Friday, August 31, 2018

At least I don't have to thank people for making my DOB public this year

from here

It's my belief that there is a security/privacy related way of viewing most circumstances in life. Those concepts are all around us, even in things as banal as birthday wishes.

Guilty as charged

found on Meme Base

I suspect just about everyone has done this on occasion, and that's why we increasingly aren't being given the option.

Thursday, August 30, 2018

What a shitty idea

from here
If people can't poop in toilets they'll poop in the streets. If people are pooping in the streets, why are folks locking up toilets with mobile apps and bluetooth? It's almost as if those folks want more poop in the streets.

(Thanks to Juan in SF for tweeting about it)

If only attribution were always this easy


Watch on YouTube

One of the things you will often hear in information security circles is that attribution is hard. In the online world that is certainly true and it's an important point to make because it's such a stark contrast with how easy it can be in the physical world.

Wednesday, August 29, 2018

Do you hear what I see?

from here

All those webcam covers seem so inadequate now that they can see what's on your screen using the microphone.

Next thing you know they'll want a backdoor for that too

found on Reddit

It's only a matter of time before they turn their attention to the problem of incognito mode browsing. how are they supposed to gather evidence if your browser doesn't save any? It's like a more absurd version of the "going dark" problem.

Tuesday, August 28, 2018

When you first start learning about steganography

from here

There aren't actually hidden messages everywhere, of course, because most people don't know anything about steganography and because most people don't care that much about hiding their messages. That doesn't stop you from suspecting otherwise when you're new to the topic.

Some people can fend off attacks better than others

found on The Meta Picture

This appears to be a true story that appeared in The Guardian 4 years ago.  He had a knife and so was better prepared for the situation than many people would be. Also, he was a doctor so he had skills that aided in his recovery. We can't all be doctors, but being better prepared is something we can often accomplish in all sorts of scenarios, whether it means having a knife on you when you're in shark-filled waters or having backups when going online.

Monday, August 27, 2018

You won't be doing a happy dance when you get pwned

from here

I'm a little bit torn. On the one hand, if bribing people to enable 2FA actually works then that's great because now they've got 2FA, but what kind of precedent does that set? There's a very real possibility of this leading to The Cobra Effect where people will intentionally avoid taking actions in their best interests until they get freebies to incentivize them.

Sometimes Google's got your back

found on Imgur

They're not aiding and abetting, they're respecting privacy. That's their story and they're sticking to it.

You might wonder, though, why this seems to be the only context in which they actually care about privacy.

Friday, August 24, 2018

Was it good for you?

from here

I got some serious attention down there from a TSA agent long before "enhanced pat downs" became a thing. I can only imagine how much worse the enhanced pat downs must be. I'm so glad travel isn't part of my normal life.

The real reason Mark wants the world to share more openly

found on Traffic Cardinal

Laughing at us got him in hot water, so now he's trying to laugh with us.

Thursday, August 23, 2018

Polly was old-school

from here


If you type it loud enough you'll always sound precocious

found on Fail Blog

I wonder if difficulty spelling it will contribute to how strong a password this is.

Wednesday, August 22, 2018

Get off my WLAN!

from here

I can't imagine the size of the balls needed to wake up your burglary victims and ask for the WiFi password. Of course this miscreant was caught by police minutes later. He totally gave himself away because he couldn't bear to be offline for the length of time it took to burgle the place.

These CAPTCHAs are getting ridiculous

found on Meme Base

I suppose this could help promote fiscal responsibility. You need to really work hard to get your money out.

Tuesday, August 21, 2018

Streisand Effect in 3... 2... 1...

from here

On the one hand, it's hard to believe anyone would still think trying to censor critics is a good strategy in this day and age, but on the other hand do you know how long it took me to remember the name for the Streisand effect? I wound up having to go through lists of female singers to find it. So maybe the folks at SentinelOne forgot the Streisand effect even exists.

What a nice gesture

found on Imgur

While I'm sure this was meant as a joke, I'm also sure there are people out there who would respond as though it were genuine, because as P. T. Barnum is said to have observed, there's a sucker born every minute.

And that means that somewhere out there someone is probably trying this as an actual social engineering trap.

(The Twitter account no longer appears to be valid)

Monday, August 20, 2018

What do you think happens at DEF CON?

from here

Fire is hot, water is wet, and hackers talk about attacks a lot.

Say Blockchain One More Time (merchandise)

product page

product page

product page

Are you sick and tired of hearing about how the blockchain can solve all of the world's problems? I know I am, so this design would be a great way to signal that to others without having to actually say anything.

Thanks to Nick Roy for making the existence of the stickers known. I tracked them down and discovered the designer 85steel also put the design on shirts and hoodies and a bunch of other things.

Friday, August 17, 2018

Are you feeling lucky, cypherpunk?

from here

They didn't, of course (the cops invent charges, not technologies), but crooks who underestimated the trace-ability of  bitcoins have gone to jail all the same.

'I didn't click anything this time'

found on Reddit

To be honest, I think kids are getting into computers so early these days that by 12 I wouldn't be surprised if they already knew better than to fall for this.

Thursday, August 16, 2018

We can't all be network administrators

from here

It's bad enough trying to keep your computer updated and secured. Can you imagine doing the same thing for your TV, refrigerator, toaster, kettle, light bulbs, vacuum cleaner, and personal assistant? Most people just want to be able to plug a thing in and have it work, they don't want to have to manage their home network in order to use those devices safely and most probably don't have the know-how to do it anyway.

