Thursday, June 30, 2016

How Hard Can It Be To Visit All Possible Shortened Links?

from here

Shortening a link turns a hard problem, namely guessing a URL with a lot of possibly personal information in it (user credentials or some kind of authentication token), into a much easier problem - guessing a 5 or 6 digit code. The URLs people most want to shorten are the ones that are longest, and ironically the reason they're the longest is often because they contain the most personal or uniquely identifying information.


found on Imgur

Thanks to Alex Girard for pointing me towards this animation of what appears to be perhaps the worst CAPTCHA I've ever seen. If the solution to the CAPTCHA is in the filename of the image then it's going to be spectacularly easy for bots to solve it and thus render it useless at stopping bots.

Wednesday, June 29, 2016

Hope Your Adversaries Aren't Crafty

from here (source image)

I wonder if the person who did this used those same scissors to cut that length of string in the first place.

The Things People Will Do To Connect

found on FailBlog

It's amazing that people will give up their own password for a candy bar, and they'll give up their dignity for someone else's password. Doesn't that suggest you should be able to buy a person's dignity for a candy bar?

Tuesday, June 28, 2016

So Much For Only Downloading From Legitimate Sources

from here (source image)

I don't know what Microsoft has been smoking but downloading updates from arbitrary computers on the Internet seems like a good way to get malware.

Why You Should Never Use A 'Passname'

tweeted by Cameron Newton

Cameron Newton found out the hard way what happens when you try to use your name (which everyone knows) as your password (which no one other than you should know). I know it may seem onerous to have to remember both your name and your password, after all 2 is twice as many as 1, but it's really not that big a difference.

Monday, June 27, 2016

When You Outlaw Strong Crypto Only The Outlaws Will Have Strong Crypto

from here

Laws keep honest people honest. They aren't going to have any real effect on spies, criminals, or terrorists. So Russia's new law isn't going to make Russian adversaries any easier to deal with.

You're Gonna Need A Better Lock

Don't underestimate your adversary, no matter how cute, cuddly, and innocent they may appear.

Friday, June 24, 2016

With Enough Tape You Can Stop All The Attacks

from here

On the one hand Mark Zuckerberg covers the webcam on his computer with tape, which is smart. On the other hand, he covers the microphone with tape too, which makes no sense. I think I must have missed the memo about sound not being able to go around or through tape, even though it can go around or through so many other materials.

SQL Injection In A Nutshell

found on Imgur

Y'know, if you fall for SQL injection attacks then attackers are probably going to be laughing at you just like that.

Thursday, June 23, 2016

But Neither Can My Amazon Deliveries

from here (source image)

Obviously camouflage isn't going to hide your house from the people delivering your monthly bills, but if it did there would certainly be unintended consequences.

Password Breach? You Know What That Means

found on VentureBeat

Y'know, maybe if you didn't use the same password everywhere, you wouldn't have to change all of them.

Wednesday, June 22, 2016

Testing The Limits Of Suspicion

from here (source image)

I have a feeling that the person who came up with that 'See something, say something' ad campaign for public transit never actually spent much time on public transit. The rules for judging something as suspicious go right out the window in that environment.

What Could Possibly Go Wrong?

found on The Art Of Trolling

You'd think the state prison sign would be enough of a warning without having to explicitly tell people not to pick up hitchhikers.

Tuesday, June 21, 2016

Why Not Both?

from here (source image)

Probably people are going to slow down regardless, but the cops are going to see a drop in their traffic ticket revenues if the sign is true.

Never Turn Your Back On Big Cats

Simulating a lack of situational awareness is a clever way of demonstrating how important situational awareness can be. Certainly it's the safest way to demonstrate it. It's interesting to see how the predatory instincts kick in when a seemingly easy target presents itself.

Monday, June 20, 2016

You're Going To Confuse The Legal System More Than It Already Is

from here

Honestly, when people say things like "Consequently, there is no real legal difference between a feature and an exploit" (source) I cringe. Is authorship not a legal difference? The exploit was not created by the entity that provided the feature. The vulnerability that the exploit uses was, but the exploit itself comes from an adversary. It seems to me that should count for something.

