Friday, January 29, 2021

For those crooks who have the munchies

from here and here (screen cap source)

It's supposed to be for community out-reach, but I can see certain types of offenders being lured out of their smokey homes for a tasty treat. 

Do you have what it takes to be an elite hacker?

found on Reddit

If only all cybercrooks were this dumb. That would make things a lot easier.

Thursday, January 28, 2021

We have seen the vulnerability and it is us

from here and here

When even security researchers are successfully targeted, that's all the proof one should need that no one is immune to social engineering

Lock Picking Lawyer: SimpliSafe Alarm Bypassed With a $2 Device From Amazon

Watch on YouTube

Have you heard of SimpliSafe before? I know I have. Some of my favourite YouTubers seem to swear by it (or at least swear by the sponsorship they get from the company). I hadn't heard about this weakness before, though, and it seems like an important consideration when selecting a home alarm system. I wonder how many other systems have similar vulnerabilities.

Wednesday, January 27, 2021

How can we trust you with backdoors if you don't trust yourselves?

from here

It's really revealing that the police want backdoors to use against other police, apparently oblivious to the fact that that would allow those other police to use the same backdoors against them (and a whole bunch of others). Clearly they aren't putting a lot of thought into this. All they know how to do is ask for more power.

The turtle's got it's eye on you

found on eBaum's World

There isn't really any such thing as a security camera. Camera's don't make things more secure, they don't prevent unwanted outcomes, they simply help in catching people after the fact. The best they can hope to do as far as prevention is to serve as a deterrent, but for that to work they have to be plainly visible, not hidden in a mural. People are less likely to be deterred by a turtle looking at them than they are by an obvious camera looking at them.

Tuesday, January 26, 2021

Technologically impaired hacker is all wet

from here and here (image source)

Wrong kind of MAC, and wrong kind of flooding for MAC flooding.

Who Watches The Watchers? shirt

Product Page

Product Page

The phrase on the bottom of the graphic is Quis custodiet ipsos custodes? which is latin for "Who watches the watchers?"

It's an interesting question in this context. When you're online you're being watched by a bunch of different entities, some of them commercial, some of them government, but who watches them?

Monday, January 25, 2021

Don't let aliens invade your bank account

from here and here (image source)

I think I'll stick with more modestly sized laptops, so I only have to worry about hiding my passwords from people in my immediate vicinity.

And then everyone switched to Signal

found on Izismile

What happens when you treat your users like shit without having a monopoly? They leave.

Friday, January 22, 2021

Never let them pressure you into unblocking again

from here and here

If ad-blocking is good advice for government agencies, it's good advice for everyone else too. Don't let anyone tell you different. 

I hope the ad industry has fun trying to block agencies like the NSA with their ad-block-blockers.

Defense In Depth: Surveillance Edition

found on Dump A Day

A camera can miss things, that's why you often see more than one, but sometimes cameras can miss things even when they're in frame, so that's where the snitches come in.

Thursday, January 21, 2021

Lock and lobe

from here and here (image source)

I suppose this could still be taken by force, but it'll be messy and it would still have that annoying lock attached.

Get you some guard geese

Watch on YouTube

They must be part honey badger because clearly these geese don't care that the gator is larger than them and could eat them. They're chasing that threat away regardless.

Wednesday, January 20, 2021

Will it blend in

from here and here (image source)

Nothing screams "Great Idea!" like making your phone harder to find. What could possibly go wrong?

Brutality deterrent?

found on Piximus

The question that springs immediately to mind is "Does it work?" I mean, on the one hand it's clearly a misleading label, but on the other hand police forces typically don't select for intelligence when screening prospective hires. Could a crossed wire result in a less violent encounter as a result? Who knows? We seem to be at the stage where anything is worth a shot (no pun intended).

Tuesday, January 19, 2021

Never underestimate your adversary

from here and here (image source)

The think about knowing your enemy is that you need to know them well enough to know what they're capable of. Now, I'm not saying that your kid is the enemy, but if you knew they were this strong you probably wouldn't waste your money on that childproof lock.

Identity Thief T-Shirt

Product Page

Product Page

This actually seems like a fun shirt to wear to a conference, especially a security conference. I'm sure it'll go over real well.

It's a shame there's surprisingly little difference between the male and female versions of this shirt. 

Monday, January 18, 2021

How not to protect your identity

from here

It's bad enough not wearing a mask (in a pandemic, no less) to an event such as that, but to walk around with your identity printed on a card hanging around your neck? You might as well just have a sticker on your shirt that says "Hi, my name is _________". No doubt while the authorities were struggling to put a name to a face for most of the other perpetrators, in this guy's case all they had to do was read.

Maybe phones should resist interrogation more politely

found on The Very Near Future

Modern phones are already capable of resisting interrogation by authorities by using encryption, but the feds don't like that. Maybe if the phones apologized it would smooth over investigators hurt feelings.

Friday, January 15, 2021

What the feds wish "locked phone" meant

from here and here (image source)

There are so many things wrong with this technique. If someone wants the actual hardware they can just wait until you're about to use it to actually snatch it - that is assuming you can't just unsnap it from the belt (although it sort of looks like you can). It doesn't protect against any other kind of threat except phone thieves. Of course there's also the inconvenience of having to fumble around with a cumbersome lock whenever an incoming call comes in. How many missed calls before you start not locking it at all?

