Thursday, September 19, 2019

Scammer identity crisis

from here

It's almost like they aren't even trying.

Deterrent Win

found on Death To Boredom

This warning sign certainly presents a colourful mental image. I think what I like about it is that it doesn't reveal what the actual threat is so you can't rationalize or minimize it. It plays on your imagination and that strategy works really well in scary movies so I think it can work here as well.

The only problem is that it won't keep out people who are too dumb or too lazy to read the rather long sign.

Wednesday, September 18, 2019

Who's leaking your data?

from here (image source one and two)

I'm very surprised at the kind of information these app vendors are sending to Facebook (and others).

It's starting to seem like you can't trust the trackers.

If you use a menstruation tracking app it would probably be a good idea to check and find out where your data is going.

I only want American corporations spying on me

found on Meme Base

I'm sure China does get data like that. Just like the American government gets similar data when you use an iPhone.

I wonder, though. When it comes to this kind of data, are you more concerned about China knowing it or someone closer to home?

Tuesday, September 17, 2019

I guess somebody passed the test

from here (image source)

I think if anyone was going to fare well in a physical pen-test, you kind of expect it to be The Law.

I have to wonder if actual burglars have ever tried that excuse when caught. I don't expect it to work against law enforcement, but if they're just caught by some Joe Schmoe then some social engineering could get them out of a sticky situation.

Becky Stern: Compubody Sock Origin Story

Watch on YouTube

I'm sure the image of the "laptop privacy sweater" was one of the more famous privacy-related memes that circulated the Internet back in the day. I may have even posted it here at some point (if only I could find that post). Well, now you can find out how that object came into being - and how practical it is or perhaps isn't.

Monday, September 16, 2019

For when proof is needed

from here (image source)

The hats are merchandise you can buy and wear, and although they're not technically security related I can't help but wonder how many digital forensics investigators are out there wearing hats like this already because their taste in terrible visual puns is as bad as mine.

Look who's keeping secrets now

found on Imgur

Not gonna lie, I am impressed to see this kind of awareness from a cat, even if the effort was ultimately futile. This is the kind of thinking I'd expect from a human child, not a house pet.

Friday, September 13, 2019

The cat and mouse game of cybersecurity

from here and here

"I'm in!" or some derivation thereof is a pretty stereotypical portrayal of a hacker succeeding in getting access to something, as is the wide-eyed face illuminated by a computer monitor.

I like to imagine this little kitty is accessing the local vet's computer system, making sure their next visit is delayed as long as possible.

Please preserve the illusion of privacy

found on Meme Base

As poor as the visual privacy is in a public washroom, the aural privacy is even worse.

Thursday, September 12, 2019

Quick, while the authorities are still watching

from here

Maybe this guy didn't understand the meaning of the word "supervised", but most criminals have enough sense to keep their noses clean while "the man" is watching.

Stop looking at me, I need privacy - shirts

Product Page
Product Page

These seem like great shirts to wear when you want to remind people to mind their own business.

And you know what? People could stand to be reminded of that from time to time, so kudos to the person who designed these.

Wednesday, September 11, 2019

Show me all matches at Cambridge

from here (image source)

Facebook Dating has reached the US and the cynic in me suspects that Facebook's past privacy violations (I'm not going to entertain the notion that they're simply "gaffs") will have little impact on the success of the venture.

Dad's password advice

found on Fail Blog

You know why they're called Dad Jokes? It's because you're being pun-ished.

Tuesday, September 10, 2019

Pre-owned is a little too close to pwned

from here (image source)

If you ever wondered what happens to IoT devices that get returned, now you know. They get resold apparently without getting reset (and probably without being checked for any software tampering).

Kind of makes you wonder how criminals might be able to make use of this as a way to get into other people's networks or even just to collect data from their networks that could be useful for other crimes.

Shielded and unshielded padlocks

Watch on YouTube

Today I learned, well, this. I'd never heard bypassing padlocks before, but now I know and so do you.

Monday, September 9, 2019

They don't call them duh-fault passwords for nothing

from here (source article, image)

Device manufacturers really aren't doing enough to educate the public on how to use their products securely, but in this case it seems like the manufacturers themselves don't understand security. Why even have a password at all if you're going to leave things this wide open?

Tweeting from behind the curtain

found on Imgur

Every time I see someone playing hide and seek, they're terrible at hiding. They're either behind a curtain with their feet sticking out the bottom, or they've stuck their head (and only their head) under a couch cushion, or something equally inane.

