Wednesday, May 31, 2017

Do yo like raining on other people's parade?

from here (source image)

It may seem like security people get a kick out of ruining your day (and maybe some really do) but more often than not they're just focused on one thing (security) and not the context in which it's being applied.

In the above example, the slide could conceivably have been moved or even turned around so that kids wouldn't be turned into french fries when they reached the bottom.

Reason #1498347 why you shouldn't trust strangers on the Internet

found on Fail Blog

Unfortunately the Internet has a great many unscrupulous people trying to trick you in some way in order to get your money.

Also unfortunate is the fact that you are easier to fool when you're desperate.

Tuesday, May 30, 2017

The hole was bigger than they could have possibly imagined

from here

Because of their nature, security failures on billboards are bigger than life and twice as ugly. This is especially true if that billboard is made to show the infamous goatse shock picture as a result.

That was supposed to be between me and my browser

found on Dilbert

I know it's easy to mistake the privacy of your own home, your own bedroom even, as being private, but if you're online it's not that simple. Everything you do online is recorded so the trick is to find some way to prevent it from being linked to who you are.

Monday, May 29, 2017

If you enter the info then the answer will be yes

from here

It may seem surprising but tricks like that actually work, unfortunately.

A great reason to check who's at the door before opening it

Watch on YouTube

This is the kind of thing that makes me glad I live in a colder climate. I feel somewhat safer from reptiles when there's snow on the ground.

Friday, May 26, 2017

And I'm too old to play in sandboxes

from here

It's a shame I couldn't figure out a way to work in a whitelist reference while I was at it.

You'd think there would be bigger concerns

found on Memedroid

Since they'd probably be able to use your WiFi from outside your home, if any were to come inside I think it's safe to assume they want more than just your WiFi.

Thursday, May 25, 2017

You wouldn't hack a safe

from here

We crack passwords. We crack ciphers. We crack safes. We even crack eggs. Breaking down barriers seems to be called cracking, so why do we persist in calling the breaking of most types of computer related barriers "hacking"?

Is this a store or a forest?

found on Imgur

You know what appears to actually be invisible in this store? The customers.

Wednesday, May 24, 2017

I'm never borrowing Osama's luggage again

from here (source image)

I realize some people like to personalize their luggage, but this is not the way to do it.

The dankest privacy setting

found on Privacy Memes

What I think the take-away here is is that there's a Tumblr dedicated to privacy memes. Clearly I'm not the only one who thinks using memes to promote important concepts like security or privacy is a good idea. I might be the only one persistent enough to keep at it for a decade, however.

Tuesday, May 23, 2017

We can re-purpose it - we have the technology

from here

True story, my computer died recently. It was in fact an XP machine (with a number of things to mitigate the added risks of using an OS that wasn't supported anymore).

Now it's my new banking PC (a computer I boot from a Linux LiveCD exclusively for the purposes of doing online banking), which is good because the previous one (that says Windows 2000 on the case) was frustratingly slow when used that way.

I wonder what I'll use that older one for now. Boat anchor? Space heater? Step stool?

If you really loved your country you wouldn't keep secrets from it

found on George Stephanis' blog

Just a friendly reminder to not let your government agencies act like overly attached girlfriends. They shouldn't need to be creepy and stalk you.

Monday, May 22, 2017

The first sample is on the house

from here

How to make a spare padlock key

Watch on YouTube

So, on the one hand this could be handy for making backup keys in case you ever lose the real ones. On the OTHER hand, since this is so easy, you should basically never trust a padlock that has been previously owned by someone else.

Wednesday, May 17, 2017

Copy&paste attribution for the copy&paste cyber threat

from here

Lately it seems like you can't swing a cat without hitting a cyber attack launched by a country that can't keep the lights on. I understand sometimes all the evidence seems to point that way, but you're talking about something that notoriously copied the tools used by one nation state, there has to be a strong suspicion that signs of other nation state's tools are also copied.

At least it's just a surveillance drone

found on The Very Near Future

I can absolutely see something like this becoming a thing in the near future, and I fully expect some enterprising early adopters have already done something similar. The fact that it's found on a site called The Very Near Future seems really appropriate.

Tuesday, May 16, 2017

The first rule of ransomware

from here

One way or another there's a pretty good chance you're going to have to pay eventually. At least with backups it covers a bunch of other scenarios that you can't use bitcoins for. Also, it doesn't pay for the next round of attacks.

Take a moment to appreciate natural defenses

found on Bloomberg

The natural world has some amazing defenses. Imagine how much we could learn from it if we stepped away from our day to day issues and really looked at the world.

Take the pangolin, for example. It's name refers to it's primary defense technique of rolling up into a ball, but it also has at least 2 other defenses - lashing out with it's tail, and emitting a foul smelling substance like a skunk (source).

Monday, May 15, 2017

Better get patching

from here

When it comes to malware, there's almost never just one of anything. Maybe we'll be lucky and the people responsible for WannaCry won't bother fixing the flaws that the first had, but I wouldn't bet on it.

If you didn't get hit before, make sure it doesn't happen the next time. If you did get hit before, make sure it doesn't happen again. Patch if you can, block those damn ports, and make sure you've got backups.

