Thursday, August 31, 2017

Just what the cybercrooks wanted to hear

from here

Antivirus, on it's own, has never been enough. That's not to say you shouldn't use it, you absolutely should because it stops a great deal of automated crap that you don't want to have to deal with manually, but it's also dead easy for an intelligent attacker to bypass.

Past world problems

found on Imgur

The technology has changed a lot over the years, but our desire for privacy has not.

Wednesday, August 30, 2017

You'll be lovin' the McBlockchain

from here

I have no idea if making a more secure reward points program is an appropriate use of blockchain technology, but I'm pretty sure we're going to see more companies trying it.

You won't be ignoring that update

found on Know Your Meme

Software update agents are as intrusive and annoying as they are precisely because applying the update is so important.

Tuesday, August 29, 2017

Good thing I Excel at math

from here

It's a good thing Windows computers had a widely deployed but rarely used executable that exploit makers could use to demonstrate vulnerabilities. Hopefully no one actually thought they could protect themselves against exploits by blocking it.

Defense in depth fail


Watch on YouTube

If one child gate isn't enough, what makes you think two will do the job? Just as a second fence won't stop someone who can get past the first and a second padlock won't stop someone capable of getting past the first, a second child gate isn't going to stop a child that can climb over the first - even if it's on top of the first.

Preventative measures don't get stronger by duplicating them, Only with complementary measures do you actually prevent more.

Friday, August 25, 2017

I'm not scared enough to accept your scareware

from here

How far ahead of the curve would we be if malware couldn't scare people into making rash decisions? Unfortunately the scareware market and the legitimate anti-malware market feed off of each other (anti-malware vendors sow the fear that scareware makers capitalize on and scareware makers sow the malware that anti-malware vendors capitalize on) and it's hard to break out of a feedback loop when there's money involved.

Choose your own misadventure

found on Quick Meme

In my experience you may get the molestation no matter what you do, so you might as well avoid the cancer machine as an unnecessary additional indignity.

Thursday, August 24, 2017

Just don't use Mr. Whiskers' sandbox

from here

Ever wonder why it is that when searching for a phrase to describe an isolated, disposable environment we settled on the name of a child's play-thing?

Don't get 'taken' by them

found on Imgur

It's not surprising to me that some people fall for these kinds of scams. What surprises me is that there are some people out there who (upon realizing it's a phone scam) are calm enough to prank the scammers and waste their valuable time instead of confronting them immediately (and angrily).

Wednesday, August 23, 2017

Be sure to include symbols

from here

Password policies frequently are so needlessly arcane they might as well be from an alien language.

And not the good kind of paddlin'

found on Meme Generator

An application whitelist specifies which programs are authorized to execute, so running an *.exe that isn't on the list is expressly not allowed. Generally the whitelisting software will prevent it, but there are always ways of bypassing such things so a policy that prohibits it may also be called for.

Tuesday, August 22, 2017

Ain't nobody got bandwidth for that

from here

It's one thing when your computer needs to update, or maybe an app on your phone needs an update, but when your refrigerator and television and light bulbs and toaster and oven and clothes washer&dryer and kettle and water bottle and salt&pepper shakers and toilet and bed and door lock and thermostat and bathroom mirror all need software updates ... that's just way too many things using what precious little bandwidth you have to try and find updates for themselves.

And that's not even counting the possibility of bad updates that brick the device.

Hunting for purr-sonal information

found on WhiteHat Security blog

Be careful about participating in social media games that involve revealing personal details. Even if those details aren't your password they might be enough to allow someone to pretend to be you and bypass your password.

Monday, August 21, 2017

Someone's going to be sleeping with the fishies

from here

Babies in suits notwithstanding, I have to imagine that cyber-criminals and traditional criminals have butted heads before, and I have a feeling that cyber-criminals are generally ill-prepared to deal with that scenario. I wonder if any criminal underworld figures have had to deal with ransomware on their TV. Many have families, after all, with all the trappings that entails, so it's conceivable that they become victims to some of the same things ordinary people are victimized by.

And how could you know it doesn't?

found on ImgFlip

On the one hand, if you don't have an anti-virus you really have no way to know whether you've caught a virus or not. On the other hand, if you don't have an anti-virus you can be pretty sure that message boxes warning you about viruses on your system are fakes designed to scare you into installing something you don't really want.

Thursday, August 17, 2017

How I benefit from your privacy

from here

Your privacy is good for you and for me, and I would very much like it if your confidential info didn't intrude into my life.

And the backdoors are gonna be YUGE

found on Sizzle

He knows the best hackers. They hacked the election for him, after all.

Wednesday, August 16, 2017

Not looking so 'smart' anymore

from here

When it comes to failing smart locks, both failing open and failing closed (unlocked or locked) have problem. You need to be able to open the door but you also need to be able to prevent others from doing so. If you can't get in you may be less secure as a result. If everyone can get in you may be less secure as a result. If there is no good failure mode, the possibility of failure should not be accepted.

Terminal Stupidity Authority

found on Webcomic Factory

The scary thing is, a 10 year old girl isn't even the youngest child I've heard of being subjected to a "pat down" at an airport terminal, and because of the nature of the touching, the outcome is often pretty bad. Don't bother trying to figure out what the TSA is thinking, though - they aren't.

Tuesday, August 15, 2017

Did I staple a horse, or the horse, or your horse, or...

from here

I don't know about you but I find that remembered phrases are prone to slight alterations that have little bearing on the meaning of the phrase but make a computer completely fail to match them against the reference phrase that was entered months ago. That's a problem with passphrases that I rarely hear anyone talk about.

