Thursday, December 31, 2020

Your secrets will be safe in here

from here and here (image source)

So apparently you can make a hotel out of an old bank (that must have been a heck of a bank!), and I suppose it makes sense that it's cheaper to find some way to re-use the vault than it would be to haul that thing out, so turning it into a meeting room is a pretty cool idea.

SQL Injection sticker

Product Page

This is one of the stickers nominated for a DEFCON Award. Check out the rest and see which one you like best.

Wednesday, December 30, 2020

Keep them out of our online sexy time

from here and here

The details of this spying are pretty laughable. Imagine doing something naughty after the government made you install a certificate that allows them to view your encrypted web traffic. You'd have to be pretty dumb to get caught, but it would suck not having the freedom to do what you want (or possibly need) to do. I suspect it does more to keep people in line than it does to actually catch people - not unlike the way obvious surveillance cameras deter some crime.

How not to deal with security vulnerabilities

found on Reddit

I'm not sure how hugs work to make people feel less insecure, but they definitely don't work on computers.

Tuesday, December 29, 2020

That doesn't seem very anonymous

from here

The concept of anonymous has gone through a lot of changes over the years. Back in the day there were anonymous remailers, which came about because it became obvious that you could track down the sender or more traditional messages. Then of course there was the Tor Project which was meant to facilitate anonymous browsing because otherwise your activity on a site could be tracked back to your ISP who would be more than willing to give you up. After that came the hacktivist group named Anonymous who presciently wore masks because they feared (and rightly so) being identified by authorities using (among other things) facial recognition. Face recognition is in the hands of everyone now, though, not just the authorities, so the idea of showing your face online and calling it anonymous because your name is withheld just doesn't work anymore.

If you don't like it then don't call

found on Funny Junk

This is an interesting idea for a scam phone call countermeasure. If you can be disturbing enough, they won't want to have anything to do with you. Maybe they'll even have to create their own do-not-call list to protect themselves and their colleagues from the mental images you conjure in them.

Monday, December 28, 2020

Plain-text shows the plain truth

from here and here

Scammers don't even bother to hide the truth when it comes to plain-text email. On the flip-side, however, they're often much better at generating the plain-text portion of their HTML emails than the businesses they're trying to impersonate.

On an unrelated note, I wonder if OK Scammer could catch on the way OK Boomer did. I know I want to direct that kind of derision at scammers - how about you?

There's no such thing as perfect camoufl...

found on eBaum's World

I don't know how anyone could find these in their natural habitat. I definitely wouldn't be able to. I can only imagine this works very well to protect them against threats.

Friday, December 18, 2020

Where would you like to crash today?

from here and here (image source)

Hard to imagine anyone thought this was a good idea. Personally I find it terrifying. I don't ever want to be in a car that's powered by Microsoft.

Dude, where's my tracks?

found on Izismile

Apparently tanks aren't very secure unless they have someone guarding them and making sure adversaries stay far away. Not exactly what you'd expect from a tank.

Thursday, December 17, 2020

Santa isn't messing around

from here and here (screengrab source)

Elf on the shelf may have been and advancement in Santa's surveillance capabilities, but this is an advancement in his enforcement. No more coal in your stocking, it's 'cuffs from now on.

Hacker Breaks Down 26 Hacking Scenes From Movies & TV


Watch on YouTube

Getting the guy who infected MySpace with an XSS worm that spread from one profile page to the next to rate the accuracy of fictional depictions of hacking in popular media was brilliant. Samy may not be my hero, but he's definitely the right guy for the job.

Wednesday, December 16, 2020

Security, not as easy as 1-2-3

from here

{YourCompanyName}1234 isn't going to cut it either. These are really easy to guess passwords, which is the opposite of what a good password should be. A company that makes network monitoring software should know better.

Bezos sees all

found on Reddit


As if regular murals that incorporate surveillance cameras weren't creepy enough, you had to go and use this guy's face. That being said, there aren't may people more fitting to be immortalized this way.

Tuesday, December 15, 2020

Someone found a cheat code anyway

from here

Imagine my confusion when it seemed like a beloved old game enjoyed a surge of attention all of a sudden, and then my disappointment when I found out it was just another compromised company. A company with a lot of important customers, but still, not the game.

RUN IDA sticker

Product Page

Rather than water bottles, I kind of expect to see this on the laptops of malware analysts.

Monday, December 14, 2020

Won't someone bring back the idiot box?

from here

An unpopular opinion, perhaps, but every "smart" device has a computer in it. Adding a computer to anything increases the attack surface of that thing, as well as adding a host of preventative care chores that simply will not get done by the vast majority of smart device owners.

And who knows, maybe this can become a catch phrase that helps steer us all in a better direction.

