Monday, March 31, 2014

Wrong Hole

from here (source image)

Thanks to Insider Threats for tweeting this image of a storage locker whose latching mechanism is locked into the open position. The top piece of metal should slide over so that the 2 holes in both top and bottom line up before you put the lock in.

Wait Until The Muggers See This

found on the zooom

I can definitely see muggers deciding to look for easier prey when they see the outline of a gun in someone's purse. Maybe even if they see the outline of a knife. I'm not certain what they'd think about the outline of a pair of hand cuffs or a crucifix, though.

Friday, March 28, 2014

Fingerprint Lock

from here (source image)

What could possibly go wrong? (Other the fact that the same fingerprints that unlock the door will probably also show up quite clearly all over that shiny chrome surface.)

Fooling Computers For Fun

found on the meta picture

Despite what you may have heard in the media, computers are actually pretty dumb. As a result it will always be possible (and in some cases pretty easy) for people to fool automated systems.

Thursday, March 27, 2014


from here

Just in case you ever get the idea that you can protect encryption keys by encrypting them.

Hardware tokens, so hassle, much expense

tweeted by Nick Owens

Thanks to Nick Owens for tweeting this doge meme pointing out some of the drawbacks of physical authentication tokens.

Wednesday, March 26, 2014

Redundancy Fail

from here (source image)

Should have put at least one of those in a safe (place).

Not A Good Hiding Place

found on the meta picture

Clearly, when the stairs go right by it, the top of the fridge is NOT a good hiding place for dog treats.

Tuesday, March 25, 2014

Stealing From A Pimp...

from here (source image)

Different people have different ideas about what corrective measures are appropriate.

Covering Your Tracks, Oldschool

found on the meta picture

We inevitably leave evidence behind as we go about our business (whether that business is legitimate or not) but sometimes we can make that evidence look like something else.

Monday, March 24, 2014

Too Much Stealth?

from here (source image)

When someone uses stealth, it should be almost like they're not even there. ALMOST.

When is privacy not privacy?

found on memebase

Do you ever wonder if perhaps this is what most people complaining about the NSA are actually doing? Can you really consider your personal information private if you are actively working against your own privacy?

Friday, March 21, 2014

A Gruesome Death...

from here (source image)

Thanks to Ash Warner for tweeting this evidence that deterrence alone is sometimes not enough.

What's Good For The Goose...

tweeted by Glen Greenwald

As the old saying goes, what's good for the goose is good for the gander, so if the government wants to allow it's intelligence agencies to spy on people, it should get spied on as well.

Thursday, March 20, 2014

Oversharing Is Not Caring

from here (source image)

The ugly truth about privacy is that people usually only care about their own, rarely about other people's, so it's generally up to you to protect your own privacy.

Go Ahead, Make A Deposit

found on the art of trolling

It's hard to trust an ATM that might not be there 5 minutes from now. If it's too  mobile, how can anyone 'official' keep track of it and check it for tampering on a regular basis?

Wednesday, March 19, 2014

Don't Trust Emails From Nigerian Physicians

from here

A diagnosis of cancer may not seem like it should fall under the heading of "Too Good To Be True", but free, unsolicited, and useful medical advice? That actually does sound like it's "Too Good To Be True".


Anti-Terrorism At It's Finest

tweeted by Keith Makan

Considering the long history terrorists have with planes, and considering all the money governments spend on fighting terrorism, you'd think they'd have kept better track of that plane.

Tuesday, March 18, 2014

That Moment When You Realize You Let Your Guard Down

from here (source image)

We all let our guard down from time to time, and sometimes it comes back to bite us - whether we find ourselves staring at a hungry lion with our only defense in the background, or you've just tried to open a PDF file and nothing happened, that's when you know it'll be one of those times.

Thanks for the warning

found on fail blog

The Internet hardly ever gives you advanced warning that you're going to need protection. That's why it's important to always have protection (whether it's the kind that protects you or the kind that protects your computer).

Monday, March 17, 2014

How Not To Keep Your Keys Safe

from here (source image)

I can see the fail, can you see the fail? Unless you can pick locks or have a second key, that key isn't going anywhere.

Stealthy Baby

found on fail blog

This kid may have failed at the execution of stealth, but the plan still seems quite clever for her apparent age.

Friday, March 14, 2014

Deterrent Fail

from here (source image)

If you aren't Liam Neeson, you probably can't pull off that threat, and you certainly can't pull off that threat by taping a print-out to a wall.

What If We Gave The NSA Permission To Spy On Us...

tweeted by Tiny Timmy

Thanks to Tiny Timmy for tweeting this Conspiracy Keanu image macro. Also for giving us a brand new reason to dig into EULAs a little deeper.

