Monday, July 15, 2019

How not to implement the "Forgot Password" feature

from here

This Japanese 7-Eleven security incident is a great example of why idiot-proof systems aren't good enough anymore. You need to make them asshole-proof too.

What not to take to the airport

found on Izismile

This woman is going to get secondary screening, tertiary screening, and then whatever screening comes after that. That bag seems tailor made for causing problems at airports.

Friday, July 12, 2019

ZIP files and BAT files and DLLs - Oh my!

from here

I understand that technical jargon can be tough sometimes because it doesn't mean anything unless you're steeped in the technical minutia of the field in question - but fileless malware is just bad jargon.

A layperson looks at the word and then looks at what the word is being used to describe, and you know what they'll think? They'll think "No. This can't be the right word. There must be some mistake. That's not what this word means." This isn't a problem of the word being abstract, it's a problem of the word being too basic and too well defined outside of the field, and that definition contradicting how it's used inside the field.

Somebody came up with this term (turd), and they did a bad job. I understand that there may be a need for a word to encode the concept, but this is not that word, you need to go back to the drawing board.

Eureka! We've solved the problem!

originally tweeted by Joe Schmoe

Thanks to Joe Schmoe for this meme showing how antivirus vendors can really get that much sought-after property of having no false positives.

Thursday, July 11, 2019

Hang in there, $10s and $20s

from here

Using an hydraulic spreader to open ATMs is a pretty clever trick. Buying the thing on eBay is even better. Who needs shady dark web marketplaces when you've got eBay?

Robo Botnet T-Shirt


Product Page

This is rather nice design depicting sick laptops under the marionette-like control of an evil figure. Not a bad characterization of a botnet, all things considered, and it's not just on shirts, but also mugs, hats, ties, etc.

The designer also has some good designs for other security concepts too. Definitely check out their work.

Wednesday, July 10, 2019

It's not a bug, it's a feature

from here

Apparently if enough people complain, that feature turns back into a bug.

Airport Security Personnel - Not even dogs have faith in them

found on I Can Has Cheezburger Animals

You'd think that the airport, of all places, would be once place where that poor dog could let it's guard down. The dog knows better, though, and now at least that soldier can honestly say his luggage was never left unattended.

Tuesday, July 9, 2019

How not to be prepared for cyber-criminals

from here

I mean, as time goes on, the inmates are increasingly going to come in already knowing this stuff, so banning books is not a long term solution.

I see locks in Houdini's future


Watch on YouTube

Houdini is a cute dog, but if he's going to live up to his name he's going to have to keep escaping even when locks are used.

And if Houdini's owners want that enclosure to actually be useful for something, they're going to have to start using locks.

Monday, July 8, 2019

What's the worst thing they could change the license plate to?

from here

It's one thing to stick a computer into an appliance (maybe the computer can make the appliance function better?), but sticking a computer into something that used to just be a hunk of metal with a code painted on it? Digital license plates feel like the Internet of Things (which is already questionable as it is) jumping the shark.

Look who's attacking now

found on Memedroid

From time to time, collective effort can in fact turn the tables on an aggressor.

Friday, July 5, 2019

So that's how much they trust it

from here

This Faraday cage for your key fob is one of the worst indictments of keyless entry I've seen. Sure it makes things more convenient for you. It makes things more convenient for thieves too.

The real FBI will log you without telling you

found on Memebase

The party on top is probably not the FBI, but you never know when the FBI is really logging you so it's probably good to get that warning from time to time as a reminder.

Thursday, July 4, 2019

You've just been Alexized

from here and here

Do you understand the (lack of) privacy rights as I have read them to you?

Alexa is always listening and Amazon keeps the recordings forever. How free do you feel now?

I figure if pervasive surveillance is like imprisonment then there should be an analog to the Miranda rights that get read to who are arrested and about to be imprisoned.

Telepresent pen-testing


Watch on YouTube

Leave a demo telepresence robot open to the Internet and you should expect some random person to find a vulnerability in the physical security of the demo space and penetrate the office's security from the inside out.

Clearly, even though the robot has no hands, the door should have been locked.

Wednesday, July 3, 2019

No security alerts for you

from here

A/V (audio visual) is certainly not the same as AV (antivirus), but I suppose disabling either one will stop the user from seeing those pesky warnings.

