 |
| from here |
This person targeting governments and embassies may not be caught yet, but I can't imagine it'll be long before they are.
Tuesday, April 30, 2019
When your OpSec is more like OoopsSec
This person targeting governments and embassies may not be caught yet, but I can't imagine it'll be long before they are.
Give 'em your heart, not your passwords
 |
| found on Meme Base |
Intimate partners are a difficult threat to mitigate because of the trusted access they have to you and your life. One thing they shouldn't need to be trusted with, however, is your personal passwords. The relationship should be able to function just fine without them accessing your accounts.
Monday, April 29, 2019
Well, technically it is data
 |
| found on The Chive |
We all hid things when we were kids. Some hide things as adults. Some are so good at hiding things and keeping them secret it's their job. I don't think that guy is one of them.
Friday, April 26, 2019
Always change the 'duh'-fault password
 |
| from here |
Just another reminder of how important it is to change the default password on your devices, whether that's your router or the GPS trackers you have installed in your fleet of cars.
They really don't trust that guy
 |
| found on Make A Meme |
Seems like these cameras must be focused on everywhere one person in particular might be seen. Maybe they should have invested in a motorized version that can be pointed in all sorts of different directions - or maybe just get rid of the problem person in the first place.
Thursday, April 25, 2019
A picture is worth a thousand logins
 |
| from here |
I used to bypass facial recognition with photographs all the time a couple decades ago. Supposedly there are ways of preventing that from happening now but apparently they don't always work.
Security theatre of the absurd
 |
| found on Reddit |
It's even funnier when you remember that this all takes place "under the sea".
Wednesday, April 24, 2019
I'm sure people without fingers would love gumprint recognition
 |
| from here (source article) |
People want so desperately to get rid of passwords that they'll grab onto anything, even garbage like this. Biometric authentication is complicated, and the worst enemy of security is complexity. That complexity makes it fragile, and that's not a good property for a security feature to have.
Leaking in a galaxy far, far away
 |
| found on Meme Base |
On the one hand, some people might like to send Wikileaks' Julian Assange to a galaxy far, far away, but on the other hand it would really spoil the story.
Tuesday, April 23, 2019
What could possibly go wrong?
 |
| from here |
Always be wary of advice to disable your AV. Unless it's causing a problem that's literally stopping you from using the computer, there should be another way to deal with the problem.
And if it is causing a problem that's preventing you from using the computer, only disable it for the few moments it takes to change whatever setting needs changing or uninstall whatever update needs uninstalling. You don't want to leave the door open to attackers too long and you certainly don't want to risk forgetting it's disabled.
They are still out there
 |
| found on Your Account Has Been Hacked |
With all news about large scale data breaches and governmental cyber-attacks, but the bottom of the barrel still exists. Don't focus so much on the things in the news that you forget about these guys.
Monday, April 22, 2019
Now where's B and A?
 |
| from here (image source) |
I just viewed some videos of how this thing works and it's actually pretty neat. It seems you can program in your own combination (something you can't do with traditional padlocks). As such, I fully expect an usually large proportion of the ones found in the wild can be opened with the Konami code or some variation thereof.
Terms of Service
 |
| found on Reddit |
People will give up their privacy pretty easily in exchange for something they need, but that isn't a reflection of how little they value their privacy, rather, it's often a reflection of how much they need the thing they're getting in exchange.
Friday, April 19, 2019
An accident, you say?
 |
| from here and here |
Facebook SAYS their collection of contact lists was unintentional, but how many of these accidents that benefit Facebook at our expense are we willing to believe in? At some point we have to realize that we're being played.
Are you trying to deter parking or reading?
 |
| found on the Art of Trolling |
TL;DR is not something you want people saying about your sign - especially if the sign is supposed to prevent something, because if it's Too Long and people Don't Read it then they aren't going to comply with it.
Thursday, April 18, 2019
Guess they didn't need a backdoor after all
 |
| from here |
I would like it very much if the EFF actually convinced Facebook to take their advice and stand up for the people, but this is Facebook we're talking about. Of course an abusive organization is going to let other abusive organizations run slipshod all over the general public. So long as it doesn't affect their bottom line, all they have to do is keep paying lip-service to privacy.
How many ways can we say it?
 |
| found on Secure World Expo |
I've got a special place in my heart for the "there is no cloud" meme. The repetition (even in spite of the variations) means it's working.
(and it gives me ideas)
Wednesday, April 17, 2019
A commercial said it so it must be true
 |
| found on Imgflip |
Even though there are viruses for the Mac (and there were even when that stupid commercial came out) there are still people who believe this malarkey. Apple's misguided marketing will do incalculable harm because there's no telling when or even if this false belief will ever end.