Thursday, March 13, 2014

That's Not NICE

from here (source image)

Thanks to Tentacle Sixteen (?!) for tweeting the image. As for the social engineering ploy used here, wow, that is so low.

By the way, NICE says this isn't actually them.

Gotta Get Those Washi- Err... Benjamins!

found on the art of trolling

If only forged paypal/bank emails were as easy to spot. Some of them are close, but none are really this easy.

Wednesday, March 12, 2014

What to do if the NSA steals your botnet

from here and here

I definitely have mixed feelings about the NSA stealing botnets (as pointed out by Christopher Soghoian). Yeah, it takes control of the bots away from the criminals who pwned those machines in the first place, but it's not like I trust the NSA with a botnet.

Defense In Depth Fail

found on i can has cheezburger

Clearly, two of the same kind of barrier is no more difficult to bypass than just one. That's why defense in depth needs the barriers to be of different types.

Tuesday, March 11, 2014

They See Me Scammin', They Trollin'

from here and here

Thanks to my spam folder and my colleague Hamid for the inspiration for this.

Caveat Emptor

found on thechive

"Caveat emptor" is a very old Latin phrase (yeah, so old it's in Latin) that means "let the buyer beware" and as this example shows, it's excellent advice when buying things online.

Monday, March 10, 2014

Biometric Password Protector merchandise

link to item in store

Well, since people really seemed to get a kick out of the idea from last Friday I figured I'd make the Biometric Password Protector a reality. Unlike in the comic, the idea here isn't to protect the confidentiality of your biometric password but rather to protect the integrity. I know from personal experience that if you burn your fingers it can (at least temporarily) alter your fingerprints, and you don't want that keeping you off the Internet.

You Better Start Running

found on themetatpicture

Isn't it funny how we much we can under or overestimate potential threats.

Friday, March 7, 2014

Biometric Password Protectors

from here and here

Also available in paper bag form.

Movie Hacking vs Real Hacking

tweeted by @thegrugq

Err, well, cracking, I suppose. But the comic (and admittedly a wide swath of the security community and media at large) calls it hacking.

(Updated 2016/12/18: Thanks to @Flex_Capacitor for pointing out that the true credit for this cartoon belongs to Zack Weiner's Saturday Morning Breakfast Cereal comics)

Thursday, March 6, 2014

When Bad Guys Collide

from here

You gotta love it when website defacers and phishers inadvertently fight.

You Get Six Feet of Snow, We Get Six Feet of Alligator!

found on i can has cheezburger

i don't think i want to go to florida for the winter. if i had to choose between the cold and fence-climbing aligators, i'd take the cold. a simple pair of mitts and a warm hat can do wonders to protect me from frostbite, but apparently even a chain-link fence and barbed wire won't protect me from gator bites.

Wednesday, March 5, 2014

You had one job GnuTLS

from here (source image)

So, not much more than a week after Apple's "goto fail" bug, the GnuTLS library is found to have a similar problem and what's all over the code again? More "goto" statements. It may not be the cause of these bugs but it's strongly correlated with the shoddy coding practices that lead to the bugs.

Computer Security Career Paths

tweeted by @Trojan7Sec

Thanks to @Trojan7Sec for tweeting this commentary on the state of where computer security "expertise" comes from.

Tuesday, March 4, 2014

We Will Forget. Spell Check Us

from here (source image)

Nothing makes you seem like an ominous anonymous figure like putting a plastic bag over your face and misspelling "legion".

Before anyone gets bent out of shape about me associating anonymous with threats by labeling this a lolthreat, some members actually are bad people, and this one really seems like a threat to himself.

No One Can POSSIBLY Crack the Code Now!

found on failbook

Is this an application of password best practices? Let's see:

  1. Hard for other people to guess? Yes.
  2. Easy for you to remember? Not so much
  3. Kept secret instead of posted on Facebook for everyone to see and 'Like'? Well.. that would be NO.
It's good to see an acknowledgement that finger swipe passwords are typically fairly weak, but this doesn't seem like the best way to address that.

Monday, March 3, 2014

If you spend nearly a decade trying to both hide and defend...

If you spend nearly a decade trying to both hide and defend mistakenly adding someone to a government watchlist, you might be a security idiot (and a spectacular drain on the government's hard earned tax money)


[2016/12/31: updated to add image (because images seem to go over better on the Internet)]
from here (source article and image)

I Don't Always Trust...

tweeted by Julio Canto

Thanks to Julio Canto for tweeting this mash-up of the most interesting man in the world and the idiom trust, but verify.