Thursday, March 31, 2016

What Could Possibly Go Wrong?

from here

Inspired by a question on Quora but really I get the feeling this is what a large proportion of the InfoSec community is thinking too, and I can't help think that ordinary people trying to ditch antivirus are getting the idea from the so-called experts.

If, after several decades, we still can't all agree on a security control purposefully built for the this one problem then that right there is why we can't have nice things in security.

I Don't Want To Be A Target

found on Doodle for Food

In many contexts, being a target is not a positive thing, so it's odd that advertisers would choose that term unless they had some dark ulterior motives.

Wednesday, March 30, 2016

Have You Ever

from here (source image)

Thanks to Paul Smith for tweeting the photo used in this story about a guy who is no doubt really good at rationalizing after the fact.

Is This How The FBI Did It?

found on Imgur

On the one hand, what the authorities told us suggests this wasn't a viable option, but on the other hand, what the authorities told us suggested that Apple was the only viable option and look how that turned out. The FBI's statements clearly can't be trusted so who knows, maybe it was this easy and they're just that dumb.

Tuesday, March 29, 2016

I Don't Want To See Your Site THAT Badly

from here

Malvertising is malware, and adblockers do block them. It's really not much of a stretch at all. Don't disable, it's not worth the risk.

A Different Kind Of Blending In

found on Izismile

Sometimes it's easier to change the environment in order to make yourself less noticeable or memorable.

Monday, March 28, 2016

It's Often The Only Way To Resurrect Your Files

from here

I hope you took the opportunity this Easter to figure out how to bring your (and your loved ones') files back in case they get lost, deleted, corrupted, or encrypted by malware.

And don't tell me it's too soon to exploit the resurrection of Jesus Christ to promote good computer hygiene - it's been 2,000 years (give or take).

Protection vs. Ignorance

found on The Little One tumblr

A lot of people think security should be foolproof, that most people shouldn't have to even think about what they're doing. The problem with not addressing peoples ignorance, however, is that it increases the likelihood of encountering a fool who can beat your foolproof system.

Friday, March 25, 2016

I Can See The Difference, Can You See The Difference?

from here

If you've ever wondered if you had dyslexia, the current infosec environment contains people complaining about the as yet undisclosed (but named and logoed) vulnerability known as badlock, and people complaining about the browser plugin that blocks ads (unless someone pays them not to) called adblock presents a useful diagnostic for you. If you can tell the difference you either don't have dyslexia, or you are reading deep enough into the controversies to see the different contexts.

Headshot

found on Mint Press News

Apparently being a cop is very dangerous. Not only do they have to worry about getting shot with a gun, they have to worry about getting shot with a camera too.

Thursday, March 24, 2016

From Bing To Bonk

from here

Whether it's asking you what gender you identify as (as it did me), or asking you to DM so it can learn how to better satisfy you, the TayAndYou artificially intelligent Twitter chatbot developed by Microsoft seems like it could easily stand in for the kinds of chatbots you might find at AshleyMadison or the instant messaging spambots trying to advertise adult webcam sites. Microsoft already has a search engine called Bing so I'm expecting them to come out with some kind of social site called Bonk any day now, and this AI.will be the greeter.

Go Ahead And Crack That

tweeted by SciencePorn

There are, of course, no "last digits" of π (in case you flunked grade school math). It continues on forever, never repeating, so this "clue" would never help anyone break into the account. But I wonder how many people tried to figure it out anyway (there actually are people out there who don't know there's no end to π and they post questions about it on the Internet).

Wednesday, March 23, 2016

I Fought The Math (merchandise)


For cryptanalysts and government officials alike, you can't beat math. Hopefully we can someday reach a point where not only are our products so secure that this will actually apply to them but also that government officials will actually accept that state of affairs and not wage a war on math.

As usual, the CafePress store has zero markup on prices and the Zazzle store has a 5% markup (because that's the lowest number they'll accept). There's more than just t-shirts, too, and if there's something you'd like to see this on that I didn't include, just drop me a line and let me know and I'll see what I can do.

