Thursday, November 20, 2008

if you sell cameras...

if you sell cameras full of classified photos on ebay then you might be a security idiot...

(inspiration)

Wednesday, November 19, 2008

the clever little msn user

i was talking to someone briefly this evening about a computer related (though not security related) topic... i have to state up front that this person is not a tech-savvy user, this is someone who needs to have most of her system set up for her, and someone whom i have not regaled with tales of the weird and wild world of internet security...

that being said, after she was satisfied with the explanation i'd given her as to why wifi in a laptop wouldn't work without a wireless access point she related a story to me about something she'd encountered (and will likely continue to encounter for a while - you'll understand why in a minute)... she tells me that she understands that when she turns her computer on msn starts automatically but it doesn't try to connect to anyone else until she specifically clicks on a contact... she also comes to the quite logical conclusion that the same should be true for her contacts... apparently one day while she was on the computer an msn window popped up with a message from one of her contacts - a contact, furthermore, whom she wanted to talk to by phone (since she's somewhat older and that's easier for her)... so she called her friend up and had an exchange not unlike the following:

user : so i see you're online.
friend: no i'm not.
user : what, did you just turn on your computer or something?
friend: ... well yeah, but i'm not online yet.
user : well, that's not what this window on my computer is telling me.

what she told me next really surprised me... she figures her friend's computer must be infected with something and that something is sending out instant messages to all their contacts as soon as her friend turns on their computer... apparently her friend has not been able to get rid of the infection and so continues to send out these instant messages but this person i'm talking to, having figured out the messages with links in them that she's getting from her friend are no good, just closes the msn window when such messages pop up...

imagine that, an otherwise hapless computer user who much by accident figures out how to correctly detect an IM worm (without even knowing what an IM worm is) by confirming whether the supposed sender actually sent it, and manages to safely avoid getting infected herself...

Tuesday, November 18, 2008

if you hand out your credit card details...

if you hand out your credit card details over the internet in order to find out if your credit card details are on the internet then you might be a security idiot...

(inspiration)

Monday, October 6, 2008

if you think a conventional warfare...

if you think a conventional warfare concepts can be applied directly to computers/networks, you might be a security idiot...

(inspiration)

Friday, October 3, 2008

if you think av...

if you think av has to be able to stop all threats in order to do any good then you might be a security idiot...

(inspiration)

Thursday, October 2, 2008

if you think the law...

if you think the law can solve your email security problems then you might be a security idiot...

(inspiration)

Wednesday, October 1, 2008

if you think disabling fire hydrants...

if you think disabling fire hydrants is a way to fight terrorists then you might be a security idiot...

(inspiration)

Tuesday, September 30, 2008

if you inspect an aircraft...

if you inspect an aircraft by using it as a jungle gym, you might be a security idiot...

(inspiration)

Monday, September 29, 2008

if you get caught cracking...

if you get caught cracking the computer system for an amusement park then you might be a security idiot...

(inspiration)

Saturday, September 27, 2008

yet another information security cartoon



looks like didier stevens is getting in on the security cartoon craze, and this first one is pretty interesting...

while we're on the subject of sending our cyber-trash into space, however, why aren't we sending spam into space? surely there are beings out there that would be interested in making their tentacles larger and firmer? or perhaps some that want to be able to produce a greater volume of slime?

oh, wait, i know why we don't send spam into space - getting black holed in that context would suck...

Thursday, September 11, 2008

if you leave details...

if you leave details of military training ops on the floor of a nightclub then you might be a security idiot...

(inspiration)

Wednesday, September 10, 2008

new(ish) meme: priceless

you may have noticed that the previous two visual gags posted were based on the same original screenshot... when i asked graham cluley how he felt about making it into a lolthreat i hadn't yet thought up a caption (in fact, i thought perhaps graham would suggest one)... as i deliberated on what to put in the caption i realized that the caption i really wanted to add wasn't a LOL caption at all, but a priceless one (if you haven't seen pictures riffing on that old mastercard 'priceless' commercial then you must have been living under a rock for several years)... there was an awful lot to work with in the original image (and it was already sort of LOLish), you see, and i didn't really think i could do it justice with just a LOL caption...

i'm still not sure which is funnier though, so i posted them both... what do you think? im in da man's intarwebz or priceless defacement?

priceless defacement

priceless-defacement

with permission from graham cluley

im in da man's intarwebz...

rab-website

with permission from graham cluley

if you use shredded cheques...

if you use shredded cheques as packing material then you might be a security idiot...

