Friday, January 31, 2014

Automated Theft Machine

from here (source image)

Why just build a card skimmer for a legitimate ATM when you can deploy an illegitimate ATM? This one might be legit, but I have my doubts that a legitimate one would be so poorly defended.

Thanks to James Noble for posting this sketchy looking ATM on Google+ (yes, people actually use that thing).

PVP: Fly On The Wall

found on PVP

It's a nice thought, but I don't think this spying countermeasure would actually work. I'm pretty sure the spies know what's going to happen in popular shows long before any of us would.

Thursday, January 30, 2014

I Have An Incredible Opportunity For You

from here

You'd think by now they'd at least stop mentioning Nigeria.

Katie Moussouris: The 5 Stages Of Vulnerability Response Grief

Thanks to Katie Moussouris for both performing this talk and for tweeting the video. It's interesting to note that the 5 stages of grief aren't just for when someone dies.

Wednesday, January 29, 2014

Are They Smurfing On You?

from here (source images one, two, three, four, and five)

I guess we should be calling them smurf agencies, if I'm remembering my Saturday morning cartoon vernacular correctly.

You'll Shoot Your IP Address Out, Kid

found on cheezburger

Just because you might know how to do something doesn't mean you should. If knowledge is power, then wisdom is the self-restraint to not use that power.

Tuesday, January 28, 2014

What could possibly go wrong?

from here (source image)

If I found a flash drive labeled "zero day", plugging it into any computer is the last thing I'd want to do, considering the traditional security interpretation of "zero day".

Thanks to DA_667 for tweeting this fairly believable narrative surrounding a flash drive with probably one of the worst things it could possibly have written on it.

Toppling your privacy

tweeted by Matt Boch

When even games like Angry Birds become tools of surveillance oppression, people make images like this one. Nicely done, too. Thanks to Matt Boch for tweeting it.

Monday, January 27, 2014

Weakest Link Not Shown

from here (source image)

It never ceases to amaze me how people can totally fail to grasp even the most basic principles of how a simple protective technology like a lock and chain work. I don't even want to think about how they'd deal with something complex like permissions or encryption.

Obama on domestic spying

found on truthdig

Friday, January 24, 2014

Dangerous Things

from here (source image)

Remind me again why malware, exploits, and various other attack tools should be available for everyone to download?

Don't Click On or Use Dumb Things

found on memebase

There's certainly some truth to the notion that using good judgement can protect you from an awful lot of malware.

Thursday, January 23, 2014

Bitcoin's Public Ledger Is Public

from here

No matter how much you want it to be, bitcoin is not anonymous. All transactions are recorded in the block chain and can be viewed and traced by anyone.

Who Needs a Security Guard When You've Got This Guy?

found on i can has cheezburger

Get this cat a badge. You can tell by the look in his eyes that he means business.

Wednesday, January 22, 2014

Someone Could Guess That? Inconceivable!

The Password Bride
from here

Are you still using that as a password? Stop that! It's the most popular password in the world, which means it's the easiest to guess.


A Demonstration Of Botched Encryption

source tweet

Well, that certainly seems to hide the contents of the data.... NOT. I guess now we know why they're called A.D.O.B.E.

Tuesday, January 21, 2014

VirusTotal Is For Testing Malware, Not Anti-Malware

from here
I'm reasonably convinced that if people actually understood VirusTotal they wouldn't talk about the detection ratio nearly as much as they do, because it's just not that interesting and doesn't mean what people try to use it to mean.


Password Policy Level: Troll

tweeted by Selina

Do you ever get the feeling that the people who write the password policy enforcement code are just trying to mess with you?

Monday, January 20, 2014

Stay Secure From Javascript Trojans, My Friends

from here

Inspired by an actual email, with actual HTML content, which virustotal actually recognized as malware.

Impenetrable Security

found on FailBlog

On the one hand, I can guarantee thieves aren't going to open that lock or break through that plexiglass. Unfortunately it's because they clearly don't need to. I wonder if thieves who steal these oral hygiene products will make a clean getaway.

Friday, January 17, 2014

Fictional Flesh Eating Is No Match For The Internet Of Zombie Things

from here

A zombie apocalypse may be coming, but it won't be the one you're expecting. The only zombie apocalypse we're likely to see in real life is going to make use of the "Internet of Things".


Archer - Mole Hunt - Hacking scene

Thanks to Eric Michaud for tweeting a link to this video demonstrating the importance of not using easily guessable passwords.

Thursday, January 16, 2014

Indelible Stupidity

from here (source image)

If only the bad guys were this dumb all the time.

The NSA has seen our whats?

tweeted by The Atlanta Banana

Thanks to Nick Owen for sharing this humourous newspaper spoof.

Wednesday, January 15, 2014

If you think reporting a single vuln is enough...

If you think reporting a single vulnerability is enough to make you a defender when you hold on to dozens of others for offensive use, then you might be a security idiot.


Google Nest: For That Warm Fuzzy Feeling

tweeted by Brian Kieffer

Just in case you didn't think Google was seeing enough of your personal life by collecting all those embarrassing health searches you perform or looking in your emails, now they own a 'smart' thermostat company whose product can tell where you are inside your home.

