Wednesday, August 15, 2018

That's one way to stick it to the crooks

from here

What this incident illustrates is that technology can eventually become so old and unfamiliar that it becomes capable of thwarting attacks. It may not be more secure against attack but it's safer against attack simply because the pool of people who are able to successfully carry out the attack has become smaller.

I bet "who wants icecream?" would have worked

found on Me.me

People keep talking about eliminating passwords or the death of passwords but they never seem to anticipate the breadth of applications using passwords. It's not just websites, passwords are all over the place because they simple to implement, simple to understand, and simple to use.


Tuesday, August 14, 2018

Wait a minute...

from here

I don't know what's worse, that this is the quality of phishing scam that Russian hackers use against American political candidates, or that it works.

It's only a matter of time

found on Funny Memes

Honestly, if school officials are already getting bent out of shape when a kid eats a pop tart into the shape of a gun, it can't be too much longer before they get spooked by clouds.

Monday, August 13, 2018

Where did that word go?

from here

I've seen examples of this over and over again. Stories about pharming that somehow avoid ever using the term pharming. It's as if people don't even know the word exists.

Hey Troy, I got you something

found on Funny Junk

I think we all know what happened next.

Friday, August 10, 2018

Or maybe just don't sell to cops

from here

When you live in a world where people are excluded from the police force for being too intelligent, maybe you shouldn't rely on them to use technology intelligently.

Protection comes in all shapes and sizes

found on Reddit

Whether your protecting yourself against an intelligent adversary, or just the heat, the underlying concepts are frequently the same. In this case a barrier it's a barrier between the hands and the steering wheel.

Thursday, August 9, 2018

Someone better be patching my ISP

from here

Listen, I know mistakes happen sometimes, but 5 backdoors in 5 months? That stretches the limits of credulity just a bit.

That's a steal

found on The Art of Trolling

Sounds like someone got a lot more than just a 5 finger discount.

Wednesday, August 8, 2018

What a thoughtful way to reduce the attacker's workload

from here

So not only does the plaintext password completely eliminate any security offered by storing the MD5 hash (and there isn't much there), it actually provides attackers with a tool that could be used to help crack passwords from other sites. No need to try and figure out what that MD5 hash value corresponds to - if it appears in the database detailed at Have I Been Pwned then you can just look it up.

That'll teach you not to invade a woman's privacy

found on Whisper

I'm sure TSA has seen worse, now that I think about it, and I fully expect that some of them have been deeply scarred by the experience - which is one of the costs of violating people's privacy.

Tuesday, August 7, 2018

And the winner is Votey McVoteface

from here

There are so many things wrong with this story, not the least of which entrusting democracy to a company named Voatz. I can't imagine how anyone could remain under the delusion that mobile devices are secure enough for voting. It's questionable if they're even secure enough for making online purchases, never mind deciding who the next leader will be.

"Security" Questions

found on Fail Blog

Somehow I don't think these questions are going to do enough to protect this particular user.

Monday, August 6, 2018

New privacy settings in 3... 2... 1...

from here

Asking for financial details seems profoundly tone-deaf on Facebook's part. I hope no banks are dumb enough to trust the poster-child of privacy violations with our account details.

Don't call us, we'll call you

found on Imgur

Like this person, I too hate being asked for my cell phone number all the time, especially since I don't have a cell phone.

It sort of reminds me of a particular male stereotype where a guy goes around collecting phone numbers from as many people (generally women) as he can. I wonder if such a person had a part in the genesis of this pattern among service providers.

Friday, August 3, 2018

Bring out your dead, your antivirus, your SMS 2 factor authentication

from here

Nothing is perfect, and having an imperfect thing can still be an improvement over having nothing at all. Maybe it fails under certain circumstances, but doesn't mean there aren't other circumstances where it's useful.

No one wants to hear holier than thou security pundits spewing mindless negativity about something that does actually work a good deal of the time. It's unhelpful and annoying.

Privacy: You're gonna have to try harder than that

found on Meme Center

If you've ever tried this then I'm sorry but you probably messed it up like this guy and let everyone see that not only were you looking at smut you were also embarrassed to let others know you were looking at smut.