The Media Show: Why Do Ads Pop Up On My Computer?

Watch on YouTube

I've highlighted this YouTube artist's work before. Now I'm thinking I might just have to subscribe to their channel to get notified of security-related videos in the future.

Friday, May 12, 2017

A gross lack of security hygiene

from here (source image)

You've probably heard passwords compared to underwear before (keep them hidden, don't share them, change them often), but maybe not quite like this.

Passwords are like underwear: They shouldn't stick to the wall

What do you think, could this one catch on?

You need to use the right threat model

found on The Meta Picture

I bet the person who put up that bird feeder was expecting to just have to deal with squirrels, not something orders of magnitude larger. That changes everything and the defenses that might have worked against a squirrel are probably not going to be effective against a bear.

Just think what would happen if bears also took over the squirrel's role in the cyber security threat landscape as well. As much damage as a squirrel can do to critical infrastructure, I have to think a bear can do more.

Thursday, May 11, 2017

Better watch out for crafty crooks

from here (source images one, two, and three)

I suppose there might be another reason to call the cops over a hot glue gun, but I don't think it's any more flattering than the suggestion above.

The importance of getting your own private holodeck

found on Sizzle

If I had been Riker, I wouldn't have used shared, public facilities in the private and intimate ways that he did. His crew mate Geordi La Forge certainly got burned by that particular problem.

Wednesday, May 10, 2017

Maybe it should be called a privates club instead

from here (source image)

Surely, if the invasion of privacy isn't enough to put an end to this, there's got to be a health code violation here. Right?

What liquid is actually in that glass?

It's hard to do passwords worse than this

found on Kappit

It's hard, but it's not impossible. A SQL injection vulnerability in the password field would be worse, however treating it as a SQL injection vulnerability first and blocking "special characters" would be the wrong solution. There can be no SQL injection vulnerability if the data the user inputs isn't the data that gets put in the database - so hash your passwords!

As for the complexity requirements, everything other than length is basically garbage that makes passwords worse by making them less user friendly (and so more likely to be reused or posted on a screen or wall) and easier for a computer to guess because it actually removes many of the possible combinations.

Tuesday, May 9, 2017

Just click "Agree" on that free software

from here

When I read this article about Mac malware, I was struck by how similar the population growth resembled that of PC malware in the 90's. Don't worry Mac security fanboys - your malware epidemic will get here soon.

Hacker Trope T-Shirt

Redbubble product link

I assume that if one actually wanted to identify with the cliche of the faceless hacker in a hoodie found so often in stock photos, one would actually wear a hoodie (and maybe a balaclava and some thick gloves). As such, I think wearing a shirt like this must involve a healthy dose of irony. My compliments to the artist on the design, though.

Also, this design comes on a variety of different garments for both sexes (including a hoodie, in case you want to be extra meta).

Monday, May 8, 2017

Still better off with it than without it

from here

Just because the most popular way to do 2FA is vulnerable to attack doesn't mean 2FA in general is over, or even that the vulnerable way isn't still worthwhile. More often than not it will still protect you because most attackers don't have the resources necessary to pull off this attack.

Stealing can be a pain in the ass

Watch on YouTube

I don't know if this is real or not. I have difficulty believing people would sign up for that, but then again there was the movie "Jackass", so who knows. It's fun to imagine it is real, though, because I suspect we've all been ripped off at some point and wished to see a certain kind of justice handed out to those responsible.

Friday, May 5, 2017

A good reason to lie

from here

Security questions are notorious easy for people to get the correct answers for, so you're better off providing non-truthful answers for yours in order to make it harder for people to break into your accounts.

Obtuse of power

found on Lefthanded Toons

If only all abuses of power by authorities ended up like this.

Thursday, May 4, 2017

There's always a silver lining if you look hard enough

from here

I suppose if you actually have a lot of friends/colleagues/acquaintances then social vectors like this one are harder to deal with.

They should have had a pen-test

found on Meme Generator

If only someone had red-teamed the Death Star. Maybe they would have found the big gaping hole in it's defenses.

Wednesday, May 3, 2017

A fail so nice they did it twice

from here (source image)

It appears that a bike owner learned a valuable lesson: Two of the same security mechanism is generally no better than one.

Look at me, I'm the network admin now

found on Funny Life

Tuesday, May 2, 2017

The strength and weakness of password managers

from here

Password managers can help alleviate this problem, except where the password manager's own password is concerned.

Sometimes privacy is something you give

found on Imgur

One often hears about protecting privacy, which is generally something you do for yourself, but respecting privacy is a gift you give others and the more you give it the more you inspire others to reciprocate.

Monday, May 1, 2017

Deterrence has many forms

from here (source image)

I'm pretty sure one of them is going to think twice about trying anything that evening. Which one that is is left as an exercise for the reader.

Worst Wifi Password Ever

Watch on YouTube

I don't know, is it really the worst WiFi password? From a security perspective I think there are actually worse passwords, but from a usability perspective this one is clearly pretty bad. On the plus side, you don't have to worry about people listening in when you tell someone the password over the phone.