thing the Internet has taught me it's that you should never trust an attractive stranger who wants to be your friend.

In other news, the Internet makes people lonely.

Not everyone wants a ransom

found on Meme Generator

Some people just want to see the world burn, so you're not always going to have the option of paying to get your data back. Better to invest in backups you have control over rather than criminals you don't.

Friday, October 27, 2017

So much for isolation

from here

Whether it's an application sandboxing tool or a virtual machine or some other box meant to contain the crud a system collects while in use, if you're running too many things in the same sandbox then the isolation a sandbox provides will do you no good because everything of interest will on the inside where the nasties are instead of on the outside.

Clever girl

posted to Facebook By L. Scott Briscoe's Free Legal Tips

To be honest, that's so clever I wish I'd thought of it (even though I would never use it).

I wonder if the ladies can use this concept to help deal with unwanted dick pics (make the creeps 'pay').

Thursday, October 26, 2017

Whichever one you banned, we're the other one

from here

I'm really not sure why members of congress have so much difficulty with the name Kaspersky, but maybe it can provide the folks at Kaspersky Lab with a loophole they can sneak through.

For when you need to keep very small things safe

found on Me.me

So if you ever need a keychain-sized guard dog, I guess this is what you're looking for.

Wednesday, October 25, 2017

Hope for the best but plan for the worst

from here

The latter option is a very real possibility. Don't just assume you can find a free decryptor or pay the crooks as a last resort. Plan for it getting destroyed. There's only one real countermeasure for that scenario, and it's backups.

Simple steganography in the wild

found on Imgur

I'm not sure hiding the message about what you want is an effective means of getting what you want, but it seems this person* has found a solution to that problem (not so hidden anymore).

(* Whether this is a real person or not is a completely different matter entirely)

Tuesday, October 24, 2017

You've probably never seen my keys

from here

Encryption is one of those weird things where, the more people use it the more usable it will become. It's kind of like a social networking site that way - it's not until lots of people are already using it that it becomes really useful.

The life of a security guard

found on Know Your Meme

That last panel is either incredibly bad OpSec since it let's adversaries know they've got a good chance of getting away with something, or, to borrow a phrase from Admiral Akbar. it's a trap.

Monday, October 23, 2017

Pretty sure being a spammer doesn't please anyone

from here

I'm also not going to trust someone promising me 3 wishes without a lamp, or a fairy godmother without wings. Fantasy should at least be internally consistent or I'm not going to suspend disbelief.

Is it 'owned' if no one wants it anymore?

found on StickyPC

Somewhere out there there's a very confused technologically impaired hacker who takes things a little too literally.

Friday, October 20, 2017

So much for that secret

from here

I imagine pot heads are more interested in Doritos than in OpSec, but if that guy on the bus today knows what's good for him, he'll avoid interacting with police until after laundry day.

They don't call him Wrecks for nothing

found on Dog Time

I've seen enough hacker cats for the time being. It's time for a pupper to show it's l33t skillz.

Thursday, October 19, 2017

A bit of knowledge doesn't always go a long way

from here

It must be tough for ransomware makers to have to explain cryptocurrency to their technologically impaired victims. Good. They deserve that suffering at the very least.

How to tell if you have shitty locks

found on Lock Pick Blog

Think about it - if all it takes is an hour of learning to be able to open any door in your house, then maybe it's a little too easy to get into your house.

Wednesday, October 18, 2017

When Israel hacks an antivirus company

from here

Well, it is a conspiracy theory. Is it worthy of Conspiracy Keanu? You be the judge.

I'm sure it's just a coincidence that the two countries involved in Stuxnet are also involved in indicting the company that uncovered it.

What a conundrum

found on Me.me

Tuesday, October 17, 2017

We don't need no stinkin' WiFi

from here (source image)

The main problem with forgoing wireless in favour of wired networking (because perhaps you don't trust wireless anymore) is mobile computing. There are solutions, sort of, but not good ones.

VPNs would probably be better than longer cables.

(The captions are derived from "We don't need no stinkin' badges" and "You're gonna need a bigger boat", because I can help by mix my memetic metaphors)

At least the threat was silent

found on Quick Meme

I'm not sure which is funnier; how true this is or the fact that there seems to be a meme category called "Scumbag Norton Antivirus"

Monday, October 16, 2017

Wireless is too mainstream

from here

I don't know the details at the time of writing this (because they haven't been released yet) but since I make it a point to avoid wifi I have a feeling I'm going to be safe from this.

