Friday, December 31, 2021

Malware can't steal your resources if there aren't any left to steal

from here and here

It isn't really new news that Symantec have added crypto mining to Norton 360, but it popped up in my feed and it's still just such a ridiculous thing for a security company to do.

Car thieves hate this one weird trick


Watch on YouTube

So let's say you've stuck an AirTag on a car that you want to steal and you follow the signal to the owners home. What happens when you can't find the car, or even the garage? Well, I guess you're out the cost of an AirTag. 

In reality, though, I suspect the driveway in place of a grassy yard is going to give away the car's location. It's still quite a well executed trick, though.

Thursday, December 30, 2021

That would be a LOT of nagging

from here and here

Don't you just love software vulnerabilities that affect nearly everyone and that most people can't do anything about? Wait, did I say love? I meant hate with the burning fury of a thousand suns. 

When your computer is secure but your job is not

found on Reddit

What exactly are we protecting again? Just computers and data? I thought it was more than that. I thought we were protecting lives and livelihoods as well. Intrusive updates don't accomplish that.

Wednesday, December 29, 2021

What could possibly go wrong?

from here and here (source article)

So now that COVID-19 tests are Bluetooth enabled (with all the consequences that come with that), when you get a positive result you have to wonder - Are you sick, or is your device sick? 

Biometrics are easy, they said

found on Reddit

There are a lot of assumptions inherent in any authentication mechanism, but ones that are relatively new deserve to have things spelled out a little more clearly than just 3 words. It's not like they don't have room for more words, there's plenty of room.

Tuesday, December 28, 2021

The Patching Games

from here and here

May the odds be ever in your favour whenever Patch Tuesday comes around. You never know how things will turn out.

Loose Tweets Sink Fleets sticker

Product Page

Finally, the old adage about loose lips sinking ships has been updated for the 21st century.


Monday, December 27, 2021

How not to get away with something

from here and here

This guy who stole his brother's identity only to find out his brother was wanted by the cops is going to have a very interesting family reunion one day.

I wouldn't be smiling

found on Izismile

On the plus side, at least you get a warning and can look around for the camera and obscure it's view before you go. It would be worse if you didn't know about it.

Friday, December 17, 2021

The Biometric Bandit

from here and here

This bad ex-boyfriend in China is yet another reminder that biometrics enable authentication without consent.

When your theft prevention mechanism is more of a suggestion

found on eBaum's World

A chain of paper clips isn't going to stop anyone. At best it signals your preference that you wan the stapler to be used where it is, but even then, if someone is stealing your stapler then chances are they aren't interested in respecting your preferences.

Thursday, December 16, 2021

How many patches before we can call it a quilt?

from here

If you installed the previous Log4J patch, guess what you get to do now? That's right, you get to install a new patch all over again because the old one has multiple vulnerabilities.

All dogs can be guard dogs


Watch on YouTube

You'd think these dogs would just be snacks, but clearly they do an excellent job of scaring the bears away. As the saying goes, it's not the size of the dog in the fight, it's the size of the fight in the dog - and these little dogs have a whole lot of fight in them. They don't even really need to be able to take on a bear in an actual fight, simply raising the alarm can be enough to protect people all on it's own. 

Of course, just because all dogs can be guard dogs, that doesn't mean they all are suitable as guard dogs. Not all of them have the right temperament for it. 

Wednesday, December 15, 2021

An escalation in the game of Cat and Mouse

from here (image source)

I've seen cats in tanks too, but I think those have always been cardboard.

Somewhere between 0-Day and Old-Day

found on imgflip

If you sit and stare at it long enough it definitely won't be a zero day anymore. Hurry up and submit it to the vendor before someone else does.

Tuesday, December 14, 2021

Even Google fails at asset management

from here

This is your irregular reminder to check your network to see if there are any servers on it that don't need to be there anymore. One less server is one less thing to patch and one less thing that could be exploited in the absence of a patch (and if it's been running for 21 years you've got to think it's missing a few patches)..

The Cloud: Your Data On Someone Else's Computer shirt

Product Page

The meme keeps evolving, but I still recognize that "someone else's computer" anywhere.

Monday, December 13, 2021

It smells like privacy!

from here and here (image source)

If the smell of napalm in the morning smells like victory then it stands to reason that the smell of end to end encryption must smell like privacy.

Bank (pen) grade security

found on eBaum's World

This seems like a lot of effort just to make sure the last spoon doesn't go missing. Maybe instead you could just take away the spoon and tell people they'll have to bring their own in future.

