Friday, October 19, 2018

If at first you don't succeed...

from here

Recidivism is exactly why cyber-criminals are a bad fit for security companies. Crackers may not be as dumb as this guy, but they might just be confident enough in their own intelligence to think they've worked out all the bugs in their criminal enterprise.

I wonder what a Nigerian prince can turn into

found on Ha Ha Humor

If this is the kind of people Nigerian cyber-criminals deal with on a day to day basis, it goes a long way to explaining why their scams appear so dumb.

Thursday, October 18, 2018

No wonder people have difficulty with technical jargon

from here

Look, I understand that language changes, even technical language, but usually the terminology misuse is performed by the masses in at least partial ignorance of the proper use of the term.

In this case, however, there is no way laymen would have misused "fileless" to refer to instances where files are actually used. "Fileless" is or at least was intuitive enough that even the unwashed masses could have understood it. Not anymore, however, and the people responsible for making an easy term complicated and nonsensical? That would be technical people. People who should have known better. People who should have realized they could simply create a new term if they wanted to include cases not covered by the original intuitive definition of "fileless".

Making security harder to understand is not helping. Don't do that.

Too bad my time can't fit nearly as many

found on Imgur

If you're going to annoy me at random times and give me no control over it then you sure as hell better make sure it doesn't happen very often. It doesn't seem like those kinds of user experience issues matter to Microsoft anymore, though.

Wednesday, October 17, 2018

Who wants to play update roulette?

from here

Abusing the already shaky trust users have in software updates is going to result in devices remaining vulnerable to attacks that could be prevented, all so that greedy corporations can get even more of our money.

How to destroy cryptocurrency

Watch on YouTube

Yes, I know those aren't actual bitcoins, litecoins, and ethereum whatevers. Once upon a time, however, one of those bitcoin medallions would have cost you a bitcoin to get.

What this YouTube channel does is feed viewer submitted items through a miniature industrial shredder, so some cryptocurrency enthusiast out there must have lost their enthusiasm. And since cryptocurrency only has value so long as people have faith in it, this does represent cryptocurrency being destroyed at least a little bit

Tuesday, October 16, 2018

Back then there were 'no graphics' involved

from here

Yes, there is in fact a difference between steganography and stenography.

And also, yes, you now have a steganography pun.

Kids say the darnedest things

found on iFunny

Remember when kids would just say "My dad can beat up your dad"? I guess it was inevitable that technology would seep into those kinds of exchanges.

Things have also gotten a lot more violent and dark, which is troubling.

Monday, October 15, 2018

The one time a back door would be useful

from here (source article)

I don't know about you, but I think I'm going to stick with dumb locks for the foreseeable future.

And my admin password is an Icelandic volcano

found on Meme Base

Yeah, no, not that volcano, a different one.

It probably wouldn't be a good idea for Harinelina to use this as a password, of course, but with that many characters, it's pretty good even without numbers and symbols.

Friday, October 12, 2018

Passwords don't make everything more secure

from here

Thanks to Bloorjack Horseman for reminding me of this problem. Though I haven't encountered it (yet) with Adobe Reader (probably because I use something else to view PDFs), I have seen needless sign-in requirements added to other things, like Visual Studio.

You might think that forcing you to log into an app makes it more secure. Taken to an absurd extreme you might even think this would solve the problem of software vulnerabilities because PoC exploits wouldn't even be able to pop CALC.EXE without knowing the right password.

But here's the paradox - the more things that require passwords, the more people will get burned out from entering passwords and ultimately the more it will encourage people to not only use simple passwords but to also reuse them everywhere.

Adding sign-in requirements to things that could (and for a long time did) work perfectly well without them is just going to exacerbate the password problems we're already struggling with. It will make security worse, not better.

Now you can have even better (national) security

found on Reddit

By all accounts, Apple seems to have done a really good job of protecting the biometric information people are recording on their phones. But even if they did a perfect job, do you think Apple's competitors will all be so diligent?

Thursday, October 11, 2018

Which one(s) do I whitelist in NoScript to make it work?

from here

And if that wasn't bad enough, frequently adding a source to the whitelist will uncover still more untrusted sources that you didn't even know about before.

Who wants to feel loved by my spam folder?

found on Memedroid

I suppose if you look really hard, you too could find an actual use for spam.

Wednesday, October 10, 2018

More like a letting-it-all-hang-out-house

from here (image source)

I wanna sleep too

found on Imgur

I know this EXACT feeling. I live this every freaking time.

Tuesday, October 9, 2018

Truth in advertising from an advertising giant

from here

Some people like to say that Google is just like Facebook when it comes to privacy, but while Facebook doubles down in the face of breaches, Google takes a different path.

Safari OpSec

found on Izismile

Operational security isn't just for crooks and spooks. It can help protect endangered species as well.

Monday, October 8, 2018

They're just making the unaccountability official

from here

Giving cops permission to destroy property for any reason they can come up with seems like a license to abuse their authority.

And it's all security theatre too, since (at least in the case of aircraft) the chance of collision with a drone is less than the chance of collision with a turtle.

Have no fear, Insecurity Guard is here

Watch on YouTube

I can't help but wonder, if he can't even handle things on the floor, how was he going to deal with that fence?

Maybe something like this?

Watch on YouTube

Friday, October 5, 2018

Some will even say the blockchain can fix it

from here

The security industry has it's share of ambulance chasers, and the ambulance of the day is supply chain risks, thanks to a report by Bloomberg News. Are there real risks associated with supply chains? Sure, but actual incidents of compromise by supply chain attacks are pretty rare, even if you assume what Bloomberg reported is true (and we don't know that yet).

Don't hit send just yet

found on Imgur

If you simply must send sensitive information, look into how to encrypt it before you send it.

Thursday, October 4, 2018

Everyone is the AV guy/gal there

from here

You know who you are and you know what you've done. I'm not going to shame you any more than you've already shamed yourself.

Awareness without knowledge

found on Meme.XYZ

The down side of making sure everyone has heard of viruses without telling them how to recognize one is that people start to think everything is a virus.

Wednesday, October 3, 2018

Unsafe gun safe

from here

Securing your firearm is supposed to keep it out of the wrong hands - you know, like your kids. So you're probably not going to be satisfied with something a child could open.

In case you think this is hyperbole, watch this video
GunVault, SVB 500: Opened With A Gum Wrapper from Handgun Safe Research on Vimeo.

How to make sure you protect your password

found on Imgur

Tuesday, October 2, 2018

Who needs backdoors when you've got Windows

from here

I'm not sure the folks at Microsoft thought through how Cortana asks for your password during a PC reset.

Fur Disk Encryption

found on Google Image Search

You'd think Google Image Search would be able to find the original but it seems like it only exists in the cache now. The links are broken.