from here (story in the national post)
i'm torn. either they've been so successful at eliminating risks that soccer balls are now a reasonable priority, or they've completely lost touch with reality. i suspect the latter. surely there must be more important threats to safety than rudimentary toys.
Wednesday, November 30, 2011
this area is being watched
found on ugliest tattoos
i find myself wondering what kind of message a tattoo like that is supposed to be sending. security cameras are often used as deterrents in real life, but i think there would be easier preventative controls in this context.
i find myself wondering what kind of message a tattoo like that is supposed to be sending. security cameras are often used as deterrents in real life, but i think there would be easier preventative controls in this context.
Tuesday, November 29, 2011
ai had de advantij but ai losted it
from here (previously found on failbook)
isn't it about time that thieves learned that phones are often linked to their rightful owner's social networking account? then again, those gold teeth tell me this guy is definitely old school.
isn't it about time that thieves learned that phones are often linked to their rightful owner's social networking account? then again, those gold teeth tell me this guy is definitely old school.
she's super spry
from failblog after 12
this is the kind of thing that happens when rules and policies are mindlessly enforced and inflexible. ID is intended to make sure someone who is too young can't buy alcohol. if a 92 year old woman can pass for someone who is too young then she ought to be able to sell whatever secret she has to looking that good and make a fortune and pay someone else to get her booze for her.
this is the kind of thing that happens when rules and policies are mindlessly enforced and inflexible. ID is intended to make sure someone who is too young can't buy alcohol. if a 92 year old woman can pass for someone who is too young then she ought to be able to sell whatever secret she has to looking that good and make a fortune and pay someone else to get her booze for her.
Monday, November 28, 2011
truth in security (true insecurity)
found on MthruF
sometimes there can be truth in a password. especially when your password describes you as a lazy piece of $#!+ and is written on a post-it stuck to your monitor.
sometimes there can be truth in a password. especially when your password describes you as a lazy piece of $#!+ and is written on a post-it stuck to your monitor.
tattoo bomber
found on ugliest tattoos
when it comes to bad ideas in an airport, tattooing a bomb to your abdomen has to rank pretty highly. airport security will not be amused.
when it comes to bad ideas in an airport, tattooing a bomb to your abdomen has to rank pretty highly. airport security will not be amused.
Friday, November 25, 2011
to scan or not to scan, that is the question
found on the art of trolling
shock sites are actually the tame version of what someone with malicious intent could do with faked QR codes. they could send you to a site that automatically installs malware on your system too.
shock sites are actually the tame version of what someone with malicious intent could do with faked QR codes. they could send you to a site that automatically installs malware on your system too.
pepper spray all the things
from here
power corrupts, and absolute power corrupts absolutely. is unchecked power the same as absolute power? maybe not but it's pretty darn close.
power corrupts, and absolute power corrupts absolutely. is unchecked power the same as absolute power? maybe not but it's pretty darn close.
Wednesday, November 23, 2011
not quite kicking ass
found on failblog
authority (the broad class of strategies whereby, instead of resisting attack, a group neutralizes the attacker) isn't something that just magically comes out working perfectly. competence needs to be developed, practice is required, and mistakes get made (especially early in the development). this goes for budding self-defense enthusiasts as well as standard law enforcement who, although they have plenty of experience with traditional crime, are still working on getting up to speed when it comes to cybercrime. as increasing reports of arrests show, they are getting there, but there's still a long road ahead and law enforcement is only one part of the equation (sometimes the laws have catching up to do too).
until that catching up happens, though, their efforts are going to be laughable at best.
authority (the broad class of strategies whereby, instead of resisting attack, a group neutralizes the attacker) isn't something that just magically comes out working perfectly. competence needs to be developed, practice is required, and mistakes get made (especially early in the development). this goes for budding self-defense enthusiasts as well as standard law enforcement who, although they have plenty of experience with traditional crime, are still working on getting up to speed when it comes to cybercrime. as increasing reports of arrests show, they are getting there, but there's still a long road ahead and law enforcement is only one part of the equation (sometimes the laws have catching up to do too).
until that catching up happens, though, their efforts are going to be laughable at best.
pull for delicious candy
found on failblog
sometimes i think the analogy of the trojan horse is a little too abstract for people, especially when it comes to explaining the more ambiguous instances where the trojan horse program isn't actually malicious in itself but simply presented in a false light with a malicious intent (the example i often use is that of FORMAT.COM renamed to SEXYFUN.EXE).
this example i hope is a little more concrete and easy to understand. a fire alarm is by no means a bad thing in and of itself, in fact it's a very important and desirable thing to have when there's a fire. but if you dress it up like a candy dispenser, all hell will break loose when children come by.
sometimes i think the analogy of the trojan horse is a little too abstract for people, especially when it comes to explaining the more ambiguous instances where the trojan horse program isn't actually malicious in itself but simply presented in a false light with a malicious intent (the example i often use is that of FORMAT.COM renamed to SEXYFUN.EXE).
this example i hope is a little more concrete and easy to understand. a fire alarm is by no means a bad thing in and of itself, in fact it's a very important and desirable thing to have when there's a fire. but if you dress it up like a candy dispenser, all hell will break loose when children come by.
