Friday, December 29, 2017

So bad customer service is good for security?

from here

Customer service representatives getting socially engineered by crooks is a pretty standard attack scenario that's happened more times than I can count. Getting rid of customer service would eliminate that vulnerability but surely there must be some other way, some happy medium that protects accounts without telling customers they're SOL when something goes wrong.

Said every tech vendor always

tweeted by @flohio_

If you think patching simply subtracts vulnerabilities without adding new ones no one knows about yet, I've got a bridge I'd like to sell you.

Thursday, December 28, 2017

Someone drank too many Long Island Iced Teas

from here

An iced tea company reinventing itself as a blockchain company reminds me an awful lot of a restaurant company reinventing itself as a biometrics company, and that didn't end well for anyone except the scammers at the heart of the plan.

Some people steal the most unlikely things

found on Imgur

I'm sure this confused people. What are they going to do? Put a lock on their lock to secure their security? Yeah, no.

What they could do, however, is put a mark on their lock so that they can tell when it's been tampered with in this way.

Wednesday, December 27, 2017

Gotta love those untelligence agencies

from here

On the one hand it's terrible when authoritarian regimes use software to target their critics. On the other hand, if they're so technologically impaired that they have to buy off-the-shelf spyware then the chances are they'll do something stupid that will give away what they're up to. The "other targets" listed in this article demonstrate that tendency quite nicely.

Cats don't know the meaning of the word "privacy"

found on I Can Has Cheezburger

You might think the cat is only doing this because the door is slightly open and it can see you, but I can tell you from personal experience that even when the door is closed all the way the cat will still try to reach underneath the door to get to you.

Friday, December 22, 2017

How to (not) protect your reputation

from here

It's 2017. If a security company doesn't know by now what the Streisand effect is or how suing a reporter will invoke it, then they deserve the misfortune that will most certainly befall them.

'Twas the ads that spoiled Christmas

found on Imgur

All the more reason to use an ad-blocker, or incognito mode in your browser for that matter.

Thursday, December 21, 2017

Good thing my smart water bottle can still hold liquids while it's updating

from here

If you're going to get smart devices, make sure you get ones that can still operate while updating or when there's no connection. You don't want a sudden network problem to turn you into Bear Grylls.

Sleigh Security Christmas Card



Want to give someone the gift of security humour? This Christmas card should do the trick.

Wednesday, December 20, 2017

I wonder what their score is now

from here

No, seriously, how many attacks have now been attributed to the Great Dark Spot? Are the government's attribution dice loaded? Did their spinner get stuck? Does anyone remember the last time it wasn't North Korea*?

It makes you wonder two things: 1) Why have we not yet figured out how to stop them?, and 2) Why have more capable and resourceful countries not figured out how to emulate them and become even more successful at it?

(*OK, so there was that one time Russia hacked the political parties to collect dirt and try to sway the outcome of the election, but other than that?)

So encrypt for goodness sake

found on Imgur

You didn't think the elf on the shelf would get those accolades did you? Of course it would be his handler that gets all the credit.

Tuesday, December 19, 2017

Can you prove you're not a bot?

from here

I wonder if some day CAPTCHAs will exceed human ability to easily solve them. That seems like the logical outcome when we start having algorithms that are better at solving the current CAPTCHAs than we are

Santa's on the naughty list now

found on Funny Junk

I really want to believe this isn't what it looks like and is just one of those snapshots that capture a moment that doesn't reflect what was actually going on (like those derp pictures). I want to believe that, but the realist in me says that caption is dead on.

Careful who you entrust your children to this holiday season.

Monday, December 18, 2017

Can't we all just log on?

from here

You know who you are (Google, Basecamp, etc..)

'Tis the season to limit your sharing

tweeted by Santa Claus

Always be careful what you share on social media. There's always something you wouldn't want your boss to know about (though if your boss is jolly old Saint Nick he might just find out anyway).

Friday, December 15, 2017

It's the principle of the thing

from here

Have you ever felt like maybe the Principle of Least Privilege could be misinterpreted, and maybe that's why it never caught on?

