Thursday, November 30, 2017

How is "too long" still a thing in 2017?

from here and here

Thanks to Paul Gilzow for pointing out how foolish it is to have a password length limit in this day and age, and, incredibly, getting a representative of the company in question to consider the possibility that Paul is right.

How to stop worrying about ransomware

found on Imgflip

Ransomware really shouldn't be the big deal it has become. We should have always been making backups so that ransomware wouldn't have been an issue in the first place, but barring that, once it did become an issue we should have started making backups.

So why haven't we (collectively) started doing that?

Wednesday, November 29, 2017

That's what I call a duh-fault password

from here

There are a lot of things I could say about this monumental cock-up by Apple, but I think the most important thing for people to take away right now is:
Leave no default password unchanged

That goes not just for this particular case but all cases of default passwords. If you find them, change them, because eventually defaults become something that everybody knows, and a password that everybody knows isn't a very good password at all.

(Of course a blank password is even worse)

Would you trust a social network with your life savings?

found on Imgflip

If you use the same password for both then Twitter is essentially in possession of the key that unlocks all your finances, and I don't think that's something they planned to protect when they were devising their defenses. Even if it was something they planned for, that doesn't mean they'd be any good at it. Certainly I wouldn't expect them to be better at protecting that than they were at protecting President Trump's Twitter account.

Tuesday, November 28, 2017

That sounds like phun

from here

If your son or daughter spends a lot of time online "fishing", make sure it's fishing with an F and not phishing with a PH.

One more reason to use 2 factor authentication

found on Google Image Search

Probably best not to use biometrics, though. You don't want to find out how a dog might bypass that. I'm sure it involves teeth.

Monday, November 27, 2017

Don't want home invaders walking in on me

from here

I imagine this is also good for those times when one is entertaining guests, or if one ever stops being alone, but it's weird that the sense of a lack of privacy can persist even when reality is not in agreement.

Somebody is going to get a new wallpaper

found on Quick Meme

I must admit, I've changed a background or two in my time, but never to something so meaningful. I'm going to have to keep this on file for the next time I need to teach someone a security lesson.

Friday, November 24, 2017

It certainly blocks a lot of infections

from here

There's a set of security 'experts' who are pretty vehemently anti-AV and there's a set of security 'experts' who like to make snide comments impugning the integrity of MSWindows. If those two sets overlap, this should make their heads explode.

Scam Detected

found on Meme Center

I wonder what people encounter more often - virus alerts that actually came from their installed AV or fake alerts meant to trick you into installing malware. If only there was something that could protect us from scams the way AV protects us from viruses.

Thursday, November 23, 2017

When guns don't make you feel safe enough

from here

I am completely dumbfounded by this story. I've certainly heard of police abuse of power and the use of unnecessary force before, but this is some next level shit. As much as we need authorities to neutralize attackers so that they can't launch attacks anymore, we also need to keep them in check and this is one of many examples that we aren't doing that.

In government we distrust

found on Imgur

Trust is hard to build, and even harder to rebuild.The government wants citizens to trust them with the keys to all the data (through back doors or front doors or golden keys or whatever)  even though they've proven themselves untrustworthy over and over again. Somehow I don't think that's going to work out for them.

Wednesday, November 22, 2017

So it was a snooty Nigerian prince?

from here

It's almost never a very sophisticated attacker, unless your metric for very sophisticated includes typing with more than 2 fingers.

Checking my door now

found on Imgflip

I have a confession to make. Sometimes when I leave my home in the morning I discover that the door isn't locked. I've certainly considered the possibility that someone might break in while I slept but it never occurred to me that they might still be there when I wake up. Good thing there's 24h security in my building.

Tuesday, November 21, 2017

HR is not amused

from here

Honestly, even with an HR department that isn't insane and/or completely stupid, work really isn't the kind of place I'd want to be thinking those kinds of thoughts. It would just be weird.

Not even his friends and family

found on Imgur

Email is used for so much junk these days it's a wonder any email is taken seriously anymore.

Monday, November 20, 2017

Grandma fixes everything

from here

If only Grandma could fix Internet privacy. Sadly it's not as easy as mending socks, although I suppose some kind of knitted article could be placed over your webcam, so there's that.

Whenever there's a new privacy setting

found on Meme Center

I couldn't find the true original at, unfortunately, but don't let that stop you from checking if there are any new Facebook privacy settings you don't remember that need to be turned off.

Friday, November 17, 2017

Peter Piper on security

from here

That's right, botnets are not nets for catching bots.... and yet, I think if you really wanted to, you could probably find a way to use a botnet to catch other bots.

Maybe it's confused by all the BACN

found on ImgFlip
This is one of those things that makes spam filtering hard - messages that under other circumstances would definitely qualify as spam but because you intentionally signed up to receive them they aren't spam (they're bacn). How is a spam filter supposed to know you want to see that junk?

Thursday, November 16, 2017

LiveCD Girls Girls Girls

from here
The reason booting from a LiveCD is good for online banking is that it provides an environment that couldn't have been infected during past usage because the CD is read-only. It occurs to me that an environment you can be fairly certain won't get infected in the present would likewise be of benefit when visiting sites that have traditionally been considered "unsafe".

