Wednesday, October 31, 2012

unwise halloween costumes

found with google image search

i don't know about dressing up like the twin towers, but dressing like a terrorist or a package of anthrax seem like really good ways to get an unwanted armed response.

zombie computers taste like spam

found through google image search

that is, in fact, a big part of what zombie computers do - send email spam.

Tuesday, October 30, 2012

personalization fail

found on the art of trolling

probably not the best idea for a personalized license plate.

the worst happened

from here

obviously this is inspired by current events, but preparedness can have a positive effect on all manner of disasters - whether they're natural or man made.

Monday, October 29, 2012

you don't put your weed in there

from here (source image)

is this too crass? well, maybe, but it seems like some folks need to hear it.

that moment when...

from here (source tweet)

so apparently (according to this twitter conversation) it wasn't the members' original passwords but rather ones that are generated as part of a password reset procedure, but the members aren't forced to change these passwords so for all intents and purposes this practice is just as bad (unless the member used their original password in multiple places - revealing that would be worse). at the very least make sure that the passwords sent this way can only be used once, but better yet don't send passwords at all, send links instead and again make sure they can only be used once.

Friday, October 26, 2012

erasure destroys computers?

from here (source story)

thanks to aleks gostev for tweeting about this bit of ridiculousness. clearly US defense secretary leon panetta doesn't have the slightest clue what he's talking about. deleting or overwriting data doesn't "destroy computers". if deletion were that dangerous, there wouldn't be a delete key on the keyboard.

what happens in the sandbox stays in the sandbox

from here (source image)

i was trying to think of a way to explain sandboxing to the layperson. think this will work?

Thursday, October 25, 2012

this isn't the magic you're looking for

found on picture is unrelated

you can't always believe what it says on the box, whether it's a pop-up message box on your screen from some scareware or the box your security software came in from the store. be skeptical.

just encrypting is good enough, right?

from here (source image one, two, and three)

the install and forget mentality strikes again. big name companies using short encryption keys like it's 1999. this is why i don't trust so-called transparent security - if you don't involve a person somewhere along the line then the security falls down.

Wednesday, October 24, 2012

tasty karma

found on failbook

i can only imagine what kind of ridiculous mistakes this little thief will make when she's older.

farce alarm

found on the art of trolling

false alarms can happen anywhere, but a little effort in understanding what's what can generally avoid this kind of mess - and unless the police got there in time, i assume there was a mess.

Tuesday, October 23, 2012

USB shield

found on very demotivational

it may be a shield, but it won't protect you from autorun worms. probably quite the opposite.

snap-on security or...

found with google image search

i think the original captioner missed an opportunity by ignoring what it says right on the bike. i think they also missed one half of the population, but that's another matter entirely.

Monday, October 22, 2012

home made plates seem legit

found on memebase

i've heard of fake IDs before, but a fake ID for your car (fake license plate)? i'm surprised i don't hear about that more often. i suspect you could do a much better job if you ditched the marker and went straight for photoshop and a printer.

the FTC is watching

(image source)
if you're a tech support scammer who thinks they're gonna pull a fast one on the FTC's watch, you better think again.

(i can't be the only one who thinks their logo looks like a big face - and if you didn't see it before, i don't think you can unsee it now)

Friday, October 19, 2012

farcical recognition

found on failbook

this isn't an abberation (or a photoshop, if your wondering). from my experience with facial recognition, finding faces where there are none happens fairly regularly with multiple if not all face-rec technologies.
how much do you trust biometrics now?

stealth: it's no laughing matter

found on failblog

laugh and the world laughs at you. cry and your cellmate will never leave you alone.

Thursday, October 18, 2012


honestly, although it's often said that you should leave the law enforcement up to the professionals, the other side of the coin is that you shouldn't rely on other people to protect you. you should be self-reliant.

lean on me, for security

found on there i fixed it

now if only he could take that lamp post with him to the next spot he parks.

Wednesday, October 17, 2012

social engineering song

ytcracker makes it sound really easy to socially engineer people, doesn't he?

encrypt all the things

from here

are you seriously still not using encryption? what's wrong with you?

Tuesday, October 16, 2012

my spam brings all the jihadists to the yard

from here

if you want to start a religious war against spam, this could very well be a good way to go about it. i don't think these spammers really thought things through very well. this is the kind of lolthreat that could turn into a darwin award.

(un)official TSA training material

from here (source images one, two, and three)

sometimes it seems like the TSA lives in some sort of backwards land.

(inspired by a tweet from @gattaca)

Monday, October 15, 2012

security for dummies

from here (source image one and two)

(thanks to @lseltzer for pointing out some very realistic looking fake cameras)

can't they be more specific?

found on memebase

if you've ever come across that error message (wrong username or password) and wondered why they don't just tell you which one is wrong, it's because that additional information would reduce the amount of guessing that an attacker would have to do (if they were going to attack the system by guessing).

