Friday, October 30, 2020

Will it be a trick or a treat?

found on Huge LOL

This is why it's best to avoid sketchy sites. It's the easiest way to avoid getting bitten.

Thursday, October 29, 2020

A backdoor for one is a backdoor for all

from here

Y'know what's better than telling the government what will happen to the backdoors they're asking for? Reminding them of what's already happened to the ones they had

Edward Snowden on Passwords: Last Week Tonight with John Oliver


Watch on YouTube

OR... you could use a password manager to generate, store, and even enter strong unique passwords.

And for the handful of cases where a password manager can't help, you can write them down and stick them in your wallet. 

But a good passphrase certainly beats whatever 5 character pass-abomination John Oliver was alluding to at the beginning.

Wednesday, October 28, 2020

Don't bring a toothbrush to a missile fight

from here and here (image source)

I suppose it's possible that if you throw one of these at someone it might be classified a missile, but I like to think the more probable explanation for Trump's repeated mistake is that he takes his toothbrush into the bath with him for naval play-time.
 

Now to FOIA my own password

found on Izismile

Y'know, maybe it's not the FBI's job after all. Maybe the Secret Service is the one that has the service for recovering secrets.

Tuesday, October 27, 2020

So much for having the best people

from here

 I kinda think someone needs to keep a closer eye on the tweeter-in-chief's cyber-security issues. If someone is trying to report something, that shouldn't fall on deaf ears for an entire presidential term.

Keep Calm Because You Can't Scare The Chief Information Security Officer shirt

Product Page

 
Product Page

Now, I'm not sure if this is supposed to mean scaring the CISO is impossible or if it's supposed to mean you must never ever do it. I kinda think it's the latter because I can't imaging a CISO I couldn't scare.

Monday, October 26, 2020

The hidden costs of innovation

from here

 It's been decades and people still haven't realized the error of allowing web content in the body of the email. Companies are still paying the price, including Apple playing a ton of money for vulnerabilities including at least some that would allow an email worm to spread and did allow researchers to compromise Apple's network.

With innovation there invariably comes new opportunities for exploitation, and while sometimes it may be difficult to see it coming, in this case it was entirely predictable.

Be afraid Internet giants. Be very afraid

found on Imgflip

Collecting and storing huge amounts of data is a big liability for companies. Many have managed to escape most of the consequences so far, but that's not going to last forever. Some are going to learn the hard way, others may learn the lessons of their peers if they're smart enough.
 

Friday, October 23, 2020

Pray there's still money in there

from here and here (image source)

 I don't suppose a short ATM is any less secure than a normal one, though I guess being short isn't exactly great in the context of providing funds either.

Don't want no short, short creds

found on Phun.org

The current best practices for user credentials may not value password complexity as highly as they used to, but password size definitely still matters.

Thursday, October 22, 2020

How does it feel when the shoe is on the other foot?

from here and here (image source)

I absolutely love the idea of turning the tools of an oppressive state against that state. Using face recognition to identify authorities who think they can act with impunity because you don't know who they are is the next step in police accountability. 
 

What Is The World's Most Useless Internet of Things Device?


Watch on YouTube

Every one of those devices exists or is at least being worked on, and because they all contain a computer and are connected to the Internet, they are all vulnerable to hacking and require additional security work by consumers to maintain their safety/security. Would you want to take extra steps to secure your underwear? Your dental floss? Your condoms?

No one wants to take extra steps to use any of those things, and so they won't and the result is that the Internet of Things will make their lives more vulnerable. More convenient, perhaps, but definitely more vulnerable.

Wednesday, October 21, 2020

It's definitely not going anywhere

from here and here (image source)

Sometimes you have to think outside the box. Instead of trying to prevent something, figure out an alternative where the thing you were trying to prevent is simply not possible to do in the first place.

Of course it's also a good idea to keep alternative threat models in mind too. No one will be riding off with this, but they could certainly carry it away, and that lock looks like you could just slip it over the top of the seat.

It looks like a shitty anti-theft measure

found on Izismile

I'm not sure why a bike thief couldn't just wipe off the seat before they rode off with your bike, but oh well, apparently it seems to work.
 

Tuesday, October 20, 2020

Look who's a nobody now

from here and here

For someone who was himself hacked, Trump sure has a strange sense of what's possible. Or maybe he thinks it takes a genius to outsmart his stable genius password scheme.

Or maybe the dementia is catching up with him.


Night Of The Living Botnets shirt

Product Page

Zombies are zombies. They're either eating your brain or your bandwidth.

I really like that both male and female models are in the same image. I hope more online shops start doing that.

