Friday, January 31, 2020

So much for 'easy money'

from here and here

I have never heard of victims getting their bitcoins back, but apparently it may be a possibility in this one particular case and frankly my mind is blown. If this becomes widespread then using bitcoin for criminal purposes is going to get harder. And that's a good thing.

Who wood do such a thing?

found on Reddit

Based on the comments it was probably a case of an item being previously purchased and then returned with something other than the original item in the box and then that got resold to this unfortunate soul. Keep that possibility in mind when you buy things online.

Thursday, January 30, 2020

But bypassWordList might contain hard-coded credentials

from here

I care about application security as much as the next developer (maybe more) but this particular heuristic (and the false alarms it generates) drives me nuts.

OpSec Matter phone case

Product Page

Not only is this a cool case for promoting OpSec, but also for introducing me to KYFMS (Keep Your F%#@ing Mouth Shut). You learn something new every day.

Wednesday, January 29, 2020

Hopefully that's the threat model

from here (image source)

Never in a million years would I have expected to see someone stopped by a solitary gate.

Something doesn't add up

found on Dog House Diaries

Now I wonder what would happen if you had the 3 little containers full of liquid and 1 big container that was empty. Do you think they'd clue in then?

Tuesday, January 28, 2020

Scourge of your online privacy

from here and here

Before it was just a browser plug-in collecting the data, but now apparently it's the anti-virus itself doing the dirty deed. I wonder if this is enough to classify Avast as a rogue security product.

Unfortunately this just reinforces the notion that if you aren't paying for the product then you are the product.

Breaking Into a Smart Home With A Laser - Smarter Every Day


Watch on YouTube

This demonstration is great for a couple of reasons. It demonstrates a complex security vulnerability in a way that ordinary people can connect with, but it's also careful not to hype up the threat and gives some solid recommendations on countermeasures.

Monday, January 27, 2020

They're for more than just data

from here (image source)

It's good to have a backup for anything important, just in case something goes wrong.

The secret to surviving office life

found on The Art Of Trolling

It goes without saying that you shouldn't tell anyone. It's a secret for a reason. Someone could definitely get in trouble for that. I don't think they're doing anything wrong, but they definitely have something to hide.

Friday, January 24, 2020

Thanks, I hate it Microsoft

from here and here

I wonder how many people signed off on this plan without realizing they were turning an Office update into malware.

This is the way

found on Meme Base

It's as if millions of dating site bots cried out in terror and were suddenly silenced.

Thursday, January 23, 2020

Nathan Sees All

from here and here (image source)

Actually I'm not sure how much this person actually sees with so many cameras pointed in the same direction. It seems like there's a lot of overlap but maybe not as much coverage as there could be.

Nobody better put MY snacks behind a glass barrier


Watch on YouTube

It's a good thing that barrier is there or that baby would be lion food. Instead the baby is learning to not be afraid of something it probably really ought to be afraid of.

Wednesday, January 22, 2020

That's one way to take back your privacy

from here and here (source article)

Just the sound of "invading the privacy of dragons" (go ahead and say it out loud) gives me pause. What's worse is that it kinda sounds like the film crew were catfishing the dragons in order to steal their secrets. Not cool.

The old Superman technique

found on Acid Cow

Hey, if it's a good enough disguise for Clark Kent it should be good enough for this guy, right?

Tuesday, January 21, 2020

As if the authorities needed a push

from here and here (image source)

As creepy and worrisome as the idea of marketing a face recognition system with virtually everyone's face in it to the police, the idea that they had to be enticed with a free trial boggles the mind.

Make Orwell Fiction Again buttons

Product Page

Now that's some flair I think I could get behind. What are we doing to halt the progression to the world of George Orwell's 1984? Not enough, I think. We need to do more to veer away from that dystopian society.

Monday, January 20, 2020

The ultimate defense

from here

It's amazing how much depends on the security of something many people don't even know is there. I wouldn't want so many of my security outcomes to depend on poorly paid and poorly trained customer service representatives detecting social engineering attacks.

Everything has a weakness

found on Funny Junk

Everything has a weakness, the trick is to make that weakness difficult to exploit. I don't think they nailed it with this one.

Friday, January 17, 2020

Your move, bike thieves

from here and here (image source)

I imagine this is only practical for Spiderman, but still, this seems like it's quite effective.

If you're guilty and you know it, hold it in

found on Snopes

Sometimes it's important to not draw attention to yourself, to not make yourself into a target. At times like those it's best if you didn't recently eat a large helping of beans.

Thursday, January 16, 2020

In case the crying or smell doesn't give it away

from here (image source)

No doubt the data collected from these things will be kept insecurely like so many other Internet of Things devices and eventually there will be a leak. Not the kind of leak you may be used to with diapers, but a leak none the less.

This is how hackers hack you using simple social engineering


Watch on YouTube

I sleep a little easier at night knowing I don't have a cell phone account for someone to do this to, but that's just one kind of account that could be broken into using social engineering. They could get into my ISP account for example, or perhaps (with extra effort) into some kind of financial account like bank or credit card.

Wednesday, January 15, 2020

You know there are a lot of vulnerabilities when even the NSA doesn't need any more

from here (image source)

How nice of the NSA to forego weaponizing this new vulnerability and reporting it instead. It really shows their softer, gentler side.

