Friday, December 2, 2022

It's more "secure"

from here and here

There are some scenarios where I can see fingerprint biometrics providing a lot of additional security, but phones and laptops aren't among them. It's like a combination lock with the combination written on it. They do provide convenience, and maybe that's what we should be caring about, but we shouldn't try to pretend it's for security

Forage on the enemy

found on Acid Cow

The criminals thought if they had a car faster than the police cars then they would be able to get away, but now that car is a cop car and Texas criminals will be even less likely to get away now that their own strategy is being used against them.

Thursday, December 1, 2022

Who's driving this thing?

from here and here

The Parkerian Hexad includes Control for a good reason. Police-controlled murderbots aren't going to seem like such a great idea when the police lose control of them, and of course there will be ways for adversaries to take over control of the robots. 

Steve Mould : I Hacked Into My Own Car


Watch on YouTube

I think one of the really interesting things about this video is that it shows someone taking a basic principle like the replay attack and figuring out how to make it work in the real world. It didn't work at first, and he went through a number of attempts and refinements before it finally did. This is an essential skill because you can't always just follow someone else's instructions, especially when you're dealing with something new and there are no instructions to follow yet.

Wednesday, November 30, 2022

How not to get a bug bounty

from here (image source)

XP's got plenty of bugs, but they're not going anywhere so it's no use finding those.

Not the kind of value we were hoping for

found on eBaum's World

This is, unfortunately, the real way online companies value our privacy - not as a matter of principle, but as a resource to be extracted and used/sold.

Tuesday, November 29, 2022

Isn't it ironic

from here and here

There is certainly a delicious irony in Google getting called out by none other than Google for taking to long to patch their shit. Seemingly the patch has been available for more than the 90 days that Google's Project Zero usually gives vendors. They didn't even need to develop the patch themselves, just apply it to their product, but apparently it's gotten held up in testing. 

Kinda makes you wonder, if Google can't even adhere to their own 90 day policy, why is it reasonable to expect it from others?

Hackers Gonna Hack case

Product Page

The typeface for this could have been anything, but the monochrome green on black binary code is a nice touch.

Monday, November 28, 2022

Gotta pay the privacy tax

from here and here (image source)

If ever there was an organization that a privacy tax would be paid to or filed with, Facebook would be the one. Of course, I don't mean a tax paid for the benefit of privacy - rather your privacy itself is the currency this tax is paid with.

Presumably H&R Block, TaxAct, and TaxSlayer were sending your tax data to Meta in addition to sending it to the government, rather than in place of sending it to the government. I'd hate to think they filing with the wrong entity.

Rest in peace, buddy

found on Acid Cow

Now, I don't have a phone or a wife, but I do have passwords out the wazoo, so I guess I'm safe.

Friday, November 25, 2022

The Internet of $#!+ Paper

from here and here (image source)

I've heard some people like it rough, but I don't think this is what they had in mind.

Good neighbours are great security

found on 9gag

You may not agree but it's hard to argue with results. This bike would have been stolen if not for the actions of that neighbour.

Thursday, November 24, 2022

Why family tech support is so popular

from here and here

I think most people have long suspected that computer repair technicians snoop on their customers, so it's not that much of a surprise when a study finds it actually happens. It's really a tough problem when you're forced to trust someone you have no good reason to trust - and that's where family tech support comes in, because you generally have a better concept of how trustworthy a family member is.

Airport Security Is Whack


Watch on YouTube

If you can find the humour in your experiences with the TSA, more power to you. For the rest of us, we'll just have to make do with stand-up comedians' experiences with it.

Wednesday, November 23, 2022

Live by the hack, die by the hack

from here and here

Even though the security company that discovered the malware vulnerability aren't publishing it, I have high hopes that people less scrupulous than them will use it to take the criminals down. That's not to say that I don't want the criminals in question to face justice, but rather I have my doubts whether most of them will, and in the absence of legal consequences, the increased cost due to business disruptions could conceivably make the operation less financially viable. Also, if the hack forces them to re-infect people or to infect even more people then that probably will increase their exposure with regards to law enforcement and might be the thing that gets them caught.

