Tuesday, March 31, 2020

A message to web developers

from here and here (image source one and two)

Plain text passwords have been way, way too common on websites over the years. No doubt the thing that made it so common is that login pages are so boring and easy to underestimate that developers don't spend the time to learn how to do them properly. That really hasn't changed which is why plain text passwords are still too common (as Plain Text Offenders handily demonstrates).

Virus Scan sticker

Product Page

I didn't realize people put these sorts of stickers on things other than their laptops, but this particular placement means you're more likely to see your own sticker and be reminded why you really don't want to disable your AV.

Monday, March 30, 2020

That's what makes it work

from here (image source)

The more specific it is to the environment, the better it does at concealing you, as these two carpet cosplayers demonstrated at DragonCon some time ago.

Yes, your computer is safe from it

found on Ruin My Week

I mean, I do kind of get why the assumption would be that it's a computer virus. Human viruses are in the new far less.

Friday, March 27, 2020

Drop f-bombs, not 0days

from here

The vast majority of people who would be affected by the 0day would probably enjoy the f-bomb more.

I think you mean Wonder Woman's jet

found on Reddit

While stealth is certainly a desirable quality in an adversarial situation, actual invisibility has some logistical problems, like how to avoid running into the damn thing.

Thursday, March 26, 2020

She sells CSHs by the sea shore

from here and here (image source)

Why so serious? Security memes should be fun and silly too.

Breaking into a bank with whiskey


Watch on YouTube

You have to hand it to Deviant Ollam here. He would make quite the gentleman bank robber. Not only because of his stylish attire, but also because he apparently puts the key in whiskey.

Wednesday, March 25, 2020

Good Guy Ransomware Operator was too good to be true

from here

I almost put the Scumbag Hat on Good Guy Greg and called it a Good Guy Ransomware Operator meme when I heard about the promise, but something felt off about it, and now that their true colours are showing I'm glad I hesitated.

And now they want 'secure' backdoors

found on Funny Junk

When will governments learn that technology just doesn't work the way they imagine it does?

Tuesday, March 24, 2020

Someone is trying to level up to supervillain

from here

While I can certainly imagine motives for launching cyberattacks against the WHO, I can't imagine having the balls to risk disrupting the work that organization is doing right now.

Are You A Software Update phone case

Product Page

I think we've all had this reaction to a software update, and I think we've also all had this reaction to someone coming over to pester us with

Monday, March 23, 2020

Some brute force attacks are less effective than others

from here (image source)

I hope I don't have to spell it out that breaking into online accounts doesn't work that way, but I suppose at least he's not hacking with a bladed instrument.

The Internet Of Awkward

attribution withheld for the sake of privacy

I'm sure this was mortifying when it happened, and I'm sure it's happened to more than just this one person. It's bad enough to learn that those devices are always listening and that actual people have been listening to the recordings, but to having it call your father in the middle of an intimate moment.

And just think, the advice to keep these devices out of the bedroom may not help if you're really loud.

Friday, March 20, 2020

Wiper Sniper

from here and here (image source)

I probably wouldn't want to be caught doing that either, but he can only blend into those potted plants for so long.

Quick Robin! To the Surveillancemobile!

found on Reddit

I guess this is probably legal in jurisdictions where dashcams are allowed, but it's also really offensive to people who value their privacy

Thursday, March 19, 2020

Social Media Distancing

from here

But ducks don't have that many feet.

Security Distancing


Watch on YouTube

This security guard's "I'm Not Touching You" game is on point. I'm sure that's a skill a lot of security guards will want to develop in the wake of the pandemic, though I'm not sure it will be good for security.

Wednesday, March 18, 2020

At least the stand is locked

from here (image source)

It's really hard to have good security without attention to detail. Even tiny errors can void all the benefits you hoped to achieve.

Account security is getting overly aggressive

found on Izismile

I've never had someone try to fraudulently take over my account, but I have had to jump through extra hoops to prove I was the legitimate account holder of my own accounts, and in some cases I've even lost the account because I couldn't do enough to prove it. Sometimes having the password isn't good enough, and that just doesn't seem right.

Tuesday, March 17, 2020

This keyboard can fit so many biological booby traps in it

from here (image source)

The current pandemic really makes you look at those awful hacker stock photos with new eyes. I hope physical penetration testers are taking adequate precautions.

Only You Can Make Security Work shirt

Product Page
Product Page

Apparently this design came from a collection of NSA posters from the 50's and 60's. I'm not keen on the lettering, but wearing a piece of NSA history seems pretty cool, and ultimately it's a good message.

Monday, March 16, 2020

Everybody poops

from here and here

With the value of bitcoin going down and the scarcity of toilet paper on the rise, it seems like this is a possible outcome.

Gives new/old meaning to the term jailbreak

found on Dump A Day

You might think students could easily break their phones out of this prison, and you might be right, but I fully expect this prison has a guard in the form of that teacher mentioned in the caption. The students would get caught and they know it.