If James Bond were a lot older

found on Izismile

This looks like something you could have imagined seeing in one of the early Bond films, and yet by that point this would have been old news.

Friday, December 11, 2020

I wonder what they do for dental

from here

I suppose the hackers that stole the data could sell it and monetize it that way, but haven't the companies making these vaccines already committed to not gouging customers in this particular case? How much profit can be made by 3rd parties if 1st parties are already forgoing most of theirs?

An early biometric database

found on Acid Cow

Imagine how much bigger (and smaller) biometric databases are now that they're computerized. That many fingerprints could probably fit on an external harddisk you could fit in your pocket, but they probably still need a room that big to hold all the data they hve now.

Thursday, December 10, 2020

Florida Admin

from here

This is an object lesson in why you don't give everyone the same username and password, and why you don't post that username and password on the Internet where everyone can find it. It's difficult to know who accessed the system and it's impossible to control who will access the system. Furthermore it's difficult to claim arbitrary people weren't supposed to access the system and that those arbitrary people should know that. Why give out the password if people aren't supposed to use it?

As for the title, I figure Florida Admin is a bit like Florida Man (or Florida Woman) but with technical responsibilities.

How private is your personal information?


Watch on YouTube

Well that's creepy as fuck. You'd think those people would know something was up when they were offered something for free in exchange for doing something on Facebook. Granted the video is from 2016, but even in 2016 Facebook was notorious with respect to privacy, and "free" should always raise a red flag.

Wednesday, December 9, 2020

There's someone you should never tell your secrets to

from here and here (image source)

Sometimes it can be surprisingly easy to give the game away by saying too much.

In this case, however, the nuclear bunker was no longer really a secret, so the sign is just a little bit of false advertising.

Which one is the insider threat?

found on Huge LOL

Number 2 seems pretty suspect, if you ask me.

Tuesday, December 8, 2020

Don't worry, kids, there's still hope

from here

Kids, if you had the realization that remote classrooms would spell the end of snowdays, have no fear. There's still a way to for online classes to get canceled and snow plows can't open them back up.

Cryptography - In Math We Trust mug

Product Page

I trust the math, do you trust the math? Do you have a moment to talk about our lord and saviour "Math"? I dare say that math in general, and cryptography in particular, saves us from an awful lot of bad things.

Monday, December 7, 2020

You shall not pass

from here (image source)

You might be like the person who put up this sign and fence and think that the sidewalk there is for people to walk on, but in reality it's only purpose is to keep people off the grass. Take that away and people will be wearing paths in the sod in no time at all. If you don't want people going through the area then you're going to have to fence off more than just the sidewalk.

So much for getting the right tool for the job

found on Acid Cow

Just in case there's any confusion, this is not the right tool for the job. Fluffy will not be able to take down a perp unless that perp is Stuart Little.

Friday, December 4, 2020

Someone needs to go on a 'spiet'

from here

Would anyone actually accept a spy diet? Probably not. Any organization that spies only seems to care about more, more, more.

Threat Modeling: These guys get it

found on Izismile

Be smart. If Vladimir Putin offers you tea, politely decline. I'm sure it's perfectly safe most of the time, but who wants to find out the hard way that it was Putin's special tea?

Thursday, December 3, 2020

Some hackers just want to watch the election burn

from here

Y'know, it never occurred to me that you could hack an election with a pen and some paper. That is an impressive display of thinking outside the box. It seems the pen is mightier than the code (or at least it can be if you don't sanitize your inputs).

That being said, can you imagine the problems it would have caused if the SQL injection against a live election had worked? Holy cow, someone was playing a very risky game.

Adam Anderson: Cyber Crime Isn't About Computers, It's About Behavior


Watch on YouTube

One of the things I've always thought was important was to realize that the security problem has many dimensions that need to be addressed, and human behaviour is definitely an important one.

Wednesday, December 2, 2020

They take the security of your data, seriously

from here

It's difficult to believe an organization could be so lax, but they're actually being ordered by the court to hire a CISO six years after the breach. My dudes, what the actual fuck have you been doing for the past six years?

Imagine what they could do now

found on Izismile

Cameras have gotten a lot smaller since those days. They could be a lot more inconspicuous. Also, they can transmit wirelessly now so you could use any animal rather than one that you have to meet up with at a known location after the fact like a homing pigeon.

Tuesday, December 1, 2020

Why security measures often fail

from here and here (image source)

 Now if your security measures are such that the wrong paths have less resistance than the right paths, then that's something you need to improve.

Cybersecurity: We Do Precision Guesswork mug

Product Page

Hopefully your bosses and colleagues have a sense of humour when you show up to the office with this mug.