(And then you can see who brings break room spoons as "their own")

Friday, December 10, 2021

'Tis the season for InfoSec Predictions

from here and here

I think we collectively oversell the idea of predictions in information security. There isn't any real prognostication going on. No one is peering into the future. They're just looking at what's going on right now and drawing some entirely reasonable conclusions about whether or not it's going to become a bigger problem in the next year. The real value is in identifying and highlighting the trends, but trends aren't really sexy the way predictions are, so a bunch of people like to set aside some time at this time of year to pretend  they have some special insight into the future rather than just telling people what they've been paying attention to recently.

I feel more secure already

found on Reddit

I have mixed feelings about this. There are at least 2 different ways to interpret it.

  1. If they can't even get the dog part right then I don't hold out much hope for the security part
  2. Maybe this is an example of "You keep what you kill"

Thursday, December 9, 2021

Can we go back to No Nut November?

from here and here

So this is what has become of "crypto"? I bet Matt Blaze is regretting selling the domain crypto.com now.

Privacy is NO LONGER a Social Norm


Watch on YouTube

The title of this video harkens back to something Mark Zuckerberg said years ago, however, where Zuckerberg was using the statement as a justification, this video merely offers it as an observation. Regardless of our values or however much we might wish it were otherwise, privacy is not the norm any longer and that's costing us dearly.

Wednesday, December 8, 2021

Out with the old, in with the new, choose to opt out and we'll include you too

from here and here

Given Verizon's blatant disregard for their customers' preferences, I think the lesson here is that there's only one kind of opt-out that matters - the one you do with your wallet. Don't give them your business if they can't live up to basic expectations of privacy.

Maybe they should have tried camouflage instead

found on eBaum's World

Unless the button positions are randomized, an attacker wouldn't need to be able to read the screen, they can tell what buttons your pressing just by your finger positions. It would be cheaper and more effective to just erect a barrier on either side of the bank patron so that an attacker can't get into a position where they can read from the side.

Tuesday, December 7, 2021

Putting the arse in arsenal and vice versa

from here

While jokes about weapons of ass destruction write themselves, the news story about the man who "slipped and fell" on a WWII mortar makes it clear that the doctors were not in a joking mood. As funny as it seems to us as readers, they had to consider the possibility that it was live ammunition and posed a real threat to everyone there. Even fake weapons need to be treated with care and respect because you never know how the circumstances might change. 

A Key Is A Metal Password sticker

Product Page

While it's not strictly true (a key is more of a token than a password), they are both authenticators, and there's actually not that much difference between them. After all, if you write down your password on a slip of paper and then forget it, it becomes something you have rather than something you know. Likewise, if you memorize the bitting on a key, then with the right tools you could push the pins in a lock up the right amount from memory.

Monday, December 6, 2021

NPCs won't stand a chance

from here (image source)

What about the people who follow the paved path, you say? They would still need to turn in order to operate and enter the door. This would literally only stop the people who have to come at the door head on and can't avoid this very narrow barrier

Try not to scare the shit out of the robber

found on Imgur

I know what you're thinking - Why shouldn't you scare the shit out of the robber? The answer is quite simple. Robot vacuums and shit are a very bad combination

Friday, December 3, 2021

No wonder they got banned

from here and here

I don't think NSO could reasonably claim to not know their products got misused, but I guess they should have been more proactive about dealing with it.

The Predator Defense

found on Daily LOL Pics

While it does look a bit like something out of an old Schwarzenegger film, it will cut down on phone thefts because the thieves would have to confront you to get it. Of course this is just step 1. Step 2 involves camouflage so the thieves can find you, and step 3 ... well, let's just say that if you can find a shoulder mounted laser cannon those thieves won't stand a chance.

Thursday, December 2, 2021

Privacy by the Honour System

from here and here (image source)

The Honour System of course requires trust. I for one don't have the requisite trust to use one of these. 

I also wonder how you're supposed to wash your hands afterwards.

Zuck on a Truck


Watch on YouTube

When it comes to figures that have come to symbolize invasion of privacy, Mark Zuckerberg definitely give the Elf on the Shelf a run for it's money. The similarity is amazing too, their both so lifelike.

Wednesday, December 1, 2021

In case you weren't already sick of crypto

from here

I can't resist a good pun. Or a bad one, apparently.

Camouflage can be a good way to lose your lunch

found on Izismile

On the other hand, it could be handy for weight loss. 

Tuesday, November 30, 2021

Sleepy Security

from here (image source)

This mix-up has all the trappings of someone not being entirely awake. If your threat model only includes people who are equally sleepy, maybe this would work, but that's not very likely.