Sympathy As An Anti-Theft Device

found on FAILBlog

I'm not sure criminals are really going to feel bad enough for you to avoid breaking into your car, and I guess I'm not the only one whose skeptical about that since this was on the FAILBlog.

I posted something similar (but not quite the same) before. I gather there may be an entire series of these, and by the irregular angles, it kinda looks like these might actually be photos that weren't taken straight on.

Tuesday, March 22, 2016

Because Terrorism!

from here

Well, another terrorist attack (in Belgium this time, but it could have been anywhere) and people are already blaming encryption even though it's far too early to know anything like that. That's because the people spreading fear, uncertainty, and doubt about encryption don't care about the facts. If they did, they wouldn't have blamed encryption for the Paris attacks even after the French authorities ruled out encryption.

Your Bad Security Practices Are Driving Me To Drink

tweeted by Bomgar

This is apparently a freebie that the folks at Bomgar hand out at conferences and trade shows. As such I don't know if it qualifies as merchandise, though you might be able to get some from them even without meeting up at a show if you ask.

Monday, March 21, 2016

How Protecting National Security Leads To Bad Policy

from here

Inspired by a tweet that InfoSec Taylor Swift deleted. It actually is a thought worth considering. I'm not sure why it got deleted. There have been multiple cases where officials have had to fight to use a smartphone - sometimes winning, as Obama did with his BlackBerry, and sometimes having to break the rules as Hillary Clinton did

How Do You Protect Your Passwords?

found on Sysadminotaur

There's definitely security trade-offs with password vaults. This one is super secure but so restrictive that in order to get the password into the hands of the person that needs it, it becomes available to anyone within earshot. The one in your browser may well be vulnerable to a particular type of malicious web page. Password vaults that store their database in the cloud create an incredibly valuable target for cybercriminals, and ones that store their database locally are vulnerable to having that database stolen by malware.

Still, the alternative of reusing the same password in many places because you just can't remember enough different passwords to cover all your accounts is worse because a) memorable passwords are also easier to crack (the chances are higher that it's derived from dictionary words instead of randomly generated), and b) vendor-side password breaches (which can reveal your password for that vendor and as many other vendors as you've used that same password at) are a lot more common than password vault attacks.

Friday, March 18, 2016

Confused Spambot Is Confusing

from here

It's a terrible thing to see a twitter spam bot having an identity crisis, but at least it makes it easier to determine it's not legit.

Breaking A Password With Brutes But No Force

found on google image search

Not only should you not choose obvious passwords, you should probably also avoid passwords that people can guess without even trying.

Thursday, March 17, 2016

At Least He Likes Some Kinds Of Encryption

from here 

This is a case where I knew what my caption would be before I found a picture to go with it. I never dreamed Cheezburger would have one of Obama drinking beer in their collection. That just made it too topical to pass up. Have a happy, safe, and secure St. Patrick's Day folks.

Luck Is Not A Strategy

found on the event tracker blog

I'm pretty sure that's not going to get you the compliance you need. I wonder if there are even any effective access controls on those lucky charms.

Wednesday, March 16, 2016

And This Is My Arrested Face

from here (source image)

You have to wonder what kind of image your selfie is going to project when you capture yourself in custody. Maybe something like "Hi! I'm too dumb to stay out of jail."

One of the things privacy allows you to do is image management, but that means not compulsively sharing every single moment of your life.

Diamond Heist OpSec Fail

found on izismile

All the planning that went into the Antwerp diamond heist, but he got tripped up because he didn't adequately plan his meals. He must be kicking himself.

Tuesday, March 15, 2016

So That's How They Pay For The Free Upgrade

from here

If you think embedding ads directly into the operating system is a great way to amplify the effects of malvertising, you're not alone. I'm not sure what Microsoft is thinking (smoking), but this is going to be bad for users one way or another.

Last Week Tonight with John Oliver: Encryption (HBO)



Thank you John Oliver!

This is a (relatively) short video explaining the Apple vs. FBI conflict in a way that is both engaging and understandable by normal people. It will help educate the general public, and maybe (just maybe) lawmakers, policy makers, and maybe even the FBI and DOJ, because they clearly need some education about encryption and security.

