Tuesday, May 22, 2018

I shall hug him and pet him and call him Rootkit

from here and here

If you're wondering what packet sniffing has to do with rootkits - that's one of the things the original one did.

Nobody is falling for that one. Nobody

found on Meme XYZ

I've seen the first panel before. It's neat that people are building new security memes out of old security memes.

Monday, May 21, 2018

That was unusually helpful of them

from here

I don't know about you, but malware writers helping out sounds awesome. More of that, please.

Is there a #MeToo for airline passengers?

found on Meme Base

I've certainly gotten a disturbing pat down on the front of my trousers before when the wand supposedly false alarmed on my zipper. This was before enhanced pat downs went into effect and before agents were given the special training on how to deal with that area.

I imagine many people in that sort of situation don't even consider raising a stink about it. I know I didn't. The TSA are the authorities in an airport, so who would you report them to? And even if you did, how could you know for sure you wouldn't risk missing your flight? We probably shouldn't think of the violations as just part of the price of flying but I think to a large extent we probably do anyway.

I think the TSA has always had creepers in it. It's a job where ordinary folks are given extraordinary power over other people and sexual assault is very much about power so it kinda seems like a perfect fit.

Friday, May 18, 2018

Gee it would be a shame if that got logged somewhere

from here and here

It's amazing the kinds of things some web developers think they can leave in the URL.

The best keepers of secrets

found on I Can Has Cheezburger

Of course some pets can talk. I'm pretty sure parrots aren't the kind of pet you want if you keep a lot of secrets. I wonder how pirates kept them from spilling the beans.

Apparently this image was once available on merchandise you could buy, but unfortunately it no longer seems to be at the site mentioned at the bottom of the image (unless it's a page in one of the books).

Thursday, May 17, 2018

Securus? More like "Secure us!"

from here

I know that no system is breach-proof, that all systems are capable of being compromised, but I also think that if you can't or won't put in the necessary effort to protect the data you collect then you shouldn't be collecting it in the first place. As the saying goes:
If you collect it, you must protect it

It doesn't sound like Securus was prepared to do that at all.

I've always wanted to get into movies

found on Imgur


Wednesday, May 16, 2018

That doesn't seem too sharp

from here

Are people using hedgehogs to hijack planes? I mean I suppose some monster out there might abuse one and use it as a weapon, but why single out hedgehogs and not the larger, spikier version? Even when you look at the actual list supplied by the airline there's nothing obvious that would cover porcupines, even though large groups of other animals are.


Maybe human privacy will come in the next update

found on I Can Has Cheezburger

I kind of echo the sentiment in the picture. I'm glad Google is taking privacy seriously, I just wish it was ours.

Tuesday, May 15, 2018

Just show your ID and you too can be 'anonymous'

from here (source article)

So the card will have a number. Sites will need to check that number to verify you're actually allowed to view porn. There will have to be a central registry of valid card numbers for sites to check against. Shop keepers will have to send that number to the central registry as part of the 'activation' process (much like pre-paid credit cards).

And how will you be paying for that today? With your in-no-way-anonymous payment card because that's how you buy everything because it's so convenient? I thought so. Have fun with your porny paper trail, pervert.

Someone is pretending to be me

found on Funny Junk

Now this poor pooch is going to have to figure out how to get a credit freeze.

Monday, May 14, 2018

It seems like such a miner thing

from here

Just one of the unintended consequences of the crypto-currency craze that's been going on for the past few years. I feel sorry for the gamers who have to pay higher prices for graphics cards because of the high demand from crypto-currency miners who want to repurpose the cards for mining.

Do you know a threat when you see it?


Watch on YouTube

Traditionally the Darwin awards require that the award winner's genes be removed from the gene-pool, so people who have already had kids are normally not eligible to win. This innovative family nearly demonstrated a way to do an end run around those rules by taking their kids with them to the great beyond. I have to wonder if those people are fit to be parents if they're dumb enough to put their kids in that kind of danger. Your car represents a barrier that keeps the dangers away. Stay inside of it in this sort of situation.

I'm also struck by how people who speak other languages have adopted the English phrase "what the fuck" into their every day vernacular.

