Tuesday, February 28, 2017

The Teddy Bear's Ransom

In light of the news about a breach of connected teddy bears, I thought a song parody was in order
If you connect a kids toy today
You're in for a big surprise
If you connect a kids toy today
You'll never believe your eyes

For teddy bears recording gagas
Have dumped their loads for certain
Because their maker didn't
Believe in authentication

Hackers stole your voice data
Those little teddy bears gave all of your messages away
Watch them upload unaware
As attackers have a big field day

See your words get ransomed out
And if you ever doubt
That nobody even cared
The makers couldn't be reached to warn them
About the data breach
Of your child's little teddy bear

Every teddy bear that's online
Is some kind of threat today
There's lots of marvelous bits to steal
And somebody always pays

Beneath the fur where nobody sees
A computer uploads to IPs
'Cause that's the way
Connected toys do their business

Hackers stole your voice data
Those little teddy bears gave all of your messages away
Watch them upload unaware
As their makers buy bitcoins to pay

See your words get ransomed out
And if you ever doubt
That nobody even cared
The makers couldn't be reached to warn them
About the data breach
Of your child's little teddy bear
Just in case you don't recognize the tune this is supposed to be a parody of, here's the original:



I wish I had a way to actually record the parody itself, but I haven't yet developed that capability.

What is this alien language?

found on Imgur

Even now, if you went up to the average person and told them to stop using SHA1 they'd look at you like you were speaking in tongues. The advice means nothing to most people because they generally don't use a hash function, or when they do they don't get to choose which one.

There are some people who could use the information, though - software developers. The only problem is that the ones who haven't already heard are probably making a lot of other bad crypto choices too, so this one piece of advice isn't going to magically turn their cruddy software into gold.

Thanks to Alex Girard for sending this to me.

Monday, February 27, 2017

Make sure you get the digital keys too

from here and here

In the "what could possibly go wrong" department, smart cars can apparently still be controlled by their previous owners.Other smart devices may be equally risky to buy used. The option to only buy new may work for some of them, but what about entire smart homes?

Don't give cops the bird


Watch on YouTube

Who knew the authorities were such delicate creatures?

Friday, February 24, 2017

Rest in peace SHA1

from here

So, even though it's probably not economical to attack a SHA1 based cryptocurrency at the moment (the cost of mounting an attack would likely exceed the amount of funds available in the few SHA1 based cryptocurrencies out there), the fact that SHA1 is now 'dead' will probably result in the value of those alt-coins dropping precipitously.

A good use case for denial of service

original tweet

Good viruses may still be a bad idea, but I'm leaning towards the opinion that good DoS attacks may not be a bad idea.

Thursday, February 23, 2017

Surprise mood lighting!

from here

I wonder how many social problems smart devices (other than phones) will wind up creating.

What will the TSA ban now?

found on Izismile

It's become a pretty predictable pattern - when there's a problem, the TSA steps in and bans something in the hopes that it will stop it from happening in the future. It probably won't, but they'll do it anyways because they have to do something, that is something, so they have to do it. At this point though, I'm not sure what's left to ban. High blood pressure?

Wednesday, February 22, 2017

Lock Pick Earrings (merchandise)

available on Tindie

I saw these a while ago, but the links I found at the time all seemed to lead back to an Etsy page that no longer existed. I've now found another site where they can apparently be purchased, so if you're interested in these, check out Safadancer's Tindie page.

Tuesday, February 21, 2017

Only a visually impaired cop could miss a sign that big

from here (source article)

Pictures of cop cars with wheel locks (like this one) are not hard to find. Maybe we need more of that, because a cop who can't see that sign probably does belong in a handicapped space but not behind the wheel.

CAPTCHAs would have ruined Star Wars

found on Memebase

Come to think of it, social media probably would have ruined Star Wars too. Think of all the secrets that would have become non-secret thanks to poor privacy settings.

Monday, February 20, 2017

Double Oh Kill -9

from here

Call me Ware. Spy Ware.

OK, now here's a game to play - cyberfy some James Bond movie titles. Like "Octetpussy" or "Password Never Dies".

Attacker, strike thyself


Watch on YouTube

Just look at the genuine concern the would-be victim shows for his bumbling attacker. That sort of makes the schadenfreude all the sweeter, because anyone willing to do what the attacker was trying to do to such a thoughtful person deserves what they get.

Friday, February 17, 2017

As if anyone maintains anything anymore

from here

Even if the devices update themselves automatically, the trend so far has been that they don't continue to operate normally while the update is taking place. This is probably because it's difficult to replace files while they're in use by a running process.

