Wednesday, December 31, 2014

Don't Mind Me, Officer, I'm Just Vain

from here

Remember this the next time you consider getting physical with some annoying, self-absorbed, amateur 'photographer'. They might be 'armed'.

Police Safety Lesson

found on the meta picture

The lesson here is: Avoid the police. They are not your friend. They are not here to protect you. They are scary people with guns.

Increasingly it seems like the authorities are becoming worse than the problem they were supposed to solve.

Tuesday, December 30, 2014

They Did Just About Everything Else

from here (source image)

I suppose destroying data is almost as good as soiling Sony's computers, but it's intent is a little more ambiguous. If they'd actually pissed on the computers, no one would be arguing it was North Korea retaliating over some movie.

If That's How They Do Business...

found on Ctrl+Alt+Del

If only the actual attackers were as easy to identify, the escalation of political tensions between the US and North Korea for bullshit reasons could have been avoided.

Monday, December 29, 2014

Not Your Average Script Kitty

from here (source image)

Notice how there's no mouse?

Ayy Lmao

found on memebase

This is the threat the government wants you to fear. Don't give in to fear. Laugh instead.

Friday, December 26, 2014

Do You Stick The Bills In A Slot Somewhere?

from here (source image)

Not only does he have bills in his hand, he's also got cards. What did he do, turn stolen credit card details into forged cards just so he could read the numbers off them when making purchases?

Sony's Succinct Response to the Cyber-Terrorists

found on memebase

Y'know, a lot of people criticized Sony's decision to cancel the release of the film "The Interview" in response to terrorist threats. None of those people would likely have gotten blamed if something bad actually happened at a theatre showing the film. I don't know what I would do if I were put in Sony's position - do you? At any rate, Sony seems (at the time of writing) to have changed their mind, at least on a limited basis, so I guess all the critics can share in any blame since Sony was just giving them what they wanted.

Thursday, December 25, 2014

I Took Over Our PKI And All I Got Was This Lousy T-Cert

T-Cert Men's V-Neck T-Shirt and all the other T-Cert merchandise on CafePress



Inspired by a tweet by Steven Maske, I decided to make someone's Christmas wish come true (more or less). As it happens I had a pretty good idea what Steven's tweet was in reference to because I was consulted in my own organization about certificate renewal and I advised against the SHA1 options we'd used in the past because I knew SHA1 was getting deprecated.

As always, there's no markup at the CafePress store, and the Zazzle store has the minimum markup possible (5%), and the files I used to make this are available in this shared folder so you can get this printed cheaper if you know a place, or you can modify it to your heart's content (though really, this is a simplistic design so you could easily make a better one from scratch).

It's only one men and women's shirts right now (due to time constraints) but if there's something else at CafePress or Zazzle you'd like to see this on, let me know and see if I can make that happen.

Security Applied Onto Christmas

tweeted by Howard Fuhs

Thanks to Howard Fuhs for tweeting this comic about Christmas from a security perspective.

I do find it strange that their security measures need to last until the children become parents, though. I would have thought they'd be rendered unnecessary as soon as the kids moved out.

Wednesday, December 24, 2014

Hide Yo Stockin's. Hide Yo Trees

from here (source image)

He be puttin' gifts in ever'thang up here.

Actually, this is meant to keep children out of the fire, though I suspect a fence further away would help keep them away from hot glass and metal too.

The Sad Reality About Santa

found on memebase

I'll give the fat man one thing - he sure knows how to keep a secret.

Tuesday, December 23, 2014

We Tortured Some Folks

from here (source image)

I'm actually not all that familiar with the elf on the shelf phenomenon, but presumably his role is to serve as a reminder to the kids that Santa is watching, and maybe even to report last minute details about goodness or badness back to the old guy. Seems like just the sort of foreigner the US would give the Gitmo treatment.

One Of Those Times You Don't Want To Hear "Oops!"

tweeted by George V. Hulme

Thanks to George V. Hulme for sharing this sage advice about diplomatic relations and hacking. It's rare for the target of blame to be understanding enough to offer you a chance at a do-over if you screw up. Amazingly, North Korea has done just that.

Monday, December 22, 2014

I Wouldn't Relish Their Job

from here

It's those tiny little legs. It makes it hard for them to ketchup.

All I Want For Christmas Is My Privacy

originally from Encryptmas.org

Privacy International (in case you couldn't read the name in the screenshot) is apparently an organization that investigates, exposes, and fights secret surveillance in court. And apparently they could use some assistance. Since this is the season for giving, and since we all benefit from those sorts of efforts, why not?