They have no idea who they're dealing with

found on Memedroid

These days people equate being anonymous with hacking (in part because of the group named anonymous) but if all it takes to make you think someone is a hacker is wearing a funny mask or changing accounts then the bar is set incredibly low.

Tuesday, July 2, 2019

'Unhackable' computer is patently absurd

from here

It's amazing to me that the patent office granted this guy a patent for an unhackable computer. It's clearly snake-oil. Claiming something is unhackable has never worked out in the past. Ever.

Run VPN T-Shirt ('cuz it's tricky)

Product Page

It took a moment for this Run VPN design to click. It's been a long time since I've heard any Run DMC. I wonder if the designer considered the "It's Tricky" angle when they were making this design extolling the importance of running a VPN.

Monday, July 1, 2019

Hopefully the crooks get their just desserts

from here

Thanks to Zach Whittaker for raising awareness about the incident, though it took me a bit to find anything else about it online.

They'll sniff out the contraband

found on I Can Has Cheezburger

Remember to show them plenty of respect and don't act aggressively.

Friday, June 28, 2019

They don't call them duh-fault passwords for nothing

from here

I'm struck by how much the description of this 14 year old and his actions reminds me of virus writers from the 90's.

Somebody somewhere is going to be phishing for those credentials

found on Imgur

I could maybe see a vending machine, but an ATM? I hope they realize this will likely spawn new types of crime.

Thursday, June 27, 2019

Who wants to be a millionaire?

from here

The second payout in a week and the total is already over $1,000,000. This might be an opportune time for people with backup solutions to start talking to cities in Florida - they're all probably being targeted now, and it would be better to pay a legitimate backup provider than to pay criminals.

What hacking looked like in 80's movies


Watch on YouTube

As good as some of those movies were, it's hard to take the hacking scenes seriously now. That said, even now there aren't many accurate depictions in the movies or even on TV. Maybe it will get better in the future, but damn, it's already been 30 years.

Wednesday, June 26, 2019

Maybe do it overnight

from here

I wonder what other misinterpretations a technologically impaired user could come up with for common security jargon.

Protect your privacy for everyone's benefit

found on Don't Panic

There are things you may not want other people to see or hear, and guess what? They don't want to see or hear them either. Don't just protect your privacy for yourself, but for everyone else too.

Tuesday, June 25, 2019

Fingered by a thumb drive

from here

You'd think members of Anonymous would have good enough OpSec sense to know that you leave your personal belongings at home when you're out committing crimes. Apparently not everyone got the memo.

A secret compartment for him

Product Page

Y'know, I've seen quite a few secret compartment gadgets, but more often than not they seem better suited to the ladies than to men. This UroClub is definitely for the guys, though, and as laughable and ill-conceived as it may be, it actually serves to provide a bit of privacy in a situation where privacy may be hard to come by.

That being said, I don't know why this device bothers to store the liquid (what a thing to smuggle?!) rather than having a channel that goes all the way down to the ground, and I don't know why guys who had the foresight to have one of these on hand wouldn't just use that foresight to wear an adult diaper (which can be used in a much wider variety of situations).

Monday, June 24, 2019

Apparently that's now how they work

from here

While the news article does explain the theory about how the technology is supposed to work, it sounds laughably like snake-oil to me. I wouldn't trust anything short of a metal cage to protect me from a shark, until such time other effective preventative measures become well known and common place.

The fighting sixty nine year olds

found on The Meta Picture

Y'know, if cranky old men want to fight, I say ... let them fight.

Friday, June 21, 2019

Open wide...

from here

The traditional wisdom might be that you should be grateful of a gift rather than inspect it too closely, but in this day and age, when the Internet puts countless victims at a crooks fingertips, it might be wiser to exercise and abundance of caution.

A bear-y effective deterrent


Watch on YouTube

Does a bear shit in the woods? Sure, but he'll shit on your front lawn too if that's where you happen to scare the crap out of him.

I can't fault the bear here. I would probably react the same way under the circumstances.

Thursday, June 20, 2019

Because that wouldn't stand out at all

from here (source article)

It does seem a little weird to see camouflage embraced as a trend with zero regard for what it's actually meant for. It's one thing to apply a  security measure mindlessly, but it's something else to apply a security measure without even thinking about security.

