Monday, February 24, 2020

I guess it's not Barbie's anymore

from here and here (image source)

I don't think security factored into any of those Barbie playsets, so perhaps it shouldn't come as a surprise that someone is driving off with someone else's very Barbie-esque scooter in their trunk.

Blending in like a boss

found on Imgur

I mean, if you're trying to blend into the background and you're in space, you kinda need to look like space. It's certainly better than some of the camo I've seen.

Friday, February 21, 2020

Gonna get burned by IoT (in)security

from here (image source)

Remotely ignitable candles are sure to be a big hit with arsonists and insurance fraudsters, but they just seems to dangerous to allow into one's own home.

Shhhhh....

found on Imgflip

If you're going to arm school staff (questionable as that may seem), surely the school library needs protection too.

Thursday, February 20, 2020

Prepare for trouble and make it double

from here and here

I wonder how the people who make Pokemon feel about ransomware named EKANS. I imagine they're as happy as the folks at Hormel were when spam was used as the name for unwanted email - in other words NOT AT ALL happy.

How To Make a Private Computer Screen


Watch on YouTube

In case the laptop privacy sweater is a little too uncomfortable for you when protecting your computing privacy in public, here's another (somewhat destructive) option. I think this is a pretty cool idea so long it doesn't become mainstream - then everyone will have the polarizing glasses and your privacy is gone again. It might also raise some awkward questions when you're going through airport security and they order you to power on your laptop to prove it works.

Wednesday, February 19, 2020

Freedom of speaking other people's secrets

from here

It takes a special sort of ISP to argue they have the constitutional right to market and sell other people's data without their explicit, informed consent.

Remembering is not the way

found on Imgur

No one can remember strong unique passwords (or passphrases) for every site they use. Use a password manager. It's an elegant tool for a more civilized age.

Tuesday, February 18, 2020

No signal, no go

from here

Thanks to Kari Paul for sharing her experience with an Internet-Of-Shit-mobile. Apparently this isn't the only time this has happened. Thankfully these weren't cases where a person was in imminent danger, but those circumstances do exist and it would be horrifying if this vulnerability were exploited to make matters worse.

Faraday Sleeves For Phones

Product Page

Now, I have it on good authority that a proper Faraday cage needs to be grounded for optimal performance, and a sleeve like this obviously isn't grounded, but that doesn't mean that it won't block signals to/from your phone well enough to increase your privacy. It depends on a variety of things so your mileage may vary, but it's certainly an interesting option to keep in mind if you're trying to find a balance between the convenience of having a cell phone and the privacy of not being tracked or listened to surreptitiously.

Monday, February 17, 2020

What could possibly go wrong?

from here (image source)

People are notoriously bad at judging how risky something is, but some people take things even further. Don't follow that link, don't open that attachment, don't put your head there.

How not to make friends down at the station

found on Izismile

It amazes me that people not only think it's a good idea to do things that are illegal but to also do so while wearing a target on their back.

Friday, February 14, 2020

You want my log-in?

from here

Happy Valentines Day and don't give out your password.

Threat modeling fail

found on Reddit

Apple seems to have had thieves in mind when they designed this security feature, but not babies. I wonder which one is more common.

Thursday, February 13, 2020

Throwback Thursday for scammers

from here

Some attackers are highly creative geniuses. And then there's the other guys. Reusing a scam from years ago is not exactly an original thought, and I can't help but wonder what took them so long? Even unoriginal scammers could have simply jumped on the bandwagon back when this was new.

Anonymous Hackers: Mr.Peter's Cyber Bullies


Watch on YouTube

This is a parody (I hope) of the kind of videos released by Anonymous. I think Mr. Peter could be a good hacker, though. He could specialize in cross-eyed scripting.

Wednesday, February 12, 2020

Who wants a refund?

from here and here

It's one thing to spy on allies and adversaries alike, but it's something else entirely to turn a profit while doing so.

Are you feline lucky, punk?

found on Funny Junk

That is one angry looking cat. I think I'll steer well clear of that one.