Friday, December 19, 2014

Pay No Attention To The Man Behind The Curtain

from here

I have to admit I'm as guilty as the next person when it comes to giving far too much attention to the laughable claim that North Korea (aka The Hermit Kingdom, aka The Great Dark Spot) is responsible for launching a 'sophisticated' computer attack against Sony. The thing is, this site is very much about the laughs, so a laughable claim is kind of my bailiwick. But other more serious people seem to be giving it even more attention than I do, and that just seems wrong.

Kim Jong-un As A Spaceballs Villain

found on thechive

With all the nonsense about the Sony breach being about a movie, I think it's only fitting to make movie referenced jokes like comparing The Great Leader to President Skroob from the movie Spaceballs. And with the talk of the US government taking 'appropriate action' in response to a Japanese company being attacked by North Korea, I can only guess we've somehow found ourselves in the universe of Team America: World Police.

On a side note, if I were to ever start a business in North Korea, I would sell pens and note pads. Everyone is taking notes.

Thursday, December 18, 2014

All We Want For Breachmas

All we want for Breachmas
is an APT,
an APT,
yeah, an APT!

Gee if we could only have
an APT,
then we could say
"It wasn't our fault"

Well, it looks like Sony's Breachmas wish came true. Not only did Kevin Mandia write them a 'get out of blame, free' card, now the US government is playing along and blaming a nation state that can't even keep the lights on. I guess there won't be any big shake-ups at Sony (at least not because of the compromise itself, though the leaked email contents could still put someone out of a job).

Yes, Breachmas is a portmanteau of breach and Christmas, and the lyrics are a parody of the chorus from the following kid's song



'Tis The Season For Giving

tweeted by Jennifer Granick

You remember when the world found out that OpenSSL (that hugely important encryption library used by most of the internet) was being maintained by just a couple of people because they were so strapped for cash? Remember how the technology industry came together and donated a ton of cash in recognition of how important OpenSSL is and how it really needs more people working on it in order to make it better and keep the bugs squashed? Well now might be a good time to consider the importance of encrypted email and donate to GPG. 'Tis the season for giving, after all, and if email encryption improves we can all benefit.

Thanks to Jennifer Granick for raising awareness.

Wednesday, December 17, 2014

Peepers And Hammerhawks Beware

from here (source image)

Better not peek or you might get poked.

Taunting Policemen Before Lunchtime

found on the meta picture

Taunting the police? What could possibly go wrong?

Tuesday, December 16, 2014

Congratulations! You Are The 1,000,000th Discoverer Of This Fact

from here

Inspired by a tweet from Alexandre Dulaunoy. I especially like the disclaimer on the linked page that reads in part:
Don't be an asshole. I take no responsibility...
 Because don't those two statements together sound wonderfully hypocritical.

Santa is a Creep When You Get Down to Brass Tacks

found on memebase

It's that time of year again. The time when we marvel at how Santa's behaviour seemed perfectly normal when we were kids but now seems downright creepy.

Monday, December 15, 2014

Stoag Was Anything But Mainstream

from here

Inspired by one of the mistakes InfoSec Taylor Swift has made recently.
(What's that? Taylor knows better than to believe that statement? I never said the mistake was believing it)

Jimmy Fallon Is Going To Miss CAPTCHA's Like This

source tweet

Y'know what? I think I'm going to miss CAPTCHA's like that too. Thanks to @FallonTonight for tweeting this joke about the possible end of the CAPTCHA.

Friday, December 12, 2014

And Now A Word From Wile E. Coyote

from here (source image)

Security measures aren't magic, they don't automatically make things safer or more security. In fact, there are plenty of ways in which they can actually make you less safe/secure.

Rough Neighborhoods Require Extreme Measures

found on the meta picture

You're never too young to learn how to keep your bike secure, I guess.

Thursday, December 11, 2014

It All Makes Perfect Sense Now

from here (source image one and two)

Honestly, if the cops can't tell the difference between a banana and a gun, should they really still be cops?

I suppose it could have turned out worse, though

So-Called 'Virus Removal'

found on quickmeme

Just one of the many reasons why delegating security to others may not have optimal results.

Wednesday, December 10, 2014

I Sense A Rocky Road In Your Future

from here (source image)

If you start using locks to deal with your relationship issues, eventually it'll migrate to the one on your door.

Fair Trade, Right?

found on fail blog

Amazing how even doctors (presumably experts in their own field) undervalue security expertise.

Tuesday, December 9, 2014

If You're Not On The List, You Shall Not Pass

from here (source image)

This could be the one good thing that comes out of that awful 'song'.

This Is My 'I Believe You' Face

found on diylol

Considering the CNN themed spam emails that are spreading malware, maybe this one is believable after all.