Monday, October 19, 2020

A loo with a view

from here and here (image source)

I'm not even convinced that much is private. I see 2 sets of beach chairs. I think the only thing private about it is that there's no one there at the moment the picture was taken, but who knows when someone will be back.

If you can read this it's already too late for you

found on Dump A Day

There are a number of ways to boost the deterrence capability of a warning sign. This one adds uncertainty about whether it might already be too late to turn back, prompting people to make a quicker, less thought out decision to leave.
 

Friday, October 16, 2020

You're gonna need a hand when the crooks breach that database

from here and here

I really don't think it's a matter of if crooks breach that database, but when. If you build a valuable database they will come, and nothing withstands attackers forever.

Not so fast, Grandma

found on Funny Junk

Protecting Grandma from scammers is a tough problem. There's so much of the day when most people are at school or at work, so it becomes important for Grandma (or anyone, really) to learn to be skeptical of common online scams so that they can protect themselves when there's no one else around to save them. 

Thursday, October 15, 2020

Security through recursion

from here and here (image source)

While this provides absolutely no additional protection against bolt cutters or lock picking, there is one threat model where this actually does offer added protection. Specifically, when you share ownership of something with someone you no longer trust, apparently this is the kind of thing you use to protect it.  

Kitboga : Scammer Lost His Mind After Failed SYSKEY


Watch on YouTube

I have no words, just the nonsense mouth noises of a petulant child. I can't imagine the kind of patience it takes to tie up a team of scammers for 90 minutes, but I feel like the last one on the line could have gone longer if properly goaded - maybe by playing the mimic game with him.

Wednesday, October 14, 2020

I didn't mean it, it was a typo

from here

Sure the search keyword was an address this time, but what if next time it has to do with something embarrassing that only your search engine knows about you?
 

Just tell the authorities it's to block COVID19

found on Izismile

This is the perfect time to develop and test biometric surveillance busting tech, and to make it become mainstream. You might want to do something about creating a fabric-based seal around the bottom, though.

Though I couldn't find that image anywhere else, I did happen to stumble across a story that appears to be about the same technology.

Tuesday, October 13, 2020

Can't quite put my finger on what went wrong

from here and here (image source one and two)

I considered the possibility that hackers uploading their fingerprints to a crime scene might be a technologically impaired hacker, but honestly I think there must be a fair bit of skill in that. It's just a really dumb thing to do.

EICAR Test QR Code Face Mask

Product Page

If you ever wanted to test your anti-virus software on your face, now you can. 

Monday, October 12, 2020

You aren't still storing passwords in your brain, are you?

from here and here (image source)

The old advice about passwords being easy to remember and hard to guess isn't very good on it's own, but it did spread far and wide. If you ask people what makes a good password there's a good chance they'll respond with some variation on easy to remember and hard to guess. 

The good news is that it doesn't take much tweaking to upgrade it to modern requirements. If the computer is doing the remembering for you then that's going to be some sort of password manager, and once you have that in place you can basically get uniqueness and strength for free. Moreover, taking advantage of something that's already in people's heads is easier than getting something entirely new in there.

 

How to turn laziness into a virtue

found on Huge LOL

This admission of laziness makes for a reasonably good deterrent, but I think some red smeared hand prints or high velocity spatter might sell it even more.

Friday, October 9, 2020

Maybe they were hidden under some couch cushions

from here and here (image source)

I'm not entirely sure how your record keeping can be so bad that you miss 30,000 records. 30,000 since 2009 is multiple uses per day, every day, for over a decade. There's no way you can 'honest mistake' your way from 30,000 to 0.

Tiny thief caught on camera

found on Acid Cow

That expression kind of chilling. I get the feeling the kid knew exactly what they were doing. This doesn't seem like play time gone awry. Better keep an eye on that one.

Thursday, October 8, 2020

Don't bring a shuriken to a car-fight

from here and here (image source)


 If someone is coming at you with their car, a tiny bit of metal thrown from your hand isn't going to do much. In a battle of car vs. ninja throwing stars, the car wins.

Conan Becomes A Security Guard


Watch on YouTube

So do you think he brought an appropriate amount of gravitas the the position? I gather he's quite tall in person, so I'm sure he could intimidate suspects if the need arose, just as long as he didn't move or speak or do anything else that might display his normal personality.

Wednesday, October 7, 2020

How to make your vulnerable bits more vulnerable

from here and here

Look, I'm not saying you shouldn't stick your penis in an Internet appliance, I'm just saying that choosing a "smart" version of anything will always include risks that the dumb version doesn't have. If you want to take those risks with your genitals then so be it, just as long as you understand what those risks are.