Friday, October 12, 2012

the only explanation

from here

so, amazingly, people in high places (get it?) seem to think that the computers that got infected with the shamoon virus HAD to be replaced as a result of either infection or it's data damaging payload. that's right, not just disinfected, or re-imaged, or formatted and re-installed, the computers in their entirety had to be replaced. apparently these people have never heard of malware recovery or disaster recovery - or maybe they were just high as kites.

(one wonders, by the way, why vendors would be so shy about calling a piece of malware that self-replicates across the internal network a virus or at least a worm)

wait, free what?

found on the art of trolling

i wonder how many people would get all excited and not read that button text all the way through to the end.

did you click?

Thursday, October 11, 2012

password magic

found on the art of trolling

it doesn't surprise me that some people fell for this. what surprises me is that they continued to fall for this long enough to rack up over 600 comments. didn't people figure it out after the first couple of times?

that security's all smoke and no mirrors

found on very demotivational

that's not... well, ok so i suppose that's actually true, but that's not really the point. it's bad for your health. you're more likely to suffer health problems from this than to thwart laser traps.

Wednesday, October 10, 2012

F'ing Tech Support Scams - How Do They Work?

from here

it's a shame people people can't be this suspicious about strangers calling them up claiming there's a problem.

keyless entry for your home

from here (source site)

keyless entry isn't even the scariest idea being proposed by the lockitron folks. electronically sharing access with friends, family, subletters, and bed&breakfast customers? gee, facebook should get in on this new form of inappropriate sharing before they get left behind.

Tuesday, October 9, 2012

Princess WoW

from here

so apparently someone used an exploit of some sort to massacre entire cities in world of warcraft. i'm thinking some of the people affected are going to be tempted to go on the warpath over that.

ermahgerd... erpderts!?

from here (source image)

software updates; painfully annoying, but necessary (because the alternative of getting pwned is worse).

Monday, October 8, 2012

scumbag biometrics

from here (source image)

take it from someone who has actually developed similar software and fought against this mode of operation. the only way biometrics eliminates your need to enter passwords is by storing those passwords insecurely. (even if UPEK hadn't botched the encryption process, any reversible transformation would still be insecure for passwords)

i don't always have to deal with my data being held for ransom...

from here

that's really all there is to dealing with ransomware. i'm sure as more an more people get hit they'll figure this out for themselves. or maybe they'll see something like this and clue in - what do you think?

Friday, October 5, 2012

if you hire child-molesting ex-priests...

if you hire child-molesting ex-priests to perform airport security pat-downs, then you might be a security idiot.

(inspiration - thanks to @Schouw for the heads up)

scumbag update?

found with google image search

ah, adobe reader updates. so many of them with so little apparent benefit. with the somewhat recent exception of the addition of a sandbox, it doesn't even seem like there was much in the way of hidden security benefits - the vulnerabilities just kept coming and coming.

Thursday, October 4, 2012

padlocks, padlocks everywhere

from here (source image)

there's apparently a bizarre lover's ritual involving placing padlocks on public fences, bridges, etc. pretty sure that's not going to keep your hearts (or anything else) secure, folks. just a waste of a perfectly good lock.

ubiquitous surveillance rap

found this on boing boing and while i don't think TOR is quite the easy solution it's (briefly) made out to be (easy solutions to hard problems rarely are), there's still an awful lot to like about this rap video - even if you don't like rap. (where are the security punk rock songs?)

Wednesday, October 3, 2012

dropping the logic bomb

posted to twitter by @nigroeneveld

strangely enough, with the exception of dropping it out of a plane, this is apparently how cyberwarfare is being waged (ex. stuxnet was spread using USB keys).

my browser pleads the 5th

found on memebase

what would your search history reveal about you? what would you do to keep it secret?

Tuesday, October 2, 2012

i see london, i see france, i see someone who got pantsed

from here (source article)

passwords have kind of a bad name, in part because people do password security so horrendously wrong. it doesn't take a rocket scientist to realize 123456 isn't a good password for anything bank-related. there's really no excuse for that kind of stupidity.

modern day goldie locks

from here

imagine coming home to a sleeping burglar in your kitchen

Monday, October 1, 2012

a modern day uncle buck?

from here (source image)

one of the distinguishing characteristics about the uncle buck character from the eponymous movie was that he was someone whom kids should absolutely not be left in the care of. apparently an arizona man has him beat since he got his 16 year old nephew to dress like a terrorist and wave around a fake RPG while cameras were rolling in order to see how long it would take the police to respond. seems like a good way to get one's nephew dead, if you ask me.

fear, uncertainty, and doubt

from here (original tweet)

what more can i say? except maybe, keep an eye out and don't let people manipulate you with fear like that.