Friday, April 30, 2021

Do as we say, not as we do

from here

It's pretty hypocritical to expect others to keep secrets when you can't, but that's exactly what this clothing chain is asking. It's a pretty lame attempt to protect their reputation, but considering how poorly they protected customer data I suppose that's no surprise.

How much faith do you have in technoloogy?

found on Reddit

You're supposed to update the BIOS, but how many people actually do?

"Not many" would be my guess. In spite of the fact that they eliminate known bugs and vulnerabilities, few people want to take the chance that the update will brick their computer. That's a lot harder to fix with a BIOS update than it is with a Windows update.

Thursday, April 29, 2021

Can't let powerline munching squirrels have all the fun

from here and here

If your critical infrastructure is disrupted or damaged it MIGHT be a nation state attacking you, or it might just be one toothy boi.

Scambaiter: Showing A Scammer His Own Webcam On My Computer

Watch on YouTube

There's something about watching bad guys get pwned that's strangely entertaining. I'm not sure why, I think perhaps we just like to see people get what's coming to them.

Wednesday, April 28, 2021

Other apps can peek at you(r data)

from here and here (source article)

Don't look now, but a company that has been violating your privacy for decades has failed to keep their special one-time promise to protect your privacy with respect to COVID-19 (and didn't even take it seriously until reporters got involved).

We kinda should have seen this coming. It's not like they have a lot of experience protecting your privacy.

Thanks to Vesselin Bontchev for basically coming up with the idea for this meme.

And the circle of ads continues

found on Reddit

No matter what blocker you use, it always seems something somewhere can either find a way around it or can find a way to make you disable it. 

Tuesday, April 27, 2021

Yet another thing not to DIY

from here

Today I learned that there are open source ad servers that organizations can run themselves rather than going through a big name ad platform, and that those servers are (of course) vulnerable and being exploited to serve malware.

Double Vision Anti-Surveillance Realistic Face Mask

Product Page

I've seen this face recognition countermeasure done with make-up before, but who among us is a talented enough make-up artist to attempt that? Not many, would be my guess. Well, talent is no longer required. There's a variety of different faces available.

Monday, April 26, 2021

Watch out for him or you'll get nerfed

from here and here (image source)

This little fellow is making sure no one gets close enough to shoulder surf his mom's PIN number. He's doing an admirable job of it too.

How security is sold

found on Reddit

Fostering feelings of insecurity in order to sell security is actually pretty much standard, unfortunately. That's not a good thing, of course, but more of a "funny because it's true" sort of thing. 

Essentially they give you the sickness (fear, uncertainty, doubt) for free, but make you pay for their cure.

Friday, April 23, 2021

The more leaks the better

from here

I'm not sure if this conspiracy theory about Facebook's leaked memo is far enough out there for Conspiracy Keanu, but I'm using it anyway. Whether they intended it or not, it plays right into their plan.

This is for the best?

found on Reddit

If the forced updates only contained security patches, that would be one thing, but that's not how Windows update works. They change all kinds of things that have nothing to do with security and it's not unheard of for the system to be worse afterwards.

Microsoft is essentially burning whatever trust people had in updates. 

Thursday, April 22, 2021

The best way to hack back

from here

You know what they say: Live by the sword, die by the sword. In this case the sword is vulnerabilities, and the company making profit by exploiting vulnerabilities in phones for the benefit of police and authoritarian regimes just got their ass handed to them in the form of exploitable vulnerabilities in their own product.

A Fake Passport That Works, sort of

Watch on YouTube

I imagine you can use your real name on these false identification documents, since the point isn't to mask hide your identity but rather to hide your origin. I just wonder how good a job they do now that there are YouTube videos about them, though.

Wednesday, April 21, 2021

We better not egg them on

from here and here

So the biggest advertising company in the world (that also makes the most popular web browser) has proposed a new way to protect your privacy while still tracking your interests in order to show you targeted ads. It turned out about as well as you might expect.

I'm not sure what anyone really expected of them. They're going to do whatever they can to squeeze the maximum amount of ad revenue out of us, and the only way to do that is to give advertisers what they want - targeted ads.

I feel safer already

found on Reddit

Yeah, that's OK. That game wasn't fun anyway.

Tuesday, April 20, 2021

When cybersecurity marketing goes bad

from here and here (source: my inbox)

Is it legit? Were they spoofed? I don't know and I have no intention of looking more closely at the unwanted message to find out. It turns out Fishtech Group is a real cybersecurity organization and it should not come as a surprise that unsolicited email is not a good way for such an organization to raise awareness of their offerings. 

Ransomware sticker

Product Page

Are you aware of ransomware? Do you want to make other people aware of it too? Maybe this sticker can help.

Monday, April 19, 2021

More like mobile mal-wear

from here and here (image source)

That's not going to protect the device or the person. 

This cartoon is a gun

found on Imgur

Being able to accurately identify threats is a key part in protecting yourself from those threats. If you can't identify them then you're not going to be able to protect yourself or others, no matter how violently hyper-vigilant you are.