Because unsuspecting victims aren't looking for "Free Hugs" during a pandemic

found on Memedroid

The bad guys are always adapting so we have to keep on our toes too.

Tuesday, October 6, 2020

I love being thanked for placing zero orders

from here

I'm sure the invoice is a real page-turner too.

I can only assume the 1337-speak slipped into it because some kid is behind this obvious spam/scam; in which case congrats on being slightly smarter than a spam filter, kiddo.

It's Not Malware, It's Alternative Software phone case

Product Page

This is an interesting design that you can find on shirts and mugs and laptop sleeves and all sorts of other things. The thing is, something about it looked familiar to me, and not just because it was an obvious riff on the "alternative facts" nonsense the Trump administration was known for in it's early days. While it's possible it could be a coincidence, I prefer to think the artist is a fan.

Monday, October 5, 2020

Now Silicon Valley is disrupting palm readers

from here and here (image and article source)

I'm not sure we're ready for biometric payment systems yet. I hope the are appropriate protections for consumers, but I'm not sure what kind of protection would be possible against the obvious nightmare scenario.

What a thoughtful deterrent

found on Izismile

I guess "trespassers will be prosecuted" didn't really convey an accurate threat model to the thieves.

Friday, October 2, 2020

This isn't even it's final form

from here

It's bad enough when individual neighbors have surveillance gear pointed every which way, it's so much worse when they're all linked together without anyone's consent.

You're gonna need a bigger fence

found in Imgur

When people don't care about security, they're bound to do a half-assed job of preventing unwanted outcomes.

Thursday, October 1, 2020

Security has evolved since then

from here and here

It's not really extinct, of course,  and neither are the dinosaurs (they're birds now).

Never underestimate your adversary


Watch on YouTube

We usually don't consider cows to be clever, thinking creatures. It probably makes it easier for us to eat them if we don't. But it turns out they are smarter than you might expect, so if you have cows you better be prepared for that.

Wednesday, September 30, 2020

Hazards of camouflage

from here (image source)

While not being seen has some obvious advantages if you're up to something people would disapprove of, it can also backfire if you're not careful. For example, how could the Invisible Man cross the street without getting run over?

As for the example above, it turns out that outfit was knitted, and it's part of a collection of knitted camouflage.

It seed too much

found on Reddit

On the one hand it's refreshing to see people concerned about their privacy, but on the other hand it's disheartening to see such profound lapses in critical thinking leading people to worry about all the wrong things.

Tuesday, September 29, 2020

They'd have gotten away with it too, if it weren't for that meddling kid

from here

I'd love to hear more about the pint-sized prodigy who found threats that adults had missed but I understand why that kind of information shouldn't be made public.

Gone Phishing tote bag

Product Page

I thought this was a clever design. I imagine people asking questions about it, and those questions could be learning opportunities.

Monday, September 28, 2020

It would be smarter to avoid this situation entirely

from here and here (image and article source)

Thankfully this is just a proof of concept (for now), but it provides a visceral demonstration of the problems in adopting IoT technology. Thankfully I'm not a coffee drinker, but I imagine there are a lot of people out there who would get chills at the thought of this scenario.

No, Mr. Bond, I expect privacy to die

found on Funny Junk

I'm not familiar enough with this game to know if the image has been altered, but the resemblance certainly is amazing. Uncanny, even.

Friday, September 25, 2020

Letting Amazon record your comings and goings

from here and here (image source one, two, and three)

Letting a Ring camera fly around inside your home is pretty invasive, much more so than just having a camera at your front door, and it makes one wonder what's next?

(I know the last image isn't actually of a butt plug with a camera in it, but it certainly looks like it could be that)

When they say they're keeping you for observation

found on Acid Cow

I certainly hope this wasn't billed as a private room, because it seems like anything butt.

Thursday, September 24, 2020

What could possibly go wrong?

from here and here

I imagine Alexei Navalny would advise against accepting vaccines from these particular strangers.

Never mind the fact that "free" is often used to lure in unsuspecting victims for all sorts of scams and  the fact that a vaccine for something no one else has a vaccine for yet meets the criteria for too good to be true. This is a nation that has a reputation for poisoning people.

Rachel Ray Show: Self-Defense Lessons with a Former CIA Agent


Watch on YouTube

The flashlight idea is probably pretty obvious, but the other 2 techniques are definitely getting filed away in my memory for future reference.

Wednesday, September 23, 2020

Just wait 'til TLS falls out a window

from here and here

OK, maybe it's not the absolute best, but it's certainly way up there. If Russia doesn't want it, we'll take it

Password policy will get new claws

found on Piximus

Sometimes I too am filled with a mixture of confusion and anger at password policies - even when I'm the one who wrote the system's code.