Thursday, October 31, 2013

spooky cyber security awareness

from here

iPhone 5nSa commercial

this is what happens when you take the very real capabilities of the iphone and you imagine the worst ways they can be abused by governments and corporations.
(thanks to someone who doesn't want to share with the public for sharing this on google plus)

Wednesday, October 30, 2013

keeping no one out

from here (source image)

well, they kept the gate. only the gate. it's closed. it may even be locked. seems like they followed every one of those instructions, but mindlessly following instructions doesn't actually keep anything safe.

nothing is safe

sometimes you might here about safe sites (like you should only go to safe sites), or safe browsers, or safe file formats. look at this video - when even a picture made in microsoft paint can be code, how can anything be 'safe'?

Tuesday, October 29, 2013

if you think just any bit of plastic looks like a 3D printed gun...

if you think just any bit of plastic looks like a 3D printed gun, then you might be a security idiot

Alessandro Acquisti: Why privacy matters

thanks to my boss for sharing this ted talk with me. this is one of the few things i've seen that draws the connection between privacy and autonomy and freedom. privacy is the means by which we achieve freedom and it is what we have to give up to get things for free. so the choice we are often asked to make these days is between free things or freedom.

Monday, October 28, 2013

the other WMDs

from here (source image)

part of thinking like an attacker means dreaming up some truly crazy stuff, trying to find something that defenders never anticipated. i think craziness deserves to be right up there alongside stupidity on the short list of things in this universe that are infinite.

obama says sorry

tweeted by Koen Rouwhorst

Friday, October 25, 2013

protective fashion

from here (source image)

there's nothing inherently wrong with being inventive about how you protect things, but sometimes the standard ways became standard for a reason

stop watching us: the video

hey, what are you doing tomorrow? if you're in washinton dc, maybe you should join that 'stop watching us' rally mentioned in the video. the more voices there are calling for the end of this blanket surveillance, the better.

fingerprints are usernames, not passwords

link to tweet

i don't know if it's really catchy, but i hope it catches on because the number of sources talking about fingerprint readers like they offer security is too damn high. so i'll echo this sentiment as a catch phrase and i encourage others to do the same - and by all means, check out dustin's link where he lays out the argument against using fingerprints, or really any biometric, as an authentictor.

Thursday, October 24, 2013

how to troll the NSA

from here 

inspired by anonymous operations (really i suppose you could say it's a pictographic form of what that tweet described)

how the government tracks you: NSA surveillance

i've argued before that stopping the NSA from spying on their own citizens won't stop them from spying on everyone else, but i suppose the only way they can stop spying on their own citizens is to stop blanket surveillance and go back to more selective approaches that, even outside the US, most of us will not be targeted by. so by all means, reform the NSA, please.

Wednesday, October 23, 2013

you can't smoke password hashes

from here (source image)

thanks to jayson e. street for tweeting that example of passwords done wrong

more 'solutions' from symantec

tweeted by @securetips

Tuesday, October 22, 2013

beam me up

from here (source image)

the surveillance capabilities of the NSA do sort of seem like something out of star trek, and i guess now we know why.

be on the lookout for this magpie

found on i can has cheezburger

theft by animal. it's pretty amazing what they can come up with.

Monday, October 21, 2013

i can't wait

from here (source image)

inspired by this tweet by mikko hypponen. you might even say i ripped him off entirely, but i actually think this modified text works better for the demotivational poster format than his original statement did (try it yourself and see what you think).

security fail

found on thechive

maybe they were only expecting people with tiny little t-rex arms.

Friday, October 18, 2013

are you protecting the right things?

from here (source image)

an unfortunate reality of life is that we don't have infinite resources. we can try to protect call the things, but we'll never succeed and if we're not careful we may wind up protecting things of lesser importance while more important things are left exposed and vulnerable.

you think your tin foil hat will protect you?

tweeted by parker higgins (who has one of the best twitter handles i've ever seen)

i guess we'll have to try wearing pots and colanders on our heads now since tinfoil won't work.

Thursday, October 17, 2013

'Pun'etration Tester

from here (source image)

don't look at me. steven maske is the creator of this pun, i simply gave gave it a face (of bad pun coon)

honesty isn't the most secure policy

found on the secure state blog

i wonder. do you think people trying to get in illegitimately would ever be honest about not knowing the password?

Wednesday, October 16, 2013

privacy is in the absence of eye of the beholder

from here (source image)

i know some people like to say that privacy is dead, but that doesn't mean you have to try to dance on it's grave.

if your username is "username"...

found on the secure state blog

Tuesday, October 15, 2013

lavabit vs. the government

from here

the folks at lavabit really deserve some recognition for standing up to the government in order to protect their users against unreasonable searches in the name of "national security"

go home NSA...

found on seriously for real

i'm pretty sure i've seen this picture before, but i think it works much better with the NSA caption, don't you?

