if you sell cameras full of classified photos on ebay then you might be a security idiot...
(inspiration)
Thursday, November 20, 2008
Wednesday, November 19, 2008
the clever little msn user
i was talking to someone briefly this evening about a computer related (though not security related) topic... i have to state up front that this person is not a tech-savvy user, this is someone who needs to have most of her system set up for her, and someone whom i have not regaled with tales of the weird and wild world of internet security...
that being said, after she was satisfied with the explanation i'd given her as to why wifi in a laptop wouldn't work without a wireless access point she related a story to me about something she'd encountered (and will likely continue to encounter for a while - you'll understand why in a minute)... she tells me that she understands that when she turns her computer on msn starts automatically but it doesn't try to connect to anyone else until she specifically clicks on a contact... she also comes to the quite logical conclusion that the same should be true for her contacts... apparently one day while she was on the computer an msn window popped up with a message from one of her contacts - a contact, furthermore, whom she wanted to talk to by phone (since she's somewhat older and that's easier for her)... so she called her friend up and had an exchange not unlike the following:
user : so i see you're online.
friend: no i'm not.
user : what, did you just turn on your computer or something?
friend: ... well yeah, but i'm not online yet.
user : well, that's not what this window on my computer is telling me.
what she told me next really surprised me... she figures her friend's computer must be infected with something and that something is sending out instant messages to all their contacts as soon as her friend turns on their computer... apparently her friend has not been able to get rid of the infection and so continues to send out these instant messages but this person i'm talking to, having figured out the messages with links in them that she's getting from her friend are no good, just closes the msn window when such messages pop up...
imagine that, an otherwise hapless computer user who much by accident figures out how to correctly detect an IM worm (without even knowing what an IM worm is) by confirming whether the supposed sender actually sent it, and manages to safely avoid getting infected herself...
that being said, after she was satisfied with the explanation i'd given her as to why wifi in a laptop wouldn't work without a wireless access point she related a story to me about something she'd encountered (and will likely continue to encounter for a while - you'll understand why in a minute)... she tells me that she understands that when she turns her computer on msn starts automatically but it doesn't try to connect to anyone else until she specifically clicks on a contact... she also comes to the quite logical conclusion that the same should be true for her contacts... apparently one day while she was on the computer an msn window popped up with a message from one of her contacts - a contact, furthermore, whom she wanted to talk to by phone (since she's somewhat older and that's easier for her)... so she called her friend up and had an exchange not unlike the following:
user : so i see you're online.
friend: no i'm not.
user : what, did you just turn on your computer or something?
friend: ... well yeah, but i'm not online yet.
user : well, that's not what this window on my computer is telling me.
what she told me next really surprised me... she figures her friend's computer must be infected with something and that something is sending out instant messages to all their contacts as soon as her friend turns on their computer... apparently her friend has not been able to get rid of the infection and so continues to send out these instant messages but this person i'm talking to, having figured out the messages with links in them that she's getting from her friend are no good, just closes the msn window when such messages pop up...
imagine that, an otherwise hapless computer user who much by accident figures out how to correctly detect an IM worm (without even knowing what an IM worm is) by confirming whether the supposed sender actually sent it, and manages to safely avoid getting infected herself...
Tuesday, November 18, 2008
if you hand out your credit card details...
if you hand out your credit card details over the internet in order to find out if your credit card details are on the internet then you might be a security idiot...
(inspiration)
(inspiration)
Monday, October 6, 2008
if you think a conventional warfare...
if you think a conventional warfare concepts can be applied directly to computers/networks, you might be a security idiot...
(inspiration)
(inspiration)
Friday, October 3, 2008
if you think av...
if you think av has to be able to stop all threats in order to do any good then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, October 2, 2008
if you think the law...
if you think the law can solve your email security problems then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, October 1, 2008
if you think disabling fire hydrants...
if you think disabling fire hydrants is a way to fight terrorists then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, September 30, 2008
if you inspect an aircraft...
if you inspect an aircraft by using it as a jungle gym, you might be a security idiot...
(inspiration)
(inspiration)
Monday, September 29, 2008
if you get caught cracking...
if you get caught cracking the computer system for an amusement park then you might be a security idiot...
(inspiration)
(inspiration)
Saturday, September 27, 2008
yet another information security cartoon
looks like didier stevens is getting in on the security cartoon craze, and this first one is pretty interesting...
while we're on the subject of sending our cyber-trash into space, however, why aren't we sending spam into space? surely there are beings out there that would be interested in making their tentacles larger and firmer? or perhaps some that want to be able to produce a greater volume of slime?
oh, wait, i know why we don't send spam into space - getting black holed in that context would suck...
