Tuesday, August 31, 2021

Bot herders are going to love all the unpatched systems

from here

I'm not sure if Microsoft realizes how unpopular Windows Updates are, but threatening to withhold them isn't going to get them the response they want. If anything some people are going to avoid upgrading their hardware just so they can have an unobtrusive computing experience.

Spam Wars shirt

Product Page

I certainly don't have any hope that we'll win the war against spam. 

Monday, August 30, 2021

Somebody set us up the vuln

from here and here

If you use Cosmos DB in Microsoft Azure, you should probably change your keys, even if Microsoft didn't warn you to, because everyone's keys were up for grab at some point.

I'm sure that cuts down the protest(er)s

found on Acid Cow

When authorities known for abusing their power start riding around in vehicles surrounded by spinning blades, it's time to get the heck out of there.

Friday, August 27, 2021

They're not just for pwning n00bs anymore

from here and here (image source)

The ease with which one can gain SYSTEM level privileges just by plugging in a mouse is the best argument I've heard yet for buying a gaming mouse. 

What? No, not to exploit the vulnerability, just to preemptively install the drivers so that there won't be an installation in the future that someone else could hijack.

Security through nagging

found on Dump A Day

Just like there is no security through obscurity, there's no security through nagging either. If nagging worked, you'd still have the option to opt out of windows update.

Thursday, August 26, 2021

What could possibly go wrong?

from here and here (image source)

Do we really need to know how to scale up spear phishing through AI-enabled automation right now? 

Don't defenders have enough unsolved problems to worry about without adding more?

When offensive security research is valued more highly than defensive security research, does that really help us to better protect ourselves?

Making an unpickable lock (multi-part)

Watch on YouTube

So, I found this an interesting enough video on it's own, but the tease about the Lock Picking Lawyer had me wanting to see more, so I waited and waited and eventually that waiting paid off with not one but two additional videos. I won't spoil the ending for you, but I will include the other videos below.

Watch on YouTube

Watch on YouTube

Wednesday, August 25, 2021

Privacy should be worth more than pocket change

from here

I used Google+. In fact, I kind of liked the way it did certain things. I definitely don't like them paying out a mere $2.15 per person for miserably failing to protect user's privacy, and opting instead to protect themselves by keeping it all secret. 

Wouldn't have been a problem if it were "Who soever is carrying your fingerprints"

found on Izismile

Remembering passwords is a problem for everyone. There's only so much our brains can hold. That's why we come up with assistive technologies to help keep things secure in spite of our fallible memories. One of those is biometric authentication, which replaces something you know (supposedly your password unless you forgot it) with something you are.

Tuesday, August 24, 2021

A beneficial bug

from here

The only question I have about this vulnerability in pen-testing software that happens to be popular with the bad guys is: why are the developers fixing it?

It doesn't really seem like it would pose much of a problem for legitimate pen-testing, but it would definitely pose a problem for more criminal use-cases. Let the crooks suffer, I say. Make using that tool unpalatable to them so that they're forced to make their own tools instead of misusing the tools of the good guys. Make their lives harder by whatever means necessary.

Camo phone case (for when you want to miss your calls)

Product Page

I think the only scenario in which this is practical is when you need an excuse for why you didn't answer a call. "Sorry, my phone is camouflaged and I couldn't find it" might actually work once or twice.

Monday, August 23, 2021

You'll have to pay a lot of duckets to get your data back

from here and here (image source)

Obviously McAfee is no match for modern quackers. This is an advanced plumaged threat.

I closed the door for a reason, human

found on Dump A Day

The cat doesn't bother you while you're in the.... Oh, right, nevermind.

Friday, August 20, 2021

And the hack came back, the very next day

from here

If you pay once, you better be prepared to pay again. 80% of victims who pay get hit again, and why wouldn't they? Why would ransomware operators search for new victims when they've got a paying "customer" right there?

As if there'll still be snow in 2021

found on Reddit

This might have worked in the past, but I'm not sure it'll work anymore with the arctic on fire.

Thursday, August 19, 2021

Get your paws off my passwords

from here and here (image source)


Richard Feynman on Getting Arrested by Los Alamos Fence Security

Watch on YouTube

This is, generally speaking, still how authorities react when you exploit security weaknesses. They want to arrest you, and if you don't have permission to do what you're doing then they may have a point. Richard Feynman did have authorization to be on that base, however, so I'm sure his detainment wasn't too serious. This isn't the only way he trolled security personnel, mind you.

Wednesday, August 18, 2021

Bro, do you even take the protection of your customers seriously?

from here

If T-Mobile has really had 6 breaches in recent years, then their claims that they take the protection of their customers very seriously are nothing more than sweet, sweet words that turn to bitter orange wax in my ears.

Choosing a password on an empty stomach

found on Huge LOL

This is probably a good argument against choosing passwords in general.Although you'll miss out on comedic moments like this, letting a password manager generate random passwords for you will probably give you stronger passwords in the long run.

Tuesday, August 17, 2021

We can't have you unconsciously leaking data

from here

If my employer asked me to put a camera in my bedroom, they'd be looking for a new employee. I don't care if customer payment information is being handled by people at home, cameras in the bedroom is a deal breaker.