Tuesday, April 16, 2019
People still use WinRAR?
 |
| from here |
I've used WinRAR in the distant past, but I'll be honest, as soon as Windows started natively supporting ZIP files I stopped bothering with 3rd party compressed archive tools, and I would have thought a lot of other people would have too. So colour me surprised that there's both a large enough user base to support widespread exploitation but also a large enough user base to make criminals consider trying to exploit it in the first place.
Not all barriers are created equal
 |
| found on I Can Has Cheezburger Animals |
When you erect a barrier to stop an adversary, make sure you take into account what that adversary's capabilities are.
Monday, April 15, 2019
Who watches the watchers?
 |
| from here |
I don't know about you, but if I found a message like that inside anything I wouldn't know what to do. I'd be stunned and a little paranoid because it's actually kind of believable - especially when Facebook is involved.
So you thought you wanted to be a network administrator
 |
| found on Meme Generator |
When the VPN goes down, the admin doesn't need automated monitoring tools to alert him/her, because the users will do that. Each and every one of them.
Friday, April 12, 2019
Oh, it's not a secret, it's just "undisclosed"
 |
| from here |
As surveillance capitalism becomes more and more obvious, the application of old malware tricks in supposedly legit products becomes more and more apparent. No one would buy those eavesdropping IoT devices if they knew about the eavesdropping - which is the same basic approach trojan horse programs take (you wouldn't run it if you knew what it actually did instead or in addition to it's advertised behaviour).
And because no one would buy those eavesdropping IoT devices if they knew about it, technology vendors have to protect their ability to keep that sort of things secret. They're fighting for the right to turn their products into trojan horses.
Keep being skeptical
 |
| found on ELC Information Security |
When it comes to scams, being skeptical is one of your best defenses. That kid doesn't believe her and nor should he.
Thursday, April 11, 2019
Only cowards do it over the phone
 |
| from here |
This article doesn't say it in so many words, but the description of what Office Depot was doing is basically the same as a tech support scam. The most frustrating part of tech support scams is that I can't reach through the phone and throttle the person on the other end.
Wednesday, April 10, 2019
What could possibly go wrong?
 |
| from here |
How long have we been telling people not to stick strange USB devices into their computers? How many ways have we tried to say it? Not enough, apparently.
Face recognition: Convenient for whom?
 |
| found on Meme Center |
If your face unlocks your phone, how else are you supposed to prevent that from happening when you're asleep? This is both absurd and genius at the same time.
Tuesday, April 9, 2019
Tune in next year for the disappointing conclusion
 |
| from here |
Fool me once, shame on you. Fool me twice, shame on me. By now the date which the phone companies promised to stop selling phone location data has already passed, but after their previous behaviour I'm not inclined to believe it until it's verified by yet another investigation.
Pinch me, I'm dreaming
 |
| found on Meme Generator |
That doesn't happen very often, so make the most of it if/when it does.
Monday, April 8, 2019
Electronically exposed breasts
 |
| from here |
It seems RFID tags in breast implants (and other medical implants) have become fairly mainstream, but while we protect RFID-enabled cards and passports with RFID-blocking technology we don't seem to as interested as controlling the access to data from RFID implants. Surely broadcasting a unique identifier that's useful for tracking purposes has some kind of privacy implication.
Talk about the pot calling the kettle black
 |
| found on Meme Center |
Imagine being told by the company that leaked all 3 billion of their user accounts that your password isn't strong enough. Who are you to judge other people's security, Yahoo!?
Friday, April 5, 2019
Don't even ask about cookies
 |
| from here |
Even after all these years, it still bugs me that the meaning of the word "hacker" was corrupted to replace the word "cracker". I wish we could bring the word "cracker" back so that "hacker could shed the cracker-related stigma.
Thursday, April 4, 2019
And CRC32 is great for digital signatures
 |
| from here |
The stupid, it burns!
But seriously, there are real developers out there using BASE64 encoding as though it were encryption, and it is cringe-inducing.
Physical security is only half the battle
 |
| found on Reddit |
There's plenty of security lessons in the various Star Wars movies, and if you think about it the stories would be a lot less interesting if everyone were doing security properly.
Wednesday, April 3, 2019
Welcome to Phishbook
 |
| from here |
How abusive of users can Facebook get and still maintain it's dominance? At what point do we collectively say enough is enough? I mean demanding credentials for your email account will probably be blamed on some underling but it's completely on brand for Mr. "They trust me, dumb fucks" himself. This is the corporate equivalent of the abusive romantic partner who always says they'll change but they never do.
Tuesday, April 2, 2019
Wile E. Coyote would be proud
 |
| from here |
Sanitizing your inputs is important, even (especially) when you're making a self-driving car.
Some things just don't follow the rules
 |
| found on I Can Has Cheezburger |
Don't be too proud of the technological marvel you've constructed in your firewall rules. The ability to block a packet is insignificant next the power of the fire.
Subscribe to:
Posts (Atom)