(inspiration)

Tuesday, September 9, 2008

if you don't get that "specially secured room"...

if you don't get that "specially secured room" means the documents in it stay put then you might be a security idiot...

(inspiration)

Monday, September 8, 2008

if you run some strange tool...

if you run some strange tool hoping to crack other people's passwords, then you might be a security idiot...

(inspiration)

Friday, September 5, 2008

google chrome comic


truly, chris boyd is the next randall munroe...

privacy folks, it's more than just curtains and locked bathroom doors...

if you let just anything run...

if you let just anything run on computers you send into space then you might be a security idiot...

(inspiration)

Thursday, September 4, 2008

if you let a single person...

if you let a single person hold all the keys to the kingdom then you might be a security idiot...

(inspiration)

Wednesday, September 3, 2008

if you turn a cryptosystem into a paperweight...

if you turn a cryptosystem into a paperweight by modifying code you don't understand then you might be a security idiot...

(inspiration)

Tuesday, September 2, 2008

jezuz luvz me, dis ai noe...

jesus-love-spam

if you think security problems can be solved...

if you think security problems can be solved, rather than just mitigated to varying degrees, then you might be a security idiot...

(inspiration)

Monday, September 1, 2008

if your little head loses things...

if your little head loses things your big head was trying to keep secret then you might be a security idiot..

(inspiration)

Friday, August 29, 2008

if you think counting vulnerabilities is the same as...

if you think counting vulnerabilities is the same as measuring security then you might be a security idiot...

(inspiration)

Thursday, August 28, 2008

if you think it's a good thing...

if you think it's a good thing when your security blocks non-threats then you might be a security idiot...

(inspiration)

Wednesday, August 27, 2008

mentl imidg beetz

disappointment-spam

if you show the world how to exploit a vulnerability...

if you show the world how to exploit a vulnerability and then get 'owned' by people exploiting that same vulnerability, you might be a security idiot...

(inspiration)

Tuesday, August 26, 2008

targitid markiting class

bad-targetting

if you think receiving unrequested offers...

if you think receiving unrequested offers for drugs, porn, or stock tips in your email is convenient then you might be a security idiot...

Monday, August 25, 2008

the state of things

well, i've pretty much run out of both lolthreats and security idiot posts so i think it's time i moved both experiments into a new direction (a new phase of the experiment, if you will)...

since it's clear that i'm not going to be able to produce either of them at the one-a-weekday posting frequency i've been maintaining, i think it's time to think about making this a collaborative process... i would like to encourage others to submit their own for inclusion here - i think there are ample examples of each of them to go by but for the sake of clarity i'll break them both down...

both derive loosely from the joke meme where you hear a joke, you find it funny, you remember it and you retell it later on to a different set of people who in turn may find it funny, remember it and retell it to another set of people... as such, humour is a key property of the meme... without it there's no reason for people to want to keep it in their heads and no reward to passing it along like there would typically be with a joke...

the lolthreat in particular is a visual gag that prompts the viewer to laugh at the bad guys ("because you know you want to laugh at the bad guys") and their often ridiculous attempts at tricking people into taking some action or another... this can serve to demystify threats and attacks and heighten a meme-host's awareness of them... because of it's visual nature, the 'joke' can't be retold in the traditional sense so the replication of the meme happens by way of sharing a link to a particular instance (a staple of internet memes, though a technological barrier to classical memetic transmission)...

