Tuesday, April 30, 2019

When your OpSec is more like OoopsSec

from here

This person targeting governments and embassies may not be caught yet, but I can't imagine it'll be long before they are.

Give 'em your heart, not your passwords

found on Meme Base

Intimate partners are a difficult threat to mitigate because of the trusted access they have to you and your life. One thing they shouldn't need to be trusted with, however, is your personal passwords. The relationship should be able to function just fine without them accessing your accounts.

Monday, April 29, 2019

It's fine as long as we can't see your face, right?

from here (image source)

You've got to ask yourself, who installed this and thought it was OK?

Well, technically it is data

found on The Chive

We all hid things when we were kids. Some hide things as adults. Some are so good at hiding things and keeping them secret it's their job. I don't think that guy is one of them.

Friday, April 26, 2019

Always change the 'duh'-fault password

from here

Just another reminder of how important it is to change the default password on your devices, whether that's your router or the GPS trackers you have installed in your fleet of cars.

They really don't trust that guy

found on Make A Meme

Seems like these cameras must be focused on everywhere one person in particular might be seen. Maybe they should have invested in a motorized version that can be pointed in all sorts of different directions - or maybe just get rid of the problem person in the first place.

Thursday, April 25, 2019

A picture is worth a thousand logins

from here

I used to bypass facial recognition with photographs all the time a couple decades ago. Supposedly there are ways of preventing that from happening now but apparently they don't always work.

Security theatre of the absurd

found on Reddit

It's even funnier when you remember that this all takes place "under the sea".

Wednesday, April 24, 2019

I'm sure people without fingers would love gumprint recognition

from here (source article)

People want so desperately to get rid of passwords that they'll grab onto anything, even garbage like this. Biometric authentication is complicated, and the worst enemy of security is complexity. That complexity makes it fragile, and that's not a good property for a security feature to have.

Leaking in a galaxy far, far away

found on Meme Base

On the one hand, some people might like to send Wikileaks' Julian Assange to a galaxy far, far away, but on the other hand it would really spoil the story.

Tuesday, April 23, 2019

What could possibly go wrong?

from here

Always be wary of advice to disable your AV. Unless it's causing a problem that's literally stopping you from using the computer, there should be another way to deal with the problem.

And if it is causing a problem that's preventing you from using the computer, only disable it for the few moments it takes to change whatever setting needs changing or uninstall whatever update needs uninstalling. You don't want to leave the door open to attackers too long and you certainly don't want to risk forgetting it's disabled.

They are still out there

found on Your Account Has Been Hacked

With all news about large scale data breaches and governmental cyber-attacks, but the bottom of the barrel still exists. Don't focus so much on the things in the news that you forget about these guys.

Monday, April 22, 2019

Now where's B and A?

from here (image source)

I just viewed some videos of how this thing works and it's actually pretty neat. It seems you can program in your own combination (something you can't do with traditional padlocks). As such, I fully expect an usually large proportion of the ones found in the wild can be opened with the Konami code or some variation thereof.

Terms of Service

found on Reddit

People will give up their privacy pretty easily in exchange for something they need, but that isn't a reflection of how little they value their privacy, rather, it's often a reflection of how much they need the thing they're getting in exchange.

Friday, April 19, 2019

An accident, you say?

from here and here

Facebook SAYS their collection of contact lists was unintentional, but how many of these accidents that benefit Facebook at our expense are we willing to believe in? At some point we have to realize that we're being played.

Are you trying to deter parking or reading?

found on the Art of Trolling

TL;DR is not something you want people saying about your sign - especially if the sign is supposed to prevent something, because if it's Too Long and people Don't Read it then they aren't going to comply with it.

Thursday, April 18, 2019

Guess they didn't need a backdoor after all

from here

I would like it very much if the EFF actually convinced Facebook to take their advice and stand up for the people, but this is Facebook we're talking about. Of course an abusive organization is going to let other abusive organizations run slipshod all over the general public. So long as it doesn't affect their bottom line, all they have to do is keep paying lip-service to privacy.

How many ways can we say it?

found on Secure World Expo

I've got a special place in my heart for the "there is no cloud" meme. The repetition (even in spite of the variations) means it's working.

(and it gives me ideas)

Wednesday, April 17, 2019

I've heard of fake faceplates before but this is ridiculous

from here (image source)

I wonder if Brian Krebs has covered this style of ATM skimmer.

A commercial said it so it must be true

found on Imgflip

Even though there are viruses for the Mac (and there were even when that stupid commercial came out) there are still people who believe this malarkey. Apple's misguided marketing will do incalculable harm because there's no telling when or even if this false belief will ever end.