Malware Family sticker

Product Page

If you're familiar with malware families, this is not going to be anything like that. Instead, it just imagines various malware types as members of the family of things called "malware". It's also missing some malware types. Granted a lot of things can fall under the heading of trojan horse or bot, but if spyware gets it's own glyph then where's adware? Where are the downloaders, the droppers, the RATs? I guess the design would be too big if everything were included.

Monday, November 29, 2021

At least people know when they shouldn't enter

from here and here (image source)

I don't know about you but I'd rather just have a lock.

When you need a security guard for a blood bank

found on Izismile

If you've got a vamp problem, I'm sure this daywalker can take care of it. 

Friday, November 26, 2021

They are NSO much trouble

from here and here

In general it's hard to take down state-backed malware providers, but in this case I think Apple may dominate. And I, for one, will cheer them on if they actually manage to sue these spyware makers out of existence.

What could possibly go wrong?

found on Acid Cow

It's not like devices have ever been infected by plugging them into strange power stations, right?

Ooops, I guess they have.

Thursday, November 25, 2021

These are our users, get your own

from here and here

You've got to figure that when Facebook tries to defend users against spying by cops it isn't for the benefit of the users. They spy on those same users, so it's no principled endeavor. In all likelihood they're just trying to stop less capable spies from scaring the users away from the platform. 

How to unlock a car with tape


Watch on YouTube

Unfortunately I really don't know if there's a countermeasure to mitigate this threat. I suspect there isn't. This is more just a reminder to not trust your car to protect your valuables. While what was demonstrated in the video was a form of non-destructive entry, destructive entry through the glass windows also works and always will, so there isn't much point in trying to stop the non-destructive approach - and frankly, if they use a non-destructive approach you're better off because there's less you'll need to replace that way.

Wednesday, November 24, 2021

We're paying AND we're the product

from here and here (image source)

You've no doubt heard the saying before: If you're not paying then you're the product. Well, it seems as though Vizio thought that was too limiting and found a way to make you the product even when you do pay. They make twice as much from the data they collect from TVs as they do from selling the TVs in the first place. I kind of think that if they're making so much off the data they should be giving us something for free. Where's my slice of the pie?

Deterrence Fail

found on Reddit

There's always someone who doesn't find the stated consequence enough of a deterrent. Clearly, if Mariah is in your theat model you're going to have to rethink the kinds of punishments you threaten her with. 

Tuesday, November 23, 2021

Taking the "s" out of sFTP

from here

How is it possible that a major service provider like GoDaddy is still using plaintext in 2021? This is not their first data breach. There is no excuse for this at thisi point.

Encryption Is Key shirt


 
Product Page

Monday, November 22, 2021

Manual Denial Of Service

from here (image source)

Apparently a news organization couldn't find hacker stock photos that were over-the-top enough for their purposes so they hired an artist to create such an image? I'm not sure why they couldn't just stage their own hacker stock photo (just need a scruffy guy and some simple props), but here we are.

It's your devices' home too, y'know

found on Izismile

If your phone was a person that you lived with, would you be as surprised to find them referencing things the things you've said while they were in the room with you? 

Treat your digital roomie the same way you would a nosy biological equivalent.

Friday, November 19, 2021

They don't stop you from doing the thing, only from getting away with it

from here

It would be more accurate to call the surveillance cameras, but I think society has less tolerance for the concept of surveillance, even though it's going on all around us. Calling them security cameras seems like it's part of our surveillance denialism.

That's one way to deal with the surveillance state

found on Imgur

At least he has the presence of mind to wear a mask. You know where there's one camera there's more, so if you attack one you'll probably be captured by another.

Thursday, November 18, 2021

Oops in 3...2...1...

from here and here (image source)

There are far less dangerous ways to remove that tiny little lock, and a real locksmith should know that. At that size, I wouldn't expect any fancy pins to make picking harder. A novice could probably rake it open. Heck, even a small pair of wrenches could probably bust the shackle out of the body without risking the kid's ear lobe.

Never underestimate your adversary


Watch on YouTube

I can't help wonder how the rat learned how to do this. Certainly it wasn't through it's own failures because that's not the kind of failure you get a second chance with. It must have either been taugh by another rat or it learned from another rat's mistakes. Either way, that's more inteilligence than I would have thought rats capable of. Now I know better.

Wednesday, November 17, 2021

Sit, stay, lock your doors

from here (image source)

A car is not a dog. Securing it like it is one isn't going to work very well against the kinds of threats cars actually face.