When authorities warn the public of the need to do something the public is ill-equipped to do, they might as well be talking to a wall. The suggestion is not going to result in better outcomes.

Well, you're not wrong

found on Imgur

If anything happens to that sign, they will definitely know about it.

Wednesday, August 15, 2018

That's one way to stick it to the crooks

from here

What this incident illustrates is that technology can eventually become so old and unfamiliar that it becomes capable of thwarting attacks. It may not be more secure against attack but it's safer against attack simply because the pool of people who are able to successfully carry out the attack has become smaller.

I bet "who wants icecream?" would have worked

found on Me.me

People keep talking about eliminating passwords or the death of passwords but they never seem to anticipate the breadth of applications using passwords. It's not just websites, passwords are all over the place because they simple to implement, simple to understand, and simple to use.


Tuesday, August 14, 2018

Wait a minute...

from here

I don't know what's worse, that this is the quality of phishing scam that Russian hackers use against American political candidates, or that it works.

It's only a matter of time

found on Funny Memes

Honestly, if school officials are already getting bent out of shape when a kid eats a pop tart into the shape of a gun, it can't be too much longer before they get spooked by clouds.

Monday, August 13, 2018

Where did that word go?

from here

I've seen examples of this over and over again. Stories about pharming that somehow avoid ever using the term pharming. It's as if people don't even know the word exists.

Beware of cows


Watch on YouTube

I knew cows weren't the docile, harmless beasts we often imagine them to be, but I never imagined this. Note to self, don't trespass in rural areas or you may find yourself on the run from an entire herd of cows.

Hey Troy, I got you something

found on Funny Junk

I think we all know what happened next.

Friday, August 10, 2018

Or maybe just don't sell to cops

from here

When you live in a world where people are excluded from the police force for being too intelligent, maybe you shouldn't rely on them to use technology intelligently.

Protection comes in all shapes and sizes

found on Reddit

Whether your protecting yourself against an intelligent adversary, or just the heat, the underlying concepts are frequently the same. In this case a barrier it's a barrier between the hands and the steering wheel.

Thursday, August 9, 2018

Someone better be patching my ISP

from here

Listen, I know mistakes happen sometimes, but 5 backdoors in 5 months? That stretches the limits of credulity just a bit.

That's a steal

found on The Art of Trolling

Sounds like someone got a lot more than just a 5 finger discount.

Wednesday, August 8, 2018

What a thoughtful way to reduce the attacker's workload

from here

So not only does the plaintext password completely eliminate any security offered by storing the MD5 hash (and there isn't much there), it actually provides attackers with a tool that could be used to help crack passwords from other sites. No need to try and figure out what that MD5 hash value corresponds to - if it appears in the database detailed at Have I Been Pwned then you can just look it up.

That'll teach you not to invade a woman's privacy

found on Whisper

I'm sure TSA has seen worse, now that I think about it, and I fully expect that some of them have been deeply scarred by the experience - which is one of the costs of violating people's privacy.

Tuesday, August 7, 2018

And the winner is Votey McVoteface

from here

There are so many things wrong with this story, not the least of which entrusting democracy to a company named Voatz. I can't imagine how anyone could remain under the delusion that mobile devices are secure enough for voting. It's questionable if they're even secure enough for making online purchases, never mind deciding who the next leader will be.

"Security" Questions

found on Fail Blog

Somehow I don't think these questions are going to do enough to protect this particular user.

Monday, August 6, 2018

New privacy settings in 3... 2... 1...

from here

Asking for financial details seems profoundly tone-deaf on Facebook's part. I hope no banks are dumb enough to trust the poster-child of privacy violations with our account details.

Don't call us, we'll call you

found on Imgur

Like this person, I too hate being asked for my cell phone number all the time, especially since I don't have a cell phone.

It sort of reminds me of a particular male stereotype where a guy goes around collecting phone numbers from as many people (generally women) as he can. I wonder if such a person had a part in the genesis of this pattern among service providers.

Friday, August 3, 2018

Bring out your dead, your antivirus, your SMS 2 factor authentication

from here

Nothing is perfect, and having an imperfect thing can still be an improvement over having nothing at all. Maybe it fails under certain circumstances, but doesn't mean there aren't other circumstances where it's useful.

No one wants to hear holier than thou security pundits spewing mindless negativity about something that does actually work a good deal of the time. It's unhelpful and annoying.

Privacy: You're gonna have to try harder than that

found on Meme Center

If you've ever tried this then I'm sorry but you probably messed it up like this guy and let everyone see that not only were you looking at smut you were also embarrassed to let others know you were looking at smut.

Maybe wait until you're in private before you look at pictures of people's privates.

Thursday, August 2, 2018

How are we still here?

from here

Learning that the nuclear launch codes were 00000000 was scary but you could maybe trick yourself into believing it was a one-off, and aberration that has thankfully been rectified.

But learning that the password for a certain model of voting machines was abcde makes it clear that there's a larger pattern at play and it makes you wonder how many other critical things have bad passwords still to this day.

They said it would make things better

found on Meme.xyz

Maybe for earlier versions of Windows the updates made things better but in my experience that just ain't so for Windows 10.

Wednesday, August 1, 2018