Friday, September 28, 2012


from here (source image)

how likely are you to give out your details when someone claiming to be from the bank calls you? now what if it was a machine claiming to be from the bank? sadly, i suspect people are even more likely to trust the machine than a person (and that's saying something).

does victoria keep any secrets at all?

from here

given the name victoria's secret, you'd think there'd be more discretion, wouldn't you?

Thursday, September 27, 2012

PDFs, PDFs everywhere

i know that PDFs are 'necessary' because we don't have a great alternative to this format, but that doesn't mean i have to like the pwnable document format.

the creepy side of wireless security

most people never really think about the security of their wireless connection - something like this could be a real eye opener for them (but probably only if it actually happened to them).

Wednesday, September 26, 2012

USB for free? what could possibly go wrong?

from here (source image)

the reason i say it could be a good thing is that it could be an example of sharing samples. but, as suggested by this tweet, probably not.

fraudulent activity in 3...2...1...

found on

i'm not sure what the person masked by the pink blocks was thinking, but some things really shouldn't be shared online.

Tuesday, September 25, 2012

do you believe in magic?

this video has been going around the internet for a bit so what the heck. see if you can figure out how this trick works before the video ends.

yeah, that's right, that's how it works. be careful out there.

based on our research

gee, over 9000, huh? i wonder if this is at all related to this tweet

so there's a less than 10% chance that your enterprise's network is safe? and little timmy's fallen down a well? well maybe he shouldn't have gone back to the well of fear, uncertainty, and doubt so many times. that statistic is way, way too fishy. i have a very hard time believing there's enough malicious manpower out there to pwn all the things.

that's a real tweet by 'fudlabs' up there, by the way, so if you want to retweet it go right ahead.

Monday, September 24, 2012

mcdonalds vs. burger king

so, what do you think? was calling the police an over-reaction? is accepting food (or even candy) from a stranger in a mask a perfectly safe and acceptible thing to do? maybe calling the police was a wise choice after all. that really could have been anyone in that costume.

(found on boing boing)

advanced encryption

found with google image search

i wonder if you really could use it for encryption. there's an encryption algorithm that uses a deck of cards, so why not a rubik's cube?

Friday, September 21, 2012

microsoft bucks the trend

from here (source image)

dear microsoft, you're doing password security wrong! while it may be annoying when a site tells you your password is too short, when one tells you your password is too long then you know something is seriously wrong.

delusional security

from here (source image)

normally i'd say chaining a car up like it was a common bicycle is wholly inadequate security (just look at how easily and often bikes get stolen). but for a car like this? i don't think the lock and chain are even needed.

Thursday, September 20, 2012

privacy can be challenging

from here (source image)

i know, i know. my pun is bad and i should feel bad.

facebook intruder

from here

who can resist laughing at crooks who give away their misdeeds on facebook?

hide yo profile, hide yo status updates, cuz dey checkin' everything you post now.

Wednesday, September 19, 2012

pirate security

from here (source image)

well, what other anti-virus would you use on september 19th? look at that, it's even free, just the way a pirate likes it.

experts say the darnedest things

it's hard to believe so many of these things have actually been said by people who claim to be or are regarded as security experts. especially the 'i never use anti-virus and i never get viruses' one.

Tuesday, September 18, 2012

social networking exposed

found on very demotivational

suddenly, privacy settings seem much more important. when people talk about a race to the bottom in the context of social networking privacy, this is what i imagine that probably means.

somebody's going to a hot place

found on memebase

the bible is not the best way to hide your shame. next time try encryption. at the very least it'll be less blasphemous.

Monday, September 17, 2012

suspicious USB

from here (source image)

what do you think? would this make people think twice before sticking a strange USB drive into their computer?

strong bad catches a virus

everyone can get a virus, even strong bad. hopefully most won't try to get rid of it in quite so destructive a manner, however. although, come to think of it, overreacting to viruses is fairly common.

Friday, September 14, 2012

facebook karma

found on failbook

sounds like it couldn't have happened to a more deserving person.