Tuesday, November 22, 2011
there's no such thing as 'off the record' online
there's no such thing as 'off the record' onlinei don't mean this in a figurative way - everything in the online world is recorded, literally. it's how the medium works. a recording is made in the computer's memory of the sounds you make, the images you present to the camera, the words you type, the links you click, etc. (depending on what exactly you're doing online) and a copy of that recording is sent along a path to whatever it's final destination is supposed to be. at some later point that recording and maybe even the copies (though it's impossible to be sure with the copies) are deleted or overwritten, but recording (and thus 'the record') is a fundamental and unavoidable part of online interaction. 'off the record' simply can't exist there.
who watches the watchers?
original story from the daily mail
ignoring the reputation of the source for a moment, this highlights an issue that comes up more times than you might think - who watches the watchers? unfortunately the answer seems to be "nobody" most of the time.
ignoring the reputation of the source for a moment, this highlights an issue that comes up more times than you might think - who watches the watchers? unfortunately the answer seems to be "nobody" most of the time.
Monday, November 21, 2011
stealth, ur doin it wrong
from here (story here)
let's face it, nobody is that stealthy - not even ninja's. whenever anyone tries to be stealthy, there are still ways to see what they're up to if you know what to look for, whether it's a guy in camouflage gear or a piece of malware that masks it's presence.
the only way to really not be seen is to not be in the places people are looking for you.
let's face it, nobody is that stealthy - not even ninja's. whenever anyone tries to be stealthy, there are still ways to see what they're up to if you know what to look for, whether it's a guy in camouflage gear or a piece of malware that masks it's presence.
the only way to really not be seen is to not be in the places people are looking for you.
automatic teller needs automatic updates
thanks to eugene kaspersky for tweeting the picture
windows in an ATM, and automatic updates haven't been enabled yet? i wonder what other security precautions have failed to be enabled.
windows in an ATM, and automatic updates haven't been enabled yet? i wonder what other security precautions have failed to be enabled.
Friday, November 18, 2011
worth more than your arm
found on this post about biometric passports
one of the things my mother taught me was that i should never wear anything on my wrist that is worth more than my arm. the idea had to do with theft of property, but as this comic shows there's a related issue for biometrics. people keep saying your biometrics can't be stolen but that's not really true - they can be stolen, and such theft can be messy.
one of the things my mother taught me was that i should never wear anything on my wrist that is worth more than my arm. the idea had to do with theft of property, but as this comic shows there's a related issue for biometrics. people keep saying your biometrics can't be stolen but that's not really true - they can be stolen, and such theft can be messy.
what's wrong with this picture
found on failblog
i'll be honest, when i first saw this i didn't see what the big deal was. partially that was because i had to scroll down to see the entire image, but also because the safety hazard here doesn't really stick out that much due to it's small size. i suppose if i went in there drunk and with poor aim, the hazard might become shockingly obvious.
the difficulty recognizing subtle forms of danger is a recurring theme in security. that's why tricks like phishing or telephone support scams or malicious email attachments (to name just a few) work so well.
i'll be honest, when i first saw this i didn't see what the big deal was. partially that was because i had to scroll down to see the entire image, but also because the safety hazard here doesn't really stick out that much due to it's small size. i suppose if i went in there drunk and with poor aim, the hazard might become shockingly obvious.
the difficulty recognizing subtle forms of danger is a recurring theme in security. that's why tricks like phishing or telephone support scams or malicious email attachments (to name just a few) work so well.
Thursday, November 17, 2011
human error has the advantage
found here using tineye (thanks to @mikko and @ervistusha for tweeting a photograph of this comic)
no matter how complex and sophisticated you make your security controls, human error can always result in undesirable consequences. this comic is quite effective at presenting human error as equally matched against the collection of every security control you can think of.
it reminds me of the joke
no matter how complex and sophisticated you make your security controls, human error can always result in undesirable consequences. this comic is quite effective at presenting human error as equally matched against the collection of every security control you can think of.
it reminds me of the joke
Programming today is a race between software engineers striving to build bigger and better idiot- proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rich Cook
i spy with my huge eye
found on failblog
usually the point of a peephole is to allow you to see who's at your door without letting that person know anything about you (including whether you're even there). it's a tool made with privacy in mind. that privacy kind of goes out the window when you've got a big fat window right beside it.
more to the point, however, a peephole really has no purpose on the door to a stairwell. privacy tools can be very useful, but not when they're put in places that don't make sense.
usually the point of a peephole is to allow you to see who's at your door without letting that person know anything about you (including whether you're even there). it's a tool made with privacy in mind. that privacy kind of goes out the window when you've got a big fat window right beside it.
more to the point, however, a peephole really has no purpose on the door to a stairwell. privacy tools can be very useful, but not when they're put in places that don't make sense.