I wonder what the bouquet would look like.

Who blocks the ad blockers?

found on Reddit

As ad blocking becomes more and more mainstream, sites that block ad blocking are going to see their relevance dwindle into nothingness. Even ignoring the security risks of lowering your guard, the content is virtually never worth the annoyance of being bombarded with ads.

Wednesday, June 19, 2019

Someone didn't learn the rules

from here

If you're going to invest in a company like NSO Group, you've got to expect some backlash - especially when your supposed values are in conflict with those of NSO and their customers.

I think it needs a DLL injection

found on I Can Has Cheezburger Animals

I wonder if anyone has ever set up shop installing/updating people's antivirus software - literally a clinic you take your computer to for it's shots.

Tuesday, June 18, 2019

Hopefully they can quarantine awful shows while they're at it

from here

Virus-scanning all the things is the price of "Smart" technology. All general purpose computers support viruses, and the people making smart devices are putting general purpose computers in them because it's cheaper to put a general purpose computer in a special purpose box than it is to create a special purpose computer. Samsung was just trying to accept the reality of the situation when they told people to scan their sets.

If you could only save one...

found on Imgur

If you could only save one, you might choose differently. It's all about what your values are.

Monday, June 17, 2019

The policy is a lie

from here

When the same department that likely wrote Facebook's privacy policy argues users have no reasonable expectation of privacy, it's hard not to imagine some kind of shenanigans are going on. Is it a self-own? Are they painting themselves into a corner by admitting (or at least implying) fraud? I sure hope the plaintiffs in the case capitalize on this, because I think it would be hilarious to catch Facebook's lawyers with their pants down.

When your security needs complete covfefe

found on Better Meme

As a general rule, firewalls do not stop viruses. They may block certain types of network worms, which are considered by some to be part of the viral set, but there's still plenty of viral malware outside the scope of what firewalls do.

Friday, June 14, 2019

It's a shitty thing to do either way

from here

It's quite the double standard. It's almost as if people feel like what happens online isn't real, even though the data gathered there can affect your reputation, your job, your credit, your bank account, etc.

The real world runs on information, and the online world is full of it.

Something's broken alright

found on Meme Generator

This can be a theoretical problem with an encryption algorithm, but in practice you should be using a well designed cryptosystem that takes this issue into account and includes a solution (such as message authentication codes).

Not knowing that is one of the reasons most people shouldn't be rolling their own crypto.

Thursday, June 13, 2019

Advances in tin can telephones

from here

So it turns out that sometime in the past, Coca Cola got it in their heads to give out promotional surveillance cans. It seems some folks who like to maintain secrecy had some concerns about that.
[sarcasm]I can't imagine why.[/sarcasm]

If your handcuffs do this, you need better handcuffs


Watch on YouTube

You'd think that the authorities would actually be equipped to detain a murder suspect. It seems sometimes you'd be wrong.

Wednesday, June 12, 2019

The TSA took your granny away-ay

from here

Who does this to a granny, especially on Mother's Day? Not even getting your career from a pizza box explains this kind of behaviour.

They also get less spam and malware

found on Fail Blog

The best online safety is to not be online at all, but that's easier said than done.

Tuesday, June 11, 2019

Thoughts and prayers

from here

However bad things might be, don't put prayers in your passwords, especially if you're one of the cyber-security experts for an entire country - you're supposed to know better.

We Take Your Privacy T-Shirt

Product Page

I think the person who made this design just showed us the proper way to read those privacy platitudes we hear so often from organizations that want us to trust them with our data. All those statements telling us they take our privacy seriously? Yeah, just cross off the "seriously" part and it makes the statement much more true.

Monday, June 10, 2019

Maybe it stopped him from not chewing

from here (image source)

The trick to making an effective deterrent is to make the thing you want to deter against appear unpalatable. As a kid, the cuffs of my pants were treated with hot sauce to deter the dog from grabbing them and yanking on them. It was not effective. I think some dogs are too dumb to be deterred.

Windows Update, could you not?

found on Imgur

As important as security updates are, if they keep being applied in an obnoxious fashion people are eventually going to find a way to block them.