Easy come, easy go

found on Reddit

Don't get me wrong, I feel bad for the people who lost their life savings, but cryptocurrency has long been portrayed as easy money and I think we all expected that to backfire at some point.

Tuesday, November 22, 2022

The only answer tech support ever gives

from here and here

I imagine there are some tech support personnel out there who actually care about giving customers accurate information, but often times you get the quick answer that nobody really questions anymore. 

The Cryptographer mug

Product Page

Go ahead and make someone a key exchange they can't refuse, while drinking from this Godfather-themed Cryptographer mug

Monday, November 21, 2022

Never skip password day

from here and here

It occurs to me that people might do a better job of creating strong passwords if they got more practice. Maybe you could tell him he needs more reps.

BRB, gonna go have some fun at The GAP

found on Izismile

There's a couple of ways I can think of to have fun with these. Generally the ideal is to try and trigger false alarms. Mischief shouldn't be at someone else's expense, though, so tread lightly.

Friday, November 18, 2022

Not so chill anymore

from here and here

I understand that they'd probably rather not have to deal with even more support tickets about forgotten passwords, but Netflix's users did already have the tools to deal with freeloaders on their accounts if they really wanted to, without this new feature.

Deterrent Win

found on Reddit

Apparently this was the result of a tree rather than a dog, but would-be trespassers don't need to know that.

Thursday, November 17, 2022

Scammers hate Bill

from here and here

I can't think of a single legitimate reason for anyone to ask you to spend a large amount of money on redeemable gift cards. If it's a lot of money then it doesn't seem like a gift, and if it's not a gift then you shouldn't be using gift cards.

David Bombal : Flipper Zero Hacking


Watch on YouTube

A quick, practical demonstration of Hypponen's Law. If it's smart, it's vulnerable. Without knowing anything about the Flipper Zero device, I'm guessing it's being used to perform a replay attack on the bike lock. If I'm right, it recorded the unlock signal sent from the legitimate remote control for the lock and then transmitted the same signal it recorded at the press of a button.

Wednesday, November 16, 2022

No wonder it gets noisy

from here and here

It freaks my mother out whenever this happens to her. She can't keep all the pop-ups on her system straight so she doesn't know which ones not to click on. It's a real problem for older people, but also modern systems increasingly use the nag feature to convince you to do what the designers think you should do, and the more things there are nagging you, the harder it is for anyone to keep them all straight.

Now even she can't read her secrets

found on Izismile

I'm sure we've all encountered someone who's done that. It's understandable too. If you know you're likely to lose the keys then you're going to want to put them some place safe, and I don't mean safe from an attacker but rather safe from your bad memory - and this fits the bill. Also, she's only six. I'd be more concerned about the grown-ass people who still lock the padlock keys with the padlock.

Tuesday, November 15, 2022

At least the lawyers get paid

from here and here

With this legal settlement between Google and the States Attorney Generals for 40 states, I'm starting to wonder who really benefits from privacy lawsuits now. I don't see anything to indicate that the money will go towards the people harmed, and even if it did it wouldn't be enough for each one to buy a coffee. It really seems like only the lawyers benefit, and I worry that we've found ourselves in a situation where privacy now just serves some sort of framework of perverse incentives for the legal profession (and maybe states).

Cyber Security sticker

Product Page

I know what music ran through your mind when you first saw it. This is sort of like a visual play on words. You think it's one thing until you look closely and realize it's something completely different. It's a great violation of expectations.

Monday, November 14, 2022

Gee, that's not suspicious at all

from here and here (image source)

That clearly looks like someone tried to force the trunk open at some point, and given the lock is on it when the picture was taken it stands to reason there was something or someone in there at the time. What do you do when you see something like that? Call the police?

Because that worked out so well in the movie

found on eBaum's World

What the Oakland Police want is a way to kill people without putting their officers in even the slightest bit of danger. They want the big bucks for their dangerous job, without the danger part. Unfortunately this really doesn't eliminate the danger, it merely transforms it. 