Friday, March 13, 2020

Hack The Ripper

from here and here (image source)

They could have simply attached a skimmer like a normal crook, but nooooooo, they had to creep people the fuck out instead.

A very public washroom

found on Reddit

Transparent stalls means no one is willing to do their business there, which in turn means no one is going to "steal" the toilet paper, so it seems there's no need to provide any. Funny how the unintended consequences of a lack of privacy work.

Thursday, March 12, 2020

When a whisper isn't quiet enough to keep something secret

from here

You might be thinking that all these secrets that were exposed aren't linked to anyone's real name, so people's secrets are still 'secret', but people re-use usernames across multiple sites so it could be de-anonymized that way. Also the data includes locations, so you could look at entries from your area and factor in the other included details like age, gender, place of work, etc. to make educated guesses about whether they're someone you know. Add to that the fact that the secrets aren't just passwords, they're often stories with details that other people might be familiar with (at least in part).

Don't bring a gun to a mop fight


Watch on YouTube

I don't know if perhaps the gun wasn't real or maybe the would-be robber didn't have the nerve to pull the trigger, but whatever the case, he was clearly less prepared for the encounter than the little old lady with a mop.

Wednesday, March 11, 2020

Or maybe even recycled bins

from here and here (image source)

Don't get me wrong, repurposed malware isn't a terrible name for them, I just think think when you're dealing with attackers doing something seemingly clever, a little psyops are called for. "Hand-me-down" has more baggage than "repurposed" and that's a good thing in this context.

(The recycled bins comment in the title is perhaps a little more in keeping with the punny nature of the"What idiot called it" meme)

Aren't there already enough ways to lose your keys?

found on Funny Junk

Physical keys, encryption keys, passwords, etc. all have a tendency to get lost or stolen. Don't design things in such a way that losing them becomes even easier.

Tuesday, March 10, 2020

When your key tries to do it's best Excalibur impression

from here (image source)

I kinda think that if the lock is that easy to remove, it wasn't adding much security in the first place.

Windows Vulnerability mug

Product Page

I'm not sure if this is still true, but it certainly seemed true at one point in time. If it's still true now after fixing vulnerabilities for years and years then it kind of makes you wonder what the point in fixing the vulnerabilities is.

Monday, March 9, 2020

Beep Boop Whoop Whistle - [I'm in]

from here and here

R2D2 wasn't just a hero in a galaxy far, far away. That little astromech droid was breaking into enemy systems left and right. You'd think the Empire would have put in some tougher access controls to stop that sort of thing, but they didn't.

It doesn't matter if the scam is obvious

found on Izismile

Even when all the signs are there and they seem abundantly clear, people will still fall for the scam.

Friday, March 6, 2020

No toddlers better try to steal my trike

from here (image source)

Thinking like an attacker can often highlight weaknesses in your defenses. I don't think it would take very long to identify an obvious one here.

Truly this is a problem for the ages

found on Funny Junk

The contemporary problem is clearing your browser history, but before that I have no doubt it was clearing your "reading" history (whether it be books or glossy magazines).

Thursday, March 5, 2020

I worry about his firewall

from here and here (image source)

Sandboxing is a security technique that works by isolating things rather than blocking them, but the above is not quite how you accomplish it. There's special software (or in some cases operating systems) that do it.

Jim Browning: Spying on the Scammers


Watch on YouTube

While there may be some question as to the legality of gaining access to the scammers' systems, there is no question about the legality of the scammers' activities at all, as the building was raided by police and the owner taken into custody.

Wednesday, March 4, 2020

Criminal opsec can be a hard pill to swallow

from here

These fine gentlemen might have enjoyed their freedom a bit longer after their armed robbery if they hadn't left a literal trail of clues for cops to follow.

Literally "under" surveillance

found on Izismile

By the looks of it, the literal interpretation is the only one that's accurate in this case. The camera appears to have sustained damage so there is likely no surveilling going on.

Tuesday, March 3, 2020

Some folks take ALL the bait

from here and here

Of course in the process of upgrading the screen you could upgrade the rest of the computer as well and not have to worry about all those ancient toolbars and whatever other browser hijackers might be present

It's OK If You Don't Like Cryptography shirt

Product Page
Product Page

There are many different ways of being persuasive. Some appeal to logic, while others like this appeal to more emotional needs.

Monday, March 2, 2020

The Internet of Vulnerable Things

from here

I think I've heard this advice somewhere before, but I can't place it. It bears repeating though, because whether it's a toaster or a power plant, the last thing we need are more vulnerable systems connected to the Internet and being hijacked and used for malicious ends.

Sometimes security is like a work of art

found on Izismile

I don't know a lot about bank vault doors or how they're made, but those patterns in the metal make it seem quite ornate and I'm curious to know if they serve a function beyond looking pretty, since that's part of the door people probably won't see very often.