Tuesday, January 14, 2014

Yo Dawg, I Heard You Like Targets

from here

Come on, once Target got breached you had to know this joke was coming.

Even crooks have something to lose

found on web comics

There are many ways in which one can be attacked besides the obvious ones. In this case it was an attack against the mugger's reputation. reputation attacks are something people rarely think about until they're the victim. they aren't easy to defend against or recover from.

[2017-04-29 - Edited to add: Clearly this image originally came from however, I can't actually find it there so I can't link to it there.]

Monday, January 13, 2014

The curse of the white hat hacker

from here

One might be able to make a big name for oneself by sharing the ideas one dreams up, or alternatively one might not be able to bring oneself to share the ideas at all, depending on how white the hat is.

Remembering passwords - what could possibly go wrong?

found on memebase

And this is what happens when you tie access control to human memory. It's a good thing there are alternatives.

Friday, January 10, 2014

Fucking biometrics, how do they work?

from here (source image)

I think we've figured out why the FBI doesn't like juggalos.


If only we could read the signs

found on the art of trolling

It's not uncommon for the tricks and traps that criminals set out online to have telltale signs, but people fall for them regardless because they don't know what to look for or what the significance is of what they're seeing.

Thursday, January 9, 2014

Till death do us part

from here (source image)

The cost of exercising authority (legitimate or not) sloppily can be very, very high.


That is a heck of a security system

found on memebase

This seems like a stroke of genius. I'm fairly confident you wouldn't need to worry about burglars after getting a guard lion.

Wednesday, January 8, 2014

Wake up and smell the attack surface

original tweet

I don't hold out much hope of this ever happening, of course, but the need is certainly there.

Nature's very own advanced persistent threat

found on win!

Some threats, whether they're threats to your deer feeder or your bank account, are more advanced than others - sometimes much more advanced. Squirrels have a bad reputation for taking out power grids by chewing cables, but this is some kind of cirque du soleil shit right here. They're cooperating and coordinating their efforts, far beyond anything you'd have ever expected unless you had seen something like this before.

Tuesday, January 7, 2014

What if I told you security awareness was a contagion?

from here

So you don't think security awareness training works? Fine, I can concede that the concept of training imposes limitations on what can ultimately be accomplished, but that's specific to training. If you can imagine security awareness spreading from person to person like a contagious 'disease', I'm sure you'll realize it has the potential to reach more people than training could ever hope to.

That ultimately goes to the heart of what Security Memetics is all about. Some aspects of security awareness already spread from person to person by word of mouth or by people serving as examples for others (the classic monkey-see-monkey-do of memetic infection) - so imagine amplifying that effect, making more aspects spread that way, and making them spread more readily. If security awareness can spread like a contagious set of ideas, would you help it spread?

I see what you did there

found on memebase

Urinals are bad enough when it comes to privacy, but the inventor of this has lowered the bar to new depths by angling users towards each other so that they're more easily in each other's field of view.

Maybe this should be called a we-rinal instead of a urinal, since we'd clearly be in it together when using it.

Monday, January 6, 2014

This security measure gives me a bad vibe

from here (source image)

There is no security measure that can improve the security of every situation, and this one will almost certainly make this situation worse.

Jacob Applebaum: To Protect And Infect, Part 2

I may have mentioned before that I'm not a big fan of spreading fear. I don't have nearly as much of a problem with spreading anger when it's warranted, and I think the things this video discuss warrant it. After all, anger is a completely natural response when one's needs (such as safety, security, or privacy) are threatened.

(BTW, if you're wondering about part 1 when this clearly shows the beginning of the talk, I think this must actually be a sequel to a previous talk, rather than a second part)

Friday, January 3, 2014

Stop being so mean to the NSA, you guys

from here (source image one and two - my first face swap - still needs some work on skin tone)

Although it doesn't seem like he actually came out and said those particular words in that particular order, the fact that he still gives that basic message is ridiculous at this stage of the game.

Santa Has a New Job All Year Round

found on memebase

I bet the NSA wishes it could get the kind of visibility into people's lives that Santa has. If only the NSA's privacy invasions were as imaginary as Santa's.

Thursday, January 2, 2014

The Perfect Door

from here (source image)

Seemingly 'perfect' security measures are only ever perfect under unrealistic (or even absurd) conditions. Like a door you can never get in because there is no 'in'.

Are ill timed updates a fate worse than death?

found on memebase

You know what's worse than ill timed updates? Ill timed exploits - in which case maybe updates aren't so bad after all.

Wednesday, January 1, 2014

Would you like to send this to your surveillance overlords?

from here

Yup, they really can look at those and figure out what exploits to use against you.

Wow. Such OpSec. Very Buzzword.

tweeted by the grugq

Earlier in the twitter thread, @thegrugq expressed the opinion that OpSec (operational security) had become something that people twist to mean whatever they want for their conversation. What do you think - is OpSec becoming watered down like so many other security terms? Or has it yet to even register on most people's radar?