Friday, February 26, 2021

It's just not right

from here and here (source article)

Trust is difficult to gain but easy to lose, so I have to wonder what LastPass was thinking when they stuffed their app full of trackers. Did they think no one would notice? Have they never heard the phrase "Trust But Verify"?

LastPass isn't my password manager of choice, but if it had been I'd be looking for a new one now.

Privacy controls must be easy to understand

found on Imgur

In fairness to the person who applied those labels, there doesn't appear to be any other indicator for what the locked state is. Those labels were necessary.

Thursday, February 25, 2021

Beware of tacti-camel

from here and here (image source)

I think it may be time to update our threat models about camels. Some of them may be capable of more than we anticipated (even if it's only inadvertently when the gun gets knocked around).

Tom Scott: This Video Is Sponsored By [Censored] VPN


Watch on YouTube

A breath of fresh air about VPNs. Don't believe the hype, but don't count them out either. They have their uses, it's just those uses are harder to market towards.

Wednesday, February 24, 2021

And for his next trick...

from here and here (image source)

I don't want to steal this 4-legged escape artist's thunder, but I think that cage may have a false top.

You stole from the wrong person, buddy

found on Reddit

People can't steal something from you if you don't have it in the first place. That goes for money but it also goes for data - that's the logic behind the data minimization advice that online businesses are given (and that they frequently ignore)

Tuesday, February 23, 2021

How to fail your stealth check

from here (source tweet)

They say life imitates art, but if you have art on your face, maybe your life shouldn't imitate that.

In God We Trust All Else We Virus Scan mug

Product Page

Yes, virus scans are still a thing. No one seems to talk about it anymore, though. The more security is made invisible from the user's perspective, the more it seems like we're forgetting about things like this.

Monday, February 22, 2021

Time to invest in a lock

from here and here (image source)

On the one hand you've gotta be proud when your cat figures out how to do this, but on the other hand that food is not meant for him/her and you shouldn't have to compete with your cat for your own food. It may seem weird to consider your cat an adversary, but how else should you characterize them when they're stealing your food?

You're a prisoner, Harry

found on Izismile

Imagine being so trusting that you try to use your newfound invisibility without testing it first.

Friday, February 19, 2021

Locks don't always make things more secure

from here and here (image source)

I know a lot of people might jump directly to the "cut it off" solution, but my first thought was to pick it (and not just because it's where a nose would otherwise be). 

And that's the day he started plotting the computer's demise

found on Reddit

The worst part is, once you start the recovery process, you can't go back and enter what you now know is the password. It can be infuriating sometimes.

Thursday, February 18, 2021

No out of control fires allowed

from here and here (image source)

I'm hoping that, in the event of an actual emergency, the plastic case is fragile enough that someone can smash it with their foot. Otherwise this is a very bad day waiting to happen.

James Veitch: Ultimate Troll!


Watch on YouTube

A masterful retelling of an interaction between a scammer and a troll. Spoiler - the troll wins.

Updated to add: So it turns out Mr. Veitch is more than a bit problematic, with multiple rape allegations against him. Thanks to @HettyHell for pointing this out to me. This is the first time I've faced this kind of situation. I considered taking this post down in it's entirety, but I believe it's possible to acknowledge that something is problematic and still enjoy it. The comedian in this video is accused of some terrible things, but the video itself doesn't glorify or make light of those things, or even come close to mentioning situations in which they might occur. Instead it talks about scammers and I think the video still has educational value in spite of the comedian's transgressions in other aspects of life.

Wednesday, February 17, 2021

How to hide from your human on vet day

from here and here (image source)

Pretty sure a large breed dog wouldn't be able to pull this off quite as convincingly, but maybe they'd be able to blend into something else.

TIL how to counter a gator attack

found on Reddit

I know, I know, don't believe everything you read on the Internet, especially things on Reddit, but someone on Reddit did the leg-work and it seems there's a real news article about it.

So the question I now have is this: does it work on crocodiles as well? Anyone want to test it?

Tuesday, February 16, 2021

At least he's not holding up a dead animal

from here and here (image source)

I hear there are a lot of guys who put a picture of themselves holding up fish in their Tinder bio and I have no idea why they think that's good but I couldn't resist the pun.

Gone Phishing mask

Product Page

Probably not the kind of mask if you're trying to socially engineer someone in person, or maybe it is. Most people probably don't even know what phishing is, so one might reasonably assume the mask won't give away your intentions.

And for those who do know what it means, you could just tell them you're trying to raise awareness of a cyber-security threat everyone faces. You know, like I am right now.

Monday, February 15, 2021

Sharing isn't caring when it comes to passwords

from here

If I had to guess what the one key failure in the recent water treatment plant intrusion was, it would be that there was just one password shared by everyone. It wasn't the out of date operating system that let them remotely access the system, nor the lack of a firewall. There was and is a legitimate need to be able to monitor and control the system remotely and by all indications the perpetrator simply logged in with the same password as a legitimate user, which means it could be an actual employee or ex-employee, but the shared password makes it difficult to determine who and also difficult to revoke access when people leave because you have to inform everyone of the new shared password.

