Monday, September 30, 2019

Package visibility

from here (image source)

Would you trade what little privacy you have left in the world for the chance to deny a delivery driver the ability to claim you weren't home?

Everything can benefit from a little extra protection

found on Sneak Hype

Because an elephant charging at you isn't enough of a brown-trouser moment, some enterprising individual gave them armour.

Friday, September 27, 2019

Technically not wrong

from here and here

If only we could stop changing that default.

How private is YOUR online shopping?

found on Dump A Day

There's only so much the private browsing mode can do to protect your online activities. You can't protect your privacy just by setting and forgetting some flag somewhere. Sometimes a bit of forethought is required.

And don't think just because you aren't buying something like this you don't have to worry - simply getting a large TV-shaped Amazon package can give would-be robbers an idea of what they might find if they break into your home.

Thursday, September 26, 2019

Bro, do you even know why you locked it?

from here (image source)

I'm not even sure that's a cable lock in the picture. It doesn't seem to lock like most cable locks I've seen.

I suppose on the up-side, that inanimate object won't be able to wander away like a horse or something.

Floppy lock (in 2019?)

Product Page

I went searching for an image of a floppy drive lock because, although I have one (in it's original packaging), I'm too lazy to take a picture of it. Imagine my surprise when the best example photo I could find was actually from an online store where you can still buy them at a time when most computers don't even have floppy drives anymore.

Wednesday, September 25, 2019

Your ass is your password

from here (image source)

When we think of biometrics we often think about fingerprint or facial recognition, but those are just the tip of the iceberg.

And yes, someone really did develop bum recognition for use as a car anti-theft operator authentication system.

It wasn't me!

found on Reddit

Even though they've got photo evidence, it seems like they've still misattributed the fish theft. They're similar, but they don't quite look the same.

Tuesday, September 24, 2019

A bag isn't big enough for this much scum

from here (image source)

Hard to believe all the shit AT&T is trying to pull. Harder still to believe they've managed to get away with it for so long. Hopefully that's coming to an end.

How to make a knife out of jello

Watch on YouTube

Anything can be a weapon if you use it right, and a super sharp knife made out of jello is an amazing demonstration of that fact.

Monday, September 23, 2019

Unwanted audience

from here and here (image source)

I don't think I could go under those conditions. It's almost like they think you're doing something to their water bowl.

This is exactly the reason I never let the cat in the bathroom with me and why I wait outside the bathroom until the cat is done.

High Security Banking

found on Reddit

I don't think you'll need to worry about anyone shoulder surfing to get your banking PIN with this ATM. You might want to bring a ladder, though.

Friday, September 20, 2019

Phishing like the Dickens

from here (image source)

Despite what some seem to think, knowledge does in fact have value, even monetary value it turns out.

I Used To Smile And Then I Studied Cyber Security mug

Product Page

I wish this was on more things because it's a great design, but the site is called Mugdom so I think mugs are all we're gonna get from them.

That face (despite looking a little bit like Grumpy Cat) perfectly captures essence of so many jaded security pros.

Thursday, September 19, 2019

Scammer identity crisis

from here

It's almost like they aren't even trying.

Deterrent Win

found on Death To Boredom

This warning sign certainly presents a colourful mental image. I think what I like about it is that it doesn't reveal what the actual threat is so you can't rationalize or minimize it. It plays on your imagination and that strategy works really well in scary movies so I think it can work here as well.

The only problem is that it won't keep out people who are too dumb or too lazy to read the rather long sign.

Wednesday, September 18, 2019

Who's leaking your data?

from here (image source one and two)

I'm very surprised at the kind of information these app vendors are sending to Facebook (and others).

It's starting to seem like you can't trust the trackers.

If you use a menstruation tracking app it would probably be a good idea to check and find out where your data is going.

I only want American corporations spying on me

found on Meme Base

I'm sure China does get data like that. Just like the American government gets similar data when you use an iPhone.

I wonder, though. When it comes to this kind of data, are you more concerned about China knowing it or someone closer to home?

Tuesday, September 17, 2019

I guess somebody passed the test

from here (image source)

I think if anyone was going to fare well in a physical pen-test, you kind of expect it to be The Law.

I have to wonder if actual burglars have ever tried that excuse when caught. I don't expect it to work against law enforcement, but if they're just caught by some Joe Schmoe then some social engineering could get them out of a sticky situation.

Becky Stern: Compubody Sock Origin Story

Watch on YouTube

I'm sure the image of the "laptop privacy sweater" was one of the more famous privacy-related memes that circulated the Internet back in the day. I may have even posted it here at some point (if only I could find that post). Well, now you can find out how that object came into being - and how practical it is or perhaps isn't.

Monday, September 16, 2019

For when proof is needed

from here (image source)

The hats are merchandise you can buy and wear, and although they're not technically security related I can't help but wonder how many digital forensics investigators are out there wearing hats like this already because their taste in terrible visual puns is as bad as mine.

Look who's keeping secrets now

found on Imgur

Not gonna lie, I am impressed to see this kind of awareness from a cat, even if the effort was ultimately futile. This is the kind of thinking I'd expect from a human child, not a house pet.