Who's The Sucker Now?

found on Owned

Remembering passwords is harder than people want to admit. Password hints may not be the best memory aid, but some kind of memory aid really should be used, and a password manager won't help much if you can't log into the computer it runs on.

Friday, June 17, 2016

I Guess That Counts As Stronger

from here

Sometimes I wonder about how security vendors decide on names. AgileBit's 1Password seems to have a particularly unfortunate implication (though, not quite as unfortunate as NopSec). In truth, 1Password the password manager app is capable of providing a great deal more security than just using the password "Password" or even "1Password", though judging by the password breaches of various sites most people still aren't using password managers.

I Can't See The Difference, Can You See The Difference?

found on Memebase

The notes are almost identical in their idiocy. The one thing that the non-game one has going for it is that the culprits actually tried to mask their identity by pretending to be from Comcast (though they did a really bad job at it).

Thursday, June 16, 2016

Do Heroes Really Need Protection?

from here (source image)

Never mind the bad paint job or the fact that the vehicle doesn't look like it has any business being used for security personnel, what on earth would the Subway restaurant need with security personnel in the first place? Seems to me this is more likely a ploy to get free food from actual Subway restaurants under the guise of being company employees..

Then What's The Problem?

found on The Art Of Trolling

Sometimes giving information about why a login failed can provide an attacker with assistance in breaking into an account. I like to think this bakes the attacker's brain a little instead.

Wednesday, June 15, 2016

When The Bar For Theft Prevention Is Set Too Low

from here (source image)

That looks more like something to keep a boat securely moored to a dock rather than for keeping a motorbike secured against theft.

Hide-N-Seek Win

found on Just Post

Be careful where you sit when these two are around. That may not be a surprise you want.

Tuesday, June 14, 2016

I # PASSWORDS Revisited

product link - category link

A rather remarkable coincidence happened recently. Last week I was contacted by a reader who was interested in the I # PASSWORDS shirts but was disappointed that there were no polo or pocketed shirt options for the design. Unbeknownst to me at the time the original post was in the queue for reposting to social media this past weekend (I've been reposting old posts with images that had originally been posted to social media without images because posting without images really didn't do them justice).

So thanks to Adam Outler for the idea to alter the design to make a 2-line variant so that the # symbol can stay relatively large when scaled down to pocket size and (maybe) not lose the fine details within it (the words "work factor" are repeated over and over again inside the # symbol). I made certain to specifically put the design on a polo shirt and a pocketed t-shirt in my Zazzle store (which is inexplicably slow to update), and on a golf shirt in my CafePress store. As you can see above, I also put it on the simpler t-shirts as well.

I # PASSWORDS (2 Line) - Men's Polo Shirt
I # PASSWORDS (2 Line) - Men's Polo Shirt by secmeme
Browse more I # PASSWORDS T-Shirts at Zazzle

(Updated to add the graphics applied to these shirts so that the reader can use them at sites other than CafePress and Zazzle, just in case you can find a better deal or find a shop that has a wider variety of garments)
normal graphic
graphic for dark shirts (the lettering is white, that's why you can't see it)

Talk About Cross-Platform

found on Know Your Meme

This is, of course, impossible for the time being. That being said, there are a number of medical implants that have some form of computerized components. The number of such implants are more likely to increase over time than they are to decrease, and the computers being used in them are going to increasingly be general purpose computers that can in fact be affected by viruses and other malware. So in a way, computer viruses could eventually spread to humans by virtue of spreading to the computerized components inside some of them.

Monday, June 13, 2016

Sorry You Couldn't Spy On Me That Way

from here

And here I was thinking we did things different up here in The Great White North. Obviously we don't do things THAT differently.


I think I see which is the weakest link in this chain - it's the would-be ATM thief. That is, he would be an ATM thief if he weren't so dumb.