Monday, October 14, 2013

you come from where?

from here (source image)

palestinian hackers who can't spell palestinian? and these are the folks successfully hijacking websites of security companies? with fax machines in some cases?

my fail cup runneth over

too good to be true

who says people never learn? clearly at least one manifestation of "too good to be true" has managed to embed itself into our cultural consciousness - and pretty effectively too.

Friday, October 11, 2013

website hijacking by fax

from here (source image)

i don't know how this could have worked (who accepts this kind of thing by fax?), but apparently that's how was hijacked today

dropping an exploit? think again

tweeted by malwarebytes

i think it's probably best to leave the explanations for this one up to the folks at malwarebytes

Thursday, October 10, 2013

the series of tubes has eyes

from here

trying to keep data out of the NSA's hands when it's sitting on a hard drive is a straightforward enough task, but when the data is moving from one system to another over the internet? without encryption, the data can be easily read while in transit, and the NSA is tapping cables for just that purpose.

(inspired by this tweet by christopher soghoian)

even cartoon squirrels want their privacy

seems like even cartoon squirrels hate having their privacy invaded by nosey people. foamy the squirrel doesn't mention the nosiest people of all (spies) but everything he says about nosey people goes double for NSA people - leave me (and other people) alone.

Wednesday, October 9, 2013

definitely knot secure

from here (source image)

the number of puns in this picture is too damn high

taking back privacy is hard

found on allthingsd

although the character here seems to have no discipline whatsoever, even a much more disciplined individual would likely find it difficult to cut off all the NSA's access to their data because it would mean giving up virtually all methods of connecting with people with the exception of face-to-face conversations.

Tuesday, October 8, 2013

i don't always listen to what bruce schneier has to say...

from here

schneier makes his thoughts known on a number of security related topics, many of which he has no credentials in (and perhaps no talent for). but cryptography is his specialty, so when he talks about it you should probably listen.

how fresh is your fear?

i'm thinking fear fresh must be what snuggly the security bear gets washed in. both are created by mark fiore, after all.

Monday, October 7, 2013

TSA can't even stop a 9 year old

from here (source article)

you know that video of the school play where the curtains come down and that one kid finds himself on the wrong side? this kid just did that for the security theatre at airports. if the TSA can't even stop a 9 year old, how are we to believe they can stop terrorists?

what happens to crooks with bad operational security

found in an article by Violet Blue about the Silk Road takedown 

excellent. as i have maintained for years, people really do want to laugh at the bad guys, so when those bad guys do stupid things that's just more for us to laugh at. this isn't the only lolthreat made with ross ulbricht's picture so go check out the article and click through some of the links because there are a few more at least.

Friday, October 4, 2013

future TSA regulations

from here (source image)

i'm aware of what this actually is, but that position made me immediately think of airport security screening.

and then it made me think of han solo encased in carbonite.

people WISH hack-back was this effective

found on

launching counter-attacks may seem appealing, but even in the above animated gif, what does it get the squid/octopus in the end? not back safely in the water, that's for sure.

and it's questionable whether most hack-back would even be this successful.

Thursday, October 3, 2013

respect your authority? nah...

from here (source image)

authorities aren't very effective if people don't respect their authority, and if they're going to act like d-bags (as they so often seem to do) then why should anyone respect them?

give me your secrets

tweeted by kevin fox

this is, of course, a play on a famous XKCD comic
original comic

Wednesday, October 2, 2013

password complexity cruels

from here (source image one and two)

thanks to julia robinson for tweeting that password complexity screenshot. clearly someone out there takes password complexity VERY seriously.

"Hmmm, I wonder what the code is?"

tweeted by steven maske

this is one kind of password that probably should be changed on a regular basis. i think you can see why.

Tuesday, October 1, 2013

yahoo cares about your security thiiiiiis much

from here (source image prior to major manipulation)

no one is going to report bugs with such a ridiculous incentive. they might as well be handing out monopoly money.

when i read on graham cluley's blog that yahoo was offering bug bounties that were barely more than funny money, i just KNEW i had to mock them. my first thought was drink tickets.
source image

then i considered a coupon
source image

but then i actually visited the store and found a coupon graphic right there, so with some lame gimp skills i made this. think i can get this on a t-shirt? probably not with the logo/company name
source image

i also considered actual funny money, but from what i could see, that would have taken too long (though the final one took a bit too)

adversaries where you least expect them

found on

adversaries can lie in wait where you least expect them, even right under your nose (or tank)