Friday, September 13, 2019

The cat and mouse game of cybersecurity

from here and here

"I'm in!" or some derivation thereof is a pretty stereotypical portrayal of a hacker succeeding in getting access to something, as is the wide-eyed face illuminated by a computer monitor.

I like to imagine this little kitty is accessing the local vet's computer system, making sure their next visit is delayed as long as possible.

Please preserve the illusion of privacy

found on Meme Base

As poor as the visual privacy is in a public washroom, the aural privacy is even worse.

Thursday, September 12, 2019

Quick, while the authorities are still watching

from here

Maybe this guy didn't understand the meaning of the word "supervised", but most criminals have enough sense to keep their noses clean while "the man" is watching.

Stop looking at me, I need privacy - shirts

Product Page
Product Page

These seem like great shirts to wear when you want to remind people to mind their own business.

And you know what? People could stand to be reminded of that from time to time, so kudos to the person who designed these.

Wednesday, September 11, 2019

Show me all matches at Cambridge

from here (image source)

Facebook Dating has reached the US and the cynic in me suspects that Facebook's past privacy violations (I'm not going to entertain the notion that they're simply "gaffs") will have little impact on the success of the venture.

Dad's password advice

found on Fail Blog

You know why they're called Dad Jokes? It's because you're being pun-ished.

Tuesday, September 10, 2019

Pre-owned is a little too close to pwned

from here (image source)

If you ever wondered what happens to IoT devices that get returned, now you know. They get resold apparently without getting reset (and probably without being checked for any software tampering).

Kind of makes you wonder how criminals might be able to make use of this as a way to get into other people's networks or even just to collect data from their networks that could be useful for other crimes.

Shielded and unshielded padlocks

Watch on YouTube

Today I learned, well, this. I'd never heard bypassing padlocks before, but now I know and so do you.

Monday, September 9, 2019

They don't call them duh-fault passwords for nothing

from here (source article, image)

Device manufacturers really aren't doing enough to educate the public on how to use their products securely, but in this case it seems like the manufacturers themselves don't understand security. Why even have a password at all if you're going to leave things this wide open?

Tweeting from behind the curtain

found on Imgur

Every time I see someone playing hide and seek, they're terrible at hiding. They're either behind a curtain with their feet sticking out the bottom, or they've stuck their head (and only their head) under a couch cushion, or something equally inane.

I like to think the Burlington Police had the same experience with Chris.

Friday, September 6, 2019

I think I see the problem

from here
Literally, if the government had simply watched with their eyes instead of their interrogation techniques, no one would have had any idea they were on a list much less sued about it and gotten it declared unconstitutional.

Definitely not a private washroom

found on

The lack of privacy is why you don't put men and women in the same washroom. Unisex is fine so long as it's one person at a time, and frankly the one-at-a-time washrooms are better because they have superior privacy.

Thursday, September 5, 2019

Will schools learn their lesson?

from here

Of all the organizations that could benefit from learning this lesson, a center for learning is one we might even expect to be capable of learning this lesson. Learning is kind of their reason for being, after all.

So hopefully, now that a bunch of schools have been hit by ransomware and it's become clear that they're desirable targets, maybe other schools will do the necessary thing and take care of their systems before someone takes them out.

Kids follow boat thieves with drone

Watch on YouTube

Technology can certainly be empowering, and this is a prime example and it shows that ordinary people (kids even) now have the power to do something that previously you would have only heard of the police doing - that is take off in pursuit of a criminal from the air. They didn't need a helicopter or a licensed pilot or any of the other resources associated with police choppers, they just needed a high-tech toy.

Wednesday, September 4, 2019

But hopefully not for much longer

from here

Imagine an online scam involving 80 people. It's huge!

Someone got a private showing

found on The Meta Picture

I suppose it's possible that what was going on here was open to the public, but I suspect it was not. I just wonder if this was before or after the public came through.

Tuesday, September 3, 2019

And I'd be concerned about the ones that are

from here (source article)

This kind of location data seems like a stalker gold-mine. You might be inclined to think that things are different for gay male hook-up culture, but gosh it seems to me that group has people after them too.

RFID rings

Product Page

RFID implants can open doors and unlock devices, and unlike a key card they don't need to be carried around, can't get lost or forgotten, and are generally just more convenient.

Some people are OK with getting chipped like livestock, or a pet, or inventory in a warehouse). Others might balk at the idea, since it's traditionally used for things that don't have agency or autonomy - and if it's associated with your job then having a symbol of your employer invading your body may be troubling. There's also the matter of it's relative permanence not being able to reflect your changing wishes (not unlike the problems with recording sexual consent on the blockchain).

Well, it just so happens there's a way to get similar convenience in a more socially acceptable package. There are many different varieties and styles from many different manufacturers (the above is just an example from the folks at Adafruit), and they are far more removable than anything embedded inside your body.

Monday, September 2, 2019

Best practice meets worst practice

from here

For all the good XKCD did in teaching people to use passphrases, they went and cancelled it out by using MD5 to hash them with. MD5 has been deprecated for over 20 years, and it was never good for passwords.

Thanks to Have I Been Pwned for raising awareness of both the breach and the bad practice.

Come and get it, porch pirates

found on I Can Has Cheezburger Animals

Anyone who's shitty enough to steal other people's packages deserves to get shit.