Friday, May 11, 2018

You may wind up getting a lot more familiar with GPS tracking

from here

How ironic would it be if, in stealing a GPS tracked phone from someone demonstrating the technology, the thief winds up having to wear a GPS tracker of their own?

Yeah but you didn't want vulnerable water, did you?

found on Acid Cow

The things that will need updating (and the actions that will interrupt) are just going to get weirder and weirder.

Thursday, May 10, 2018

The future of telephone scams - "Powered By Google"

from here

I think this might actually be the real story behind why Google Duplicity-I-mean-Duplex was designed to trick people into thinking they were talking to a real person - because the people making it were too busy trying to see if they could that they didn't stop to think if they should.

And I'm pretty sure this technology will eventually enable the automation of telephone scams, which won't be good for anybody (other than the scammers).

Meanwhile in opposite world...

found on Meme Base

It's amazing what kind of security folk tales people choose to believe.

Wednesday, May 9, 2018

It's easy when nobody calls you

from here

Watching you, listening to you, tracking your location - imagine where the NSA would be today if mobile phones never caught on.

Forget the password, I can't even remember the rules

posted to Instagram by Adam.The.Creator

NIST may have changed their recommendations, but it's going to be a long time before we see the end of ridiculous password policies.

Tuesday, May 8, 2018

Too lazy to uninstall?

from here

I can't imagine how anyone would accept a 92% false alarm rate. I've worked in the FaceRec industry and it's hard to get people to buy something where the alarms are right 92% of the time, never mind something where they're wrong 92% of the time. I kind of wish we could have found customers like this.

The quickest whistleblower

found on Meme Base

The NSA is notoriously secretive. Sharing details about them on Facebook probably isn't what they had in mind when they offered an interview and now they know you don't have the right stuff to be a spy.

Monday, May 7, 2018

They couldn't possibly mess that up too

from here

Thanks to @gotasrt4 for boiling the issue of hacking back down into one of the most important questions.

Figuring out who to strike back at is a heck of a lot more complicated than just protecting your stuff, and if you can't do the latter I certainly wouldn't trust you to do the former.

Finally, "random" you can count on

found on Imgur

If the random number generator they use in the lottery was this reliable, I'd be rich.

If I could put money on the TSA continuing to be racist jerks don't even know there's a difference between Muslims and Sikhs, I'd be rich there too.

Friday, May 4, 2018

LOVEINT is in the air

from here

Oh Facebook. Either your data is meant to help people find love in the creepiest way imaginable, or it's not. Please make up your mind.

Considering all the things Facebook has pulled over the years, the idea of turning it into a dating site gives me the chills, and the fact that they don't like their employees doing precisely that seems to suggest at least some at Facebook feel the same way.

May the 4th recovery attempt be with you

found on Intuitive Digital

No backups or updates is a recipe for a disaster you can't recover from no matter how many times you try.

Thursday, May 3, 2018

I hope they didn't fall off the back of a truck

from here

Thanks to Asher Wolf for raising awareness of this apparent data breach. It's an interesting state of affairs. On the one hand they have no evidence the data was retrieved by anyone so they assume it wasn't, while on the other hand they have no evidence the data was destroyed so they assume it was. It's amazing what people can do with no evidence.

What could possibly go wrong?

found on Piximus

This does not instill confidence in the capabilities of the authorities. It's bad enough when tools designed for defense are misused in ways no one intended, but tools designed for attack as well? I can only assume that applicants to the police academy in Joburg undergo a similar screening as the ones in the US do - no high IQs allowed.

Wednesday, May 2, 2018

Who needs a backdoor when you can just offer to 'deliver' things?

from here

I've honestly never even heard of delivering packages to people's cars, before. I suppose it would be useful for people who live in their vehicle, but still, the idea of giving Amazon the keys to open your car when you're not there and deliver packages is just too sketchy for me.

The law of conservation of privacy

found on Memedroid

This meme made me think (GASP!). Maybe privacy isn't dead or even dying. Maybe privacy isn't even disappearing. Maybe privacy is simply being concentrated into the hands of an elite few. So not only do we have worsening wealth inequality, we also have worsening privacy inequality.