I like to think the Burlington Police had the same experience with Chris.

Friday, September 6, 2019

I think I see the problem

from here
Literally, if the government had simply watched with their eyes instead of their interrogation techniques, no one would have had any idea they were on a list much less sued about it and gotten it declared unconstitutional.

Definitely not a private washroom

found on

The lack of privacy is why you don't put men and women in the same washroom. Unisex is fine so long as it's one person at a time, and frankly the one-at-a-time washrooms are better because they have superior privacy.

Thursday, September 5, 2019

Will schools learn their lesson?

from here

Of all the organizations that could benefit from learning this lesson, a center for learning is one we might even expect to be capable of learning this lesson. Learning is kind of their reason for being, after all.

So hopefully, now that a bunch of schools have been hit by ransomware and it's become clear that they're desirable targets, maybe other schools will do the necessary thing and take care of their systems before someone takes them out.

Kids follow boat thieves with drone

Watch on YouTube

Technology can certainly be empowering, and this is a prime example and it shows that ordinary people (kids even) now have the power to do something that previously you would have only heard of the police doing - that is take off in pursuit of a criminal from the air. They didn't need a helicopter or a licensed pilot or any of the other resources associated with police choppers, they just needed a high-tech toy.

Wednesday, September 4, 2019

But hopefully not for much longer

from here

Imagine an online scam involving 80 people. It's huge!

Someone got a private showing

found on The Meta Picture

I suppose it's possible that what was going on here was open to the public, but I suspect it was not. I just wonder if this was before or after the public came through.

Tuesday, September 3, 2019

And I'd be concerned about the ones that are

from here (source article)

This kind of location data seems like a stalker gold-mine. You might be inclined to think that things are different for gay male hook-up culture, but gosh it seems to me that group has people after them too.

RFID rings

Product Page

RFID implants can open doors and unlock devices, and unlike a key card they don't need to be carried around, can't get lost or forgotten, and are generally just more convenient.

Some people are OK with getting chipped like livestock, or a pet, or inventory in a warehouse). Others might balk at the idea, since it's traditionally used for things that don't have agency or autonomy - and if it's associated with your job then having a symbol of your employer invading your body may be troubling. There's also the matter of it's relative permanence not being able to reflect your changing wishes (not unlike the problems with recording sexual consent on the blockchain).

Well, it just so happens there's a way to get similar convenience in a more socially acceptable package. There are many different varieties and styles from many different manufacturers (the above is just an example from the folks at Adafruit), and they are far more removable than anything embedded inside your body.

Monday, September 2, 2019

Best practice meets worst practice

from here

For all the good XKCD did in teaching people to use passphrases, they went and cancelled it out by using MD5 to hash them with. MD5 has been deprecated for over 20 years, and it was never good for passwords.

Thanks to Have I Been Pwned for raising awareness of both the breach and the bad practice.

Come and get it, porch pirates

found on I Can Has Cheezburger Animals

Anyone who's shitty enough to steal other people's packages deserves to get shit.

Friday, August 30, 2019

I forced a bot to read thousands of press releases ...

from here

It really is hard to believe the things they say in response to controversy have been written by an actual human.

You stole the wrong identity, buddy

found on Reddit

I don't know who originally wrote this, but congrats on finding identity theft kryptonite.

Thursday, August 29, 2019

Pull my other leg, Google

from here

Imagine being so tone deaf about tracking that you argue against what others are doing and what users are asking for, all the while apparently oblivious to your own perverse incentives. Of course Google believes tracking is good and necessary - they're paid to believe that.

CCTV Camera Cupcake Toppers

Product Page

Thankfully they aren't real cameras (though there certainly are some that small and even smaller). I guess they're only meant to remind you that someone might be watching so you better not pig out and eat them all.

Wednesday, August 28, 2019

You're holding it wrong

from here (source article)

You really got to wonder how Apple decided that a credit card you shouldn't put in your wallet or your jeans was ready to go to market. How out of touch can you get?

Now there's a job that could use some downsizing

found on The Art Of Trolling

Am I trolling by using a meme from The Art Of Trolling to suggest that being a troll is bad? It's certainly a bit meta, but I think there's a big difference between trolling and being a troll. It's a difference in commitment level. Anyone can perform a bit trolling now and again when there's either a justifiable reason for that kind of inflammatory behaviour or when it's genuinely harmless, but to it takes dedication to be a troll all the time. Being a professional troll (?) takes even that to the next level.