Monday, December 8, 2014

Because There Is No Cloud, Just Other People's Computers

from here

Just another attempt at getting people to see the cloud for what it really is.

The TSA Learns a Bit About States of Matter

found on fail blog

I feel this should actually work. If airport security are going to mindlessly enforce rules then they can't very well use their brains and figure out that ice turns into a liquid over time. If they did that then maybe they'd figure out that actual dangerous chemicals can also change states at room temperature, and then they'd stop letting any form of matter on the planes.

Friday, December 5, 2014

First Day On The Security Research Team

from here

Are you a security version of the 'First Day on the Internet Kid'? No? Then stop using VirusTotal to test anti-malware software, you n00b.

If You Fail To Plan, You Are Planning To Fail

tweeted by @secitup

Thanks to @secitup for tweeting this cartoon that probably describes Sony pretty accurately these days. They certainly could have benefited from Benjamin Franklin's sage advice.

Thursday, December 4, 2014

Icy Dead Peep Hole

from here

No wonder the ghosts were acting so scary. Nobody likes a peeper.

Jolly Old Saint NK

tweeted by Steven Maske

Thanks to Steven Maske for tweeting this comic about how North Korean hackers supposedly dumped Sony Pictures data on the Internet. The idea seems to be about as plausible as Santa Claus.

Wednesday, December 3, 2014

As fruitless and barren as any winter

from here

I actually made this ages ago, and then scheduled it for the beginning of December because that's when I predicted security prediction season would be a thing. Was that failed prediction too meta?

Too Paranoid Or Clever?

found on the meta picture

In truth, a little paranoia can actually be a good thing, but this seems more like a bandaid than an actual solution to the problem of being spied upon.

Tuesday, December 2, 2014

So That's Where Every Floppy Disk On Earth Went

from here (source image)

Apparently there are those who believe North Korea is to blame for the complete compromise of Sony Pictures Entertainment. I'm just going to mock the supposed high tech capabilities of this planet's Great Dark Spot.

Sony Deserves A Pwnie

original tweet


Thanks to Jack Daniel for this penetration testing pun at the expense of Sony, who have had to stop using computers entirely due to virtually every single one of their computers getting pwned. I think when a company that big gets pwned that hard, that should be an automatic pwnie award.

Monday, December 1, 2014

Cash Is Safer Than Plastic Here (stickers)

available on the CafePress store

After posting Lesley Carhart's funny image a few weeks ago, I was inspired to approach things from a different angle. While Lesley's idea relied on retailers to operate on the honour system, it occurred to me that a more consumer-centric (and frankly more guerrilla) approach might actually wind up being workable, so I made a series of stickers that shoppers can stick on surfaces near point of sale terminals to help alert other shoppers to risks like those Lesley hoped retailers would inform us of.


As is the custom, now, I've put the design up on both CafePress (with 0% markup) and Zazzle (with the lowest markup they'll allow - 5%) just in case one site or the other decides they don't like my design. There are 4 designs in total, but more can certainly be added if anyone would like to propose another consumer warning.

Update: So it seems like the prices that CafePress and Zazzle offer for stickers may not be ideal if you're looking for large batches. In recognition of this I'm sharing the graphics (the PNG files and XCF file are in this shared folder) so that people can get stickers printed at the best price they can find AND potentially even customize or improve the design. Google+ user John Doe (nice) suggests PrintRunner and it does seem to have far better prices (and a number of options to help bring the price down), and I imagine it's just one of many such sites. If anyone does stick these things on or around POS terminals, do me a favour and send pictures.

There Is No Cloud, Just Other People's Computers

found on the Free Software Foundation Europe's blog

That's a great catch phrase, even if I do say so myself. It's really nice to see my memes actually spreading in the wild (like that time my internet of things cartoon was used in Yodit Stanton's slide deck at the Strange Loop conference).

This is also a great use of a catch phrase, and it makes me wonder what would happen if I went back through some of my old catch phrase proposals and made stickers and other merchandise out of them.

Thanks to @FSFEfrance for tweeting the image and for helping to spread the message.

Friday, November 28, 2014

No Wonder It Said Your Password Was Invalid

from here (source image)

Don't believe the hype. Your face is not your password, nor is your iris, nor your fingerprint, nor any other part of your body. Biometrics are good identifiers but lousy authenticators.

Now You Stalk With Binoculars On Facebook

found on thechive

One of the wonders of modern technology is that being creepy has never been more convenient.

Thursday, November 27, 2014

Stay Hidden My Friends

from here

I've long maintained that the best way to deal with spam or worse email-borne problems is to keep the bad guys from knowing your real email address.