Tuesday, February 11, 2020

Who needs the news when you can read privacy policies?

from here

577 companies is a ludicrous number of companies to share data with, and basically impossible for end users to manage. It's basically DDoSing their ability to formulate informed consent. Did the framers of the GDPR consider their goals could be subverted through brute force?

Camera Lens Mug

Product Page

Want to smuggle a beverage into a venue? Apparently all you have to do is pretend to be a photographer and get one of these. I wonder if you could also use it to smuggle liquid onto a plane?

Monday, February 10, 2020

Stop giving mixed messages

from here

One or the other, not both. Either hiding things is OK or we shouldn't hide anything.

Beware Of Chuck's Dog

found on I Can Has Cheezburger Animals

Hey, if cats can chase bears, why not wiener dogs chasing rhinos? Clearly some big animals have difficulty gauging the threats they're facing. Not unlike some people, but at least the animals err on the side of caution.

Friday, February 7, 2020

Your face palm is your password

from here and here (image source)

Let's see tech start-ups scrape that into their biometric databases.

How can you hate the colonel?

found on Funny Junk

Being drugged by a restaurant owner probably isn't part of your threat model, and the argument could be made that it shouldn't be. No matter what your threat model is there will always be something that isn't covered. You can't account for every crazy stunt someone somewhere pulls.

Thursday, February 6, 2020

Stay healthy, stay private

from here and here (image source)

It appears that there's a tiny bit of silver lining being discovered as a result of mandated face masks in China. That's something to learn from for sure.

All My Passwords Are Protected By Amnesia button

Product Page

I laughed out loud when I saw this. It's very clever and speaks well to the need to use assistive technologies like password managers.

Wednesday, February 5, 2020

Probably not cruelty-free

from here and here (image source)

I like to imagine this would have worked against the guys in Home Alone, but maybe not so much against real burglars.

No glove, no gate love

found on Memedroid

It must be those latex gloves that make it OK to touch people like that. It makes screeners part doctor (and the uniform makes them part cop)

Tuesday, February 4, 2020

I think I see some holes in his plan

from here and here (image source)

I understand why people might want to cosplay as Bubble Boy, but there are holes for your hands to go through and the zipper isn't completely shut, and even if it was, it's not designed to keep out microscopic pathogens. Still, a little protection may be better than no protection at all (at least as long as you realize the limitations and aren't lulled into a false sense of security). Maybe this will reduce his chances of coming down with something.

Never underestimate your adversary


Watch on YouTube

From time to time I think we all need a little reminder that our adversaries (even the 4 legged variety) may be smarter or more talented (or stronger) than we give them credit for. Underestimate them and you can expect an unwelcome surprise

Monday, February 3, 2020

Fourth time's the charm

from here (image source)

Locking your car like you would your gate doesn't seem like it would be very effective, and it looks like the holes bear that out.

Just because it's out in the open doesn't mean it's going to be easy

found on Know Your Meme

First off, you definitely want to change the WiFi password from the default, and while it certainly is convenient to have it attached to the router, there are still ways you could make it difficult for someone to read it without your help. Of course, for some people, their own handwriting is security enough.

Friday, January 31, 2020

So much for 'easy money'

from here and here

I have never heard of victims getting their bitcoins back, but apparently it may be a possibility in this one particular case and frankly my mind is blown. If this becomes widespread then using bitcoin for criminal purposes is going to get harder. And that's a good thing.

Who wood do such a thing?

found on Reddit

Based on the comments it was probably a case of an item being previously purchased and then returned with something other than the original item in the box and then that got resold to this unfortunate soul. Keep that possibility in mind when you buy things online.

Thursday, January 30, 2020

But bypassWordList might contain hard-coded credentials

from here

I care about application security as much as the next developer (maybe more) but this particular heuristic (and the false alarms it generates) drives me nuts.

OpSec Matter phone case

Product Page

Not only is this a cool case for promoting OpSec, but also for introducing me to KYFMS (Keep Your F%#@ing Mouth Shut). You learn something new every day.