Wednesday, November 16, 2011
on the internet there is always someone watching
on the internet there is always someone watchingi suspect one of the things preventing people from grasping the privacy consequences of their online activity is that in the offline world people consider themselves to be in private when there's no one else around, and since there's often no one else around when they go on the internet, that sense of privacy persists even though it really shouldn't.
Tuesday, November 15, 2011
security win?
from there i fixed it
you might look at this and think it's a security win, and i suppose compared to some of the bad bike security we've seen here that would seem like a reasonable conclusion - but never forget that some attackers are more advanced than others
you might look at this and think it's a security win, and i suppose compared to some of the bad bike security we've seen here that would seem like a reasonable conclusion - but never forget that some attackers are more advanced than others
Monday, November 14, 2011
Y U NO Log Off?
from the art of trolling
clearly good advice to be had here, but will the account owner ever actually see this public computer again? who knows.
clearly good advice to be had here, but will the account owner ever actually see this public computer again? who knows.
Friday, November 11, 2011
the internet can be creepy
Internet Story from Adam Butcher on Vimeo.
this is, if nothing else, an illustration of why you should be careful about who you trust on the internet - not just when you're going to meet them in real life, but whenever you do anything at their prompting. the internet can be creepy - watch out for the creeps.
steam got burned
from the Ctrl-Alt-Del sillies
i don't think this needs any explanation, but it's still nice to see i'm not the only one who makes puns out of security breaches.
i don't think this needs any explanation, but it's still nice to see i'm not the only one who makes puns out of security breaches.
Thursday, November 10, 2011
parental attribution
from failblog (who knew they had a section specifically for parenting?)
and here we have a wonderful example of how hard attribution can be. pop-quiz: is it really stephanie's dad talking? how can anyone tell? it could be that stephanie is just a really clever liar.
now, instead of a mother who's son has regrettable tastes, imagine this was a nation state trying to attribute something that happened on a computer using about the same amount of information as is available here.
it's hard not to consider cyberwar ridiculous when viewed through this lens.
and here we have a wonderful example of how hard attribution can be. pop-quiz: is it really stephanie's dad talking? how can anyone tell? it could be that stephanie is just a really clever liar.
now, instead of a mother who's son has regrettable tastes, imagine this was a nation state trying to attribute something that happened on a computer using about the same amount of information as is available here.
it's hard not to consider cyberwar ridiculous when viewed through this lens.
well, i suppose it's fat...
from failbook
if you've ever wondered what the big deal about search history privacy is and why it's important that search data be anonymized, i think this example spells that out pretty plainly.
nobody wants to know where you plan to stick aragorn figurines.
if you've ever wondered what the big deal about search history privacy is and why it's important that search data be anonymized, i think this example spells that out pretty plainly.
nobody wants to know where you plan to stick aragorn figurines.
Wednesday, November 9, 2011
if you think nearly two dozen prostitutes...
if you think nearly two dozen prostitutes constitutes a normal level of contraband slipping through the cracks of prison security, then you might be a security idiot.
(inspiration)
(inspiration)
if you think a security measure...
if you think a security measure that is less accurate than a coin toss ever had any place in an airport then you might be a security idiot.
(inspiration)
(inspiration)
Monday, November 7, 2011
iz attakin ur siet
umm, yeah, i'm not sure how anyone could have made such a boneheaded mistake unless one of the stipulations for this cracking challenge was "no peeking".
if you antagonize a group...
if you antagonize a group with more military training and experience than you, then you might be a security idiot.
(inspiration)
(inspiration)
Thursday, November 3, 2011
crack a smile
from here (source story from the imperva blog)
on the one hand, i finally found the builder for making multi-image comics (was doing it by hand before and i think it showed). on the other hand, yet another security company calling cracking "hacking".
on the one hand, i finally found the builder for making multi-image comics (was doing it by hand before and i think it showed). on the other hand, yet another security company calling cracking "hacking".
Wednesday, November 2, 2011
modern building security
found on failblog
it's always seemed kinda funny to me that buildings which you'd expect to be high security venues (like a bank) would go for the modern look and have glass doors and replace exterior walls with glass.
if people can break through that barrier without even trying you better believe that people who are trying can get in.
everyone's parents on a computer
from memebase
yup, that pretty much seems to be what parents do. if only there was a way to get them to remember not to do that. unfortunately memory is one of the things people often start to lose as they age, and that suggest that some people may never be able to defend themselves online.
yup, that pretty much seems to be what parents do. if only there was a way to get them to remember not to do that. unfortunately memory is one of the things people often start to lose as they age, and that suggest that some people may never be able to defend themselves online.
Tuesday, November 1, 2011
clicked on attachment
from here
don't think this qualifies for success kid? how many people have tried this and failed? yeah, i thought so.
don't think this qualifies for success kid? how many people have tried this and failed? yeah, i thought so.
Subscribe to:
Posts (Atom)