What else have I been missing out on?

found on Meme Base

This is the kind of thing that makes you question every jaded belief you have about unsolicited emails. Don't worry, though. That pile of cash was probably a scammer's earnings, not something they were looking to share.

Thursday, December 14, 2017

I just want to get 'stuff' done

from here

If someone comes up with a way to make applying updates less intrusive and disruptive, it would go a long way to getting patches applied in a more timely fashion and closing the window of opportunity for exploitation sooner.

(And don't be like some people online and assume this is literally me. I simply know there are people like this out there.)

What to buy for the crypto-phile who has everything

link to online store

Do you know any avid crypto-currency investors? I do and I have a sneaking suspicion that one or more of them might actually like these ugly crypto-currency themed Christmas sweaters. You can buy them at Hodlmoon with (surprise) crypto currency. Yes, someone is actually expecting you to treat crypto currency as real money rather than the volatile stock it more accurately mimics. Don't worry, you can also pay the normal way.

Wednesday, December 13, 2017

How to make public washrooms even less private

from here and here (source image)

I am so glad I've never encountered a washroom like this, but if I did - that looks like a convenient place to hang my jacket.

We take the credibility of your corporate responsibility assurances very seriously

found on the I've Been Mugged blog

If only PR people had Pinocchio noses. That would make corporate messaging about data breaches either more comical or force it to be more honest.

Tuesday, December 12, 2017

Don't even get me started on "hacker" or "virus"

from here

So it appears that "crypto" is joining the long list technical terms that are being redefined by people who don't even know the original definition.

To all those upset about this turn of events, welcome to the club.

Someone ought to make a filter for that

found on PMSLWeb

Can you imagine the fortune you'd make if you invented a spam filter that worked on real life things?

Monday, December 11, 2017

Smile! You're on home-made candid camera

from here

If you want to know how to check for them this article presents some ideas.

Drop dead gorgeous dead drops

found on Imgur

I mean, if I were on the lookout for hidden messages, that kind of hiding place might make me forget what I was looking for.

Friday, December 8, 2017

It sure moves a lot for something chained to a block

from here

For all the engineering that went into protecting cryptocurrencies against double spending, even single spending seems to be a rarity. People just buy, buy, buy, there's not much spending going on.

Be sure to drink your Ovaltine

found on Imgflip

It's pretty sad when the company that was supposed to protect you from unwanted garbage starts pestering you with unwanted garbage. Don't take advantage of your users and treat them like a captive audience, because they aren't one.

You have to be careful about being too commercial or you'll turn people against you, people like young Ralphie here

Thursday, December 7, 2017

There be no scanners here

from here

I kinda think I heard this joke (or one very much like it) somewhere else, but I can't find it.

You may have already won against the dark lord

found on The Meta Picture

If the news that you're a wizard didn't seem like it was too good to be true before, try being told over and over again by a flock of owls.

Wednesday, December 6, 2017

Just enter your credentials here

from here
One day the scammers will figure out the unique email address I gave to PayPal and maybe become mildly convincing, but today is not that day.

There's no such thing as too big to fail for databases

found on FRSecure

Not to long ago I tweeted:
That which is collected will eventually be breached
Large breaches like the one at Equifax prove this point in spades, but it really goes for anything. We can't stop all the breaches, so eventually one is going to succeed and the data we (whoever we happens to be) have collected will be released.

The best way to deal with this is to not collect sensitive data in the first place. The second best way is to not keep it for very long. The more data you have the bigger a deal such a breach becomes, so while some banks may be too big to fail it's actually the opposite that holds true for databases.

Tuesday, December 5, 2017

Only stinkers want to kill privacy

from here

I suppose this is also one of the benefits of living alone. You get lots of privacy that way.

No, but it is quite the weapon

found on The Meta Picture

I don't always agree with what airport security does, but in this case I'll make an exception because quite frankly a bottle of solid water would actually be more concerning to me than a bottle of liquid water. I'd also be concerned if someone came on a plane I'm on carrying a baseball bat, a brick, or a sock full of quarters.