Wednesday, January 29, 2020

Hopefully that's the threat model

from here (image source)

Never in a million years would I have expected to see someone stopped by a solitary gate.

Something doesn't add up

found on Dog House Diaries

Now I wonder what would happen if you had the 3 little containers full of liquid and 1 big container that was empty. Do you think they'd clue in then?

Tuesday, January 28, 2020

Scourge of your online privacy

from here and here

Before it was just a browser plug-in collecting the data, but now apparently it's the anti-virus itself doing the dirty deed. I wonder if this is enough to classify Avast as a rogue security product.

Unfortunately this just reinforces the notion that if you aren't paying for the product then you are the product.

Breaking Into a Smart Home With A Laser - Smarter Every Day


Watch on YouTube

This demonstration is great for a couple of reasons. It demonstrates a complex security vulnerability in a way that ordinary people can connect with, but it's also careful not to hype up the threat and gives some solid recommendations on countermeasures.

Monday, January 27, 2020

They're for more than just data

from here (image source)

It's good to have a backup for anything important, just in case something goes wrong.

The secret to surviving office life

found on The Art Of Trolling

It goes without saying that you shouldn't tell anyone. It's a secret for a reason. Someone could definitely get in trouble for that. I don't think they're doing anything wrong, but they definitely have something to hide.

Friday, January 24, 2020

Thanks, I hate it Microsoft

from here and here

I wonder how many people signed off on this plan without realizing they were turning an Office update into malware.

This is the way

found on Meme Base

It's as if millions of dating site bots cried out in terror and were suddenly silenced.

Thursday, January 23, 2020

Nathan Sees All

from here and here (image source)

Actually I'm not sure how much this person actually sees with so many cameras pointed in the same direction. It seems like there's a lot of overlap but maybe not as much coverage as there could be.

Nobody better put MY snacks behind a glass barrier


Watch on YouTube

It's a good thing that barrier is there or that baby would be lion food. Instead the baby is learning to not be afraid of something it probably really ought to be afraid of.

Wednesday, January 22, 2020

That's one way to take back your privacy

from here and here (source article)

Just the sound of "invading the privacy of dragons" (go ahead and say it out loud) gives me pause. What's worse is that it kinda sounds like the film crew were catfishing the dragons in order to steal their secrets. Not cool.

The old Superman technique

found on Acid Cow

Hey, if it's a good enough disguise for Clark Kent it should be good enough for this guy, right?

Tuesday, January 21, 2020

As if the authorities needed a push

from here and here (image source)

As creepy and worrisome as the idea of marketing a face recognition system with virtually everyone's face in it to the police, the idea that they had to be enticed with a free trial boggles the mind.

Make Orwell Fiction Again buttons

Product Page

Now that's some flair I think I could get behind. What are we doing to halt the progression to the world of George Orwell's 1984? Not enough, I think. We need to do more to veer away from that dystopian society.

Monday, January 20, 2020

The ultimate defense

from here

It's amazing how much depends on the security of something many people don't even know is there. I wouldn't want so many of my security outcomes to depend on poorly paid and poorly trained customer service representatives detecting social engineering attacks.

Everything has a weakness

found on Funny Junk

Everything has a weakness, the trick is to make that weakness difficult to exploit. I don't think they nailed it with this one.

Friday, January 17, 2020

Your move, bike thieves

from here and here (image source)

I imagine this is only practical for Spiderman, but still, this seems like it's quite effective.

If you're guilty and you know it, hold it in

found on Snopes

Sometimes it's important to not draw attention to yourself, to not make yourself into a target. At times like those it's best if you didn't recently eat a large helping of beans.

Thursday, January 16, 2020

In case the crying or smell doesn't give it away

from here (image source)

No doubt the data collected from these things will be kept insecurely like so many other Internet of Things devices and eventually there will be a leak. Not the kind of leak you may be used to with diapers, but a leak none the less.