It has been shared and repeated in all sorts of places, and needs all the repetition it can get so that it reaches the widest possible audience - because if society gets this wrong all trust in technology will come to a grinding halt, and banking and commerce and all sorts of other things we started doing online will no longer be safe there.

Monday, March 14, 2016

Reveal Terrorists With This One Weird Trick

from here

It sounds weird, but apparently this is something they really did try. Considering encryption is just going to make your emails stand out more and elicit extra attention, trying instead to hide amongst the penis elargement and 419 emails makes a certain amount of sense.

Samy Kamkar: C-C-C-Combo Breaker



Well, if you happen to have a combination lock that you really want to get into but don't remember the combination, it appears that Samy is your hero. I think we all assumed this was possible, and maybe you've even seen a movie or TV show with something like this in it. Thanks to Samy, now you can build your very own.

Friday, March 11, 2016

And It Would Be Disastrous If It Did

from here

The feds are still fighting Apple in the courts, still filing huge, desperate motions that nobody really wants to read, and still complaining that the people don't agree with their interpretation that the all writs act gives them carte blanche to tell companies to do whatever they want.

Just Solve The CAPTCHAs



CAPTCHAs are getting a little out of hand. I've never had as stressful an experience as the one depicted in the video, but they do seem to be getting harder and more abstract, and I have lost content I was trying to post because of them. No nuclear launches, though.

Thursday, March 10, 2016

New Government Bathroom Proposal

from here (source image)

I'm a big proponent of "What's good for the goose is good for the gander" method of dealing with the government. After all, if they aren't forced to experience what those they govern experience, they'll lose touch with the consequences of their decisions and cease to provide sound governance.

At Least It's Strong

found on google image search

Based on the upper right corner this cartoon should be available at rackafracka.com, however I went through all the comics there and I couldn't find the original. There are some other good comics there, though.

Wednesday, March 9, 2016

Hope That Wasn't Meant To Be Private

from here (source image)

There's only so much a set of curtains can do to stop people from knowing what's going on in your bedroom.

Peppered With Password Puns

found on google image search

I don't even know what to make of a pun this bad. Is this what they call a dad joke?

Tuesday, March 8, 2016

Thinking It'll Never Happen To You Costs The Most Of All

from here

The only reason ransomware is becoming a big trend in malware is because that's where the money is. And the only reason that's where the money is is because people don't have backups. Eventually a tipping point must be reached.

What Country Is This Country Club in?

found on gunaxin

When people just casually park their tanks next to me I think I'd feel a little exposed and unprepared. Sort of like "What do they know that I don't?".

Monday, March 7, 2016

My Other Dog's Name Is Spotter

from here (source image)

I've heard of guard dogs and attack dogs, but I've never heard of a sniper dog before. Dogs are so versatile, though, it wouldn't surprise me.

At Least She's Thinking About Protection

found on memebase

I'm not sure what precipitated a shirt like this, but by all means, protect what's important to you.

Friday, March 4, 2016

Because Defense Isn't Sexy

from here

And yet we still value those defenders more than their counterparts. Maybe chasing the sexy one isn't always the best idea.

I'd Give Up Too. Wouldn't You?

found on imgur

Truthfully, increasingly complex password policies are just driving people away from even caring about doing passwords right by making them think about passwords wrong, and actually reducing the keyspace a password cracker needs to search.

I can no more follow dozens or even hundreds of different password policies than I can remember dozens or even hundreds of passwords, but many people have created dozens or even hundreds of accounts. Stop the insanity. Password managers have an actual goddamn easy button for this shit and it works. Stop making people cross their eyes and dot their tees and start pointing people in a useful direction.

Thursday, March 3, 2016

It Probably Needs Some Bed Rest Too

from here

I was sick. Of course I came up with a cheesy antivirus meme.

Remember How Important The Security Of His Phone Was?

found on livememe

I stumbled across this as a near match while researching a previous post and it was just too good to pass up given the Apple vs. FBI fiasco.