I'm feeling so confused right now

found on Memebase

Could someone explain to me what AVG is supposed to be doing? Are they supposed to be making us feel more secure or are they supposed to be making us feel more productive? Because I'm pretty sure booting up 1% faster (who can even tell that?) has precisely no impact on feeling more secure.

Monday, August 14, 2017

Illustrate your point with cave paintings if you like

from here

The catch phrase "There's no patch for human stupidity" is a fairly successful meme within the information security community, but that doesn't make it good. It's actually exotoxic in the sense that it implies that it's not worth the effort to pass on knowledge to people who don't already have it, thereby denying those people the tools with which they could better control their outcomes and by extension thrive.

The fact that we aren't still living in caves proves that it's not just special individuals who are capable of learning but in fact the entire human species as a whole.

How not to make a clean getaway


Watch on YouTube

F&@%ing doors, how do they work? That must be a question that plagues this would-be criminal. I'm sure he lies awake at night in his cell wondering what he could have done differently (although he appears to get away, it seems unlikely he stayed out of the grasp of the long arm of the law).

Friday, August 11, 2017

No logo, no coverage

from here

The fact is, when researchers market the vulnerabilities they discover, they're really marketing themselves. More and more these days security seems to be about satisfying personal needs rather than actually making things more secure.

It might help me unclench

found on Know Your Meme

I mean, if they're going to be sticking things there without a normal lubricant, at least they could try a social lubricant.

Thursday, August 10, 2017

Go directly to jail. Do not pass GO

from here

Normally I'd say something along the lines of "I have no idea what this person was thinking" except the journalists who covered this made sure to include that part. The guy was just looking to get home. That's right, he planned to drive a stolen cop car to his house. Not like having a stolen cop car outside your home to point the finger at you.

Just a lonely little botnet

found on Quickmeme

This is one of the reasons I use a different disposable email address everywhere I go. Not because I have a relationship to protect, or because I post lonely heart ads online, but rather because I know that emails occasionally get harvested by spammers and I want to be able to turn off the spam without losing my real email address.

Wednesday, August 9, 2017

How do I practice cell phone opsec now?

from here

The point of burner phones is that you dispose of them often so that they can't leak information about you or your operation. Chances are you'll need many of them and so they'll have to be cheap.

One wonders, though, at what point does a cheap phones itself cause people to become suspicious.

I'm sure some people are able to use iPhones as burners, but they'd have to be part of some well funded group (perhaps working for a government).

This door seems 'secure'


Watch on YouTube

An excellent demonstration of why blindly using security controls without knowing how they work or whether or not they're suitable to the environment you're using them in is not a good idea.

Tuesday, August 8, 2017

When even attackers don't want anything to do with you

from here

As someone who spends most of their non-work time alone, I think I would like to be so unpopular that attackers wouldn't bother with me. That seems like a silver lining I could get behind.

But it's supposed to be secure

found on Quick Meme

This is actually a really good use of the Everyone Loses Their Minds meme. If you're familiar with this scene in the movie then you remember him talking about 'plans'. Microsoft having vulnerabilities is definitely part of "the plan". It's what people expect. There was even a plan for addressing those vulnerabilities once a month, as regular as clockwork. Unix/Linux/etc having vulnerabilities? That's not part of the plan and for those that are affected by it, it is definitely something that raises their anxiety level (maybe even to the point that they lose their mind for moment).

Monday, August 7, 2017

You shall not pay

from here

There may come a time when you get hit by ransomware, and if you don't want to wind up as lost as Confused Gandalf here you'll make backups, because the only thing paying guarantees is that it'll happen again (either to you or someone else)

The more people do it the more dangerous it becomes

found on Rahul Kumar's blog

There are certainly those who believe AV should be abandoned altogether and cite their own experiences not getting compromised while not using AV as evidence. But those are merely anecdotes and they don't reflect the fact that part of what keeps those people safe is all the other people who ARE using AV and making it harder for malware to flourish long enough for those who aren't to be exposed to it.

In biology this is called herd immunity. It only works so long as a certain minimum threshold is maintained and telling people to abandon their AV threatens to bring the number down below that threshold and make things worse for everyone.

Friday, August 4, 2017

Where'd all that banking trojan money go?

from here

I don't know about you, but I think if I were responsible for a banking trojan, especially one that managed to make it onto the authorities radar, then I'd have enough money to get my own place.

That's one solution to the malware problem

found on Quick Meme

Malicious software won't be a problem anymore if you remove the power. Not being able to use the computer for anything is a bit of a problematic side effect, though.

Thursday, August 3, 2017

You are hereby ordered to stop committing crimes

from here

At least their boss is doing something to curb this abuse of trust the authorities are committing, even if what he's doing is a bit ridiculous.

Hope you didn't have anything to hide

found on Meme Generator

Nobody said staying one step ahead of the authorities was going to be easy.

Wednesday, August 2, 2017

Try not to shoot yourself in the foot

from here

Yes, this is a real thing that happens. People think they know better than their AV vendor what features should be enabled. The problem is most people don't actually know how AV works, so their choices are uninformed and eventually harmful in the long run.


The evolution of a meme

tweeted by Franziska Haaf

Does this meme look familiar to you? The text is identical to this one from years earlier but the art work is clearly superior. I approve.

Tuesday, August 1, 2017

And why the ones they do get don't count

from here

Every time there's another piece of Mac malware in the news the Apple faithful go through mental gymnastics to explain (perhaps to themselves) why that one doesn't count. I wonder what they'll come up with for this new one that's apparently been going on for years.

Geniuses sure ain't what they used to be

found on Sizzle

I have a feeling the "genius"es in the actual Apple store are probably trained not to come up with that interpretation specifically because they don't ever want to give the public the idea that Apple computers get malware like PCs do (even though they do).