Show Me The "Nothing" You Clicked On sticker

Product Page

When you ask what they clicked on and they say "Nothing!", just roll your eyes and tap whatever you affixed this sticker to.

Monday, August 16, 2021

Or even an underside door

from here and here (image source)

Not only did someone install this monstrosity, someone put a padlock on it, as if that could stop anyone from simply going around or under.

That's a lot of words to say "Danger"

found on Reddit

This warning sign is certainly an evocative deterrent, but I worry that it only works as intended on avid readers - that most people will just say "too long, didn't read" and hop the fence without concern for what might be present on the other side. 

Friday, August 13, 2021

Nobody gives in just once

from here

Apple turning their devices into a surveillance system and then saying "We'll only allow it to look for one kind of thing, trust us" has got to be one of the most tone deaf moves they've made in a loooong time. Of course they'll abandon that promise in the future, and most people already know this. Only the most gullible Apple fan boys would believe the promises they're making surrounding this.

Perfect(ly bad) security

found on Reddit

I'm not sure what makes this the perfect lock screen, but I can certainly see what makes it the weakest lock screen.

Thursday, August 12, 2021

Not Now, Microsoft!

from here and here

So there I was in a different room when I paused and listened and realized there was a strange noise coming from my home office and ... well, you can guess the rest.

Locksmith ripoffs: Hidden camera investigation (Marketplace)

Watch on YouTube

Now I'm not saying we should all go out and become professional locksmiths, but lock picking (besides being a hobby for some and even a sport for others) is a skill just about anyone can learn and it seems like it might come in handy.

Wednesday, August 11, 2021

Home Snekurity

from here and here (image source)

Thieves and burglars bypass locks all the time. This is an all-natural, completely organic, locally sourced alternative. 

It's also completely impractical and dangerous as fuck. I think I'll stick with locks.

Trust is a strong word

found on Reddit

Trust is a funny thing. You can trust someone in the sense that you're sure they won't kill you, but still not trust them to not steal your drink.

Tuesday, August 10, 2021

Taking a byte out of cybercrime

from here and here (image source)

Never worry about those dastardly villains getting their claws into your data again.

Oversharing Private Stuff Everywhere Constantly mug

Product Page

People who get it will get it, and the ones who don't will just think you're using a mug emblazoned with social commentary. 

Friday, August 6, 2021

Just following instructions

from here

You know there are people out there who did exactly this. The experts all say they shouldn't be using "password" as a password, and that people should use a passphrase instead of a password, so it doesn't take much to combine those two pieces of advice in the wrong way.

Now pull my other leg

found on Izismile

Sounds like this scammer could use some of that "rest" for himself. His brain seems to be showing signs of sleep deprivation. 

Thursday, August 5, 2021

Their willingness to pay should be your first clue

from here

Amazon is willing to pay for our palm prints? Yeah, that's a nope for me, dawg. I'm not interested in giving them a hand at building another biometric surveillance system. Biometrics are forever, you can't get new palm prints, and once you give that info out you can't put the genie back in the bottle.

In theory, Amazon won't track you for the rest of your life because they'll delete the data if you ask them to. And if you believe that, I've got a bridge to sell you. Internet giants don't get to be as big as they are by throwing away valuable data, and data they're actually willing to pay you for? You better believe it's valuable.

Pleasant Green : Scamming a Scammer with His Own Scam

Watch on YouTube

This seems like a novel approach to dealing with scammers. Not only does he use their own techniques against them, he also gives them opportunties to earn money legally.

Wednesday, August 4, 2021

It often works against technology too

from here and here (image source)

When you think about how easy it is to fool people and you realize the technology isn't as good as people then face recognition technology loses that thin veneer of magical security security dust and you start to have more realistic expectations of it.

No wonder some people want to get rid of passwords

found on Reddit

Passwords have their problems, no doubt. Would biometrics have been better? You want to dig the guy up to to unlock those millions? Maybe 2 factor authentication, except that would probably have gone through his phone, which they would need to be able to unlock using a passcode or biometrics.

It's almost as if passwords aren't really the problem here. Maybe it was entrusting everything to just one person. Maybe passwords aren't really the problem in other scenarios too.

Tuesday, August 3, 2021

Does that make it easier to see him on the dark web?

from here and here

Considering what the stereotypical hacker stock photo looks like, I'm surprised images like this aren't used to depict white hat hackers.

Camouflage Wallet (for when you want to lose your money)

Product Page

I had a canvas tri-fold wallet once. I certainly get the appeal. I stopped using fabric tri-folds when RFID became a concern and switched to a metal card case. It seems like RFID blocking has advanced because this supposedly has a layer of RFID blocking insulation in it (I'd probably want to test that before relying on it). 

I can't quite see myself going with a camouflage wallet, though. I have a hard enough time with losing things as it is.

Monday, August 2, 2021

Be careful who you trust

from here and here (image source)

Just as not all heroes wear capes, not all villains wear masks or twirl their mustaches. You can't tell just by looking if someone is trustworthy or not, you have to judge them by their deeds.

How to prevent a Diamond heist

found on Dump-a-day

If quills are good enough to protect a porcupine, I'm sure they're good enough to protect a teeny tiny little dog. Just hope she doesn't try to cuddle with you with that thing on.