Thanks to Madfur for sharing the story

Monday, December 4, 2017

Mother's maiden name: purple lunch bag

from here

If we all followed the advice that's going around these days with respect to online security questions, it really shouldn't matter what the questions are or even whether they're actually questions at all.

Feline Bureau of Investigation

found on Dump A Day

I wonder if this one also wants responsible encryption, or if it'll settle for chin scratches.

Friday, December 1, 2017

Nip and tuck your way to security

from here

Changing your traditional password regularly doesn't really prevent any of today's attacks, so why should efficacy stand in the way of applying the same logic to biometrics?

Clear out the DVD burner while you're at it

found on Pinterest

Technically, without the firewall there's an increased chance your computer will become host to unwelcome code that uses up more computing resources than you normally would, which by extension would make your computer slightly warmer than it otherwise would have been.

Thursday, November 30, 2017

How is "too long" still a thing in 2017?

from here and here

Thanks to Paul Gilzow for pointing out how foolish it is to have a password length limit in this day and age, and, incredibly, getting a representative of the company in question to consider the possibility that Paul is right.

How to stop worrying about ransomware

found on Imgflip

Ransomware really shouldn't be the big deal it has become. We should have always been making backups so that ransomware wouldn't have been an issue in the first place, but barring that, once it did become an issue we should have started making backups.

So why haven't we (collectively) started doing that?

Wednesday, November 29, 2017

That's what I call a duh-fault password

from here

There are a lot of things I could say about this monumental cock-up by Apple, but I think the most important thing for people to take away right now is:
Leave no default password unchanged

That goes not just for this particular case but all cases of default passwords. If you find them, change them, because eventually defaults become something that everybody knows, and a password that everybody knows isn't a very good password at all.

(Of course a blank password is even worse)

Would you trust a social network with your life savings?

found on Imgflip

If you use the same password for both then Twitter is essentially in possession of the key that unlocks all your finances, and I don't think that's something they planned to protect when they were devising their defenses. Even if it was something they planned for, that doesn't mean they'd be any good at it. Certainly I wouldn't expect them to be better at protecting that than they were at protecting President Trump's Twitter account.

Tuesday, November 28, 2017

That sounds like phun

from here

If your son or daughter spends a lot of time online "fishing", make sure it's fishing with an F and not phishing with a PH.

One more reason to use 2 factor authentication


found on Google Image Search

Probably best not to use biometrics, though. You don't want to find out how a dog might bypass that. I'm sure it involves teeth.

Monday, November 27, 2017

Don't want home invaders walking in on me

from here

I imagine this is also good for those times when one is entertaining guests, or if one ever stops being alone, but it's weird that the sense of a lack of privacy can persist even when reality is not in agreement.

Somebody is going to get a new wallpaper

found on Quick Meme

I must admit, I've changed a background or two in my time, but never to something so meaningful. I'm going to have to keep this on file for the next time I need to teach someone a security lesson.

Friday, November 24, 2017

It certainly blocks a lot of infections

from here

There's a set of security 'experts' who are pretty vehemently anti-AV and there's a set of security 'experts' who like to make snide comments impugning the integrity of MSWindows. If those two sets overlap, this should make their heads explode.

Scam Detected

found on Meme Center

I wonder what people encounter more often - virus alerts that actually came from their installed AV or fake alerts meant to trick you into installing malware. If only there was something that could protect us from scams the way AV protects us from viruses.

Thursday, November 23, 2017

When guns don't make you feel safe enough

from here

I am completely dumbfounded by this story. I've certainly heard of police abuse of power and the use of unnecessary force before, but this is some next level shit. As much as we need authorities to neutralize attackers so that they can't launch attacks anymore, we also need to keep them in check and this is one of many examples that we aren't doing that.

In government we distrust

found on Imgur

Trust is hard to build, and even harder to rebuild.The government wants citizens to trust them with the keys to all the data (through back doors or front doors or golden keys or whatever)  even though they've proven themselves untrustworthy over and over again. Somehow I don't think that's going to work out for them.