Thursday, September 11, 2008
if you leave details...
if you leave details of military training ops on the floor of a nightclub then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, September 10, 2008
new(ish) meme: priceless
you may have noticed that the previous two visual gags posted were based on the same original screenshot... when i asked graham cluley how he felt about making it into a lolthreat i hadn't yet thought up a caption (in fact, i thought perhaps graham would suggest one)... as i deliberated on what to put in the caption i realized that the caption i really wanted to add wasn't a LOL caption at all, but a priceless one (if you haven't seen pictures riffing on that old mastercard 'priceless' commercial then you must have been living under a rock for several years)... there was an awful lot to work with in the original image (and it was already sort of LOLish), you see, and i didn't really think i could do it justice with just a LOL caption...
i'm still not sure which is funnier though, so i posted them both... what do you think? im in da man's intarwebz or priceless defacement?
i'm still not sure which is funnier though, so i posted them both... what do you think? im in da man's intarwebz or priceless defacement?
Tuesday, September 9, 2008
if you don't get that "specially secured room"...
if you don't get that "specially secured room" means the documents in it stay put then you might be a security idiot...
(inspiration)
(inspiration)
Monday, September 8, 2008
if you run some strange tool...
if you run some strange tool hoping to crack other people's passwords, then you might be a security idiot...
(inspiration)
(inspiration)
Friday, September 5, 2008
google chrome comic
truly, chris boyd is the next randall munroe...
privacy folks, it's more than just curtains and locked bathroom doors...
if you let just anything run...
if you let just anything run on computers you send into space then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, September 4, 2008
if you let a single person...
if you let a single person hold all the keys to the kingdom then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, September 3, 2008
if you turn a cryptosystem into a paperweight...
if you turn a cryptosystem into a paperweight by modifying code you don't understand then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, September 2, 2008
if you think security problems can be solved...
if you think security problems can be solved, rather than just mitigated to varying degrees, then you might be a security idiot...
(inspiration)
(inspiration)
Monday, September 1, 2008
if your little head loses things...
if your little head loses things your big head was trying to keep secret then you might be a security idiot..
(inspiration)
(inspiration)
Friday, August 29, 2008
if you think counting vulnerabilities is the same as...
if you think counting vulnerabilities is the same as measuring security then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, August 28, 2008
if you think it's a good thing...
if you think it's a good thing when your security blocks non-threats then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, August 27, 2008
if you show the world how to exploit a vulnerability...
if you show the world how to exploit a vulnerability and then get 'owned' by people exploiting that same vulnerability, you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, August 26, 2008
if you think receiving unrequested offers...
if you think receiving unrequested offers for drugs, porn, or stock tips in your email is convenient then you might be a security idiot...
Monday, August 25, 2008
the state of things
well, i've pretty much run out of both lolthreats and security idiot posts so i think it's time i moved both experiments into a new direction (a new phase of the experiment, if you will)...
since it's clear that i'm not going to be able to produce either of them at the one-a-weekday posting frequency i've been maintaining, i think it's time to think about making this a collaborative process... i would like to encourage others to submit their own for inclusion here - i think there are ample examples of each of them to go by but for the sake of clarity i'll break them both down...
both derive loosely from the joke meme where you hear a joke, you find it funny, you remember it and you retell it later on to a different set of people who in turn may find it funny, remember it and retell it to another set of people... as such, humour is a key property of the meme... without it there's no reason for people to want to keep it in their heads and no reward to passing it along like there would typically be with a joke...
the lolthreat in particular is a visual gag that prompts the viewer to laugh at the bad guys ("because you know you want to laugh at the bad guys") and their often ridiculous attempts at tricking people into taking some action or another... this can serve to demystify threats and attacks and heighten a meme-host's awareness of them... because of it's visual nature, the 'joke' can't be retold in the traditional sense so the replication of the meme happens by way of sharing a link to a particular instance (a staple of internet memes, though a technological barrier to classical memetic transmission)...
the security idiot meme, on the other hand, highlights the often ridiculous ways people or groups think about or practice security... this can serve to deter similar behaviours in those exposed to the meme (because no-one wants to be the but of a joke) and build social pressure against those who are already thinking/acting wrong... unlike lolthreats, the security idiot meme lends itself readily to traditional forms of joke retelling so that on top of sharing links to replicate the meme it can also be passed on by word of mouth without need for technology... this gives it an advantage in replication but also increases the potential for memetic drift as a result of replication/retelling errors and thus calls for a simple and reasonably brief format... also, unlike some other incarnations of this meme, this is not meant to be only for, by, or about security professionals... this is not a slight on security pros, or on the referenced incarnation, but simply a statement of intention that this be accessible to a broader range of people...
