Thursday, June 30, 2011

new infosec cartoons?


ridiculing the recent trend of trying to excuse bad behaviour by claiming the perpetrators have asperger's syndrome is an awesome idea and i wish i'd though of it.

i certainly hope the folks at infosuck keep making comics.  with all the ones they've already made, infosuck is definitely going on list of links to other media.

Wednesday, June 29, 2011

hitting it out of the park

thanks to pete lindstrom, pete lindstrom, and finally pete lindstrom

if this absurdity doesn't make sense to you, think about all those times people have said some security technology is failing because it's not 100% effective.

Tuesday, June 28, 2011

if luigi is the new kira, who's ryuk?

from a link that mikko hypponen posted to twitter

for anyone familiar with the anime or manga called death note this comic should make sense (nintendo characters trying to take out sony in the style of death note). for those who aren't familiar, you might want to check it out - it may seem like a comic book (or cartoon if you watch the anime) but it's actually quite adult. a kind of supernatural psychological thriller. i can't speak for the live action film though.

Monday, June 27, 2011

but she went to all that effort

from failbook

i know that spammers generally don't put in much effort at all. generally at most it's copy and paste, but it's still funny to see how badly they do at selecting their audience. like sending me spam about obama's penis

Friday, June 24, 2011


thanks to @realytcracker for not only posting this but making it as well. i'm sure everyone who's been following the lulzsec drama would have already stumbled across this, but if you haven't been... maybe you should be?

Thursday, June 23, 2011

who's my little hash function?

imagine that, penny arcade talks about lulzsec, and i don't just mean a comic where they talk about talking about it and then say nothing (because nobody wants to paint a target on their own back), but really talks about it (in blog post form - you read their posts too, right? you don't just look at the pretty pictures, right?) and the lessons learned from the failures of others.

Wednesday, June 22, 2011

the security mountain will not come to mohamad

from there i fixed it

they say a chain is only as strong as it's weakest link. a carabiner may look a little like a chain link but it has none of the security properties. you might as well secure this gate with chewing gum.

Tuesday, June 21, 2011

password strength revealed

well, ok, doesn't directly reveal anything about password strength, but it can help people get a feel for what it takes to create a strong password. it's like a password strength meter (which are always a little iffy) with a focus on pubescent males (though i suppose there may be some ladies who get a kick out of it too).

i wouldn't suggest putting your real passwords into it, of course. not because it's necessarily untrustworthy, but i don't know for sure that it isn't a clever way to trick people into giving up their passwords.

what people should really take away from this is not how difficult it is to make a really strong password, but how difficult it would be to use such a password. today's demands for passwords are better served by password management software (both for creation and storage) than they are by the human brain.

Monday, June 20, 2011

don't grope me bro

from poorly dressed

this raises many questions, most of which i'd rather not think about, but the one most relevant to security is: if the pants are tight enough is there any point in performing the new standard sexually invasive pat down?

Friday, June 17, 2011


from the joy of tech

yeah, i'm pretty sure facebook is pretty much the opposite of safebook, even if they do both have the same sounds in them.

privacy isn't just about controlling who gets access to your personal information, it's also about controlling how that information gets used. facebook violates that latter principle every time they release a new feature. you have no control over how they'll use your information. right now your cell phone number may be used to strengthen authentication, but who knows what new ways they'll use it tomorrow or next week, all without asking your permission first.

Thursday, June 16, 2011

Seussian Security

A program is scanning.
It finds software that's bad.
A person is searching.
He aims to stop the cads.
That's all well and good when programs find code threats.
And nothing goes wrong when folks stop john doe threats.

But it isn't too good when programs and people
Start getting misused against each others evil.
Programs, not people, stop threats that are dumb
And people, not programs, stop threats from someone.
So, when folks get their hands full with threats that are stupid,
And programs gets used on threats that are lucid,
They both wind up failing to keep our stuff safe.

I'm warning you, now! Know your defense's place.

(inspired by Dr. Seuss' "Sleep Book" and Richard Clarke's restatement of the complaint that AV and firewalls don't stop Chinese attackers)

Wednesday, June 15, 2011

obvious sign is obvious

from failblog

of all the things to put on a hacked road sign, that's got to be the most completely uncreative option possible. probably has a dog named "dog", as well.

Tuesday, June 14, 2011

i can haz all ur monees?

from failblog (as if that wasn't painfully obvious)

looks like the threat of violence was an empty promise. all things considered, perhaps the gun was empty too. don't rely too much on a bluff, there's always someone willing to call it.

Monday, June 13, 2011

tightening the security belt

from stewpig

i wonder if this moron is using a chain to hold up his pants. normally stealing a chained up bike would require bolt cutters but this one would probably only take a box cutter.

Friday, June 10, 2011

ai had a mask but ai broked it

found on failblog

you'd think this guy would have at least tried to put the mask on before he entered the store.

Thursday, June 9, 2011

bicycle APT

from failblog

well look at that. it seems like the bike owner used fairly standard practices to secure the bike but they weren't good enough against a skilled and persistent attacker. the APT of the bike world, or maybe just a case of "Standard Techniques Failed Us" (STFU)

Wednesday, June 8, 2011

laughter is the best anti-virus

from roflrazzi

i don't know that laughter can actually prevent or eliminate computer viruses yet, but laughing at your misfortune when you get a virus is a heck of a lot less destructive than panicking.

Tuesday, June 7, 2011

it's a trap!

from buttersafe (thanks to the folks at eset for pointing in out)

it's difficult to overstate how easy it is to fall for some of the threats out there, but many more have tell-tale clues and some are just downright obvious. keep your wits about you and if it seems too good to be true just remember what admiral ackbar says

Monday, June 6, 2011

i'z in ur shower, maekin a kleen getaway

yeah, so, uh, i guess that's a perfectly natural thing to do. break into a house and think to yourself "i feel dirty".

Friday, June 3, 2011

collecting badness

thanks to graham cluley for the great tweet

obviously someone forgot that an email address meant for receiving bad things is VERY different from a normal address where those bad things get filtered out at many points before even reaching the address.

Thursday, June 2, 2011

i don't have to go that bad

from failblog

i know some people are more open about certain things in different parts of the world, but if you're going to do that then why even bother with a door?

Wednesday, June 1, 2011

digital rights malevolence is part of the end user licensed assasination

thanks to julio canto for posting this one on twitter

while DRM is an officially sanctioned and protected way for vendors to work against the interests of customers, i haven't heard of any actually using contact poisons... yet.