Tuesday, November 30, 2021

Sleepy Security

from here (image source)

This mix-up has all the trappings of someone not being entirely awake. If your threat model only includes people who are equally sleepy, maybe this would work, but that's not very likely.

Malware Family sticker

Product Page

If you're familiar with malware families, this is not going to be anything like that. Instead, it just imagines various malware types as members of the family of things called "malware". It's also missing some malware types. Granted a lot of things can fall under the heading of trojan horse or bot, but if spyware gets it's own glyph then where's adware? Where are the downloaders, the droppers, the RATs? I guess the design would be too big if everything were included.

Monday, November 29, 2021

At least people know when they shouldn't enter

from here and here (image source)

I don't know about you but I'd rather just have a lock.

When you need a security guard for a blood bank

found on Izismile

If you've got a vamp problem, I'm sure this daywalker can take care of it. 

Friday, November 26, 2021

They are NSO much trouble

from here and here

In general it's hard to take down state-backed malware providers, but in this case I think Apple may dominate. And I, for one, will cheer them on if they actually manage to sue these spyware makers out of existence.

What could possibly go wrong?

found on Acid Cow

It's not like devices have ever been infected by plugging them into strange power stations, right?

Ooops, I guess they have.

Thursday, November 25, 2021

These are our users, get your own

from here and here

You've got to figure that when Facebook tries to defend users against spying by cops it isn't for the benefit of the users. They spy on those same users, so it's no principled endeavor. In all likelihood they're just trying to stop less capable spies from scaring the users away from the platform. 

How to unlock a car with tape

Watch on YouTube

Unfortunately I really don't know if there's a countermeasure to mitigate this threat. I suspect there isn't. This is more just a reminder to not trust your car to protect your valuables. While what was demonstrated in the video was a form of non-destructive entry, destructive entry through the glass windows also works and always will, so there isn't much point in trying to stop the non-destructive approach - and frankly, if they use a non-destructive approach you're better off because there's less you'll need to replace that way.

Wednesday, November 24, 2021

We're paying AND we're the product

from here and here (image source)

You've no doubt heard the saying before: If you're not paying then you're the product. Well, it seems as though Vizio thought that was too limiting and found a way to make you the product even when you do pay. They make twice as much from the data they collect from TVs as they do from selling the TVs in the first place. I kind of think that if they're making so much off the data they should be giving us something for free. Where's my slice of the pie?

Deterrence Fail

found on Reddit

There's always someone who doesn't find the stated consequence enough of a deterrent. Clearly, if Mariah is in your theat model you're going to have to rethink the kinds of punishments you threaten her with. 

Tuesday, November 23, 2021

Taking the "s" out of sFTP

from here

How is it possible that a major service provider like GoDaddy is still using plaintext in 2021? This is not their first data breach. There is no excuse for this at thisi point.

Encryption Is Key shirt

Product Page

Monday, November 22, 2021

Manual Denial Of Service

from here (image source)

Apparently a news organization couldn't find hacker stock photos that were over-the-top enough for their purposes so they hired an artist to create such an image? I'm not sure why they couldn't just stage their own hacker stock photo (just need a scruffy guy and some simple props), but here we are.

It's your devices' home too, y'know

found on Izismile

If your phone was a person that you lived with, would you be as surprised to find them referencing things the things you've said while they were in the room with you? 

Treat your digital roomie the same way you would a nosy biological equivalent.

Friday, November 19, 2021

They don't stop you from doing the thing, only from getting away with it

from here

It would be more accurate to call the surveillance cameras, but I think society has less tolerance for the concept of surveillance, even though it's going on all around us. Calling them security cameras seems like it's part of our surveillance denialism.

That's one way to deal with the surveillance state

found on Imgur

At least he has the presence of mind to wear a mask. You know where there's one camera there's more, so if you attack one you'll probably be captured by another.

Thursday, November 18, 2021

Oops in 3...2...1...

from here and here (image source)

There are far less dangerous ways to remove that tiny little lock, and a real locksmith should know that. At that size, I wouldn't expect any fancy pins to make picking harder. A novice could probably rake it open. Heck, even a small pair of wrenches could probably bust the shackle out of the body without risking the kid's ear lobe.

Never underestimate your adversary

Watch on YouTube

I can't help wonder how the rat learned how to do this. Certainly it wasn't through it's own failures because that's not the kind of failure you get a second chance with. It must have either been taugh by another rat or it learned from another rat's mistakes. Either way, that's more inteilligence than I would have thought rats capable of. Now I know better.

Wednesday, November 17, 2021

Sit, stay, lock your doors

from here (image source)

A car is not a dog. Securing it like it is one isn't going to work very well against the kinds of threats cars actually face.

Not sure about that beard, though

found on Reddit

A little bit of weight gain isn't going to change the contours of your face much, but growing a beard is certainly going to obscure what was there before. 

Tuesday, November 16, 2021

Not exactly covert

from here and here (image source)

Now I'm not spy, but I'm pretty sure that when you're spying you're not supposed to advertise what what you're doing so the whole world can see

Or maybe that's exactly what spies should be doing so that they're transparent and we can have an open discussion about what they're doing. But I think it's unlikely that any such operation would survive public scrutiny

You Don't Need A Key When You Can Pick Locks sticker

Product Page

I don't know if lock picking is a skill you necessarily want to advertise, but if it is, this sticker has you covered.