Just don't do both in the same boot session.

Who even remembers the NSA anymore?

found on Quick Meme

With everything that's been going on in the US government, has anyone remembered to keep an eye on what the NSA is doing? I have a feeling that the importance of intelligence oversight may have gotten lost in amongst the importance of a variety of other things.

Tuesday, November 14, 2017

And it shouldn't have been "Password1!"

from here

Reusing passwords may make things easier for you, but it makes things a lot easier for attackers too.

There are other ways of making passwords easy for you while not making them easy for attackers.

That's some quick thinking

original tweet

This is a much better alibi than that whole "a virus ate my homework". Who knows, maybe you can even say you got caught in a pornado when HR comes around wondering why you were looking at porn on the job.

Monday, November 13, 2017

No peepshows for you, webcam hacker

from here

You didn't think the baddies were just interested in encrypting your computer or making it mine bitcoins did you? Some have more lascivious interests.

Did you roll your own crypto?

found on Quick Meme

If there's one thing that every developer who deals with cryptography should know it's that you shouldn't roll your own. It may sound elitist, but people will come to rely on the security your product offers and unless you're an expert the chances of you making something that actually is secure enough is basically nil. Instead, use existing cryptography libraries that have undergone rigorous review and verification.

Friday, November 10, 2017

Who wouldn't trust Facebook to protect their privacy?

from here

The idea to have people upload their nude photos to Facebook is definitely a weird one, and the admission by Facebook's head of security that employees would actually be looking at those nudes would certainly make me think twice even if I'd forgotten about all the privacy controversies, the ethically dubious psychological experimentation, and that old quote from Mark Zuckerberg himself - "They trusted me, dumb fucks".

If you're not in a hurry I guess that could work

found on Reddit

Often times people are in a hurry and want things cleaned up immediately, but free decryption tools aren't always available so you might think that  your only options are restore from backups or pay the ransom. There is a third option, however - hope and wait. Hope is not a great strategy for data recovery and you'd certainly not want to rely on it, but sometimes all it takes is time for a decryption tool to be developed.

Thursday, November 9, 2017

Dead or alive, your body's a key

from here

Not only can law enforcement make you unlock your device against your wishes, they can do it when you're dead too. When it comes to biometrics, cooperation isn't necessary.

User awareness training in a nutshell

found on Meme Generator

I know there's a little more to it in reality, but definitely plays a significant role in how people get trained to be safe online. Not sure that's good enough, though.

Wednesday, November 8, 2017

Hello DDoS, my old friend

from here

Of course your own connection may still be up in a DDoS attack but the server your devices are calling home to may not be (it depends entirely on what the target of the attack is). Also, any network outage will do, DDoS is just the weaponized form.

Lose clicks sink ships

found on Make A Meme

Unfortunately it really is important to be careful what you click on. It's dangerous online.

Tuesday, November 7, 2017

Just how secure are ATMs?

from here (source image)

Thanks to @da5ch0 for drawing my attention to the fact that DOOM seems to be one of the favourite things to run on devices you'd never expect to show just how open they really are to modification (something that is perhaps not a feature you want in an ATM).

Given how many devices have been hacked to play DOOM, I'm inclined to conclude that hacking something to put DOOM on it is a meme in and of itself.

When you forget to use incognito mode

found on Droll Nation

That is not the expression of someone who holds you in high regard. Someone is in big trouble.

Monday, November 6, 2017

Seems like an awful lot of effort

from here

Imagine having the know-how to pull off this kind of caper but not the wisdom to realize that that the more you do it the more chances there are of getting caught. Getting caught was inevitable at the rate this kid was going.

A blast from the past

found on Fail Blog

Remember, remember, these nameless offenders. It was a great prank, but wow has anonymous ever changed since those days.

By all accounts this image is supposed to have actually come from Fact Republic, but I was not able to find it there (a similar one, yes, but not this one)

Friday, November 3, 2017

One good conspiracy theory deserves another

from here

I'm sure we've all heard the idea that AV companies are actually the ones behind the viruses. Well, maybe there actually is a conspiracy but going the other way? I mean, a number of security 'experts' do seem to be rather chummy with the blackhats. Maybe they're hoping for a cut of the profits.

Alternative medicine has never been more convenient

found on ImgFlip

Thank goodness someone is willing to protect me against unknown lumps and masses.

Thursday, November 2, 2017

Get a real job, ya ransomware bum

from here

This seems like the proper way to respond to ransomware demands, with defiance not compliance.

Don't overdo it

found on Green Locksmith

Some say complexity is the worst enemy of security and this is a pretty good example. Not only does it make it harder for you to get out, it adds virtually no difficulty for someone trying to break in.

Wednesday, November 1, 2017

Using locally sourced bits

from here

How not to keep your keys in a safe place

found on Imgur

I mean, I can sort of see how one would arrive at this solution to losing keys, but then you need a solution for using keys, because you can't do it here.