both have the potential to increase awareness of security concepts by virtue of having security issues in the underlying context, but they must always focus on the funny first because without that there is no replication of the meme... so if you'd like to participate in this experiment, head on over to the submissions page and go to it...
since it's clear that i'm not going to be able to produce either of them at the one-a-weekday posting frequency i've been maintaining, i think it's time to think about making this a collaborative process... i would like to encourage others to submit their own for inclusion here - i think there are ample examples of each of them to go by but for the sake of clarity i'll break them both down...
both derive loosely from the joke meme where you hear a joke, you find it funny, you remember it and you retell it later on to a different set of people who in turn may find it funny, remember it and retell it to another set of people... as such, humour is a key property of the meme... without it there's no reason for people to want to keep it in their heads and no reward to passing it along like there would typically be with a joke...
the lolthreat in particular is a visual gag that prompts the viewer to laugh at the bad guys ("because you know you want to laugh at the bad guys") and their often ridiculous attempts at tricking people into taking some action or another... this can serve to demystify threats and attacks and heighten a meme-host's awareness of them... because of it's visual nature, the 'joke' can't be retold in the traditional sense so the replication of the meme happens by way of sharing a link to a particular instance (a staple of internet memes, though a technological barrier to classical memetic transmission)...
the security idiot meme, on the other hand, highlights the often ridiculous ways people or groups think about or practice security... this can serve to deter similar behaviours in those exposed to the meme (because no-one wants to be the but of a joke) and build social pressure against those who are already thinking/acting wrong... unlike lolthreats, the security idiot meme lends itself readily to traditional forms of joke retelling so that on top of sharing links to replicate the meme it can also be passed on by word of mouth without need for technology... this gives it an advantage in replication but also increases the potential for memetic drift as a result of replication/retelling errors and thus calls for a simple and reasonably brief format... also, unlike some other incarnations of this meme, this is not meant to be only for, by, or about security professionals... this is not a slight on security pros, or on the referenced incarnation, but simply a statement of intention that this be accessible to a broader range of people...
both have the potential to increase awareness of security concepts by virtue of having security issues in the underlying context, but they must always focus on the funny first because without that there is no replication of the meme... so if you'd like to participate in this experiment, head on over to the submissions page and go to it...
Submissions
if you have something you'd like to submit and see posted on this site, please use one of the following links:
if you want credit for any of your submissions, please include a name, and if you want i may even include a URL of your choosing to go with the attribution...
- lolthreats - please send a screenshot of something ridiculous that the bad guys have done or asked you to do to feedback+lolthreats@secmeme.com... remember to include a caption and maybe a description if you aren't marking up the image yourself so that i can do it for you...
- security idiot - please send the joke about peoples ridiculous approach to security to feedback+securityidiot@secmeme.com... a link pointing to your inspiration for the joke is always good too...
- cartoons and videos - if you've found a funny security related cartoon or video, send a link to feedback+other@secmeme.com...
- for new meme ideas that aren't yet covered here, please send your idea to feedback+newidea@secmeme.com...
if you want credit for any of your submissions, please include a name, and if you want i may even include a URL of your choosing to go with the attribution...
if you instruct people to use grocery bags...
if you instruct people to use grocery bags to bypass your security instead of just letting them through then you might be a security idiot...
(inspiration)
(inspiration)
Friday, August 22, 2008
if you think being able to make working replica keys...
if you think being able to make working replica keys (given enough info on the original) means that there's something wrong with the security of the lock system, then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, August 21, 2008
if you have the means and the mandate...
if you have the means and the mandate to prevent a personal data breach and you still don't do it then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, August 20, 2008
if you use the court system...
if you use the court system to try to force secrecy and don't realize that court documents are public then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, August 19, 2008
if you seize board games...
if you seize board games that include a (commonly available) ski mask
because you think they could be used in the commission of a crime then
you might be a security idiot...
(inspiration)
because you think they could be used in the commission of a crime then
you might be a security idiot...
