Friday, October 31, 2014

You'll Never Be This Good At Scaring People Away

from here (source image)

Thanks to Mikko Hypponen for tweeting the news screenshot, and thanks to whoever did this for making everyone else's deterrence-based SSID naming strategy seem inadequate.

It’s A Matter Of Probabilities

found on the meta picture

It's like that one about cows attacking more people than sharks, only this one is more relevant to people's actual lives.

Thursday, October 30, 2014

Law Enfarcement

from here

It's not that I'm not impressed by a sheriff's ability to execute a strategy of "shock and awe", but collecting fines isn't war and authorities shouldn't be acting out their Sun Tzu fantasies in order to do it.

Security Check

found on the meta picture

Considering they advertise TSA jobs on pizza boxes, this cartoon seems entirely believable.

Wednesday, October 29, 2014

Would You Like CALC.EXE With That?

from here (source image)

Thanks to Mark Russinovich for tweeting the photo of an ATM in Kiev. I think it's probably safe to assume most people can tell straight away that MSPAINT on the ATM screen is all kinds of wrong so I'd say that's a good way to warn people to not use the device.

I Can Also Be Invisible So Long As No One Takes A Picture

tweeted by @Futuristprophet

Thanks to @Futuristprophet for tweeting this meme depicting a common misconception about what private browsing can actually do. Private browsing means that no traces of what you did are left behind on your computer - your own computer won't record things in your browsing history or cookies.. It doesn't mean that the NSA can't see and record everything you (and everyone else) does online at the network level.

Tuesday, October 28, 2014

Open Your Eyes, They've Got Their Own Guys Hacking

from here

Thanks to Christopher Soghoian for raising awareness of the fact that the FBI has been using such tricks as impersonating legitimate news organizations' websites in order to plant malware on suspects' computers.

Nothing Up My Sleeves But This Tricksy SQL Injection



It's a little less configurable than the SQLi Name Tag design I made, but the simplicity of it is more elegant (at least to those who know what they're looking at). Be sure to check out some of the other security-related t-shirt designs by websegura.

Monday, October 27, 2014

It's Not A Good Time To Be FTDI

from here

What's that? People are comparing the update that bricked consumer devices to malware? Well of course they are. If it looks like a trojan horse and it acts like a trojan horse, it's a trojan horse. Now we've got a whole new Windows Update threat scenario to consider.

FTDI deserves to have their ass handed to them by the authorities.

That'll Teach 'Em to Mooch My Snacks!

found on memebase

I certainly don't suggest anyone actually do what this commentor suggested, but it is true that a seal is usually seen as a sign that the sealed item hasn't been tampered with. Hopefully the seal created by this bag re-sealer is conspicuously different than the one created by the snack manufacturers.

Friday, October 24, 2014

A Chain That's Only As Strong As The Weakest Lock

from here (source image)

Thanks to @attritionorg for tweeting the picture of a chain of locks. As some pointed out this is one way to allow multiple people to have access, but on the other hand this chain is only as strong as the weakest lock.

Just Make Sure You Use Your Tech Powers For Good Instead Of Evil

shared on Google+ by Chris Blasko

Thanks to Chris Blasko for sharing this story about using social engineering on a telemarketer. It occurs to me, though, that if you're going to play the fake tech support card, it would be even funnier to do it against tech support scammers.

Thursday, October 23, 2014

We Were All Born Ignorant

from here

At first blush this doesn't seem to relate specifically to security, however the phrase "you can't fix stupid" (and it's variants like "you can't patch stupid" and "you can't cure stupid") is something that gets repeated ad nauseum within the security community. Guess what? It's a meme, and unfortunately it happens to be an exo-toxic meme - which is to say it's toxic to others. It causes harm by fostering a culture of withholding knowledge that would enable people to help themselves and instead keeping that knowledge confined within an elite intelligentsia who then help those who need it as they see fit. It's egotistically self-serving and, because the growth of that upper class is slower than that of the general population, it is ultimately unsustainable.

