Wednesday, October 17, 2018

Who wants to play update roulette?

from here

Abusing the already shaky trust users have in software updates is going to result in devices remaining vulnerable to attacks that could be prevented, all so that greedy corporations can get even more of our money.

How to destroy cryptocurrency


Watch on YouTube

Yes, I know those aren't actual bitcoins, litecoins, and ethereum whatevers. Once upon a time, however, one of those bitcoin medallions would have cost you a bitcoin to get.

What this YouTube channel does is feed viewer submitted items through a miniature industrial shredder, so some cryptocurrency enthusiast out there must have lost their enthusiasm. And since cryptocurrency only has value so long as people have faith in it, this does represent cryptocurrency being destroyed at least a little bit

Tuesday, October 16, 2018

Back then there were 'no graphics' involved

from here

Yes, there is in fact a difference between steganography and stenography.

And also, yes, you now have a steganography pun.

Kids say the darnedest things

found on iFunny

Remember when kids would just say "My dad can beat up your dad"? I guess it was inevitable that technology would seep into those kinds of exchanges.

Things have also gotten a lot more violent and dark, which is troubling.

Monday, October 15, 2018

The one time a back door would be useful

from here (source article)

I don't know about you, but I think I'm going to stick with dumb locks for the foreseeable future.

And my admin password is an Icelandic volcano

found on Meme Base

Yeah, no, not that volcano, a different one.

It probably wouldn't be a good idea for Harinelina to use this as a password, of course, but with that many characters, it's pretty good even without numbers and symbols.

Friday, October 12, 2018

Passwords don't make everything more secure

from here

Thanks to Bloorjack Horseman for reminding me of this problem. Though I haven't encountered it (yet) with Adobe Reader (probably because I use something else to view PDFs), I have seen needless sign-in requirements added to other things, like Visual Studio.

You might think that forcing you to log into an app makes it more secure. Taken to an absurd extreme you might even think this would solve the problem of software vulnerabilities because PoC exploits wouldn't even be able to pop CALC.EXE without knowing the right password.

But here's the paradox - the more things that require passwords, the more people will get burned out from entering passwords and ultimately the more it will encourage people to not only use simple passwords but to also reuse them everywhere.

Adding sign-in requirements to things that could (and for a long time did) work perfectly well without them is just going to exacerbate the password problems we're already struggling with. It will make security worse, not better.

Now you can have even better (national) security

found on Reddit

By all accounts, Apple seems to have done a really good job of protecting the biometric information people are recording on their phones. But even if they did a perfect job, do you think Apple's competitors will all be so diligent?

Thursday, October 11, 2018

Which one(s) do I whitelist in NoScript to make it work?

from here

And if that wasn't bad enough, frequently adding a source to the whitelist will uncover still more untrusted sources that you didn't even know about before.

Who wants to feel loved by my spam folder?

found on Memedroid

I suppose if you look really hard, you too could find an actual use for spam.

Wednesday, October 10, 2018

More like a letting-it-all-hang-out-house

from here (image source)


I wanna sleep too

found on Imgur

I know this EXACT feeling. I live this every freaking time.

Tuesday, October 9, 2018

Truth in advertising from an advertising giant

from here

Some people like to say that Google is just like Facebook when it comes to privacy, but while Facebook doubles down in the face of breaches, Google takes a different path.

Safari OpSec

found on Izismile

Operational security isn't just for crooks and spooks. It can help protect endangered species as well.

Monday, October 8, 2018

They're just making the unaccountability official

from here

Giving cops permission to destroy property for any reason they can come up with seems like a license to abuse their authority.

And it's all security theatre too, since (at least in the case of aircraft) the chance of collision with a drone is less than the chance of collision with a turtle.

Have no fear, Insecurity Guard is here


Watch on YouTube

I can't help but wonder, if he can't even handle things on the floor, how was he going to deal with that fence?

Maybe something like this?

Watch on YouTube

Friday, October 5, 2018

Some will even say the blockchain can fix it

from here

The security industry has it's share of ambulance chasers, and the ambulance of the day is supply chain risks, thanks to a report by Bloomberg News. Are there real risks associated with supply chains? Sure, but actual incidents of compromise by supply chain attacks are pretty rare, even if you assume what Bloomberg reported is true (and we don't know that yet).

Don't hit send just yet

found on Imgur

If you simply must send sensitive information, look into how to encrypt it before you send it.

Thursday, October 4, 2018

Everyone is the AV guy/gal there

from here

You know who you are and you know what you've done. I'm not going to shame you any more than you've already shamed yourself.

Awareness without knowledge

found on Meme.XYZ

The down side of making sure everyone has heard of viruses without telling them how to recognize one is that people start to think everything is a virus.

Wednesday, October 3, 2018

Unsafe gun safe

from here

Securing your firearm is supposed to keep it out of the wrong hands - you know, like your kids. So you're probably not going to be satisfied with something a child could open.

In case you think this is hyperbole, watch this video
GunVault, SVB 500: Opened With A Gum Wrapper from Handgun Safe Research on Vimeo.

How to make sure you protect your password

found on Imgur


Tuesday, October 2, 2018

Who needs backdoors when you've got Windows

from here

I'm not sure the folks at Microsoft thought through how Cortana asks for your password during a PC reset.

Fur Disk Encryption

found on Google Image Search

You'd think Google Image Search would be able to find the original but it seems like it only exists in the cache now. The links are broken.

Wednesday, September 26, 2018

Yes I scan

from here

If you want to make sure your telephone connection is working right you might say "can you hear me now?" to the party on the other end of the line. If you want to make sure your antivirus installation is working right, you'll want to send it the special 68 characters described on the EICAR site (unless you're using one of the few products that don't support that file).

