Monday, May 31, 2021

Automatically enabled for your convenience

from here and here

Y'know what? If I wanted to share my Internet with my neighbors, I'd give them the wifi password. Amazon seems to not understand property or consent here, and I'm not sure how this plan made it past their legal department. The amount of bad will this will create in their customers is going to be mind boggling.

Attackers outsource too

found on Imgur


Friday, May 28, 2021

You'd have to be nuts not to

from here and here (image source)

Of course with the chain on the outside the squirrels aren't actually keeping anybody out, but I've seen humans make equivalent blunders.

The haute couture of camouflage

found on Izismile

If you can't go unseen, you might as well be very seen, I guess. Give them some of the old razzle dazzle. If you haven't heard of dazzle camouflage before there might be a good reason for that. It seems like it may have worked better on paper than in practice (much like the extravagant clothes you might seen on fashion runways don't really work for real life).

Thursday, May 27, 2021

Easy peasy kinda sleazy

from here and here (image source)

I don't know, maybe the "Army Of The Dead" character Bly Tanaka simply didn't want to divulge the combination because he reuses it for everything, but it certainly would have made their jobs easier if he'd given them that bit of info.

Michael McIntyre : You Should Probably Change Your Password

Watch on YouTube

Do people really remember their first password? I can't seem to recall mine. I don't remember most of my current passwords either, thanks to my password manager. 

My first password would have been 35 years ago, long before I got on the Internet, and I was the one who coded the password prompt so I was really inflicting that on myself.

Wednesday, May 26, 2021

When is a bum rap not a bum rap?

from here

Sometimes I think people would be better off if they left their mobile phones at home. When you're committing a crime seems like one of those times. Barring that, set a passcode on it so that it can't be unlocked with your ass.

If you don't want to be tracked, here's two cans and a string

found on Izismile

It's actually quite interesting how concerned people are with the prospect of being tracked by a vaccine that can save their lives, while not caring about being tracked by a phone they play Candy Crush on. One wonders how many of their heads would explode if you forced them to acknowledge the difference.

Tuesday, May 25, 2021

Looks like everything is vulnerable, again

from here and here

Apparently billions of devices are vulnerable to a series of wifi vulnerabilities, and if you thought bitcoin consumed a lot of energy, just imagine how much would be used applying updates to billions of devices.

Encrypt mug

Product Page

You have to look pretty close in order for your brain to decode the letters in these blocks. It's almost as if they're encrypted themselves.

Monday, May 24, 2021

Do it again!

from here

They may not have been the biggest name in government spyware, but it's still good that they're gone.

Can't wait for Apple's face mask ID technology

found on Reddit

I don't actually have high hopes that anyone will be able to come up with face recognition that can identify you through a mask (heck, that much coverage could foil even human-based face recognition), but if anyone could do it, I suspect it would be Apple. 

Friday, May 21, 2021

Convenience vs. Security

from here (image source)

There are those who don't want to admit it, but it often seems like the price of security is paid in lost convenience. It's hard to imagine something that has been made more secure without adding more steps to access it.

Fake it 'til you make it

found on Izismile

Hollywood - the only place where faking it is actually the skill they're looking for. No wonder realism is so hard to find there. 

Thursday, May 20, 2021

Double encryption all the way across the drive

from here

I suppose ROT13 isn't quite as good for binary data, so how about ROT128 instead? That way when it's encrypted twice it will just change it back to it's starting form.

Putting the 'trick' in biometric authentication

Watch on YouTube

There's a now well known problem with fingerprint biometric authentication - someone can use you're fingerprint without your consent. Well, if you're willing to put up with a little bit of inconvenience, perhaps using something other than your finger could mitigate that problem. You'll probably want to make sure no one sees you unlock your phone, though, or they'll just use whatever you normally use.

Wednesday, May 19, 2021

That's where the cyber-insurance money is

from here

I have to be honest that it never occurred to me that cyber-insurance companies fueling ransomware gangs was a problem that could solve itself, but if what happened between AXA and Avaddon catches on then maybe it could. If more ransomware operators that prefer victims with cyber-insurance realize they could cut out the middleman and go straight for the cyber-insurance companies then that could force the cyber-insurance industry to change how it does business.

No TouchID for you!

found on Izismile

Biometrics may be a pain, but you could have an interesting criminal career with that physical 'defect'.

Tuesday, May 18, 2021

Prices sure have changed

from here

It's amazing to see how much Plaid is willing to pay for people's logins. You can buy a lot of candy bars for $500. If this is anything like cryptocurrency, though, we should continue to hold on to our logins because the value is bound to go up even higher.

It's Not Malware It's Alternative Software shirt

Product Page

When I added the phrase "It's Not Malware It's Alternative Software" to a picture of Sean Spicer four years ago, I hadn't intended to create a catch phrase, but apparently that's precisely what I did. Enjoy this memetic evolution.

I wonder what other memes I've spawned without realizing it.

Monday, May 17, 2021

Now we know what people really care about

from here

I'm not going to claim a ransomware attack on critical infrastructure isn't serious, but if we can brush off ransomware attacks on hospitals then I think it's fair to ask why an attack on a pipeline is so much more serious that even unrelated ransomware operators are taking cover.