So, I figure we need an immuno-meme to counter it, and I think reminding people that
We were all born ignorant
could just fit the bill. It's short, it's self-evident, it restores empathy with the people who don't know what it is you know, and it suggests that ignorance is something that can change. Just because someone hasn't learned something yet that doesn't mean they can't. We all have different experiences and are exposed to different things and someone's lack of knowledge is just as likely a result of a differing set of chance encounters than the ones that made you what you are today.

So what do you think? Are you willing the challenge the "conventional wisdom" that you can't fix stupid?

Somehow That's Not Reassuring

tweeted by Steven Maske

Thanks to Steven Maske for tweeting this cartoon about customer security concerns.

Wednesday, October 22, 2014

Perhaps Even Multiple Bad Times

from here

Apparently Dropbox and it's users have been suffering some security pains because a whole lot of people were reusing their Dropbox credentials at another site and that other site seems to have been breached. It sort of doesn't matter which site it was - when you use the same credentials on multiple sites, a breach of one is a compromise of your account on all of them.

What A Bunch Of A-Holes

shared on G+ by Chris Lacy

Thanks to Chris Lacey for sharing this play on words using the name of one of Samsung's products.

Tuesday, October 21, 2014

Should We Call It The 914 Scam?

from here (source reddit post)

Thanks to Alex Girard for bringing this interesting twist on the classic 419 scam to my attention.

Canada, Friendly With Everyone

found on the meta picture

Someone thinks this is Canadians being nice, but I'm a Canadian and I know better. See the guy on the deck keeping an eye out? This is a trap to catch the perpetrator - a physical honeypot if you will.

Monday, October 20, 2014

Technologically Impaired FBI Director

from here (source image)

The front door is the way people get into their own homes. If the FBI wants to use the front door to get into mobile devices, I think they should have to figure out the passwords to those devices. I can't imagine any other reasonable definition of "front door". Everything else is a backdoor.

Clippy On Metadata

tweeted by Julia Powles

Thanks to Julia Powles for tweeting this cartoon depicting Microsoft's Clippy analyzing a draft of a surveillance bill and offering the bureaucrat behind the keyboard some assistance.

Friday, October 17, 2014

The Namening

from here (source image)

As if Heartbleed and Shellshock weren't bad enough, now we have one called POODLE, and that's actually a fully fleshed out acronym. Does it seem to anyone else like we're spending way too much time marketing these bugs?

We Didn't Really Need Those Other Things

tweeted by Sham Jaff

Thanks to Sham Jaff for tweeting this cartoon depicting the cannibalization of ideals in order to construct security.

Thursday, October 16, 2014

Disabling SSL 3 For Fun And Profit


When you give vulnerabilities weird sounding names, weird sounding advice is bound to follow.

Thanks to Troy Hunt and Eric Lawrence for the information and inspiration. A shame Chrome users don't have a setting they can change. Hopefully Google will release an update soon.

Let's Get Ready To Cyber-Rumble

tweeted by @CyberIntell

Thanks to @CyberIntell for tweeting this very apropos response to what was, frankly, an absurd question for @Symantec to ask (who would win in a fight).

Wednesday, October 15, 2014

POODLE: Dat Acronym

from here

I understand that POODLE actually stands for something, but I still don't understand why they settled on that name.

iPhone ATM PIN code hack



Well that's a little scary. It's a good thing the countermeasure for this is so easy - just put your hand on all the buttons after you're done entering your code so that they all become the same temperature. Thanks to Christofer Hoff for bringing this to my attention.

Tuesday, October 14, 2014

Too Bad The Account Holders Didn't Think Of That

from here

I'm not trying to compliment the perpetrator(s) of this supposed Dropbox breach, but I just couldn't resist the pun.

You Do What With Passwords?

tweeted by Troy Hunt


Thanks to Troy Hunt for reminding us that encryption is the wrong way to protect passwords. Hashing, motherf&^#er! Can you say it?!