A is for Anonymous, the guys who are bad

from here (source image)

well, perhaps a 16 year old is too old to pay in candy and hugs, but the principle of recruiting children to help you fight anonymous is the same either way. it smacks of desperation and is definitely NOT in the best interests of the child. i don't think this is the kind of approach we really want to see the authorities taking.

Thursday, September 13, 2012

from the mouths of experts

from here

well, what else is there to say when experts brag about how they don't need anti-virus software?

beware of trolls bearing cakes

as bad as the original trojan horse no doubt was, i feel as though it could have been so much worse if it had been filled with internet trolls like this pinterest cake.

Wednesday, September 12, 2012

mac security video

although it is a little 'promotional' towards the end (it was produced by a vendor. how could it not be promotional?) i've seen this get posted a number of places already so it's already got the 'monkey see, monkey do' aspect of a meme working in it's favour.

I am the ROR AX. I speak for PCs

I am the ROR AX. I speak for PCs,
And you can't keep them safe doing whatever you please.
You have to show caution, you have to take care,
Or someday your bank account just won't be there.

Security vendors can talk a good game,
But at eliminating worry they're really quite lame.

Vendors can't stop you from running with scissors,
Or jumping off bridges and into big rivers.
If you're the one hurting your computer's health,
They can't stop that anymore than you hurting yourself.

The same goes for Macs, and Linux systems too.
If it's not you keeping your stuff safe, well then who?

obviously this borrows from "The Lorax" by Dr. Seuss, but i don't think this follows "The Lorax" closely enough to be anything more than a stylistic parody (if that).

Tuesday, September 11, 2012

obvious research is obvious

from here

i wonder how much money HP spent determining the obvious. of course exploit writers use the information in patches to write exploits. what do you expect them to do when you point out where the flaw is?

the feline defense

speaking of cats who defend their territory; this is a blast from the past but clearly shows that sometimes even a seemingly inconsequential defense can have a big impact.

Monday, September 10, 2012

beware of guard cat

found on i can has cheezburger

doesn't seem like the fastest retreat i've ever seen, but still that seems like a useful cat to have around.

may the schwartz be with you

that story before about the syrian dictator's password had this video embedded in it, but i thought it deserved to be highlighted all on it's own.

Friday, September 7, 2012

my password brings all the jokes to the yard

from here (source article)

thanks to @weldpond for bringing this ridiculousness to my attention.

scumbag oracle

from here (source image)

from the people who brought us "unbreakable" database security.

Thursday, September 6, 2012

now where did i leave the keys?

found on very demotivational

an interesting example of the trade-off between security (keeping the bat cave's location secret) and convenient (making the bat cave easy to find if you forget where it is). don't get angry, batman, get alfred checked for alzheimer's.

think before you post

honestly, that's kind of creepy, but it's also very true. maybe creepy is what's needed for that message.

Wednesday, September 5, 2012

the one that got away

from here (source image)

i dunno for sure but i have a feeling that in some circles people actually do tell security fish stories (and no, i don't mean phish).

please pay careful attention... and lots of money

paying extra for safety is one thing, but don't you wish they'd take this approach with security? then you could finally opt out of their security theatre by not paying.

Tuesday, September 4, 2012

secure on paper

from here (source image)

watch out for mad F-bombers

the only bombs the TSA regularly encounter are F-bombs, and they certainly aren't effective at minimizing those.


Monday, September 3, 2012

do frequent AV failures look like a flaw?

from here

i dunno. i certainly laugh at infosec professionals who fail to recognize when it's actually the law of truly large numbers kicking them in the ass, but i can see how others might not find that funny. i guess it's a schadenfreude sort of thing.

we can haz antivirus?

from here (source image)

inspired by this f-secure blog entry. i think parking meters with anti-virus on them is another example where we can say someone is doing their job horribly, horribly wrong. i don't care how hi-tech your parking meter is, it only has a single job to do so it shouldn't need to be a general purpose computer running windows.