Maybe wait until you're in private before you look at pictures of people's privates.

Thursday, August 2, 2018

How are we still here?

from here

Learning that the nuclear launch codes were 00000000 was scary but you could maybe trick yourself into believing it was a one-off, and aberration that has thankfully been rectified.

But learning that the password for a certain model of voting machines was abcde makes it clear that there's a larger pattern at play and it makes you wonder how many other critical things have bad passwords still to this day.

They said it would make things better

found on Meme.xyz

Maybe for earlier versions of Windows the updates made things better but in my experience that just ain't so for Windows 10.

Tuesday, July 31, 2018

Send in our Wonder Woman jets

from here

You should have to pass a test before you can be put in charge of the worlds most powerful military force. Otherwise you get a commander in chief who sounds like he's bragging about his favourite toys.

Ignoring intelligence isn't very smart

found on Fail Blog

If you get an indicator that suggests an attack is eminent or even currently under way, the last thing you should do is put it off until dealing with it is more convenient, because by then it may be too late (as this historical tale demonstrates).

Monday, July 30, 2018

Invasion of privacy curtain

from here (image source)

Because a clear shower curtain wasn't revealing enough, someone made one that enables you to be seen naked by people on the Internet as well. This product is a real thing but so are apps that can take your picture without you noticing, so it may not be the best idea out there.

On the other hand, if you could mount it on a wall or something, I could see using it outside of the shower, where I'd be fully clothed.

How low can Bitcoin go?

found on Reddit

Gosh I hope that's not the price tag. Otherwise that is some expensive footwear.

Friday, July 27, 2018

Password Managers 1 : Scammers 0

from here

Some scammers have apparently taken to using peoples passwords found in past breaches in order to make their scam more convincing - see Brian Krebs story about it

Obviously, if you never knew your password in the first place, the code they send you purporting to be your password won't actually mean anything to you, won't be familiar, and will not make their incredible story seem any more credible. As if there weren't enough reasons to use password managers, now they help prevent a particular kind of social engineering.

James Veitch : More adventures in replying to spam


Watch on YouTube

Oh how I wish I had the patience to play along with scammers. It looks like so much fun.

Thursday, July 26, 2018

It's amazing what you get to see at a SECURITY conference

from here

The strongest part of the security behind RSA SecurID tokens is that the code on the little screen on the token isn't easy to guess and changes too often to be brute forced. None of that matters if an attacker can SEE it.

No protection is foolproof

found on Miami And Eunice

People who don't understand how protection works are doomed to fail at protecting what it is they want to protect.

That being said, wear a helmet when you bike. Breaking your head is a lot more serious than breaking your leg.

Wednesday, July 25, 2018

Let's just say it's an excellent source of iron

from here

I wonder if Hormel even filters their SPAM at all? If not, maybe they should.

A false sense of privacy

found on Meme Base

The fact that Facebook was ignoring your privacy settings when it was profitable means they have never had a commitment to privacy, only a commitment to making you believe there was privacy. After all, the CEO did once call everyone who trusted him with their personal information "dumb fucks". Disrespect for others is pretty deeply in-grained there.

The concept of the false sense of security has been around for a long time now. I think it's time we started talking about the false sense of privacy.

Tuesday, July 24, 2018

Because ubiquitous surveillance is un-American

from here (image source)

I've seen something similar done with make-up before but a tattoo shows real commitment.

I'm on to you, human

found on Just Viral

Obviously you need to step up your game if you want to catch this pup in the act of doing something wrong.

Monday, July 23, 2018

From Russia with Love

from here

The story about a Playboy playmate and Bond girl having an online romance with the people who cracked the DNC is pretty much the weirdest part of the controversy about Russian interference with the US election - so far.

It seems to keep getting weirder, though, so who knows what's going to be the weirdest part next week.

I didn't know this was an option

found on Izismile

I knew you had to get your picture taken when you won big at the lotto, but I had no idea you could still protect your identity this way. This is a great idea and I hope it's available in places other than Jamaica as well.

