Friday, November 28, 2014

No Wonder It Said Your Password Was Invalid

from here (source image)

Don't believe the hype. Your face is not your password, nor is your iris, nor your fingerprint, nor any other part of your body. Biometrics are good identifiers but lousy authenticators.

Now You Stalk With Binoculars On Facebook

found on thechive

One of the wonders of modern technology is that being creepy has never been more convenient.

Thursday, November 27, 2014

Stay Hidden My Friends

from here

I've long maintained that the best way to deal with spam or worse email-borne problems is to keep the bad guys from knowing your real email address.

Lonely, But With A Good Taste In Beer

found on the meta picture

We leak private information about ourselves in all sorts of ways you never expected. You'd have to be a hardcore OpSec nerd to try and foil traffic analysis of your own garbage, though.

Wednesday, November 26, 2014

The Latest In Selfie Defense

from here (source image)

This is actually a real phone case that you can buy. Whether owning one is legal in your jurisdiction is another question entire.

The Only Way To Be 'Secure'

tweeted by @MiltonSecurity

Thanks to @MiltonSecurity for tweeting this cartoon depicting one of the leading schools of thought about what it takes to be secure online.

Tuesday, November 25, 2014

So Much For The Enlightenment

from here

There are a lot of things that people in the security community (and elsewhere) don't think ordinary folks need to know. The thing is, the amount our civilization is enriched by people knowing things they technically don't need to know is beyond measure. Without it, we might find ourselves back in the dark ages.

How to Catch a Canadian

found on fail blog

Don't worry, I'm sure we can find something a little gentler for our American friends.

Monday, November 24, 2014

Not Sure That Would Make Me Feel Safe

from here (source image)

While it's true that you can often just add more and more protection in whatever it is you're doing, there comes a point at which you need to ask yourself if maybe the best protection is to reconsider what you're doing in the first place.

Thanks to @thegrugq for tweeting this picture of what looks like a full-body condom. I imagine it's actually some kind of natural coloured latex suit, though I'm not clear on how that's different from a full-body condom.

Governments And Media Today

found on the meta picture

Package it up nice enough, wrap it in the promise of "protection", and people will accept anything - even the gift of censorship.

Friday, November 21, 2014

I Can Has Getaway?

from here (source image)

Somehow, I don't think this is going to work out the way he hoped it would.

Best Anti Theft Protection Ever

found on the meta picture

People seem to want more intelligent security systems - I suppose this is one way to get that.

Thursday, November 20, 2014

That'll Keep Me Awake At Night

from here (source image)

Other than trying to surprise someone, there's generally not a lot of legitimate reasons for trying to hide something (or someone) in another person's space. Stealth is usually part of an attack, which really, really doesn't belong in a bedroom.

Targeting Those Who Can't Even

found on the chive

With the continued effectiveness of social engineering, one thing that can't be repeated enough is the concept of something being too good to be true.

Wednesday, November 19, 2014

Look Who's Threatening Now

from here (source image)

That kid is probably one of the few people who's reacting to terrorism the right way - by not becoming terrorized. The american government, on the other hand, is more than willing to send drones to kill american children because "Terrorism!".

I Can Has Darwin Award?

Although Darwin Award winners and nominees are often killed by the misadventures that qualify them for the award, technically all one needs to do is take oneself out of the gene pool (ie. make reproduction impossible) through an astounding lack of good judgement. When a guy shoves a chainsaw down the front of his pants, that seems like it has the capability of satisfying those requirements in spades.

Tuesday, November 18, 2014

Enough Is Enough, US Government!

from here (source image)

I don't want to be a paranoid, tin-foil-hat-wearing conspiracy theorist, but god damn the US government makes that difficult to avoid. Yes, they really are outfitting planes with cell-phone surveillance equipment similar to the IMSI catchers (aka stingrays) that are used in ground-based cell-phone surveillance. Thanks to Kim Zetter for the article and the idea for this meme (check the URL).

It Seemed Like A Good Idea

found on the meta picture

I guess now it's time to teach that kid how to pick locks.

Monday, November 17, 2014

Grab Some Popcorn, This Should Be Good

from here

I have to say I'm enjoying the symmetry of this match-up between Anonymous and the Klu Klux Klan. I wonder if Anonymous sees the irony in unmasking KKK members (not that I'm complaining, mind you - it couldn't happen to a more deserving bunch of folks). Thanks to Violet Blue for tweeting and writing about it.

You Peeper Party Poopers

tweeted by Brennan Tom

Thanks to Brennan Tom for tweeting this joke about the conflict between security and surveillance.

Friday, November 14, 2014

We Want To Know Which Cash Registers To Avoid

from here (source image)

Thanks to Lesley Carhart for tweeting the original image and the idea behind it. I'd just as soon steer clear of such outdated registers, however.