Friday, June 10, 2016

Look Who's Thinking Like An Attacker Now

from here

I keep hearing advice to hack yourself (or alternatively "hack thyself") but I wonder if, under the circumstances, perhaps that's setting the bar a little too low.

How Rude!

found on

Cats - the reason for locking laptops and bathroom doors even when you live alone.

Thursday, June 9, 2016

The (In)Security Industry

from here

I have a great deal of respect for security tools and the people who make them. However, when it comes to the business of selling them, I cannot abide by the tactics used or the entities who employ them.

Have Faith In Those Spying On You

found on Reddit

When you get right down it it, an omniscient being watching your every move is pretty creepy, and yet the God-fearing public seems to be OK with it. It's no wonder the government is getting away with the same thing.

Wednesday, June 8, 2016

At Least It Won't Fall Over

from here (source image)

Sometimes it seems like people learned to secure their bikes by watching cowboys secure their horses in old western movies.

Then We'll Need Anti-Nude Software

link to tweet

Thanks to Beatrice for the joke. I suspect in my case the picture would be punishment enough, but if people could booby trap their booby pictures I'm pretty sure it would create demand for software to protect you from nudes. Puritan Software Inc. presents SinStop.

Tuesday, June 7, 2016

Trusted By Over A Billion People

from here (source image one and two)

It's hard not to laugh when you hear that Mark Zuckerberg's password on Twitter and Pinterest was "dadada", but stop and think about how many people depend on him following good security practices. Yeah, not laughing anymore, I bet.

The Bev-Brush

found on Amazon

I don't know why, but I am always fascinated by the ways people come up with to hide things. Some of them are gender specific, though. Men, as a general rule, don't carry big hair brushes around with them. Especially when so many of us don't have the hair to use it on. As such, using a male hand model for this product shot seems a little out of place. I suppose you could stick it in a purse and say you're carrying it for your girlfriend.

Monday, June 6, 2016

Right Store, Right Price, But Wrong Password Policy

from here

Thanks to Tim V for drawing attention to Kroger's ridiculous password policy. Hopefully we can draw some more until they fix their shit.

Mr Gear: 5 Ways To Make A Secret Safe

I don't know about hiding money in a wall outlet (I think I'd probably forget it there when I move out) but some of these others look like easy DIY ways to hide your valuables and/or contraband. Sorry kids, none of these are big enough to hide your porno magazines from your parents.

Friday, June 3, 2016

So What Can KeePass Keep Safe?

from here

I tend to think of password managers as being a type of security product. Certainly they help users use more secure passwords, but I'm not sure how much that matters if the makers value their advertising revenue over the security of the update mechanism.

The Wrong Kind Of Doctors

found on The Elephant In The OR

As much as computer virus experts know about computer viruses, it doesn't seem to help them avoid getting sick. Likewise, doctors aren't so hot when it comes to diagnosing malware problems (at this stage in the story, the elephant is still just an intern and the other character is the real doctor). The analogy between computer viruses and biological viruses is limited and breaks down if you try to take it too far.

That being said, I think perhaps the next time I encounter the Blue Screen of Death I'll have to remember to call it severe cyanosis.

Thursday, June 2, 2016

What's Next? Friendster?

from here and here

If you're a MySpace user then I suppose you might want to change your password. That assumes, of course, that you can remember what your username and password were after all this time.

Watch Out For Cyber-Autism

thanks to Alex Girard for sending me this

I mean, a sizable portion of the InfoSec community are basically anti-cybervax'ers (anti-AV) anyway so let's point out just how ridiculous it is.

Wednesday, June 1, 2016

Toy Security

from here (source image)

I don't know about you but I can log into my bank account with just a password. This toy requires both physical access to a thing (a token in the form of the journal itself) and a biometric sample.

Someone Needs To Take Security 101

tweeted by Security Fails (apparent source image)

You'd think that the only ones failing at university would be the students, but apparently there are ways in which the administration fails too.