A passcode - don't leave your phone without it

found on the ExpressVPN blog

So this particular meme comes from a blog post with 30 other security memes you should probably check out.

Friday, October 13, 2017

Everyone is their parents' tech support

from here

It doesn't matter how successful you are, you could be the CEO of your own tech company, but when it comes to your parents, you are the first line help desk and they want their computers fixed.

Maybe you should just get an iPad instead

found on Meme Center

They used to advise people to get Apple computers in order to get a computer without having to worry about viruses. Some people still do give and/or follow that advice, but the Mac wasn't virus proof and as time has gone on it has become a bigger and bigger target. I think it's only a matter of time before the dominant advice shifts to "Get an iPad" because it's even more virus-resistant and it can do pretty much anything the average person would use a computer for these days.

Of course, with a large enough market share, the iPad will eventually succumb to the perils of malware as well. It may look different than the malware problem we're familiar with now, but one way or another if the money is there then the attackers will try to find ways to take it.

Thursday, October 12, 2017

At least remembering it shouldn't be a problem

from here

People find all kinds of ways of getting around the complexity requirements in password policies.

I ... may have known a guy in university who used this technique.

The most unfortunate truth in the security world

found on the Archer Security Group website

The fact is that we're faced with situations that involve security fairly often, but most people don't think about security nearly as often, which means they're taking actions with security implications without thinking about what they're doing. You can't expect that to turn out well in the long run.

Wednesday, October 11, 2017

Are you trying to fix a problem or cause one?

from here

I remember dealing with this sort of thing in the past and I wondered what kind of headaches this caused normal people who don't have sacrificial computers specifically prepared for exposure to malware.

Say "Jeez"

found on the Security Checks Matter blog

Taking a picture of personnel doing classified work? What could possibly go wrong?

Tuesday, October 10, 2017

Then I turned my computer off and on again and the Internet came back

from here

Whenever any loudmouthed child challenges you to give them your IP address, always give them that one and then have a hearty chuckle at the ensuing silence.

The More You Know

found on Imgflip

Did you ever think that "firewall" was kind of a weird term and wondered where it came from? Well, this seems like a pretty good explanation.

Monday, October 9, 2017

And I'd have done a better job of it, too

from here

I'm not against computers. I think computers are great. I even like the idea of having computers conveniently available where ever you go. Putting computers in everything under the sun is a bit much, though.

Making things hard for the TSA

found on Endless Origami

I've never heard of this webcomic before, but I love the name, and the comics are pretty good too.

Friday, October 6, 2017

I can't see the difference, can you see the difference?

from here

Self-replication is literally the defining characteristic of viruses. You'd think an authority on computer security like Rob Graham would know such a basic fact about such an old and widely recognized security topic.

Why didn't I think of that?

found on Quick Meme

Thursday, October 5, 2017

I can quit whenever I want

from here

I'd prefer to live LESS dangerously

found on the Black Hills InfoSec blog

I remember when macro viruses were running rampant. Let's not have a repeat of that, m'kay?

Wednesday, October 4, 2017

Change ALL the passwords

from here

No, literally, ALL Yahoo passwords need to be changed. If you had an account with them in 2013, your account was compromised because ALL 3 billion Yahoo accounts were compromised then.

Putting the pass in password

found on Imgflip

As nonsensical as some password policies are, being able to create a usable password that satisfies those requirements on the first try can sometimes seem like a small miracle.

Tuesday, October 3, 2017

They couldn't possibly interfere with each other

from here

Just so you don't rush out and do what the image says, this is BAD advice mallard. Multiple AVs will interfere with each other, sometimes invisibly. You don't want that.

In dystopian future, robot messes are cleaned up by you

tweeted by @Munin

Thanks to @Munin for both the joke and for giving me leave to pass the joke along in spite of his Twitter privacy settings.

Monday, October 2, 2017

There is no "Get Out Of Blame Free" card

from here

Over and over again we see examples of breached organizations claim that it was the work of state-sponsored attackers, seemingly as a way of deflecting blame in spite of the horrendously bad security practices that are almost always uncovered. This needs to stop. I realize that anyone can be breached, and that if your targeted by state-sponsored attackers there's probably nothing you can do - but that doesn't give you a licence to do nothing. As the title of this post says, there's no "Get Out Of Blame Free" card - you've got to work hard for your absolution.

Why haven't we grown out of this yet?

found on Memes Happen

I witnessed this very thing at work last week. I pointed out that it was a cliche, but I don't think that was appreciated. This pattern has been going on for decades, though. In fact, this is how I developed an interest in viruses nearly 30 years ago.