Monday, April 30, 2018

I could do that myself

from here

It seems to me that if you're a data recovery firm, the kind of attention you want from law enforcement is as a potential service provider, not a cybercrime investigation by the FBI that reveals you paid money to criminals.

Situational Awareness Fail

Watch on YouTube

Imagine being so enthralled by your partner that you don't even notice an armed robbery going on around you. Probably not a good thing, though it seems like they didn't suffer any ill consequences as a result.

Friday, April 27, 2018

Why not both?

from here

It's actually just hidden with steganography rather than encrypted, but I'm sure you could encrypt the data too.

Opportunity seems to be knocking an awful lot

found on Reddit

Thanks to my colleague Alex for sending this to me.

Thursday, April 26, 2018

There's no perfect crime without perfect OpSec

from here

Braggarts should maybe consider not committing crimes. It's in their nature to give themselves away.

What sharing means on Facebook

found on Huge LOL

Wednesday, April 25, 2018

Privacy - Let me google that for you

from here

Hard to believe in 2018 a company the size of Google could release a chat service with no end-to-end encryption. How out of touch do you have to be to do that now? These days a messaging application without encryption is a toy, not a product.

It's funny because it's true

found on Imgur

Data minimization is probably one of the most effective and least adopted means of protecting data. We've become far too accustomed to collecting every scrap of data we possibly can and it's hurting people in the long run.

Tuesday, April 24, 2018

Unfortunately bosses don't like to hear the word "No"

from here

For a long time people have been saying that security needs to align itself with the business when in reality it's the business that needs to align itself with security. If you're asking your security staff to open firewalls or make other sorts of exceptions instead of asking them for ways to do what you want to do securely then you are not helping the company be the best version of itself and are in fact increasing the chances of something bad happening.

Don't skip HMAC day

found in a personal directory under the Tor Project

Sometimes the memes are to make you really think about a concept, and other times it's just to introduce it to your "I've heard of that before" pile so that maybe at some point you'll wonder what all the fuss is about and google it.

Monday, April 23, 2018

So much for southern hospitality

from here

Thanks to Rob Graham for pointing out the VERY mixed signals Georgia is sending the cybersecurity community by inviting them to a place where their work may become illegal.

The worst place to be in a security emergency

found on Meme Generator

I've only been to RSA once, but from what I recall the expo floor had lots of sales personnel trying to sell product but no one offering to help attendees remediate security problems going on back home - and with the size of RSA you have to know at least some of the attendees have security problems while they attend the conference.

Why not prove their value with real-time assistance during the show? Wouldn't that help sell their products/services?

Friday, April 20, 2018

Even Goldilocks didn't try this

from here

There have been times when I thought I had a pretty good grasp on what motivates criminals, but then along comes a story that makes it clear I don't understand them at all.

Can you also edit scripts?

found on Make A Meme

Thursday, April 19, 2018

Anti-Theft Win

from here (image source)

If I were in the habit of stealing vehicles or breaking into vehicles to steal their contents, I would avoid this one.

IoT: The 'S' is for security (merchandise)

Women's T-Shirts

Men's T-Shirts

I've seen the catch phrase "The S in IoT stands for security" a few times, but now a derivation of that appears on t-shirts, hoodies, mugs, and stickers over on Redbubble

Wednesday, April 18, 2018

Always bet on a hack

from here

Why am I not surprised that an IoT thermometer was used to steal data from a casino? Even though casinos are notoriously scrupulous about security (even computer security), it's not hard to imagine people failing to realize the risk posed by a thermometer.

But it's not really a thermometer, it's a computer that also happens to measure temperature. Computers replacing ordinary things is a trend that seem destined to end badly.

A little knowledge might make them dangerous

found on Imgur

Do I even want to know what's going on in the bottom left corner?

Tuesday, April 17, 2018

Was anyone's date NOT harvested?

from here and here

Creepy CEO is creepy

found on Dump A Day

The iron is hot, folks. The mainstream is taking notice of and starting to push back against FB's anti-privacy nature. If that's something you care about, take advantage of the current increased awareness. Ride the crest of that wave.