So imagine all the things in your life stop working temporarily. It doesn't have to be all a the same time to be a problem, in fact if it's not all at the same time it could be a bigger problem. With enough smart devices updating themselves, the chances of one updating after another becomes greater, and the longer the chain of successive devices updating themselves is the more of an intrusion into your life it becomes.

Virus Leggings?


.
I've obviously heard of putting security-related designs on t-shirts, hats, mugs, phone cases, etc. because I've done that myself, but apparently now you can put them on leggings too - and this designer has quite a few cartoon representations of malware, from viruses, to worms, to botnets, key loggers, etc.

I've honestly never seen this available before from Zazzle. I wonder what I could do with that with some of my existing designs.

Thursday, February 16, 2017

So much for that secret

from here

I think it's fair to say that some things shouldn't be secret, and this is one of those things. If a secret is supposed to remain secret, don't just avoid telling people, avoid writing it down or recording it or otherwise putting it on something you don't have total control over 24h a day.

It even has a high vantage point

found on The Meta Picture

I can't say I've ever heard of a giraffe in a ghillie suit before, but I can imagine that in amongst the trees it might help it blend in.

Wednesday, February 15, 2017

Now you seesaw it, now you don't

from here (source image)


No more access for you!

found on Daily Shit

This is just one of the many things people with privileged access can do if you don't take away that access before firing them.

Tuesday, February 14, 2017

How to pwn a President

from here (source article)

I guess we won't have to worry about the Trump administration keeping any deep, dark secrets.

Surveillance camera love

found on Imgur

I think we've probably all been this distracted before, but that's not something you want to see in a surveillance camera.

Monday, February 13, 2017

Did you think AV programmers were magic?

from here

All software has vulnerabilities. ALL OF IT. Get over it and adjust your expectations accordingly.

There can be only one


Watch on YouTube

If you're gonna try to rob a convenience store with a knife, you better make sure yours is bigger than the store owner's.

Friday, February 10, 2017

How not to keep your car safe

from here (source image)

Don't forget to get your vehicle spayed or neutered.

Is this what you get when you cry "Havoc!"?

found on Imgur

I always expected the dogs of war to be ... I dunno... more.

Thursday, February 9, 2017

Those are what you call 'attack'ments

from here

This is the kind of thing that makes admins cringe. The attachment did do something, but you were never meant to see it because it's something you wouldn't want if you knew about it.

The more things change, the more they stay the same

found on Matusfun

It always seems like nobody ever learns from the mistakes of the people who came before them. Obviously some do, but the ones that don't stand out a lot more.

Wednesday, February 8, 2017

Sometimes I miss the old days

from here (source tweet)


Malware writers are so grim these days. I guess fleecing victims for money is serious business.

Surf's up, dude

found on Recover iPhone Backup Password

People don't need a board when they're shoulder surfing, they only need a victim who isn't paying attention to what's going on around them when they enter their password.

Tuesday, February 7, 2017

Into at least 256 bits

from here (source image)

I don't know for sure, but I have a feeling we might be seeing more of this image in the future.

Now that's a dog to beware of

found on Izismile

I'd hate to be the mailman in that neighbourhood.

Monday, February 6, 2017

Only you can stop ransomware

from here

So long as the criminals keep getting paid, they're going to keep victimizing people, so put those bitcoins you're saving for a bad day towards better backups instead.

Never underestimate your adversary


Watch on YouTube

It only takes one not-so-dumb dog to make a mess out of everything if you're not careful. I wonder if they disclosed to the people who adopted the dog how difficult it may be to keep him contained.

Friday, February 3, 2017

Badges are for those who don't get caught

from here

Honestly, if you can't avoid the law maybe you shouldn't even try to break it.

Remember when they just used planks?

found on The Meta Picture

I'm pretty sure students can steal it. In fact, if it had been me, I might have stolen it just on principle (I'm contrarian that way). But I can't help notice that this is an escalation of previous calculator anti-theft measures.

Thursday, February 2, 2017

Some things are more feature-rich than anyone realizes

from here

I wonder if technology vendors are going to start using this kind of messaging - the product isn't insecure, it's alt-feature rich.

It's hard to sneak away while being tailed

found on JCreatives

If getting caught is a concern then it pays to make sure there isn't anyone or anything giving away your position.

Wednesday, February 1, 2017

Good enough to pass the checklist

from here (source image)

I don't know for sure about this case but certainly others like it exist only because people have a list of things things they have to do to be 'secure'.

Thanks to Xavier Mertens for sharing the source image on his blog.

Where's the beef?

found on Dump A Day

Seems like Google's face detection is getting really good.