Wednesday, September 26, 2018

Yes I scan

from here

If you want to make sure your telephone connection is working right you might say "can you hear me now?" to the party on the other end of the line. If you want to make sure your antivirus installation is working right, you'll want to send it the special 68 characters described on the EICAR site (unless you're using one of the few products that don't support that file).

How to survive a knife fight


Watch on YouTube

It's funny because it's true. Avoiding a knife fight is an excellent way to survive one.

Tuesday, September 25, 2018

Monday, September 24, 2018

Please stay on the line. Someone will be with you shortly

from here


We'll call it transparent encryption

found on Me.me

For those that don't know, applying ROT13 a second time essentially reverts the 'encrypted' text back to it's original plaintext form.

Friday, September 21, 2018

A new apple security hole

from here (image source)

I suppose people who can't crouch down would also be blocked from entering.

If that's really their threat model then I guess this gate is perfectly fine.

Putting the cat in catphishing

found on Acid Cow

Of all the cool facts about tigers on this page, this one about them imitating the sound of other animals to attract prey is the most surprising to me. I never knew they were capable of that kind of social engineering.

Thursday, September 20, 2018

The G in G-Man must be for Gulag

from here

Punishing people with valuable work experience in a high paying industry? Lots of people want to know how to sign up for punishment like that, especially people who've worked their butt off to prove themselves without breaking the law.

If you're wondering what could possibly go wrong when rewarding rule breakers, I guess we're going to find out soon enough.

System administrators hate him

found on Stickley On Security blog

There's got to be a better way to get your kicks than risking your ... data.

Wednesday, September 19, 2018

How to make your surveillance camera blend into the background

from here (image source)

And in case you're wondering, you too can hide your surveillance cameras with this wallpaper. Think of it as backwards camouflage.

How safe is a hotel safe?


Watch on YouTube

I'm sure this isn't representative of all hotel safes, but it's still enough to make me doubt arbitrary hotel safes are safe.

Tuesday, September 18, 2018

Royal Bank of Scamland

from here

 If nobody has ever told you this before - don't click in links in emails purporting to be from your bank, Paypal, or really anything where you have an account. Chances are it's a scheme to break into that account.

All those moments will be lost in time, like tears in the rain

found on Imgur

Monday, September 17, 2018

People who work in glass offices shouldn't throw stones

from here

Leave it to a company whose business model revolves around making bets to tempt fate and lose.

That's one way to make a breach worthless

tweeted by jonny sun

In information security you may hear the term data minimization. It's a principle that says the less data you collect, the less value you pose to an attacker. For example, if a database doesn't have credit card numbers in it then it won't be very useful to carders.

If you can't add any data to an account (perhaps because you can't log in in the first place) then that seems like the principle of data minimization has been followed (even if that wasn't the intent).

Friday, September 14, 2018

When your OpSec is more like OoopsSec

from here

This story about a woman allegedly murdering her husband after publishing an essay about how to murder your husband has left me wondering "What was she thinking?" An essay like that was certainly going to make the authorities extra suspicious of her when her husband was shot dead.

You know they're well protected because it says security right on the box

found on Imgur

I'm not really sure what a security tampon is and at this point I'm afraid to ask.

Thursday, September 13, 2018

Gentle Reminder: Don't be evil

from here

Do you think the folks at Google are at all unaware that in order to be competitive as an advertising company they've actually become a corporate surveillance company? Of course not. They knew exactly what they were doing when they bought credit transaction records from Mastercard.

The bane of air travelers' existence

found on West Word

Wednesday, September 12, 2018

They are not interchangeable

from here

The only people who write about this stuff are technology writers. You'd think technology writers would know the difference. It is their job, after all, to know what they're talking about. But since this seems so difficult, I'll just have to repeat this simple rule of thumb over and over again:
Voice recognition tells you who is speaking while speech recognition tells you what they're saying

Stealth jokes just sort of sneak up on you

found on Me.me

They wouldn't be very good at their jobs if you could see them coming, Joe.

Tuesday, September 11, 2018

Well, maybe just a little one

from here


Leave it to Trend Micro to make what appeared to be an isolated incident into a "little trend". I can't imagine the browser history harvesting was all that important for security if they're willing to remove it.

Is any time a good time for that?

found on Off Vault

Updates always seem to come at the most inopportune time, but does an opportune time even exist? it seems like by now we'd have figured out when that time is if such a time existed.

Monday, September 10, 2018

Even a walled garden can have weeds

from here

One might justifiably point out that fake security/privacy tools have actually been around for a long time, but most people don't know that. For most people a privacy tool that takes advantage of the user is new.

For most people, the idea that Apple's app stores aren't perfectly safe is also new. That deserves some attention.

That's not creepy at all

tweeted by Chelsea Frei

I've heard complaints about this kind of thing before and it makes me wonder why advertisers keep pursuing increasingly accurate targeting for their ads. It's like they are tone-deaf to the idea that at some point targeting for ads is just going to be too close for comfort. For some people it already is.

Friday, September 7, 2018

That game doesn't even use money

from here (image source)

This must be the low-rent version of cracking an ATM. Rather than putting Doom on it, this just uses a game that was almost certainly already there.

Fake Sign Language Guy makes great passphrases

found on Me.me


Thursday, September 6, 2018

Couldn't they have just used a crypto-miner like normal cyber-criminals?

from here

Nothing quite like a true story to inspire a WTF? reaction. The idea that scareware is somehow still a viable model for a criminal enterprise in 2018 is only the tip of the WTF iceberg here.

Thanks to my mom for calling me at work about this ridiculous nonsense on her PC.

Now we know why they don't like Chinese tech companies

found on Huge LOL

That's the kind of private-by-design approach I'd like to see more of, actually.

Wednesday, September 5, 2018

Let's just hope it doesn't become everyone's business

from here

The Australian government wants backdoors built into things and justifies it with an example of a perp using Snapchat and Facebook, which aren't encrypted  and which already have facilities to provide law enforcement with everything they need.

(Thanks to Alec Muffet for tweeting the analysis)

Itty bitty kitty committee has an insider threat

found on FeedInspire

One of these things is not like the others and I'm surprised they'd stand for it. Oh, right, they're sitting.

Tuesday, September 4, 2018

Old Man 1, Shark 0

from here

No matter what kind of attacker it is, there is always a weak spot. You just have to know how to find it.

Automated Theft Machine

found on Vitamin Ha

I would advise not doing your banking at this machine. In fact, I would advise not getting too close to this machine because it looks like that space is big enough to fit a person.

Monday, September 3, 2018

Facebook, No!

found on The Art of Trolling

This is not the kind of mental imagery we want to elicit in the name of security

Blockchain is not the answer (merchandise)



Are you tired of arguing with people who think the blockchain can do everything? The ones who think all problems can be solved by storing data on a distributed, permanent ledger? Save your breath and just wear your opinion on your sleeve, or y'know, your chest.

I've added this design to both the CafePress store and the Zazzle store (which seems to be taking a while to become available). As always the mark-up is set at the minimum value the sites will allow. I've only done shirts so far, but if you're interested in more then let me know and I'll expand the offerings.

Thanks to Robert Slade for tweeting the idea.