Thursday, December 31, 2020

Your secrets will be safe in here

from here and here (image source)

So apparently you can make a hotel out of an old bank (that must have been a heck of a bank!), and I suppose it makes sense that it's cheaper to find some way to re-use the vault than it would be to haul that thing out, so turning it into a meeting room is a pretty cool idea.

SQL Injection sticker

Product Page

This is one of the stickers nominated for a DEFCON Award. Check out the rest and see which one you like best.

Wednesday, December 30, 2020

Keep them out of our online sexy time

from here and here

The details of this spying are pretty laughable. Imagine doing something naughty after the government made you install a certificate that allows them to view your encrypted web traffic. You'd have to be pretty dumb to get caught, but it would suck not having the freedom to do what you want (or possibly need) to do. I suspect it does more to keep people in line than it does to actually catch people - not unlike the way obvious surveillance cameras deter some crime.

How not to deal with security vulnerabilities

found on Reddit

I'm not sure how hugs work to make people feel less insecure, but they definitely don't work on computers.

Tuesday, December 29, 2020

That doesn't seem very anonymous

from here

The concept of anonymous has gone through a lot of changes over the years. Back in the day there were anonymous remailers, which came about because it became obvious that you could track down the sender or more traditional messages. Then of course there was the Tor Project which was meant to facilitate anonymous browsing because otherwise your activity on a site could be tracked back to your ISP who would be more than willing to give you up. After that came the hacktivist group named Anonymous who presciently wore masks because they feared (and rightly so) being identified by authorities using (among other things) facial recognition. Face recognition is in the hands of everyone now, though, not just the authorities, so the idea of showing your face online and calling it anonymous because your name is withheld just doesn't work anymore.

If you don't like it then don't call

found on Funny Junk

This is an interesting idea for a scam phone call countermeasure. If you can be disturbing enough, they won't want to have anything to do with you. Maybe they'll even have to create their own do-not-call list to protect themselves and their colleagues from the mental images you conjure in them.

Monday, December 28, 2020

Plain-text shows the plain truth

from here and here

Scammers don't even bother to hide the truth when it comes to plain-text email. On the flip-side, however, they're often much better at generating the plain-text portion of their HTML emails than the businesses they're trying to impersonate.

On an unrelated note, I wonder if OK Scammer could catch on the way OK Boomer did. I know I want to direct that kind of derision at scammers - how about you?

There's no such thing as perfect camoufl...

found on eBaum's World

I don't know how anyone could find these in their natural habitat. I definitely wouldn't be able to. I can only imagine this works very well to protect them against threats.

Friday, December 18, 2020

Where would you like to crash today?

from here and here (image source)

Hard to imagine anyone thought this was a good idea. Personally I find it terrifying. I don't ever want to be in a car that's powered by Microsoft.

Dude, where's my tracks?

found on Izismile

Apparently tanks aren't very secure unless they have someone guarding them and making sure adversaries stay far away. Not exactly what you'd expect from a tank.

Thursday, December 17, 2020

Santa isn't messing around

from here and here (screengrab source)

Elf on the shelf may have been and advancement in Santa's surveillance capabilities, but this is an advancement in his enforcement. No more coal in your stocking, it's 'cuffs from now on.

Hacker Breaks Down 26 Hacking Scenes From Movies & TV


Watch on YouTube

Getting the guy who infected MySpace with an XSS worm that spread from one profile page to the next to rate the accuracy of fictional depictions of hacking in popular media was brilliant. Samy may not be my hero, but he's definitely the right guy for the job.

Wednesday, December 16, 2020

Security, not as easy as 1-2-3

from here

{YourCompanyName}1234 isn't going to cut it either. These are really easy to guess passwords, which is the opposite of what a good password should be. A company that makes network monitoring software should know better.

Bezos sees all

found on Reddit


As if regular murals that incorporate surveillance cameras weren't creepy enough, you had to go and use this guy's face. That being said, there aren't may people more fitting to be immortalized this way.

Tuesday, December 15, 2020

Someone found a cheat code anyway

from here

Imagine my confusion when it seemed like a beloved old game enjoyed a surge of attention all of a sudden, and then my disappointment when I found out it was just another compromised company. A company with a lot of important customers, but still, not the game.

RUN IDA sticker

Product Page

Rather than water bottles, I kind of expect to see this on the laptops of malware analysts.

Monday, December 14, 2020

Won't someone bring back the idiot box?

from here

An unpopular opinion, perhaps, but every "smart" device has a computer in it. Adding a computer to anything increases the attack surface of that thing, as well as adding a host of preventative care chores that simply will not get done by the vast majority of smart device owners.