Listen to Ackbar Antivirus

found on Imgflip

Maybe (here me out here) the antivirus is right. It's certainly not unheard of for random sites on the Internet to be bad news.

Tuesday, January 14, 2020

Are you super-extra-certain no one unwanted is there?

from here

If you can't see or hear or otherwise sense who is in the room with your safe, why are you opening your safe? That sounds like insanity. Anyone could be there. I can't imagine what the folks at BoingBoing were thinking when they decided to hawk this thing.

ISHU anti-flash photography phone case

Product Page

Some time ago I became aware of this technology that renders flash photographs useless (useful if you don't want to be photographed), and it was in the form of a scarf, but the scarf is actually quite expensive (hundreds of dollars). It turns out the company has branched out into other things, and while many of them are sold out this phone case appears to still be available, is more affordable, and frankly more neutral in terms of who can pull it off.

Monday, January 13, 2020

To trust or not to trust the surveillance industry, that is the question

from here

If a simple bug can allow random people to view your surveillance feed, how well are those surveillance feeds actually protected? Who else could be watching them?

At least it's only Keyboard Cat

found on Izismile

Frankly, that could have lead to something much, MUCH worse than a 10 hour Keyboard Cat video. It could have been a Rick Roll, 2 Girls 1 Cup, or even malware. You can never tell where a QR code leads just by looking at it, unfortunately.

Friday, January 10, 2020

Is it Rex or Wrecks?

from here (image source)

So far I see layers that will keep out people and babies, but nothing specifically for dogs. Clearly dogs need to be part of the threat model so I would suggest something that's stronger than teeth.

Security theatre in a theatre

found on Izismile

I'm having a tough time imagining what the big deal about tortillas is. What's the threat model here? This seems way over the top for a food item.

Thursday, January 9, 2020

No one seems to be breaking that one anymore

from here

I'm just going to put this out there - some developers are going to see the headlines about SHA1 and shy away from it, but one of the easy alternatives to SHA1 is MD5 and without headlines telling them not to use that one either guess what's going to happen...

The World's First Cyber Crime: The Morris Worm


Watch on YouTube

The past can provide us with an interesting perspective on how we got to where we are now.

Wednesday, January 8, 2020

Oh Hell No

from here and here

Sony's Vision S definitely gets a nope from me. Maybe they thought we'd forgotten about their shenanigans years ago, but we haven't.

Exposing all the things

posted by cosmokyle

TSA scanners can't actually do this sort of thing... yet. I'm sure it's just a matter of time before the emotion detecting machines that they're trying to develop now are used against people in scenarios like this.

Tuesday, January 7, 2020

Always have a backup plan

from here

It's a shame that people lost their jobs because their company couldn't recover from ransomware, but it could have just as easily been a fire or hardware failure or some other disaster and there's no one you can pay to undo that kind of thing. If all you're planning to do is pay someone when disaster strikes it's not going to end well. You need to be prepared long before disaster strikes.

Zero Day bag

Product Page

This is for the whitehat vulnerability researchers. Blackhats might want to NOT advertise what they're up to while going about their real life.

Monday, January 6, 2020

The noise is coming from INSIDE THE HOUSE

from here and here (image source)

I'm sure the couple that mistook their robot vacuum for a home intruder are glad it was only a false alarm. I guess it was good practice in the event they ever do have a home intruder - or it'll train them to ignore the warning signs of a home intruder and they'll get a nasty surprise.

Camouflage Cat is gonna get stepped on

found on Izismile

I'm sure that cat's appearance didn't actually evolve as a way to blend into marble floors, and yet it does surprisingly well. Basically, for every appearance there exists a possible environment it can blend into. It's just a matter of finding it.

Friday, January 3, 2020

Junk Fax: The Next Generation

from here

If it doesn't ask for permission beforehand, why bother notifying afterwards? Never mind how creepy it is for a printer to just start printing on it's own when you're not even in the room.

It's conceivable that this is still a fairly new and unknown phenomenon, but don't count on it staying that way. Printers are now computers that also happen to apply ink to paper. Computers that perform automatic software updates using their WiFi connections. But importantly, computers that don't have real screens so they have to be creative about how they inevitably show you notifications.

If I'd known it was an IoT device, I would have kept looking for something else.

Reducing liquid volume in 3... 2...1...

found on Know Your Meme

If this were me I suspect I'd lose some of my liquid, but it probably wouldn't be enough.

Thursday, January 2, 2020

Can't quite put my finger on it

from here

I wouldn't bat an eye either, if I was trying to get some iris biometric system to recognize me. It would kinda interfere with the process.

Make It Easy Mechanic: How to unlock a car door (without a key)


Watch on YouTube

This looks like some handy knowledge to have in a pinch, but it also puts some perspective on the security of the car so that you can make more informed decisions and more realistic threat models. It's not just smashed windows you need to worry about, people may be able to get in with a shoelace.

Wednesday, January 1, 2020

Now we know why he was hiding

from here and here (image source)

In fairness, he was never supposed to be all that difficult to find in the first place. Kids could do it.

Sometimes biometrics are a little TOO convenient

found on Izismile

Even if she hadn't added her own fingertip, she could have easily used your finger while you slept. Then there's the authorities who can compel you to provide your finger to unlock your devices even when they can't compel you to give up your password - not to mention less legal attackers who could get your fingerprint in all sorts of different ways.