Here's a news article about it.

Friday, July 20, 2018

Not-so-high security

from here

I can't imagine how you can call something a prison (even a rural prison) if people can just leave when they feel like it.

Too hard; Didn't take

found on Dump A Day

I guess this is supposed to be motivation to do better in math, but it seems like a pretty good way to keep something secret. People who've been out of school long enough to forget calculus wouldn't be able to figure it out. Just gotta watch out for those meddling kids.

Thursday, July 19, 2018

No, literally tell me more, Microsoft

from here

I kept getting pop-ups about sedlauncher.exe wanting to this or that, but did Microsoft make it easy to determine what it was? Of course not. And this is just the latest example. Windows 10 seems to have far more tiny little apps than earlier versions of the OS for no apparent reason, and it makes operating a whitelist harder.

Who can you trust?

found on The Art Of Trolling

I imagine anyone who would write in to an advice columnist probably trusts that columnist. Maybe that's not for the best.

Wednesday, July 18, 2018

Without the service what you have is a paper weight

from here

I've been thinking about this for a while, especially with regards to what the vendor is actually selling you. You think they're selling you a device? No, they're selling you a service that provides you with some convenience. You have to use their proprietary thing in order to make use of that service. You interact with the service through that thing - maybe also through your browser, but also through that proprietary thing if you want to get the benefits of the service.

You interact with a hydration tracking service by using a supposed smart water bottle supplied by the hydration tracking service provider. You get the benefits of the sleep tracking service by laying your head on a pillow-shaped sensor linked to that service. You get the convenience of app-enabled entry into your home by replacing the lock on your door with a device controlled by servers in some far away place.

So since smart devices aren't really smart and aren't really the device you think they are but rather special purpose dumb-terminals connected to a remote service, I figured a catch phrase might be a good way to clear things up. And since the "There is no spoon" model worked so well in the past, I give you
There are no smart devices, just digital services that have physical avatars

Thinking outside the box

found on The Humor Train

Tell the truth - if you were trying to smuggle something into an event, would the thought of exploiting time itself have even crossed your mind? It's certainly not the first place my mind goes. It's pretty ingenious, in fact.

Tuesday, July 17, 2018

Ex-employee seems more appropriate

from here

I mean, it's not at the same level as leaving the nuclear launch codes set to 00000000, but leaving nuclear material in the back seat of your rental car overnight in a bad neighborhood does seem especially stupid.

Deterrent Dad knows what he's doing

found on Wanna Joke

Now he just has to figure out how to get that image on to their individual Facebook profiles.

Monday, July 16, 2018

Endorsed by the state

from here

I'm not trying to suggest this relationship involves payment for services rendered or anything like that, but a while back a distinction was made about certain Chinese attackers being endorsed by the Chinese government even if they weren't officially in the employ of the Chinese government. They do China's bidding while letting China keep their hands clean. An argument could be made that the relationship between Trump and these Russian attackers is very similar.

Little Bobby Tables' long lost cousin

found on Me.me

You'd expect bank-grade security to include input validation. That doesn't mean they have input validation, however.

Friday, July 13, 2018

That won't protect you from shit

from here (image source)

When you see it....

Invalid pawsword

found on Meme XYZ

That's the surprised look of a cat that's never gotten the password wrong in all his 9 lives.

Thursday, July 12, 2018

I see London, I see France, I've seen who gets in your pants

from here

Stalkerware - a subset of spyware used by spouses, parents, and bosses, because of course it's easier to use technology to spy on people than it is to build and maintain healthy, trusting relationships.

A deterrent most fowl

found on Reddit

If there had been a warning about geese, and if I were still little, that kind of sign would have worked on me (because when you're little it's legitimately scary when a bunch of geese chase you). As an adult, I can't see either of those two threats being effective on me - especially if I was hungry.

Wednesday, July 11, 2018

You're gonna need a bigger board

from here (image source)

If you're going to go kite surfing, you might want to check and see if the waters happen to be shark infested. That seems like an important detail.