Friday, April 16, 2021

What could possibly go wrong?

from here (image source)

People often make the same fundamental mistakes over and over again. Using protective measures without understanding how they work and how they can fail is one of those mistakes. I'm sure security cable is adequate to protect many things, but a tool capable of cutting through that security cable requires something different to protect it.

Times were simpler then

found on Reddit

Thursday, April 15, 2021

They should at least hunt for backdoors

from here

I suppose it's still an open question how the attacker penetrated their corporate security, but yet another dating site has been hacked.

Here's how the delayed disconnect phone scam works

Watch on YouTube

Oh great, yet another telephone scam to look out for. Be careful out there.

Wednesday, April 14, 2021

Insider threat

from here and here (image source)

Rather than a wolf in sheep's clothing, it's a kitty in wolf's clothing (or very nearly so).

You might be thinking, what possible threat could the cat pose to the dogs? But they can and do and that's without a disguise. 

CAPTCHA gotcha

found on Izismile

I hate those kinds of CAPTCHAs. I wonder how that type in particular became so prevalent.

Tuesday, April 13, 2021

Everyone wants to be wanted, but not like that

from here

If you're going to try to hide your real identity by giving out a fake one, you might want to invest some time and effort into making sure you use a name that doesn't invite closer scrutiny

Cybersecurity The Few The Proud The Paranoid shirt

Product Page

Product Page

Cybersecurity, where a little bit of paranoia is considered a good thing. I wonder if other adversarial professions feel the same way.

Monday, April 12, 2021

Look ma, no passwords!

from here

Inexpensive services are a good thing, but the reduced price shouldn't come at the cost of reduced data privacy.

Foiled by spoilers

found on Izismile

Even if you think My FBI Agent is a bit hyperbolic (it's unlikely we each get our own agent, but they have been known to spy on people through their webcams), there are still people out there willing to spy on just about anyone. It must suck to be them when their targets start dropping spoilers like that.

Friday, April 9, 2021

Let's see them try to block that

from here and here (image source)

According to the source, this is how someone's auntie blocks ads on her computer and I think it's genius. Maybe we could come up with cardboard templates for various sites, since they don't all appear in exactly the same place on every site.

But does it have pockets?

found on Izismile

This is apparently not authentic medieval armour, which I suppose increases the possibility that it may have pockets. It looks pretty cool, regardless.

Thursday, April 8, 2021

How not to avoid domain squatting

from here

The UK Cyber Security Council were lucky their preferred domain got snatched up by someone who was seemingly nice. It could have easily been much worse, like someone who wanted to serve malware to anyone who visited. 

Make sure you own the domain BEFORE you tell the world about it or there's a pretty good chance someone else will grab it first and try to screw you and your audience over.

Removing a wheel clamp by hand

Watch on YouTube

Apparently in some parts of the world they use much less robust wheel clamps than others. I guess in those areas parking laws are really more like suggestions. 

If this is the best vehicle locking option the authorities have, people are not going to take their authority seriously.

Wednesday, April 7, 2021

Sticky notes are security nopes

from here and here (image source)

Over half of employees write down passwords on sticky notes. That's a scary statistic. Any passerby, anyone peeping in a window, anyone who gains unfettered access to your office immediately also gains access to everything you can see on your computer and on the network if your password is prominently displayed out in the open. Why bother having a password at all at that point.

It's not that you should never write a password down, it's just that there are safer and more secure ways to record them than on sticky notes.

Last chance, hot shot

found on Izismile

I know that I definitely take much more care on the 3rd attempt. Better that than having to go through the forgotten password rigmarole.

Tuesday, April 6, 2021

A year that starts with 2

from here

If we were talking about days it would be days that end in Y, but because we're talking about years it's years that start with 2.

Yes, Facebook had yet another breach. You should probably head over to Have I Been Pwned to see if you're affected by this (or any other) breach

Dance Like No One Is Watching Encrypt Like Everyone Is sticker

Product Page

It's not just that people are watching, some are even out to steal your data and it would make it a lot harder for them to use it against you if it was encrypted.

Monday, April 5, 2021

Outwitting the fuzz

from here and here (image source)

Is this your cat? How can you be sure one way or the other. I don't think I could identify this cat in a line-up. Too much of it's face is covered. 

Put tape on all the things

found on Reddit

You didn't think it was just the FBI doing snooping, did you?

Friday, April 2, 2021

At least it controls some kinds of access

from here (image source)

I hope they never have to replace any hardware. I'm not sure how they'd get it out.

Growing up Zuck is gonna suck

foudn on Reddit

Perhaps growing up incredibly privileged will make up for the lack of privacy Zuckerberg's kids will no doubt face.

Thursday, April 1, 2021

Do you have the credentials to pull off this look?

from here and here (image source)

I bet the password is in one of those pockets. No one remembers strong passwords, although maybe with this one it takes the form of some dance, like the Macarena or something.

Porch pirates will have to up their game

Watch on YouTube

Most of the porch pirate countermeasures I've heard of are deterrents like glitter bombs or scary noises or surveillance cameras, but eventually deterrents lose their effectiveness. This isn't a deterrent, per se, it's a barrier. Porch pirates will need to figure out how to break into these in order to steal what's inside and they won't even know if there's anything inside or not to decide if it's worth their time. It significantly alters the economics of porch piracy.