And that's why you heed the warning signs

found on Reddit

When you see a warning sign there's a pretty good chance it's there for a reason. Beware of whatever it says to beware of, even if it doesn't use the word "beware". 

Friday, February 12, 2021

Multi-layered security

from here and here (image source)

Obviously a length of rope isn't enough to protect a car. Not a good car, anyway. But that being said, I think this car is probably safe because of the additional theft deterrents it's got going for it (the colour, the condition, the model). Anyone willing to steal a purple piece of shit is desperate, and they may decide they just don't have time to deal with the rope and move on to something easier.

Harry Potter and the CCTV

found on Dump A Day

I have a feeling surveillance cameras can be enchanted, so you better make sure they're uploading a live feed into the cloud

Thursday, February 11, 2021

There's always room for privacy to get worse

from here (image source)

Privacy can always get worse, and somehow we always seem to acclimate to it and consider it the new normal.

Homemade Robot Cracks a Safe in Just 15 Minutes


Watch on YouTube

One of the things that stood out to me in this video is what he said about tolerances allowing multiple values to work. I've heard that over and over again about dial-based combination locking mechanisms, be they safes or padlocks or other things. It makes me suspect that it's an inherent property of such mechanisms.

Wednesday, February 10, 2021

I guess Cuddly Fuzzbucket sounded unprofessional

from here and here

I'm not sure how you're supposed to take an advanced persistent threat group seriously with a name like that.

First day on the job

found on Reddit

Pretty sure your FBI agent would have to be a trainee to make this kind of mistake.

Tuesday, February 9, 2021

Hanlon's Hacker

from here and here

Hanlon's Razor re-imagined for the cyber-security domain.

Antivirus face mask

Product Page

This meme just keeps evolving. I've seen photos of people wearing an actual antivirus CD as a mask. I've seen cartoon versions of those photos. I've seen those cartoons printed on masks and shirts and mugs, and now we have a face mask that looks like an antivirus CD. 

Monday, February 8, 2021

Insecurity camera

from here and here

Just another reason "security camera" is a bad name for them. They're surveillance cameras. They don't make your stuff more secure (even without the vulnerabilities), they just help see who the perpetrators are.

Too much heat attracts The Heat

found on Me.me

Thermal energy is just another kind of information, and here we see what happens when you don't keep it private - when you don't keep it isolated/insulated from the outside world.

Friday, February 5, 2021

It feels more private already

from here and here (image source)

Those religious folks can stick their finger where the sun don't shine if they want to show me the light.

How to make yourself a target

found on Imgur

Everyone can be compromised. No one has perfect security, so it's probably not going to end well if you go around antagonizing the people who find and exploit security weaknesses.

Thursday, February 4, 2021

See ya later Schwarzenegger. In a while crocodile

from here and here (image source 1 and 2)

They're both covered in mud, but one is barely visible while the other is plain as day. It's difficult get camouflage just right, but the croc has had a lifetime to practice.

Mr. Hacker: 13 ways to unlock various locks


Watch on YouTube

Some of these are familiar to me, but some I haven't seen before. You learn something new every day.

Wednesday, February 3, 2021

Why not both?

from here and here (image source)

Not that anyone is going to ride away on that or anything, but bike security measures are notoriously bad, and that is just about the most public toilet I've ever seen.

A calculated risk

found on Acid Cow

That's a nope from me, dawg.

I think we can all agree there's absolutely no reason a calculator would need access to manage phone calls. Either a legitimate app developer made a mistake in defining what permissions their app would require, or a malicious app developer made a mistake trying to hide this kind of functionality in a calculator. Which ever one it is, somebody fucked up.

Tuesday, February 2, 2021

Garbage people in, garbage persona out

from here

Computer scientists have done it again. Another artificially intelligent racist. Apparently not enough people learned the lesson of Tay. You can't train an AI on unchecked input from arbitrary people on the Internet and expect to wind up with something worthwhile. The assholes among them will do everything they can to spoil it.

I know input validation is probably not the right terminology for the AI context, but in the broader sense the chatbot is a program and malicious input is malicious input.

Encryption mug

Product Page

A somewhat unusual design for a mug. The ciphertext wraps all the way around, but the plaintext is opposite the handle. As a result it's neither left-handed nor right-handed.

Monday, February 1, 2021

I spy out of the corner of my eye...

from here (image source)

Pretty sure that lock could just fall off if you turned the handle bars the right way. 

Felt cute, might disappear later

found on Izismile

The camouflage on Golden Plover chicks is really quite good. I hope the parents don't "lose" their chicks.