Thursday, January 31, 2019

Another reason to take a dim view of smart bulbs

from here

Smart light bulbs that store your WiFi password are kind of problematic. When you throw it out it still remembers that password and other people may be able to retrieve it. Obviously that isn't ideal, but that's a symptom of a bigger problem. Many (maybe all) smart devices are going to remember your WiFi password and we are introducing them into an established culture of disposable consumerism, where old things are regularly thrown out and replaced with new ones. I freely admit that I never really appreciated the problem of security waste (forget e-waste, now we'll have s-waste) before, but as more and more things become smart, our garbage will contain more and more of our passwords. That's a disturbing attack surface. I don't know if we're really ready for the consequences of the Internet of Disposable Things.

But I thought Macs were safe

found on QuickMeme

The myth that Macs don't get malware has been particularly pernicious, in part because Apple has actively promoted the idea for a long time. You don't want to find this out the hard way but they do actually get malware, there's just less of it going around.

Wednesday, January 30, 2019

Show me the money, Facebook

from here

Everyone seems to be wringing their hands about Facebook paying teens to spy on them and I'm over here wondering how I can get paid for something Facebook is going to do regardless. I mean, if stopping Facebook from spying were on the table, I would definitely choose that, but since it's not, I gotsta get paid.

Ancient Internet Proverb

found on ImgFlip

Tuesday, January 29, 2019

Don't call me, maybe

from here

So apparently there's a bug in Facetime that lets people calling you hear what's going on on your end before you even answer the call. Ooops! Apparently Apple has already temporarily disabled Group Facetime in order to stop people from exploiting this vulnerability while they prepare a fix, but the script kiddies are still going to try it because word of the vulnerability will almost certainly spread farther and faster than word of Apple neutering it.

The history of spamming

found on ImgFlip

If you've ever wondered how a brand of canned meat came to be associated with annoying, repetitive junk mail, look no further than Monty Python.

Monday, January 28, 2019

You'd expect them to be a little more... secure

from here

I know that securities and security aren't the same thing (and that the SEC doesn't actually exchange things), but still, when you have security (or some derivative) in your name, you should try to be a little more secure. Also, of all the governmental agencies that need to be secure, the SEC is pretty high on the list because the data they deal with is clearly quite valuable.

When you don't know your enemy

found on Imgur

I could say that you should know your enemy the way Sun Tzu teaches, but honestly, if you're some lowlife invading homes of old people, by all means skip that lesson and get your teeth knocked in.

Friday, January 25, 2019

Bank-grade security

from here

Although it wasn't a bank, per se, that was fingered in this article, it was definitely a bank (or banks) that outsourced to the offending company. It's still the responsibility of the bank to keep that data safe and secure and clearly they didn't do that.

Why you should never set foot in a meth house


Watch on YouTube

Apparently there are all sorts of creative and very harmful traps to be found in meth houses. This is just one example.

Thursday, January 24, 2019

Hoist by his own petard

from here

It appears a malware writer working for a nation state made a bit of an OpSec faux pas.

Just another reason why you should maybe leave spying to the actual spies. I mean, testing software is good, but testing it on yourself?

(File) Sharing is (s)caring

found on Know Your Meme

While it was certainly possible to use P2P file sharing apps like Limewire without infesting your computer with malware, it was rather easy to fail if you weren't careful, and being careful meant more than just running an anti-virus program.

Wednesday, January 23, 2019

And that's just the way trojan makers like it

from here

If people paid as much attention to non-viral malware as they do to viral malware, I'm not sure what cybercrooks would do, but I'm reasonably sure they wouldn't be happy about it.

Nobody's completely immune to trickery

found on Imgur

Nobody is perfect. Everybody gets fooled some of the time.

Monday, January 21, 2019

Smart devices will rat you out

from here

Apparently some crooks are more health conscious than they are OpSec conscious. Fitness gadgets are notorious for being glorified tracking devices. I don't want to tell criminals how to do their jobs (I don't want to make it harder for the cops to catch them) but this hitman with a GPS watch should be an object lesson.

So ... we should all wear masks?

found on The Happy Hooded Hacker

I don't know about you but when I see "How to..." followed by a picture, I generally think it's a depiction of what we're supposed to do - an example to follow. I suppose masking ourselves in a somewhat less literal sense can be useful at preventing identity theft, but I think the only thing an actual mask is going to stop is facial recognition (and you might want a mask that covers a bit more than that).

Friday, January 18, 2019

Detection isn't always enough

from here (image source)

Sometimes detecting the intrusion is the easy part. Sometimes it doesn't help correct the situation at all. That's what people in an Alaskan hospital discovered when a moose wandered inside.

Kinda makes you wonder about intrusion detection systems, doesn't it.

It's a trap!

found on I Can Has Cheezburger

Someone almost got their feet shredded, by the looks of it.

Thursday, January 17, 2019

Beware the scales of justice

from here (image source)

A guard dog is one thing. I think this might scare off more crooks, though.

Maybe you should look a gift horse in the mouth

found on Izismile

The people of Troy could have used some of that insight, Tyler.

