Friday, April 19, 2019

An accident, you say?

from here and here

Facebook SAYS their collection of contact lists was unintentional, but how many of these accidents that benefit Facebook at our expense are we willing to believe in? At some point we have to realize that we're being played.

Are you trying to deter parking or reading?

found on the Art of Trolling

TL;DR is not something you want people saying about your sign - especially if the sign is supposed to prevent something, because if it's Too Long and people Don't Read it then they aren't going to comply with it.

Thursday, April 18, 2019

Guess they didn't need a backdoor after all

from here

I would like it very much if the EFF actually convinced Facebook to take their advice and stand up for the people, but this is Facebook we're talking about. Of course an abusive organization is going to let other abusive organizations run slipshod all over the general public. So long as it doesn't affect their bottom line, all they have to do is keep paying lip-service to privacy.

How many ways can we say it?

found on Secure World Expo

I've got a special place in my heart for the "there is no cloud" meme. The repetition (even in spite of the variations) means it's working.

(and it gives me ideas)

Wednesday, April 17, 2019

I've heard of fake faceplates before but this is ridiculous

from here (image source)

I wonder if Brian Krebs has covered this style of ATM skimmer.

A commercial said it so it must be true

found on Imgflip

Even though there are viruses for the Mac (and there were even when that stupid commercial came out) there are still people who believe this malarkey. Apple's misguided marketing will do incalculable harm because there's no telling when or even if this false belief will ever end.

Tuesday, April 16, 2019

People still use WinRAR?

from here

I've used WinRAR in the distant past, but I'll be honest, as soon as Windows started natively supporting ZIP files I stopped bothering with 3rd party compressed archive tools, and I would have thought a lot of other people would have too. So colour me surprised that there's both a large enough user base to support widespread exploitation but also a large enough user base to make criminals consider trying to exploit it in the first place.

Not all barriers are created equal

found on I Can Has Cheezburger Animals

When you erect a barrier to stop an adversary, make sure you take into account what that adversary's capabilities are.

Monday, April 15, 2019

Who watches the watchers?

from here

I don't know about you, but if I found a message like that inside anything I wouldn't know what to do. I'd be stunned and a little paranoid because it's actually kind of believable - especially when Facebook is involved.

So you thought you wanted to be a network administrator

found on Meme Generator

When the VPN goes down, the admin doesn't need automated monitoring tools to alert him/her, because the users will do that. Each and every one of them.

Friday, April 12, 2019

Oh, it's not a secret, it's just "undisclosed"

from here

As surveillance capitalism becomes more and more obvious, the application of old malware tricks in supposedly legit products becomes more and more apparent. No one would buy those eavesdropping IoT devices if they knew about the eavesdropping - which is the same basic approach trojan horse programs take (you wouldn't run it if you knew what it actually did instead or in addition to it's advertised behaviour).

And because no one would buy those eavesdropping IoT devices if they knew about it, technology vendors have to protect their ability to keep that sort of things secret. They're fighting for the right to turn their products into trojan horses.

Keep being skeptical

found on ELC Information Security

When it comes to scams, being skeptical is one of your best defenses. That kid doesn't believe her and nor should he.

Thursday, April 11, 2019

Only cowards do it over the phone

from here

This article doesn't say it in so many words, but the description of what Office Depot was doing is basically the same as a tech support scam. The most frustrating part of tech support scams is that I can't reach through the phone and throttle the person on the other end.

I used to have important data, but...

found on Imgur

Wednesday, April 10, 2019

What could possibly go wrong?

from here

How long have we been telling people not to stick strange USB devices into their computers? How many ways have we tried to say it? Not enough, apparently.

Face recognition: Convenient for whom?

found on Meme Center

If your face unlocks your phone, how else are you supposed to prevent that from happening when you're asleep? This is both absurd and genius at the same time.

Tuesday, April 9, 2019

Tune in next year for the disappointing conclusion

from here

Fool me once, shame on you. Fool me twice, shame on me. By now the date which the phone companies promised to stop selling phone location data has already passed, but after their previous behaviour I'm not inclined to believe it until it's verified by yet another investigation.

Pinch me, I'm dreaming

found on Meme Generator

That doesn't happen very often, so make the most of it if/when it does.

Monday, April 8, 2019

Electronically exposed breasts

from here

It seems RFID tags in breast implants (and other medical implants) have become fairly mainstream, but while we protect RFID-enabled cards and passports with RFID-blocking technology we don't seem to as interested as controlling the access to data from RFID implants. Surely broadcasting a unique identifier that's useful for tracking purposes has some kind of privacy implication.

Talk about the pot calling the kettle black

found on Meme Center

Imagine being told by the company that leaked all 3 billion of their user accounts that your password isn't strong enough. Who are you to judge other people's security, Yahoo!?

Friday, April 5, 2019

Don't even ask about cookies

from here

Even after all these years, it still bugs me that the meaning of the word "hacker" was corrupted to replace the word "cracker". I wish we could bring the word "cracker" back so that "hacker could shed the cracker-related stigma.

Don't leave yourself exposed

found on Memedroid

Thursday, April 4, 2019

And CRC32 is great for digital signatures

from here

The stupid, it burns!

But seriously, there are real developers out there using BASE64 encoding as though it were encryption, and it is cringe-inducing.

Physical security is only half the battle

found on Reddit

There's plenty of security lessons in the various Star Wars movies, and if you think about it the stories would be a lot less interesting if everyone were doing security properly.

Wednesday, April 3, 2019

Welcome to Phishbook

from here

How abusive of users can Facebook get and still maintain it's dominance? At what point do we collectively say enough is enough? I mean demanding credentials for your email account will probably be blamed on some underling but it's completely on brand for Mr. "They trust me, dumb fucks" himself. This is the corporate equivalent of the abusive romantic partner who always says they'll change but they never do. 


found on I Can Has Cheezburger Animals

Tuesday, April 2, 2019

Wile E. Coyote would be proud

from here

Sanitizing your inputs is important, even (especially) when you're making a self-driving car.

Some things just don't follow the rules

found on I Can Has Cheezburger

Don't be too proud of the technological marvel you've constructed in your firewall rules. The ability to block a packet is insignificant next the power of the fire.