Wednesday, June 23, 2021

How smart is that thermostat now?

from here

ERCOT would like you to know that the electricity supply would be doing just fine if people didn't use it so much. But since they do, ERCOT convinced their customers to give the company the ability to adjust people's smart thermostats and of course they're going to do it when people are most in need of cooling.

Even a 4 year old could hack it

found on Reddit

If your security is so weak that even a 4 year old could hack it then you better hope you don't have any 4 year olds, because they'll get in one way or another when you least expect it.

Tuesday, June 22, 2021

Trying to follow infosec advice

from here and here

Inspired by an anecdote shared by Matthew Gracie.

Infosec rockstars like to share stories about the amazing things they do at the amazing organizations they work at. That's completely fine as long as you (and they) can keep in mind the second part of that statement. 

Unfortunately, if you can't (like most of us), it just serves to create unrealistic expectations. Those tall tales turn into advice that most can't follow because the support and/or resources just aren't there.

It's probably best to treat such stories as parables rather than prescriptive advice. See if you can find lessons you can use in them, but don't worry too much about trying to do exactly the same thing..


Will Give Cybersecurity Advice For Beer mug

Product Page

In case you have a lot to say about cybersecurity to anyone who'll listen, this mug could help you land opportunities to expound on that topic. 

It turns out this can also be found in beer mug format, but I think people have fewer opportunities to show off their personalized beer mugs.

Monday, June 21, 2021

Among other things

from here and here (image source)

I'm hoping there's a basement here. I'm hoping that's where the bathroom is, and maybe the bedroom. I have my doubts, though

Someone will still post a sign with the code on it

found on Nerd Ninja

Don't get me wrong, this is an impressive bit of engineering, and I'm sure it solves a problem. I'm just not sure it solves the right problem or in the right way. I actually think there are easier and simpler ways to combat passcode leakage through wear patters (that don't invalidate muscle memory like this does), but more importantly I don't think wear pattern obfuscation will do anything about the tendency of people to post the code right above/below/beside the lock.

Friday, June 18, 2021

Pick a side, already!

from here

There seems to be some very confused malware writers out there, unsure which side of the law they're supposed to be on. Of course both cybercrooks and copyright cops are villains, so at least we don't have to be confused about whether they're the good guys.

TSA finally catches a terrorist ... from Toon Town

found on Izismile

Pretty sure the person who made this is the same one who framed Roger Rabbit. Not that the TSA would be able to tell the difference. 

Thursday, June 17, 2021

A password stealer no one would suspect

from here

Normally it's a login form that gets stuffed (and that would actually accomplish something), but why not stuff a Roomba, or even a turkey for that matter.

You can't enter your passcode until you enter the pawscode


Watch on YouTube

Clearly this is a new layer of security that banks have added to their automated teller machines. I think we can all guess what happens when you enter the wrong code.