The many uses of online privacy

found on Reddit

I bet you thought there was only one reason to want to be private online, but there are at least two of them.

Friday, May 14, 2021

What else haven't they told us about?

from here

So much for the 'Walled Garden' keeping Apple users safe. It failed spectacularly and allowed a 128 million device botnet to be created out of compromised iDevices. And worse, because of Apple's lack of transparency, we have no reason to believe something like this hasn't happened before or since.

Regret in the surveillance state

found on Acid Cow

Maybe you should be careful what you search for.

Thursday, May 13, 2021

Maybe I should click on all the things

from here

While it's true that a COVID-themed phishing test is exactly what criminals would do, it's also true that this is exactly how you create disgruntled workers who sabotage operations, either through negligence or malicious action. West Midland Trains needs to learn how to read the room and keep their employees on their side.

Not exactly a clean getaway

Watch on YouTube

Imagine sitting in a plastic box full of dirty diapers and used kitty litter in the blazing sun for half an hour and then still getting caught. It's enough to make one reconsider one's life choices.

Wednesday, May 12, 2021

Well that makes it all better

from here

I have a tough time believing Russians, of all people, wouldn't know the societal consequences of an attack on a pipeline. As if they haven't been on the receiving end before.

Now pull my other leg

found on eBaum's World

Never too young to learn about scammers.

Tuesday, May 11, 2021

Isn't fewer incidents a good thing?

from here and here

Sometimes I feel like I'm stuck in Groundhog Day, listening to the same ridiculous arguments over and over again without end. Restricting access to dangerous materials makes sense and that doesn't have to mean that defenders can't get their hands on them - the AV research community proved that decades ago.

PCAP Or It Didn't Happen sticker

Product Page

If you know what a packet capture is then I don't have to tell you how important they can be, but not everyone does know, so go forth and spread the word.

Monday, May 10, 2021

There better not be any ads after that

from here

While paying for Internet service is a technical requirement for using websites, paying for a phone is not - as evidence I point to all the sites I can currently use without a phone. If Google starts requiring a phone in order to log in then I can't see how to continue calling the service free, regardless of whether the money is going to them (although, considering how many phones are Android, it seems likely they're getting their cut).

Defeat handcuffs with this one weird trick

found on Imgur

If you handcuff all the crooks, even the one-handed crooks, you're just demonstrating the truth of the saying "A foolish consistency is the hobgoblin of little minds".

Friday, May 7, 2021

We need a webcam cover with a dead man's switch

from here

Can we talk about the usability of webcam covers? I mean, sure they're easy to slide open and closed, but they still rely on human memory in order to reap the privacy benefits from them, and human memory can be quite fallible. 

I thought at one point the problem was that black webcam cover on a black laptop screen bezel was just too inconspicuous to really notice if the cover was closed or not, so bent a big piece of cardboard in an upside down U shape to place over the camera to improve visibility, but I still regularly forget and I'm sure I'm not the only one.

It's been 5 days since I last used my webcam and the cover was still open. The only thing I can't think to try now is to employ the mechanism from a deadfall trap to prop open my cardboard cover and connect that to my wrist with a string.

We all have to share

found on Izismile

It's true that most people aren't important enough to warrant their own personal FBI agent. But that doesn't mean the FBI isn't watching, it just means the people watching you are probably watching other people too.

Thursday, May 6, 2021

Don't forget to apply updates

from here and here

If you've recently gotten yourself a Dell or even if you've had it a while, chances are the software on it is a little bit stale and it might still have this not-so-newly-discovered vulnerable firmware updater on it. You're going to want to do something about that.

Get yourself some guard geese

Watch on YouTube

If this had been just one goose I think the story would have had a very different ending, but not even a gator wants to deal with a whole gaggle of geese. Maybe we should have trained guard geese.

Wednesday, May 5, 2021

So much for "private"

from here

Sometimes I wonder if big tech companies even know the meaning of the word "private". It certainly doesn't seem like Amazon does. With that number of people it's basically impossible to enforce limits on how the data is used (or misused) which in turn means there's no accountability.

No more lying on your resume

found on Reddit

Yeah, you definitely want to adopt the "please remain calm" pose when you tell people something like that

Tuesday, May 4, 2021

No funds for you

from here

50 million is a lot, but maybe not enough to drain the police budget. It'd be a shame if crooks kept at it, though.

Think Before You Click shirt

Product Page

Product Page

It's always good to remind people to be careful where they click. The bad guys are always looking for new ways to trick people into installing malware.

Monday, May 3, 2021

The Incompetent Revenue Service

from here

The only kind of contract Equifax should be getting is the one where someone pays them lots of money to never touch data again. Here's a million dollars now get the fuck out of business. Obviously that is not the kind of contract the IRS awarded them, much to the IRS' dismay. I don't know what the IRS was expecting. (This may be old news, but still, what WERE they thinking?)

Security doggo has got his eye on you

found on Reddit

This looks like the kind of good boy that can keep you safe and secure. Critical eyes, ears at the alert, patiently waiting until something requires his expert attention. And with that shirt on, when people break in they'll know he means business.