Monday, November 15, 2021

Whoppercoin 2.0

from here and here (image source)

While cryptocurrency has been around too long to qualify as a fad anymore, it's use by Burger King is just a marketing gimmick. It's not even the first time they've done it, but at least this time they're using established coins instead of making up their own shitcoin.

And that number is "1"

found on Reddit

And when you have to change the password on a regular basis you increment.

Friday, November 12, 2021

Shitty privacy

from here (image source)

I can think of one way to improve the privacy in that bathroom stall using only what you have on hand, but it's a little messy. Toddlers know how to do it. 

Lick to unlock

found on Dentagama

It's certainly a novel biometric, but I'm not sure we're ready for what will undoubtedly be the most sophisticated device you ever slobbered on.

Thursday, November 11, 2021

Security for the Horde

from here

WoW has had 2 factor authentication since 2008 (if not earlier). They used a hardware token but have switched to a software token. Banks, meanwhile, were slow to adopt 2FA, and the best you seem to be able to hope for is SMS based authentication.

Lock Picking Lawyer: FedEx Transit Safe Picked

Watch on YouTube

So how safe is that safe? Not very, it seems. Lock Picking Lawyer made some interesting points about using tamper-evident tape instead, but it made me wonder - how evident would the tampering be if the tampered-with tape was covered with a new piece of tamper-evident tape? Alternatively, what if the tamper-evident tape is scraped off and the damage to the container is covered by a fresh piece of tamper-evident tape? Something to think about (and maybe research).

Wednesday, November 10, 2021

Not the kind of heat they were looking for

from here and here

People are wondering what this Winnipeg couple were doing trying to steal a furnace in the first place. On the one hand there's the resale value, but on the other hand it's "Winter-peg", one of the coldest cities in the world - they might have just been trying to keep warm.

Seems legit

found on Bored Panda

Something tells me that the REAL Shakira has more than 180 followers... And doesn't talk in song lyrics.

Tuesday, November 9, 2021

Modern problems require modern solutions

from here and here (source article)

That study about people giving up their passwords for chocolate wasn't THAT long ago. Have people forgotten already? 

I See You've Disabled Your Antivirus shirt

Product Page

If you have users who disable the antivirus on their company devices, meeting up with them in an intimidating t-shirt may be just what the doctor ordered.

Monday, November 8, 2021

Don't ask for money if you know they won't play ball

from here

I suppose this criminal might have gotten caught eventually anyways, but drawing attention to himself in order to get a 1 time payout? That was not a smart move

Now there's a deterrent

found on Reddit

Would you want to be within arm's reach when I turn into a shit volcano? Yeah, I didn't think so.

Friday, November 5, 2021

The Old Switcheroo

from here and here

If it sounds like Mark Zuckerberg is pulling a fast one by claiming Facebook won't use face recognition anymore but under their new name they will continue to use it, then you are not alone. It seems a bit like a bait and switch scam.

Go hack yourself

found on someecards

Hacking yourself gives you experience in thinking like an attacker and can help you identify deficiencies in your defenses. Trying to guess your own password probably isn't the best way to do it, but I guess it's a start.

Thursday, November 4, 2021

Go Go Gadget Fingernails

from here and here (image source)

In terms of authentication, keys have traditionally represented tokens or "something you know", while body parts are usually consider to fall under the heading of "something you are" such as biometrics, but what happens when you combine the two? If it's attached to you is it really still just something you have? And biometrics aren't strictly about your biological components. If you have a prosthetic nose, do you think face recognition isn't going to use it? Of course it will. 

Don't bring a gun to a hand fight

Watch on YouTube

You either need to have faster reflexes than your opponent or you need to maintain enough distance to avoid this expert takedown. A handgun is a weapon that can harm at a longer distance than someone's arm, so as long as you stay out of arm's reach you should be able to maintain the advantage.

Wednesday, November 3, 2021

Time to put the NRA on the Pew Pew map

from here

Pretty sure a rifle isn't going to stop ransomware, so the NRA was unprepared to fend off a ransomware attack. Maybe the NRA should branch out and form the National 2 Factor Association to help keep the ransomware operators out of their system next time.

I Can Haz OpSec?

found on Daily LOL Pics

This ranks right up there with the malware author whose license plate says "VIRUS" 

Tuesday, November 2, 2021

And everybody elses

from here

I actually have zero difficulty imagining Mark Zuckerberg as a helicopter parent. Just look at how much his company spies on complete strangers. So the idea that Facebook wanted to target children around the same age as Zuckerberg's oldest makes it difficult not to see a possible connection between the two.

Computer Virus Word Cloud Mug

Product Page

Now you can think back and fondly remember all those times you had to stay at the office until the wee hours of the morning trying to clean up the latest virus or worm or vulnerability while you drink your morning coffee out of this travel mug.

Monday, November 1, 2021

Don't want to get a stain

from here (image source)

You might be thinking this also stops people concerned about dirtying up the underside of their car, but if that was the only problem the driver could get out, go around and find the mechanism to open the gate. This literally only works against people who can't cross the grass. 

Purrivacy Please

found on I Can Has Cheezburger Animals

If you don't give privacy, you probably shouldn't expect to get privacy.