(inspiration)
Monday, August 18, 2008
xkcd on voting machines
found on xkcd (of course)...
haha, too funny... yes indeed, someone is doing their job horribly wrong, and in this case it's making voting machines out of desktop computers... once upon a time there were these things called special purpose computers that you didn't have to worry about running strange and possibly malicious code because they were physically incapable of doing so... it's so much cheaper and easier to use off-the-shelf components, however, so the real problem with these voting machines is that the people who made them were lazy cheapskates...
if passwords for chocolate...
if passwords for chocolate seems like an even trade to you then you might be a security idiot...
(inspiration)
(inspiration)
Friday, August 15, 2008
if you put other people's confidential info...
if you put other people's confidential info on a memory stick after being told not to and then proceed to lose it, you might be a security idiot...
(inspiration)
(inspiration)
Thursday, August 14, 2008
if you think email...
if you think email is how news of a real war is likely to first be reported then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, August 13, 2008
if you think malware profiteers...
if you think malware profiteers should be considered terrorists then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, August 12, 2008
if you lose your money...
if you lose your money because of a trojan that's been detectable by AV for 3 years and then blame the bank for your loss, you might be a security idiot...
(inspiration)
(inspiration)
Monday, August 11, 2008
if you think contact lens solution...
if you think contact lens solution in an airport warrants a brain-damaging beat-down then you might be a security idiot...
(inspiration)
(inspiration)
Friday, August 8, 2008
if you think a pilot...
if you think a pilot can't be trusted to take cutlery on a plane where the same cutlery is handed out to passengers then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, August 7, 2008
if you see no problem...
if you see no problem in giving out your credit card number over the phone to claim a free cruise that you 'won' then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, August 6, 2008
if you haven't applied patches...
if you haven't applied patches or updates since the clinton administration then you might be a security idiot...
Tuesday, August 5, 2008
if you think a picture of a fictional robot...
if you think a picture of a fictional robot on a t-shirt is a threat to airline safety then you might be a security idiot...
(inspiration)
(inspiration)
Monday, August 4, 2008
Friday, August 1, 2008
if you think your laptop is safer...
if you think your laptop is safer to leave lying around than a huge wad of cash then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, July 31, 2008
if you're more comfortable being watched...
if you're more comfortable being watched at public ATMs than you are at public washrooms then you might be a security idiot...
Wednesday, July 30, 2008
if you think cyber-warfare tactics...
if you think cyber-warfare tactics are an appropriate response to cyber-crime then you might be a security idiot...
Tuesday, July 29, 2008
if you hand over bags of money...
if you hand over bags of money to someone just because they're wearing the right uniform then you might be a security idiot...
(inspiration)
(inspiration)
Monday, July 28, 2008
if your traditional toolbox is full...
if your traditional toolbox is full while your security toolbox has just one
thing in it, you might be a security idiot
(inspiration)
thing in it, you might be a security idiot
(inspiration)
Friday, July 25, 2008
if you think a computer user...
if you think a computer user shouldn't need to know as much about security
as a car driver needs to know about safety, then you might be a security idiot...
(inspiration)
as a car driver needs to know about safety, then you might be a security idiot...
(inspiration)
Thursday, July 24, 2008
if you think using computers
if you think using computers can be as simple as using a toaster then you might be a security idiot...
Wednesday, July 23, 2008
if you think only the person you called...
if you think only the person you called can hear you recite your passwords and credit card numbers while you're sitting on a train then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, July 22, 2008
if you think someone you know...
if you think someone you know is more likely to show you some anonymous online love than the hundreds or thousands of malware purveyors who get paid for it then you might be a security idiot (and an egomaniac)...
(inspiration)
(inspiration)
Monday, July 21, 2008
if you think digital picture frames...
if you think digital picture frames or mp3 players are safe to plug into your computer because they don't look like floppy disks then you might be a security idiot...
(inspiration)
(inspiration)
Friday, July 18, 2008
if a candy bar...
if a candy bar in exchange for your password seems like a fair trade to you then you might be a security idiot...
(inspiration)
(inspiration)
Thursday, July 17, 2008
if you use less care putting things in your computer...
if you use less care putting things in your computer than you use when putting things in your mouth then you might be a security idiot...
Wednesday, July 16, 2008
if you protect your life savings...
if you protect your life savings with the same username and password that you use to protect your porn then you might be a security idiot...
Tuesday, July 15, 2008
if you hand out your real email address...
if you hand out your real email address to every tom, dick, and harry website on the internet then you might be a security idiot...
(inspiration)
(inspiration)
Monday, July 14, 2008
if you believe the anti-virus faerie...
if you believe the anti-virus faerie will come and rid your PC of any problem it might develop then you might be a security idiot...