Wednesday, January 16, 2019

Update Insanity: Rebooting multiple times and expecting different results

from here

You have to wonder what Microsoft expects from subsequent reboots that it doesn't get from the first one.

Maybe we should have gotten a working cat instead of a working group

found on I Can Has Cheezburger

For all the good the working group did, the worm is still prevalent in the wild 10 years later. Maybe the cat can do what the working group couldn't.

Tuesday, January 15, 2019

How to tell when a cyber-criminal has OCD

from here

It's weird when someone returns part of the money they stole, but when that makes the remainder a nice round number, I can't help but think they cared more about the look of the number than they did the actual money.

It's certainly not going to reduce the sentence when they get caught.

Attribution is hard

found on Funny Junk

Just because a particular narrative for what you think happened sounds plausible, doesn't mean that's what actually happened.

Monday, January 14, 2019

And it's even designed for when things 'go dark'

from here (source article)

Ring, ring, ring, ring, ring, ring, ring, surveillance phone.

I'm sure it's just a coincidence that an object commonly criticized for being a tracking device you can make calls on (aka a cell phone) has mirrored the Intelligence Community on a number of points, including the fact that we wouldn't even know about it right now if it hadn't been for a leak. Talk about going the extra mile.... for a coincidence.

If you're lonely and you know it, take the call

found on Imgur

What's sad is that some people will take the call anyway because of exactly that reason.

Friday, January 11, 2019

Pay no attention to the abandoned building they're taking you to

from here

Trading situational awareness for entertainment in an environment you inherently can't trust is a terrible idea.

Lock pick earrings

product page

For the gal who doesn't quite have everything yet. It's a great design. Aside from the appearance, with a tension wrench on each one you won't have to take anything apart to use them.

Too bad I can't accessorize like that.

Thursday, January 10, 2019

Facebook, meet percussive privacy

from here

The Facebook app is undeleteable you say? I can fix that with a simple hammer.

Trolling the TSA

found on the Art of Trolling

"Look out! He's got a 'weapon' and it's fully 'loaded'."

It may be satire, but if there's anyone who deserves to be made uncomfortable like that it's the TSA.

Wednesday, January 9, 2019

Plaintext isn't any kind of data protection I ever heard of

from here

Hundreds of millions of passport numbers breached, and it turns out they were not encrypted. At some point we really have to start considering these monumental lapses a form of negligence that businesses and other organizations can be held accountable for.

You can ask but that doesn't mean you get

found on Izismile

The first step in remaining anonymous is not telling your name to people who don't appear to understand what anonymous means.

Tuesday, January 8, 2019

Revenge of the Nerds: Swirlie Edition

from here (source article)

The more engaging a smart device is, the more valuable the data that can be mined from it. I can only suppose the folks at Kohler were so focused on mining the shit out of your shitter and plumbing the depths of your doodie that it never occurred to them that being immersed in a toilet might not seem as enjoyable as they intended.

Camouflage can't protect you from everything

found on Funny Junk

Camouflage certainly won't protect you if you hold up a big target inviting people to attack you.

Monday, January 7, 2019

Cutting off your nose to spite your face

from here

If you value security, you need to pay the people who carry out security work. If they don't get paid, they eventually stop working, just as hundreds of TSA personnel are transitioning towards. Virtually no one can afford to work unpaid long term.

A good disguise makes the infiltration go quackly

found on Imgur

And a bad disguise is pure quackery.

Would the ducks buy it? They are bird brains, after all.

Friday, January 4, 2019

Pay no attention to the malware behind the curtain

from here

It seems like Apple hasn't yet grown out of that old habit of pretending their users have nothing to worry about. They're taking action to mitigate threats without informing anyone and in the process leaving the people their efforts can't reach out in the cold.

What kind of dope would fall for ... oh

found on Meme Base

What kind of dope would fall for it? Maybe the kind that's high as fuck right now.

Thursday, January 3, 2019

Have you ever been so unaware of your surroundings...

from here

Dumb criminals are always worth a chuckle or two.

Nothing is completely secure

found on Izismile

Maybe they could do better, but their primary focus (in theory) is on protecting passengers, not passengers' property. You have to focus on something, you can't protect everything. If they split their efforts to protect property then when something happens to passengers (and it will) the question would be why those resources were squandered on protecting 'things' instead of people.

Wednesday, January 2, 2019

What's good for the goose is when the feds take a gander

from here and here

There's a certain irony in the government trying to maintain the secrecy of their efforts to get into our secrets. We don't yet know what legal arguments the Department of Justice used to try and get into Facebook Messenger's encrypted messages, but hopefully the ACLU will get the details unsealed.

Or at least no one you know

found on Izismile

Well, it is essentially asking you to pretend no one is watching, so I guess this is a test of your imagination

Tuesday, January 1, 2019

Happy "I don't know if this is really your birthday" day

from here

You either tell sites the truth and hope attackers are clever enough to think you're lying, or you tell sites a lie and hope your friends are clever enough to remember the truth.

Virus check now, spell check later

found on Meme Base

What's really demotivating is that if you can spot the spelling errors then you probably think it's too ridiculous to bother reporting it, but if you can't spot them then you probably think it's legit.

And it's probably designed that way.