Tuesday, August 27, 2019

Scotty, we need more power!

from here (image source)

I suppose with the ever increasing power requirements of the cryptocurrency mining networks it was only a matter of time before someone got the bright idea of going directly to the source of electricity.

Puppy prison break

Watch on YouTube

One of the ways you can underestimate an adversary is failing to account for accomplices. Just because someone can't do a particular thing on their own doesn't mean they don't know someone who can help them.

Monday, August 26, 2019

The pigs can't be far behind

from here

To be perfectly honest, I think calling this hacking is a bit of a stretch (she was just using a password she previously had authorization to use), but I guess that's why I'm not in journalism.

Never gonna give up my privacy

found on Imgur

This is a pretty good example of a decoy. Imagine going that deep and finding nothing but Rick Astley - would you keep looking? I mean, sure, someone could do a search instead of just clicking on folders, but for those not smart enough to do that (like maybe your little brother/sister)  this may actually deter them from finding anything really private.

Friday, August 23, 2019

Pay no attention to those people behind the curtain

from here (image source one and two)

There are so many things listening to us these days, and apparently your kids' Xbox is one of them. That means you have to ask yourself, whether or not you're OK with devices sending your own conversations to unseen people for human review, are you really OK with that happening to your kids? And are you OK with it being done by a company so cavalier about that privacy violation that they don't even bother to adjust their practices to avoid bad PR?

Sir Fluffy, knight of the Coffee Table

found on Reddit

I'm sure it's not real. As good as cats may be at attacking, no one is going to rely on one to do battle.

Thursday, August 22, 2019

We're bound to get screwed

from here
Basically ALL Bluetooth devices could be tricked into using a 1 byte encryption key because the protocol designers were trying to comply with "international encryption regulations". 

This is probably what most encryption backdoors would wind up looking like if it became official policy. Most won't be coordinated with any government agency, they'll just some quick and dirty thing that gets jammed in with the hope that no one notices. If/when the Feds come knocking, the developers can just point to it and say there, use that.

Barriers can protect you from all sorts of things

found on Meme Base

Y'know what they say. If it looks stupid but it works, it's not stupid. Maybe I should try something like this the next time I'm cooking bacon.

Wednesday, August 21, 2019

Ransomware run amok

from here

After so many local governments have been hit, and especially 23 in one shot, the rest of them better start making backups or they're just being negligent. The trend seems pretty unmistakable. Local governments are targets. They need to prepare.

Thousands of people can in fact be wrong

found on Fredo & Pid'jin webcomic

The more people who use a particular password, the more likely some attacker will be able to get into their accounts by 'guessing' it. Popularity is not a good property for a password to have.

Be sure to check out Fredo & Pid'jin for more comics.

Tuesday, August 20, 2019

When the government (or your spouse) wants to know what's on your phone

from here and here (image source one, two, three, and four)

I remember when Face ID first came out everyone was in awe of it. Now it appears that it has an attack scenario not entirely dissimilar to this
found on Imgur

How to open a lock with a nut wrench

Watch on YouTube

You might have thought you needed special tools like bolt cutters to open a padlock without the key. Turns out, not so much.

Monday, August 19, 2019

Bobby Tables he ain't

from here

It was a clever trick, and I might have tried it myself if I'd thought of it, but thankfully having an example of what can go wrong when you register NULL as your vanity plate has disabused me of any notions that it might end well.

Seems to be going dark down there

found on Memedroid

Could incognito mode thwart the Feds? Maybe. There's certainly some question about whether they're willing to go deeper rather than just scratching the surface.

Friday, August 16, 2019

Good morning, campers

from here (image source)

Frankly, I find the idea of a face recognition infused summer camp to be horrifying, but not all that surprising. Our society affords even fewer rights and freedoms than it does adults.

No protection is perfect

found on Reddit

This sign outside The Little Shop Of Pleasures is technically correct (which is the best kind of correct), but on the other hand if a condom could protect you from a bus it probably wouldn't be much fun for what it's intended for.

Thursday, August 15, 2019

Ransomware makes me wannacry

Product Page
Product Page

I think I would have gone with a little less colour consistency (it looks more like a ransom note font than something someone actually cut&pasted together from magazine clippings), but it's definitely a clever turn of phrase. Also, you can get the design on a bunch of other things besides various articles of clothing.