Sunday, July 13, 2008
my first cavity search
found at emergent chaos and it gives me the creeps just looking at it...
i think this underscores why it's important that more people start thinking intelligently about security... when there's only a select few doing it the chances of them getting it horribly wrong (as the TSA does) and going unchecked increase... this is probably not a real children's book but we live in a world where penguins are forced to walk through metal detectors so fictional or not this children's book idea isn't that far fetched, and that's actually pretty scary...
Friday, July 11, 2008
if backing up is something...
if backing up is something you only do in your car or truck then you might be a security idiot...
Thursday, July 10, 2008
if you think a pornado victim...
if you think a pornado victim should be dragged through the court system for years on end, then you might be a security idiot...
(inspiration)
(inspiration)
Wednesday, July 9, 2008
if you honestly believe...
if you honestly believe you can see a nubile mrs. claus strip naked just by clicking on something in some email then you might be a security idiot...
(inspiration)
(inspiration)
Tuesday, July 8, 2008
if you expose the financial details...
if you expose the financial details of enough people to populate a small country because you didn't use encryption then you might be a security idiot...
(inspiration)
(inspiration)
Monday, July 7, 2008
if you dispose of computers...
if you dispose of computers without even trying to destroy the sensitive information that's on them first, then you might be a security idiot...
(inspiration)
(inspiration)
Saturday, July 5, 2008
snuggly the security bear
originally from the artist's own site, though youtube is more embeddable...
having seen some of the other snuggly videos, i tend to think he's more of a political bear but this one in particular demonstrates the context sensitive nature of security, where "national security" comes at the expense of your own privacy/security... thus it's important that questions like "what security are we trying to improve" be asked...
deep inspection cartoons
i didn't realize that the deep inspection cartoon i posted before was going to be an ongoing thing when i originally posted it... i have no desire to steal david maynor's thunder so i won't continue republishing his work here but i still think they teach lessons while being funny at the same time so i still want to promote that content... republishing makes sense for a one-off or as an introduction; actually it makes sense for everything when it comes to memes, but not everyone likes their content to be copied so for serials like this i think i'm going to need a links section to point to other people's ongoing work where that work furthers (intentionally or not) some of the same goals this site does...
Friday, July 4, 2008
idiots trust machines
if you think "i'm trustworthy" carries more weight coming from a machine than it does from a human then you might be a security idiot...
(source)
(source)
Thursday, July 3, 2008
Wednesday, July 2, 2008
security checklists
found at errata security
ah, the importance of actually thinking for yourself rather than just following a script/checklist...
the idiot truck
if you find losing sensitive data is as easy as falling off the back of a turnip truck then you might be a security idiot
(source)
(source)
Tuesday, July 1, 2008
idiot's server room
if you allow users to poke their heads into your server room like some bizarre game of whack-a-mole, you might be a security idiot...
(source)
(source)
new meme: Security Idiot
trying not to be a one trick pony here so it's time i introduced another possible meme...
this is another humour based meme but instead of showing screen shots it's pretty much entirely verbal, which makes it something that people can repeat to each other and in that sense at least makes it superior to LOLThreats (since replication of the meme is not technology dependent)...
i actually got the idea originally upon reading a blog post by michael farnum... i thought the concept of "you might need to think about security if" would make a great play on jeff foxworthy's shtick about "you might be a redneck if"...
i was never totally satisfied with "you might need to think about security", though - it was a little unwieldy and i tried to come up with some variant that fit better but i never did... thankfully anton chuvakin came up with something better (or i might have settled on "security redneck" which would have been bizarre) - "security idiot" rolls off the tongue much easier (though it does sound a bit like a green day song - 'don't wanna be a security idiot' - hmmm, i wonder)...
this is another humour based meme but instead of showing screen shots it's pretty much entirely verbal, which makes it something that people can repeat to each other and in that sense at least makes it superior to LOLThreats (since replication of the meme is not technology dependent)...
i actually got the idea originally upon reading a blog post by michael farnum... i thought the concept of "you might need to think about security if" would make a great play on jeff foxworthy's shtick about "you might be a redneck if"...
i was never totally satisfied with "you might need to think about security", though - it was a little unwieldy and i tried to come up with some variant that fit better but i never did... thankfully anton chuvakin came up with something better (or i might have settled on "security redneck" which would have been bizarre) - "security idiot" rolls off the tongue much easier (though it does sound a bit like a green day song - 'don't wanna be a security idiot' - hmmm, i wonder)...
Monday, June 30, 2008
Subscribe to:
Posts (Atom)