the security idiot meme, on the other hand, highlights the often ridiculous ways people or groups think about or practice security... this can serve to deter similar behaviours in those exposed to the meme (because no-one wants to be the but of a joke) and build social pressure against those who are already thinking/acting wrong... unlike lolthreats, the security idiot meme lends itself readily to traditional forms of joke retelling so that on top of sharing links to replicate the meme it can also be passed on by word of mouth without need for technology... this gives it an advantage in replication but also increases the potential for memetic drift as a result of replication/retelling errors and thus calls for a simple and reasonably brief format... also, unlike some other incarnations of this meme, this is not meant to be only for, by, or about security professionals... this is not a slight on security pros, or on the referenced incarnation, but simply a statement of intention that this be accessible to a broader range of people...

both have the potential to increase awareness of security concepts by virtue of having security issues in the underlying context, but they must always focus on the funny first because without that there is no replication of the meme... so if you'd like to participate in this experiment, head on over to the submissions page and go to it...

Submissions

if you have something you'd like to submit and see posted on this site, please use one of the following links:


if you want credit for any of your submissions, please include a name, and if you want i may even include a URL of your choosing to go with the attribution...

monorael spammerz haz 1 trak mind

monorail-spammers

if you instruct people to use grocery bags...

if you instruct people to use grocery bags to bypass your security instead of just letting them through then you might be a security idiot...

(inspiration)

Friday, August 22, 2008

we lowurd r deels sow much

out-of-date-spam

if you think being able to make working replica keys...

if you think being able to make working replica keys (given enough info on the original) means that there's something wrong with the security of the lock system, then you might be a security idiot...

(inspiration)

Thursday, August 21, 2008

persistent spammer is

persistent-spam

if you have the means and the mandate...

if you have the means and the mandate to prevent a personal data breach and you still don't do it then you might be a security idiot...

(inspiration)

Wednesday, August 20, 2008

tempting me

untempting

if you use the court system...

if you use the court system to try to force secrecy and don't realize that court documents are public then you might be a security idiot...

(inspiration)

Tuesday, August 19, 2008

parsul u nebber sent iz stuk

UPSspam

if you seize board games...

if you seize board games that include a (commonly available) ski mask
because you think they could be used in the commission of a crime then
you might be a security idiot...

(inspiration)

Monday, August 18, 2008

xkcd on voting machines



found on xkcd (of course)...

haha, too funny... yes indeed, someone is doing their job horribly wrong, and in this case it's making voting machines out of desktop computers... once upon a time there were these things called special purpose computers that you didn't have to worry about running strange and possibly malicious code because they were physically incapable of doing so... it's so much cheaper and easier to use off-the-shelf components, however, so the real problem with these voting machines is that the people who made them were lazy cheapskates...

i'z prutendin

double-extension

if passwords for chocolate...

if passwords for chocolate seems like an even trade to you then you might be a security idiot...

(inspiration)

Friday, August 15, 2008

omenus link

ominus-spam

if you put other people's confidential info...

if you put other people's confidential info on a memory stick after being told not to and then proceed to lose it, you might be a security idiot...

(inspiration)

Thursday, August 14, 2008

canajun geografi

nonlocal-spam

if you think email...

if you think email is how news of a real war is likely to first be reported then you might be a security idiot...

(inspiration)

Wednesday, August 13, 2008

mai trane uv thot

off-topic-spam

if you think malware profiteers...

if you think malware profiteers should be considered terrorists then you might be a security idiot...

(inspiration)

Tuesday, August 12, 2008

if you lose your money...

if you lose your money because of a trojan that's been detectable by AV for 3 years and then blame the bank for your loss, you might be a security idiot...

(inspiration)

i haz a phlavur

sympatico-phish

Monday, August 11, 2008

wii iz frenz u doan

friendrequestspam2

if you think contact lens solution...

if you think contact lens solution in an airport warrants a brain-damaging beat-down then you might be a security idiot...

(inspiration)

Friday, August 8, 2008

wut u meen u nebber needed

activexthreat

if you think a pilot...

if you think a pilot can't be trusted to take cutlery on a plane where the same cutlery is handed out to passengers then you might be a security idiot...