Tuesday, May 1, 2018

TL;DR for GDPR

from here

I've already received a number of these and I'm expecting more real soon now.

Sweet dreams or privacy policy nightmares?

available to purchase on Amazon

While you can certainly find all sorts of shirts that mention GDPR, I never would have expected to find it on a pillow. I suppose people are supposed to find the GDPR comforting, though, so why not?

Thanks to Jules Polonetsky for tweeting about this.

Monday, April 30, 2018

I could do that myself

from here

It seems to me that if you're a data recovery firm, the kind of attention you want from law enforcement is as a potential service provider, not a cybercrime investigation by the FBI that reveals you paid money to criminals.

Situational Awareness Fail


Watch on YouTube

Imagine being so enthralled by your partner that you don't even notice an armed robbery going on around you. Probably not a good thing, though it seems like they didn't suffer any ill consequences as a result.

Friday, April 27, 2018

Why not both?

from here

It's actually just hidden with steganography rather than encrypted, but I'm sure you could encrypt the data too.

Opportunity seems to be knocking an awful lot

found on Reddit

Thanks to my colleague Alex for sending this to me.

Thursday, April 26, 2018

There's no perfect crime without perfect OpSec

from here

Braggarts should maybe consider not committing crimes. It's in their nature to give themselves away.

What sharing means on Facebook

found on Huge LOL


Wednesday, April 25, 2018

Privacy - Let me google that for you

from here

Hard to believe in 2018 a company the size of Google could release a chat service with no end-to-end encryption. How out of touch do you have to be to do that now? These days a messaging application without encryption is a toy, not a product.

It's funny because it's true

found on Imgur

Data minimization is probably one of the most effective and least adopted means of protecting data. We've become far too accustomed to collecting every scrap of data we possibly can and it's hurting people in the long run.

Tuesday, April 24, 2018

Unfortunately bosses don't like to hear the word "No"

from here

For a long time people have been saying that security needs to align itself with the business when in reality it's the business that needs to align itself with security. If you're asking your security staff to open firewalls or make other sorts of exceptions instead of asking them for ways to do what you want to do securely then you are not helping the company be the best version of itself and are in fact increasing the chances of something bad happening.

Don't skip HMAC day

found in a personal directory under the Tor Project

Sometimes the memes are to make you really think about a concept, and other times it's just to introduce it to your "I've heard of that before" pile so that maybe at some point you'll wonder what all the fuss is about and google it.

Monday, April 23, 2018

So much for southern hospitality

from here

Thanks to Rob Graham for pointing out the VERY mixed signals Georgia is sending the cybersecurity community by inviting them to a place where their work may become illegal.

The worst place to be in a security emergency

found on Meme Generator

I've only been to RSA once, but from what I recall the expo floor had lots of sales personnel trying to sell product but no one offering to help attendees remediate security problems going on back home - and with the size of RSA you have to know at least some of the attendees have security problems while they attend the conference.

Why not prove their value with real-time assistance during the show? Wouldn't that help sell their products/services?

Friday, April 20, 2018

Even Goldilocks didn't try this

from here

There have been times when I thought I had a pretty good grasp on what motivates criminals, but then along comes a story that makes it clear I don't understand them at all.

Can you also edit scripts?

found on Make A Meme


Thursday, April 19, 2018

Anti-Theft Win

from here (image source)

If I were in the habit of stealing vehicles or breaking into vehicles to steal their contents, I would avoid this one.

IoT: The 'S' is for security (merchandise)

Women's T-Shirts

Men's T-Shirts

I've seen the catch phrase "The S in IoT stands for security" a few times, but now a derivation of that appears on t-shirts, hoodies, mugs, and stickers over on Redbubble

Wednesday, April 18, 2018

Always bet on a hack

from here

Why am I not surprised that an IoT thermometer was used to steal data from a casino? Even though casinos are notoriously scrupulous about security (even computer security), it's not hard to imagine people failing to realize the risk posed by a thermometer.

But it's not really a thermometer, it's a computer that also happens to measure temperature. Computers replacing ordinary things is a trend that seem destined to end badly.

A little knowledge might make them dangerous

found on Imgur

Do I even want to know what's going on in the bottom left corner?