Monday, April 16, 2018

You know your OpSec stinks when...

from here

Sometimes the logs you leave behind are digital, and sometimes they're physical. Either way they'll give you away.

On the Internet, nobody knows you're a hacker dog

posted by @cabbagecatmemes

I love this new hacker stock photo. I want to make my own caption for it. I'll have to hunt down the original.

Friday, April 13, 2018

Are you feeling lucky?

from here

Isn't it weird that ransomware victims trust their attackers to do the right thing?

I do what I want

found on Meme Guy

I don't know who thought bears could read signs and be deterred by the thought of some sort of law enforcement, but they were quite predictably wrong.

Thursday, April 12, 2018

You know the rules and so do I

from here

And the rule is, if you find a security vulnerability that allows you to Rick Roll people in a new and unusual way, you do it.

At first I was like "I hope I'm not giving anybody ideas" but then I watched the video embedded in this Wired story and discovered that the original researcher has already done this, so if miscreants start playing this prank it's that guy's fault (because he knows the rules too).

Clever girl

found on Ebaum's World

This kid's parents should be proud. Not only does the kid value privacy, they also understand existing privacy tools well enough to repurpose them in an outside the box manner. That's a smart kid.

Wednesday, April 11, 2018

Tortellini? Torpedo? Tornado?

from here

I can only imagine how many people that particular acronym has confused.

Nothing to hide

found on Imgur

Having "nothing to hide" is unnatural. Everyone has something to hide when you really think about it.

Tuesday, April 10, 2018

All the more reason to get one

from here

One of the nice things about password managers is that the passwords they store can't easily be ready by people shoulder surfing you.

Unfortunately, the master password for the manager itself still can.

Pardon the intrusion

found on Funny Junk

Alternatively don't pardon the intrusion. It really doesn't matter either way. It seems like as time goes on we get less and less say in the matter.

Monday, April 9, 2018

It just doesn't know it yet

from here (image source)

Normally the joke about camouflage items is that they're practically invisible even though they stick out like a sore thumb. In this case, however, the camouflage might actually work and that would be the last thing the golfer actually wants while playing.


found on The Art of Trolling

Maybe they should all come with a troll face just so people are forced to think twice about whether they really want to scan it or not.

I tried to check and make sure this doesn't actually go somewhere unsavoury but as near as I can tell it doesn't actually decode to anything (or at least the online tools I used couldn't decode it).

Friday, April 6, 2018

Not that kind of token

from here

I mean, I'm sure both can be a source of relief from the stress of dealing with security threats, but only one can actually help keep you safe.

It's dangerous to make good points

found on Funny Memes

I half expect that if the government created a Cyber Security Agency it probably wouldn't be much better than the Transportation Security Agency.

Thursday, April 5, 2018

No enhanced privacy for you!

from here

Of course Facebook doesn't want to give the rest of the world the privacy protections that EU law will soon require. Protecting EVERYONE from unscrupulous advertisers would hurt their bottom line a lot more than just protecting people in Europe..

Don't we all want that from time to time?

found on Funny Junk

Wednesday, April 4, 2018

Nothing was the yeast they could do

from here

The story of how badly Panera Bread dropped the ball on this vulnerability report is truly something to behold.

Polly REALLY wanted that cracker

found on I Can Has Cheezburger Animals

And here I was thinking kids would be the ones making unauthorized purchases through virtual assistants.

Tuesday, April 3, 2018

Now those with expensive tastes can enjoy a luxurious data breach

from here

At least these crooks have a better idea of where the money is than the ones who went after Target or Walmart.

The illusion of control is the punchline

found on Meme Generator

When privacy settings only restrict what your friends can access (not governments or corporations), it doesn't really seem like "privacy" is the right word.

Monday, April 2, 2018

Next up: Tooth on a roof will spy for the Tooth Fairy

from here

Because Elf On A Shelf wasn't bad enough, now there's Peep On A Perch as well.

I don't understand how being watched/tracked/spied on became cool, but it's a little disturbing how much society seems to be embracing it.

No one expects the dance-off inquisition

found on Fail Blog

It's almost as if people don't realize the consequences of being watched, even when they or their trusted partners are the ones doing the watching.