They never ask for permission to be confusing

found on Izismile

I'm sure there's a perfectly logical explanation for that authorization prompt (maybe it's a 3rd party calendar app that wants access to the built-in calendar?), but that doesn't change the fact that the way it's presented is quite confusing to regular people. It almost makes me wonder if this could be exploited by malware somehow.

Thursday, January 14, 2021

The one time you should be a Karen

from here

Honestly, in this one particular context, be a Karen. You're entitled to let technology do the remembering for you.

Secure hard drive disposal

Watch on YouTube

I don't think anyone will be retrieving the data from these now.

Wednesday, January 13, 2021

If unsatisfied customers disappear, is there still a problem?

from here

Thanks to Naomi Wu for working so hard to raise awareness of what is clearly a serious issue, and shame on Signal for not doing more to educate users on the safety considerations of using their app.

In theory, secure messaging is meant to protect those who might otherwise be in danger if the contents of their messages were found out. If at-risk Signal users are getting disappeared under normal usage conditions then the question has to be asked whether Signal is fit for purpose.

I never knew my passwords

found on Acid Cow

It's funny because it's true. You can't be tricked or coerced into giving up your passwords if you don't currently know what they are.

Tuesday, January 12, 2021

We don't need no stinkin' keys!

from here (image source)

Of course, even if you were somehow able to solve the problem demonstrated above, a screwdriver will take the entire mechanism off the door. I'm really not sure what the intended application of this lockable sliding latch is supposed to be, but for the life of me I can't see a way to make it actually be secure.

I Drink Because Your Password Is Password mug

Product Page

It's kind of a weird thing to drink out of if you're doing that sort of drinking, but I guess you have to keep up appearances at work.

Monday, January 11, 2021

Tactitools for tactifools

from here and here (image source)

Tools are easy enough to misplace as it is. Making them blend in just makes it all the more difficult to find them. If you really want something other than the standard shiny chrome looking ones, might I suggest a neon or dayglo colour?

Galaxy brain state sponsored hacking

found on Imgur

It would take a while, but if you could disrupt the pipeline that drives kids into armed service for a military power, eventually they won't be a military power anymore.

Friday, January 8, 2021

When your OpSec is as bad as your legal advice

from here

You'd think that a lawyer would know not to take part in something as obviously illegal as a violent insurrection at the Capitol building. You'd further think that a lawyer would have the good sense not to post evidence of such illegal activity on social media for the world (and your employer) to see. Apparently in at least one case you'd be wrong.

Finally, surveillance we can all agree with

found on Imgur

I'm sure there's an interesting story behind this sign, I just hope there aren't any pictures.

Thursday, January 7, 2021

If Houdini had a backpack

from here and here (image source)

Maybe if Newt Scamander had employed something like this his fantastic beasts wouldn't have kept getting away.

You'll never look at a chain lock the same way again

Watch on YouTube

If your home is protected by a chain lock like this one, you better make sure there isn't enough room for someone with skinny arms to reach in with a rubber band and adhesive tape.

Wednesday, January 6, 2021

The unintended costs of mass surveillance

from here

So Singapore is letting police access contact tracing data and people are concerned, and perhaps rightfully so. Over and over again, governments have proven they can't be trusted not to use the data they collect for purposes other than the data was intended. The United States exemplifies this and as a result they are unlikely to ever be able to do meaningful contact tracing because people don't trust that the data won't be used for other purposes - and that lack of trust is costing lives. There are other factors also costing lives, but even without those factors, contact tracing would still be a problem and without contact tracing it's impossible to get ahead of an outbreak.

Can't a guy rest in peace?

found on Acid Cow

I suppose the argument could be made that there are no more outcomes for him to worry about, but privacy is still privacy, and if people really didn't care about what happened after they were gone they wouldn't make wills.

Tuesday, January 5, 2021

How do you "accidentally" add hard-coded credentials?

from here and here

Believe me, I can imagine how this backdoor got added to the Zyxel firmware. In theory they may be developing the firmware with the built-in account for testing purposes and then they remove or disable that code in the final build that they intend for release. But if that's what they're doing then this mistake begs to happen over and over again.

Maybe they should make a product that's testable in it's final releasable form instead.

My Parents Went On The Internet And All I Got Was Some Lousy Malware shirt

Product Page

For when the malware your family finds for you (one way or another) doesn't quite measure up to your expectations.

Monday, January 4, 2021

IoT's security disadvantage

from here and here

The Internet of Things is always going to have security problems and updates and other device maintenance tasks are a big part of the reason

Hopefully it's just for deterrent purposes

found on Acid Cow

I've heard it said that some guys don't take a hint. I've even heard that some guys point blank won't take no for an answer. I hope things don't escalate much further

Friday, January 1, 2021

It's finally dead...ish

from here and here

It may be EOL for Flash but that doesn't mean people won't do plenty of inadvisable things trying to keep it alive. Expect to see cyber-criminals capitalizing on the situation in 3...2...1...

Revenge on a IRS Phone Scamming Company - Call Flooder

Watch on YouTube

Making scammers angry enough to curse at you? Yes please, I want more of that. Interferring with their business of exploiting others is just icing on the cake.