And who knows, maybe this can become a catch phrase that helps steer us all in a better direction.

If James Bond were a lot older

found on Izismile

This looks like something you could have imagined seeing in one of the early Bond films, and yet by that point this would have been old news.

Friday, December 11, 2020

I wonder what they do for dental

from here

I suppose the hackers that stole the data could sell it and monetize it that way, but haven't the companies making these vaccines already committed to not gouging customers in this particular case? How much profit can be made by 3rd parties if 1st parties are already forgoing most of theirs?

An early biometric database

found on Acid Cow

Imagine how much bigger (and smaller) biometric databases are now that they're computerized. That many fingerprints could probably fit on an external harddisk you could fit in your pocket, but they probably still need a room that big to hold all the data they hve now.

Thursday, December 10, 2020

Florida Admin

from here

This is an object lesson in why you don't give everyone the same username and password, and why you don't post that username and password on the Internet where everyone can find it. It's difficult to know who accessed the system and it's impossible to control who will access the system. Furthermore it's difficult to claim arbitrary people weren't supposed to access the system and that those arbitrary people should know that. Why give out the password if people aren't supposed to use it?

As for the title, I figure Florida Admin is a bit like Florida Man (or Florida Woman) but with technical responsibilities.

How private is your personal information?


Watch on YouTube

Well that's creepy as fuck. You'd think those people would know something was up when they were offered something for free in exchange for doing something on Facebook. Granted the video is from 2016, but even in 2016 Facebook was notorious with respect to privacy, and "free" should always raise a red flag.

Wednesday, December 9, 2020

There's someone you should never tell your secrets to

from here and here (image source)

Sometimes it can be surprisingly easy to give the game away by saying too much.

In this case, however, the nuclear bunker was no longer really a secret, so the sign is just a little bit of false advertising.

Which one is the insider threat?

found on Huge LOL

Number 2 seems pretty suspect, if you ask me.

Tuesday, December 8, 2020

Don't worry, kids, there's still hope

from here

Kids, if you had the realization that remote classrooms would spell the end of snowdays, have no fear. There's still a way to for online classes to get canceled and snow plows can't open them back up.

Cryptography - In Math We Trust mug

Product Page

I trust the math, do you trust the math? Do you have a moment to talk about our lord and saviour "Math"? I dare say that math in general, and cryptography in particular, saves us from an awful lot of bad things.

Monday, December 7, 2020

You shall not pass

from here (image source)

You might be like the person who put up this sign and fence and think that the sidewalk there is for people to walk on, but in reality it's only purpose is to keep people off the grass. Take that away and people will be wearing paths in the sod in no time at all. If you don't want people going through the area then you're going to have to fence off more than just the sidewalk.

So much for getting the right tool for the job

found on Acid Cow

Just in case there's any confusion, this is not the right tool for the job. Fluffy will not be able to take down a perp unless that perp is Stuart Little.

Friday, December 4, 2020

Someone needs to go on a 'spiet'

from here

Would anyone actually accept a spy diet? Probably not. Any organization that spies only seems to care about more, more, more.

Threat Modeling: These guys get it

found on Izismile

Be smart. If Vladimir Putin offers you tea, politely decline. I'm sure it's perfectly safe most of the time, but who wants to find out the hard way that it was Putin's special tea?

Thursday, December 3, 2020

Some hackers just want to watch the election burn

from here

Y'know, it never occurred to me that you could hack an election with a pen and some paper. That is an impressive display of thinking outside the box. It seems the pen is mightier than the code (or at least it can be if you don't sanitize your inputs).

That being said, can you imagine the problems it would have caused if the SQL injection against a live election had worked? Holy cow, someone was playing a very risky game.

Adam Anderson: Cyber Crime Isn't About Computers, It's About Behavior


Watch on YouTube

One of the things I've always thought was important was to realize that the security problem has many dimensions that need to be addressed, and human behaviour is definitely an important one.

Wednesday, December 2, 2020

They take the security of your data, seriously

from here

It's difficult to believe an organization could be so lax, but they're actually being ordered by the court to hire a CISO six years after the breach. My dudes, what the actual fuck have you been doing for the past six years?

Imagine what they could do now

found on Izismile

Cameras have gotten a lot smaller since those days. They could be a lot more inconspicuous. Also, they can transmit wirelessly now so you could use any animal rather than one that you have to meet up with at a known location after the fact like a homing pigeon.

Tuesday, December 1, 2020

Why security measures often fail

from here and here (image source)

 Now if your security measures are such that the wrong paths have less resistance than the right paths, then that's something you need to improve.