(inspiration)

Thursday, August 7, 2008

invizibul chinaman

foreign-spam

if you see no problem...

if you see no problem in giving out your credit card number over the phone to claim a free cruise that you 'won' then you might be a security idiot...

(inspiration)

Wednesday, August 6, 2008

if you haven't applied patches...

if you haven't applied patches or updates since the clinton administration then you might be a security idiot...

top 0 methudz

zero-marketing-spam

Tuesday, August 5, 2008

reply 2 invizibul conversashun

imaginary-reply-spam

if you think a picture of a fictional robot...

if you think a picture of a fictional robot on a t-shirt is a threat to airline safety then you might be a security idiot...

(inspiration)

Monday, August 4, 2008

we iz running

misconfigured-spambot

if you think cameras...

if you think cameras are tools of terror then you might be a security idiot...

(inspiration)

Friday, August 1, 2008

i'z redundint as

redundant-spam

if you think your laptop is safer...

if you think your laptop is safer to leave lying around than a huge wad of cash then you might be a security idiot...

(inspiration)

Thursday, July 31, 2008

doan want dis?

pass-the-buck-spam

if you're more comfortable being watched...

if you're more comfortable being watched at public ATMs than you are at public washrooms then you might be a security idiot...

Wednesday, July 30, 2008

click mai link

dodgy-link

if you think cyber-warfare tactics...

if you think cyber-warfare tactics are an appropriate response to cyber-crime then you might be a security idiot...

Tuesday, July 29, 2008

if you hand over bags of money...

if you hand over bags of money to someone just because they're wearing the right uniform then you might be a security idiot...

(inspiration)

muny muelz pleez

unprofessional-scam

Monday, July 28, 2008

spamink u leefs us speechlez

speechless-spam

if your traditional toolbox is full...

if your traditional toolbox is full while your security toolbox has just one
thing in it, you might be a security idiot

(inspiration)

Friday, July 25, 2008

if you think a computer user...

if you think a computer user shouldn't need to know as much about security
as a car driver needs to know about safety, then you might be a security idiot...

(inspiration)

r borkin english

broken-english-pharma-spam

Thursday, July 24, 2008

if you think using computers

if you think using computers can be as simple as using a toaster then you might be a security idiot...

i'z 2 layzee

bank-of-what-phish

Wednesday, July 23, 2008

if you think only the person you called...

if you think only the person you called can hear you recite your passwords and credit card numbers while you're sitting on a train then you might be a security idiot...

(inspiration)

im in ur inbocks

wrong-country-phish

Tuesday, July 22, 2008

if you think someone you know...

if you think someone you know is more likely to show you some anonymous online love than the hundreds or thousands of malware purveyors who get paid for it then you might be a security idiot (and an egomaniac)...

(inspiration)

sum 1 failed at

rbcphish

Monday, July 21, 2008

if you think digital picture frames...

if you think digital picture frames or mp3 players are safe to plug into your computer because they don't look like floppy disks then you might be a security idiot...

(inspiration)

im in ur emale

irsscam

Friday, July 18, 2008

if a candy bar...

if a candy bar in exchange for your password seems like a fair trade to you then you might be a security idiot...

(inspiration)

im in ur webform

webformspam

Thursday, July 17, 2008

if you use less care putting things in your computer...

if you use less care putting things in your computer than you use when putting things in your mouth then you might be a security idiot...

maleing list spam tinks u kant

subscribespam

Wednesday, July 16, 2008

if you protect your life savings...

if you protect your life savings with the same username and password that you use to protect your porn then you might be a security idiot...

im in ur icq

icqspam

Tuesday, July 15, 2008

if you hand out your real email address...

if you hand out your real email address to every tom, dick, and harry website on the internet then you might be a security idiot...

(inspiration)

puhlite spam sais

politespam

Monday, July 14, 2008

if you believe the anti-virus faerie...

if you believe the anti-virus faerie will come and rid your PC of any problem it might develop then you might be a security idiot...

i iz fren u blokd owt ov memree

lastfm-nonfriend

Sunday, July 13, 2008

my first cavity search



found at emergent chaos and it gives me the creeps just looking at it...

i think this underscores why it's important that more people start thinking intelligently about security... when there's only a select few doing it the chances of them getting it horribly wrong (as the TSA does) and going unchecked increase... this is probably not a real children's book but we live in a world where penguins are forced to walk through metal detectors so fictional or not this children's book idea isn't that far fetched, and that's actually pretty scary...