How to survive a knife fight


Watch on YouTube

It's funny because it's true. Avoiding a knife fight is an excellent way to survive one.

Tuesday, September 25, 2018

Monday, September 24, 2018

Please stay on the line. Someone will be with you shortly

from here


We'll call it transparent encryption

found on Me.me

For those that don't know, applying ROT13 a second time essentially reverts the 'encrypted' text back to it's original plaintext form.

Friday, September 21, 2018

A new apple security hole

from here (image source)

I suppose people who can't crouch down would also be blocked from entering.

If that's really their threat model then I guess this gate is perfectly fine.

Putting the cat in catphishing

found on Acid Cow

Of all the cool facts about tigers on this page, this one about them imitating the sound of other animals to attract prey is the most surprising to me. I never knew they were capable of that kind of social engineering.

Thursday, September 20, 2018

The G in G-Man must be for Gulag

from here

Punishing people with valuable work experience in a high paying industry? Lots of people want to know how to sign up for punishment like that, especially people who've worked their butt off to prove themselves without breaking the law.

If you're wondering what could possibly go wrong when rewarding rule breakers, I guess we're going to find out soon enough.

System administrators hate him

found on Stickley On Security blog

There's got to be a better way to get your kicks than risking your ... data.

Wednesday, September 19, 2018

How to make your surveillance camera blend into the background

from here (image source)

And in case you're wondering, you too can hide your surveillance cameras with this wallpaper. Think of it as backwards camouflage.

How safe is a hotel safe?


Watch on YouTube

I'm sure this isn't representative of all hotel safes, but it's still enough to make me doubt arbitrary hotel safes are safe.

Tuesday, September 18, 2018

Royal Bank of Scamland

from here

 If nobody has ever told you this before - don't click in links in emails purporting to be from your bank, Paypal, or really anything where you have an account. Chances are it's a scheme to break into that account.

All those moments will be lost in time, like tears in the rain

found on Imgur

Monday, September 17, 2018

People who work in glass offices shouldn't throw stones

from here

Leave it to a company whose business model revolves around making bets to tempt fate and lose.

That's one way to make a breach worthless

tweeted by jonny sun

In information security you may hear the term data minimization. It's a principle that says the less data you collect, the less value you pose to an attacker. For example, if a database doesn't have credit card numbers in it then it won't be very useful to carders.

If you can't add any data to an account (perhaps because you can't log in in the first place) then that seems like the principle of data minimization has been followed (even if that wasn't the intent).

Friday, September 14, 2018

When your OpSec is more like OoopsSec

from here

This story about a woman allegedly murdering her husband after publishing an essay about how to murder your husband has left me wondering "What was she thinking?" An essay like that was certainly going to make the authorities extra suspicious of her when her husband was shot dead.

You know they're well protected because it says security right on the box

found on Imgur

I'm not really sure what a security tampon is and at this point I'm afraid to ask.

Thursday, September 13, 2018

Gentle Reminder: Don't be evil

from here

Do you think the folks at Google are at all unaware that in order to be competitive as an advertising company they've actually become a corporate surveillance company? Of course not. They knew exactly what they were doing when they bought credit transaction records from Mastercard.

The bane of air travelers' existence

found on West Word

Wednesday, September 12, 2018

They are not interchangeable

from here

The only people who write about this stuff are technology writers. You'd think technology writers would know the difference. It is their job, after all, to know what they're talking about. But since this seems so difficult, I'll just have to repeat this simple rule of thumb over and over again:
Voice recognition tells you who is speaking while speech recognition tells you what they're saying

Stealth jokes just sort of sneak up on you

found on Me.me

They wouldn't be very good at their jobs if you could see them coming, Joe.

Tuesday, September 11, 2018

Well, maybe just a little one

from here


Leave it to Trend Micro to make what appeared to be an isolated incident into a "little trend". I can't imagine the browser history harvesting was all that important for security if they're willing to remove it.

Is any time a good time for that?

found on Off Vault

Updates always seem to come at the most inopportune time, but does an opportune time even exist? it seems like by now we'd have figured out when that time is if such a time existed.

Monday, September 10, 2018

Even a walled garden can have weeds

from here

One might justifiably point out that fake security/privacy tools have actually been around for a long time, but most people don't know that. For most people a privacy tool that takes advantage of the user is new.

For most people, the idea that Apple's app stores aren't perfectly safe is also new. That deserves some attention.

That's not creepy at all

tweeted by Chelsea Frei

I've heard complaints about this kind of thing before and it makes me wonder why advertisers keep pursuing increasingly accurate targeting for their ads. It's like they are tone-deaf to the idea that at some point targeting for ads is just going to be too close for comfort. For some people it already is.

Friday, September 7, 2018

That game doesn't even use money

from here (image source)

This must be the low-rent version of cracking an ATM. Rather than putting Doom on it, this just uses a game that was almost certainly already there.

Fake Sign Language Guy makes great passphrases

found on Me.me


Thursday, September 6, 2018

Couldn't they have just used a crypto-miner like normal cyber-criminals?

from here

Nothing quite like a true story to inspire a WTF? reaction. The idea that scareware is somehow still a viable model for a criminal enterprise in 2018 is only the tip of the WTF iceberg here.

Thanks to my mom for calling me at work about this ridiculous nonsense on her PC.

Now we know why they don't like Chinese tech companies

found on Huge LOL

That's the kind of private-by-design approach I'd like to see more of, actually.