Cybersecurity: We Do Precision Guesswork mug

Product Page

Hopefully your bosses and colleagues have a sense of humour when you show up to the office with this mug. 

Monday, November 30, 2020

What's the genetic equivalent of a credit monitoring service?

from here and here (image source)

Genealogy sites have already suffered data breaches in the past, and more are sure to be coming in the future. Any data that gets collected will eventually be breached.

Keeping out unauthorized pests

foudn on Acid Cow

It's not like a human bouncer can easily get rid of a mouse. We're not as well matched to that particular threat model as Elwood here.

Friday, November 27, 2020

When you don't want people to know how many helpings you've had

from here and here (image source)

There should be no shame in going back for 2nds or 3rds or 4ths or ... Well, maybe you're exceeding the limits of other peoples' hospitality, but no matter - how much you eat is nobody's business but your own. Protect your dietary privacy and sneak some extra helpings.

That escalated quickly

found on Reddit

Is it an error? Is it for real? Do I want to find out the hard way? Nope. Consider me deterred.

Thursday, November 26, 2020

Maybe if they weaken each other we'll stand a chance

from here and here

I would love to see Apple strike a blow for privacy but I also admit that they are anti-competitive. If they harm the online ad ecosystem I won't shed a tear. Likewise if Facebook helps get Apple taken down a peg and weaken their stranglehold on their app store, I won't shed a tear then either. 

Rapper Who Is Very Concerned With Password Security


Watch on YouTube

This poor guy is learning a lot of valuable lessons the hard way in a very short period of time.

Wednesday, November 25, 2020

Skid marks in 3...2...1...

from here and here (image source)

Locked doors can't protect you from everything. They stop the big threats, but little threats can find ways around, and the smaller they are the more options they have. 

How to make face recognition "work" with masks

found on Ebaum's World

I like to think this might actually fool facial recognition systems. Not to the extent that they'll think you're the Tiger King or anything, but at least enough to think they see a face, and if it's not your real face then all the better. 

Tuesday, November 24, 2020

Leading a life of grime

from here

I think it's safe to say that virtually no one saw spy vacs coming, at least not that way. Your threat model might have included the vacuum having a vulnerability that let people break into your phone or your network or something, but a device with no microphone listening into ambient sounds is definitely thinking outside the box.

It's also a pretty useless threat model to a certain segment of the population, but maybe nobody wants to hear what those folks are saying anyways.

Thanks to Graham Cluley for bringing attention to this new wrinkle in the threat landscape.

Rainbow Table sticker

Product Page

 This, I think, is a good conversation starter. It's striking, and colourful, but what is it? It's a rainbow table, a staple of old-school password cracking. When someone asks what that weird symbol on your flask or laptop or whatever is, you can tell them about password cracking.

Monday, November 23, 2020

The muscles are just really tense back there

from here and here (image source)

There's no way he's going to walk out of the store like that. Someone is going to notice the merchandise he's hidden under his hoodie. It's just too obvious.

The Superman technique actually works

found on Imgur

That is quite a stark difference. Clearly she has a super power, and that power is disguise. 

Friday, November 20, 2020

It's obviously not the year of the password manager

from here

You'd think with all the extra free time people had this year they'd have finally worked out how to use a password manager to keep track of their passwords so they wouldn't need to use ridiculous ones like "123456" and "password" anymore. 

How NOT to foil surveillance

found on Reddit

Actually, if you read deeply enough into this it might be a good way to avoid surveillance - specifically talking someone else into doing the crime for you so that they get picked up on camera instead of you. If you just walk your own naked underage self into a video monitored business and rob the place, however, it's not going to work the way this describes. 

Thursday, November 19, 2020

Unconventional camouflage

from here and here (image source)

This probably won't be effective unless it's at a considerable distance, because the quality is kind of low, and if you ever do drive it anywhere you're going to give away the game. Honestly, you might be better off with a camouflaged tarp that you can remove when you need to move the vehicle.

(Criminal) Hacker's Paradise: A Security Awareness Parody Music Video


Watch on YouTube

While VPN's may not be as important on today's encrypted world wide web, there's still plenty of good lessons to learn from this song.

Wednesday, November 18, 2020

It's Brobdingnagian

from here and here (image source)

I feel confident that that gate will keep people out (or in) pretty effectively. How would you open it?

Some places just give you mints

found on Acid Cow

I've never encountered a freebie quite like this unlocked ATM, but now that I know it's a possibility I'll keep my eyes open. 

Tuesday, November 17, 2020

Sit. Stay. Play Dead. Good Car

from here (image source)

That seems like a really good way to prevent the theft of your bumper, but it's not going to stop anyone from driving away in your car.