I’ve Always Wondered How They Do It

found on the meta picture

I’m sure there’s a perfectly reasonable way for them to handle this situation, but I have to admit I’ve never really given it much thought before and it does make you wonder.

Thursday, November 13, 2014

Terrorism Comes In Many Shapes And Sizes And Needs To Hold Up It's Pants

from here (source image)

Why is the TSA confiscating belt buckles? Because apparently they can be used in terrorism plots.

I'm Sorry, Did I Break Your Concentration?

tweeted by HD Moore

Thanks to HD Moore fore tweeting this meme about the latest episode in big bug marketing (that sounds like an idea for a reality TV show).

Wednesday, November 12, 2014

Marie InfoSec Solving The End User Security Problem

from here (source image)

Are you like Marie InfoSec? Are you so out of touch with reality that you think you can solve social problems with technology? Security is an engineering problem only in so far as solving it requires technical engineering, social engineering, political engineering, economic engineering, etc. Multifaceted problems call for multi-pronged approaches to address them, regardless of the protestations of those who'd rather ignore the social dimension of the problem.

I Guess Christmas Came Several Times This Year

tweeted by @AdvancedThreat

Thanks to @AdvancedThreat for tweeting this slightly ambiguous meme - is it a security breach in his own organization or just one that made the news? It's certainly no secret that some people use news coverage of security breaches to help persuade management to give them what they want.

Tuesday, November 11, 2014

Please, Think Of The Ransomware Makers' Children

from here

If your aim is to make sure ransomware makers can feed their families, then go ahead and continue playing fast and loose with your data.

One Of The Most Difficult Choices Nowadays

found on the meta picture

Contrary to the title, I actually think this choice is pretty easy. If I find myself on a site with that many different download buttons and no clear indication of where they go or which one is legit, I find a different site.

Monday, November 10, 2014

With Instructions Like These, Who Needs Enemies?

from here (source image)

Thanks to Michal Špaček for finding and sharing this little bit of encryption nonsense. This was from a website designed to share 'expert' knowledge with the world. Unfortunately, as is so often the case in security, the ones sharing the knowledge didn't know what the heck they were talking about.

The Big Book Of What Not To Do Ever

found on the meta picture

I really hope the book's title really is "The Big Book Of What Not To Do Ever", because this is profoundly bad advice for child safety and home security.

Friday, November 7, 2014


from here (source article)

I don't even know where to begin, except what the fuck is a cyber-missile?

Never Let Your Friends Forget OpSec Day

tweeted by @thegrugq

Thanks to @thegrugq for tweeting this (and numerous other) meme celebrating the operational security failures of the recently arrested administrator of the Silk Road 2.0.

And in case you're wondering about the title - every day is OpSec day. I hope nothing bad happens as a result of my crossing the memes.

Thursday, November 6, 2014

Do You Even Protect?

from here (source image)

Thanks to @_youhadonejob for tweeting the image of a frankly ridiculously ineffective version of a hazmat suit. What is the point of those plastic leg warmers? The warning label seems kind of ironic since even the people who supposedly know how to protect themselves from ebola are having a hard time of it.

Congratulations Gregory

found on the meta picture

Yup, congratulations to Gregory for messing with the wrong old man. Or maybe the right old man, since anyone who does that kinda thing deserves this.

Wednesday, November 5, 2014

Maybe The Fuzz Could Help Him Stay Warm

from here (source image)

Thanks to Josh Corman for making me aware of ridiculous hacker stock photos that employ both ski masks and hoodies.

The Best Halloween Costumes Leaked This Year

found on failblog

Here I was thinking the costume idea from a couple days ago was just a joke. Turns out someone actually did it and made it part of a couple's costume.

Not sure what that thing sticking out of the cloud is, though.

Tuesday, November 4, 2014

Although 'Prediction' Might Be Too Strong A Word

from here

Inspired by a sarcastic tweet from Martijn Grooten. We really need a better word for these things than predictions. Trendcasting maybe? Like sportscasting but for trends.

Remember To Sanitize Your T-Shirts

tweeted by Troy Hunt

Thanks to Troy Hunt for tweeting this picture of a Little Bobby Tables t-shirt. Unfortunately I wasn't able to find a store that sells these currently, or I'd have linked to it. The search did turn up some other interesting SQL injection related merchandise, though, so there is that.

Monday, November 3, 2014

The Two Faces Of Disclosure

from here or here

Whoever wins, the public loses. The only way for the public to win is if both of these sides make a good-faith attempt to cooperate.

My Idea For A Halloween Costume

found on the meta picture

I bet you were wondering how a cloud could be scary before you read the second half of that plan. Other nightmare cloud-related activities might include such things as taking people's books away or amassing people's secrets and sharing them with the authorities.