Thursday, March 31, 2011

23 hours? close enough

from failblog

i'm sure nobody would exploit that 1 hour of the day that the area isn't under surveillance. we'll all be good boys and girls during that hour, won't we?

Wednesday, March 30, 2011

no thanks, i think i'll walk

from soloenvenezuela

i don't know about you, but i certainly wouldn't be feeling safe and secure with this window seat. if you check out some of the other pictures you might not feel safe and secure on a plane at all.

Tuesday, March 29, 2011

go ahead, install another toolbar

from very demotivational

this is pretty much what a browser can wind up looking like if you aren't careful and allow everything that wants to install a toolbar to actually do so. they'll even helpfully pre-check the checkbox that allows the install to happen just so you can get to this point easier. be careful when you install things.

Monday, March 28, 2011

privacy design win

from failblog

the failblog contributor who uploaded this called it a fail, and i suppose the toilet paper might be questionable, but if urinals were really designed this way those silly bathroom etiquette rules about maintaining one empty urinal between yourself and others would be completely unnecessary. as such i call it a privacy win.

Friday, March 25, 2011

what are you trying to hide

from techkings

privacy seems to mean different things to different people, but i can't imagine who would actually think that enhances privacy.

Thursday, March 24, 2011

thoughtless security

from failblog

this is why it's important to actually think about your security plan before you try to execute it. just piling on security willy nilly without a thought for whether it makes sense or will work the way you intend is bound to have unintended consequences like this.

Wednesday, March 23, 2011

mobile phone security

found on beijing stuff

there needs to be a word for absurd security... absecuridy? well it certainly captures the awkwardness of the concept.

Tuesday, March 22, 2011

too much security

from pinkbike

it's true what they say, you can have too much of a good thing. this is so much of a good thing it looks more like an attack than a defense.

Monday, March 21, 2011

why would you want to leave?

from there i fixed it

this probably seems pretty similar to an earlier attempt at blocking a glass door but look closely - this door has a lock to keep people from the outside coming in. this redneck add-on makes it really difficult to exit. i'm sure that'll go over great in an emergency.

Thursday, March 17, 2011

im in ur emael part elebenty

FedEx letter.exe? they're not even trying anymore.

Wednesday, March 16, 2011

im in ur emael...

shipping invoice in screensaver format? why would anyone legitimately want that?

Tuesday, March 15, 2011

drive-by sql injection

thanks to @ITSecurity and @HP_AppSecurity for drawing my attention to this one.

this literal drive-by sql injection is pretty funny - but i hope it doesn't actually work.

Monday, March 14, 2011

lock fail or lock win?

from failblog

it's tempting to go along with the crowd and call this one a fail simply because it looks ridiculous.

on the other hand, the glass would probably break before the plastic crate does, and this bares a lot of similarity to the wooden beam that one often sees being used to secure large doors in historical depictions. as such one might be inclined to think it's actually a win because that's as secure as a glass door like that can get.

but did you consider that someone could slide something through the door and lift the crate off the handles?

this is an example that shows that thinking like an attacker takes practice, but it's important to evaluating how secure something is.

Friday, March 11, 2011

an object lesson in frape

from the pages of failbook

frape: (noun) the act of violating someone's facebook profile, usually as a result of the victim leaving a computer (perhaps even their own) logged into facebook and unattended in a public place.

let this be a lesson to you to a) not leave your account logged in, and b) not leave your possessions unattended in public or else you might get fraped.

Thursday, March 10, 2011

this spam is killing me

from very demotivational

it's hard to imagine that spam is a more dangerous problem than malware, but clearly spam has spilled first blood.

go ahead and have yourself a chuckle at the suicide bomber's expense, though. this should definitely qualify her for a darwin award.

Wednesday, March 9, 2011

i feel more secure already

thanks to julio canto for pointing this out.

using security primitives for non-security purposes has unintended consequences. in this case, well, if you thought it was hard to get people to change the toilet paper roll before, just wait till the job requires a key.

Tuesday, March 8, 2011

too good to be true

directly from failbook

the person who submitted this one to failbook nailed the quintessential part of a scam dead on when they made the title "too good to be true". i really can't add more except to try to draw more people's attention to the concept.

Monday, March 7, 2011

hungry hungry burglar

photo found on failblog

Friday, March 4, 2011

only as strong as it's weakest link

via there i fixed it

they say security is only as strong as the weakest link. i think it's pretty obvious where the weak link is here.

Thursday, March 3, 2011

cracking for dummies

thanks to eric butler for finding this.

firesheep, of course, isn't supposed to require any skills whatsoever to use. unfortunately, no matter how simple you make something, there will always be people that don't understand. i guess firesheep isn't quite ready for the script kiddies yet.

Wednesday, March 2, 2011

SYN/ACK DoS explanation

thanks to mikko hypponen for drawing my attention to this one. i wish i could read the artist's signature so i could give this the attribution it deserves.

Tuesday, March 1, 2011

strange bedfellows

from the inimitable XKCD

i think randall munroe has really struck on something here. why is a mob which relies on anonymity as it's defense against the authorities so interested in helping a group dedicated to revealing secrets? it's definitely peculiar.