Tuesday, April 16, 2019

People still use WinRAR?

from here

I've used WinRAR in the distant past, but I'll be honest, as soon as Windows started natively supporting ZIP files I stopped bothering with 3rd party compressed archive tools, and I would have thought a lot of other people would have too. So colour me surprised that there's both a large enough user base to support widespread exploitation but also a large enough user base to make criminals consider trying to exploit it in the first place.

Not all barriers are created equal

found on I Can Has Cheezburger Animals

When you erect a barrier to stop an adversary, make sure you take into account what that adversary's capabilities are.

Monday, April 15, 2019

Who watches the watchers?

from here

I don't know about you, but if I found a message like that inside anything I wouldn't know what to do. I'd be stunned and a little paranoid because it's actually kind of believable - especially when Facebook is involved.

So you thought you wanted to be a network administrator

found on Meme Generator

When the VPN goes down, the admin doesn't need automated monitoring tools to alert him/her, because the users will do that. Each and every one of them.

Friday, April 12, 2019

Oh, it's not a secret, it's just "undisclosed"

from here

As surveillance capitalism becomes more and more obvious, the application of old malware tricks in supposedly legit products becomes more and more apparent. No one would buy those eavesdropping IoT devices if they knew about the eavesdropping - which is the same basic approach trojan horse programs take (you wouldn't run it if you knew what it actually did instead or in addition to it's advertised behaviour).

And because no one would buy those eavesdropping IoT devices if they knew about it, technology vendors have to protect their ability to keep that sort of things secret. They're fighting for the right to turn their products into trojan horses.

Keep being skeptical

found on ELC Information Security

When it comes to scams, being skeptical is one of your best defenses. That kid doesn't believe her and nor should he.

Thursday, April 11, 2019

Only cowards do it over the phone

from here

This article doesn't say it in so many words, but the description of what Office Depot was doing is basically the same as a tech support scam. The most frustrating part of tech support scams is that I can't reach through the phone and throttle the person on the other end.

I used to have important data, but...

found on Imgur

Wednesday, April 10, 2019

What could possibly go wrong?

from here

How long have we been telling people not to stick strange USB devices into their computers? How many ways have we tried to say it? Not enough, apparently.

Face recognition: Convenient for whom?

found on Meme Center

If your face unlocks your phone, how else are you supposed to prevent that from happening when you're asleep? This is both absurd and genius at the same time.

Tuesday, April 9, 2019

Tune in next year for the disappointing conclusion

from here

Fool me once, shame on you. Fool me twice, shame on me. By now the date which the phone companies promised to stop selling phone location data has already passed, but after their previous behaviour I'm not inclined to believe it until it's verified by yet another investigation.

Pinch me, I'm dreaming

found on Meme Generator

That doesn't happen very often, so make the most of it if/when it does.

Monday, April 8, 2019

Electronically exposed breasts

from here

It seems RFID tags in breast implants (and other medical implants) have become fairly mainstream, but while we protect RFID-enabled cards and passports with RFID-blocking technology we don't seem to as interested as controlling the access to data from RFID implants. Surely broadcasting a unique identifier that's useful for tracking purposes has some kind of privacy implication.

Talk about the pot calling the kettle black

found on Meme Center

Imagine being told by the company that leaked all 3 billion of their user accounts that your password isn't strong enough. Who are you to judge other people's security, Yahoo!?

Friday, April 5, 2019

Don't even ask about cookies

from here

Even after all these years, it still bugs me that the meaning of the word "hacker" was corrupted to replace the word "cracker". I wish we could bring the word "cracker" back so that "hacker could shed the cracker-related stigma.

Don't leave yourself exposed

found on Memedroid

Thursday, April 4, 2019

And CRC32 is great for digital signatures

from here

The stupid, it burns!

But seriously, there are real developers out there using BASE64 encoding as though it were encryption, and it is cringe-inducing.

Physical security is only half the battle

found on Reddit

There's plenty of security lessons in the various Star Wars movies, and if you think about it the stories would be a lot less interesting if everyone were doing security properly.

Wednesday, April 3, 2019

Welcome to Phishbook

from here

How abusive of users can Facebook get and still maintain it's dominance? At what point do we collectively say enough is enough? I mean demanding credentials for your email account will probably be blamed on some underling but it's completely on brand for Mr. "They trust me, dumb fucks" himself. This is the corporate equivalent of the abusive romantic partner who always says they'll change but they never do. 


found on I Can Has Cheezburger Animals

Tuesday, April 2, 2019

Wile E. Coyote would be proud

from here

Sanitizing your inputs is important, even (especially) when you're making a self-driving car.

Some things just don't follow the rules

found on I Can Has Cheezburger

Don't be too proud of the technological marvel you've constructed in your firewall rules. The ability to block a packet is insignificant next the power of the fire.