Monday, October 13, 2014

Upgrading Your Security System

from here (source image)

Sometimes old threats lose their power to deter unwanted behaviour so you have to get more creative.

I Dare You

tweeted by Violet Blue

Thanks to Violet Blue for tweeting this picture of someone's custom made shirt expressing the rather commonly held frustration at the overuse of the meaningless term "cyber". I wish I could find a store selling this shirt because I would love to link to it (and maybe even put it on my wishlist).

Friday, October 10, 2014

Now You See Me Recording, Now You Don't

from here (source image)

Don't be fooled. Just because the indicator isn't on, doesn't mean the camera isn't.

Security Screening: Enhanced For His Pleasure

found on the chive

I guess in order to fly the friendly skies one must first pass through the creepy, over-friendly gates.

Thursday, October 9, 2014

"Crooked" In More Ways Than One

from here

Think he'll at least make enough money to pay for his chiropractor? No, me neither.

Phone Scam



Thanks to Nath Robinson for this wonderful tech support scammer trolling.

Wednesday, October 8, 2014

Pedobear Approves Of This Research

from here (source article, source image)

People would give up their passwords for a candy bar, their social insurance number for a cookie, and their first-born for wi-fi? What wouldn't people trade for free shit?

But, I Was In The Cage All The Time

found on the meta picture

Like malware in a VM, you don't necessarily need to escape to do damage, especially damage to things that find their way inside.

Tuesday, October 7, 2014

To Generate Them Is My Real Test

from here

It's amazing to me that after all this time security experts still advise people to choose and remember passwords rather than generating and storing them, or if they do mention password managers, it's only as an after-thought.

You Wanna Know When To Patch?

tweeted by Infosec Kitty

Thanks to Infosec Kitty for tweeting tweeting a meme of a kitty possibly applying a patch (?). The kitty is right, by the way - now is always a good time to patch. Never put off until later that which you can make more secure now.

Monday, October 6, 2014

They Call Her Mona

from here (source image)

You might wonder what harm those celebrity hackers really did, so I ask you this: Will you ever be able to look at the Mona Lisa the same way again (or even say her name without a silent chuckle)? The way people see each of us is important, that's why we spend so much time maintaining our image. To lose that is to have all that time and effort go up in a puff of smoke.

In Case You're Ever Feeling Not Quite Vulnerable Enough

posted to G+ by Chris Jenkins

Thanks to Chris Jenkins for posting this picture reminding everyone of just how good (or rather how bad) Apple is at protecting things of value and how they're now expecting people to entrust even more valuable things to them.

Friday, October 3, 2014

Television Interview Advice For Security Personnel

from here

Has this ever happened to you? You've agreed to give a TV interview and completely forgotten about the passwords you've got posted on the wall behind you? Yeah, maybe take those down the day before or something.

And They're Always Hungry For More

original tweet

Thanks to whoever runs the NSA Public Relations parody account (it is a parody account, right?) for this joke (or perhaps I should say this retelling of fact with the benefit of comedic timing).

Thursday, October 2, 2014

Anti-Theft Intended For A More Civilized Class Of Criminal

from here (source image)

I've said it before, I'll say it again. My mother taught me never to wear anything on my wrist worth more than my arm.

Really Ugly Celebrities

found on the meta picture

A few years ago it was sex tapes that boosted would-be celebrities into stardom. Now I have a feeling it'll be nude selfies.

Wednesday, October 1, 2014

SQL Inglip-tion

from here and here (source image)

Thanks to Andy Hawken for tweeting the unbelievable - a SQL injection CAPTCHA. What's next, a NOP sled CAPTCHA? Come to think of it, XSS CAPTCHA might be more likely.

You Get SSL And You Get SSL And You Get SSL...

tweeted by Nick Sullivan

Thanks to Nick Sullivan for posting this Oprah You Get A Car meme referencing the fact that his company plans on providing SSL to all its customers for free (which is a pretty big deal since it makes it much easier for sites to encrypt their web traffic).