Friday, July 11, 2008

???????

strangespam

if backing up is something...

if backing up is something you only do in your car or truck then you might be a security idiot...

Thursday, July 10, 2008

i'z in ur emael

ironic-phish

if you think a pornado victim...

if you think a pornado victim should be dragged through the court system for years on end, then you might be a security idiot...

(inspiration)

Wednesday, July 9, 2008

i had ur akownt but i eated it

phish

if you honestly believe...

if you honestly believe you can see a nubile mrs. claus strip naked just by clicking on something in some email then you might be a security idiot...

(inspiration)

Tuesday, July 8, 2008

invizibul link run owt ov invizibul

hidden-url

if you expose the financial details...

if you expose the financial details of enough people to populate a small country because you didn't use encryption then you might be a security idiot...

(inspiration)

Monday, July 7, 2008

u herd uv spam?

sequel-spam

if you dispose of computers...

if you dispose of computers without even trying to destroy the sensitive information that's on them first, then you might be a security idiot...

(inspiration)

Saturday, July 5, 2008

snuggly the security bear



originally from the artist's own site, though youtube is more embeddable...

having seen some of the other snuggly videos, i tend to think he's more of a political bear but this one in particular demonstrates the context sensitive nature of security, where "national security" comes at the expense of your own privacy/security... thus it's important that questions like "what security are we trying to improve" be asked...

deep inspection cartoons

i didn't realize that the deep inspection cartoon i posted before was going to be an ongoing thing when i originally posted it... i have no desire to steal david maynor's thunder so i won't continue republishing his work here but i still think they teach lessons while being funny at the same time so i still want to promote that content... republishing makes sense for a one-off or as an introduction; actually it makes sense for everything when it comes to memes, but not everyone likes their content to be copied so for serials like this i think i'm going to need a links section to point to other people's ongoing work where that work furthers (intentionally or not) some of the same goals this site does...

Friday, July 4, 2008

im in ur email

truth-in-spamvertizing

idiots trust machines

if you think "i'm trustworthy" carries more weight coming from a machine than it does from a human then you might be a security idiot...

(source)

Thursday, July 3, 2008

im in ur reel frenz profiel

profile-injection

wifi-diot

if people get caught with their pants around their ankles, driving the wrong way down a one way street while watching kiddie porn they downloaded using your wireless internet access, you might be a security idiot...


(source)

Wednesday, July 2, 2008

security checklists



found at errata security

ah, the importance of actually thinking for yourself rather than just following a script/checklist...

the idiot truck

if you find losing sensitive data is as easy as falling off the back of a turnip truck then you might be a security idiot

(source)

im in ur commentz

search-engine-obviousness

Tuesday, July 1, 2008

idiot's server room

if you allow users to poke their heads into your server room like some bizarre game of whack-a-mole, you might be a security idiot...

(source)

new meme: Security Idiot

trying not to be a one trick pony here so it's time i introduced another possible meme...

this is another humour based meme but instead of showing screen shots it's pretty much entirely verbal, which makes it something that people can repeat to each other and in that sense at least makes it superior to LOLThreats (since replication of the meme is not technology dependent)...

i actually got the idea originally upon reading a blog post by michael farnum... i thought the concept of "you might need to think about security if" would make a great play on jeff foxworthy's shtick about "you might be a redneck if"...

i was never totally satisfied with "you might need to think about security", though - it was a little unwieldy and i tried to come up with some variant that fit better but i never did... thankfully anton chuvakin came up with something better (or i might have settled on "security redneck" which would have been bizarre) - "security idiot" rolls off the tongue much easier (though it does sound a bit like a green day song - 'don't wanna be a security idiot' - hmmm, i wonder)...

Monday, June 30, 2008