You see, there's only 2 ways this armed robot could work - either it's autonomous (sort of like the Terminator in the movie was) and can direct itself and decide who to shoot, or it's remote controlled by a human operator (which would probably be more likely). Either of these options would be dangerous. The autonomous one could decide wrong and shoot it's handlers or innocent bystanders. Meanwhile the remote controlled one could be hacked and used against it's handlers or innocent bystanders.
 

Friday, November 11, 2022

Seems Compliant

from here (image source)

So long as you've got the approved access controls in place, you're all good. Who cares if the controls are effective, that's not what compliance measures. It doesn't matter that anyone who can navigate stairs can also navigate around this obstacle.

The last thing a drone sees on the battlefield

found on Izismile

I wonder how it works. I imagine it's sending some kind of energy but is it frying the drone's electronics or just interfering with the control signal so that the drone operator can no longer tell it where to go?

Thursday, November 10, 2022

Look who's ignoring privacy settings now

from here and here

If you don't want a record of everything you look at and everything you do sent to Apple, then I have some bad news for you. It appears to happen regardless of what you set on the setting that's supposed to control that sort of thing. Almost as if the setting is a decoy meant to lull you into a false sense of security - or perhaps in this case a false sense of privacy.

Making a combination slide bolt


Watch on YouTube

It's certainly sturdy, but with only 3 digits in the combination it couldn't really be called strong. A slide bolt like that would be on the inside, though, so an outside attacker wouldn't be able to access the dials until they go over the fence, however at that point it may well be simpler to just unscrew the device from the gate. 

It may be good enough, though. Mostly it's going to slow people trying to take heavy objects (ones that can't go over the fence the same way the people got in) off your property. No lock is undefeatable but if it slows them down enough that may just provide enough time for police to arrive, or it may simply demonstrate that your property isn't the easy pickings they thought it was and convince them to try some place else.

Wednesday, November 9, 2022

Maybe they have too many products

from here and here

Look, I know all software needs to be patched on occasion, and I know it's better that it gets patched than if it doesn't, but there are just soooooo many Microsoft patches! I can't be the only person who tires of hearing about them.

The cake is a lie

found on Acid Cow

I think we all know that something about this cake is not right. If you found this in the break room fridge, would you steal a slice anyway? I would not. At least, I wouldn't steal the first piece - I'd let someone else test it for me before I chowed down on delicious cake.

Tuesday, November 8, 2022

Catch me if you ca... No, not like that!

from here and here

So not only can blockchain transactions be traced, but since the blockchain is forever, even things from a decade ago can be tracked down.

[d0x3d!] board game


Watch on YouTube

I often find myself wishing I had someone to play these kinds of games with. Hopefully you actually have someone to play [d0x3d!] with because it looks like it could be a fun game.

Monday, November 7, 2022

Getting ready to steal some scratch

from here and here (image source)

Ctrl-C and Ctrl-V are the purrrfect way for those little paws to interact with the keyboard.

Found my hat for the surveillance state

found on Izismile

If the Sand People in Star Wars had northern cousins, I'm sure this is what they'd wear, and honestly I can't say I'd blame them. It looks like it will protect you from the cold AND from identification.

Friday, November 4, 2022

Don't let anyone plunder it

from here (image source)

This seems like it would hold a lot more than your average ATM. Maybe there really is a treasure in there. 

Security can kiss my @$$

found on Izismile

I'm sure there's a good argument for this. For example, maybe if you make too many passwords with a particular body part a bias starts to emerge in the data, so if you're making a lot of passwords you have to keep switching up which body part you use, and this was the last one this engineer had left.

Thursday, November 3, 2022

Ground Control to Scammer Tom

from here and here

Believe it or not, this was a real scam with a victim and everything. I'm not going to judge or blame the victim, but the scammer certainly found a creative way to take advantage of people.

Cat Unlocks Back Door To Let Locked-Out Owner Inside


Watch on YouTube

So, it's not like you've got a super secure home if you happen to have sliding glass doors, but I'm sure you'd expect an intruder to have to do more than just tap on the glass and convince this furry accomplice to let them in. This cat owner has an insider threat problem on 4 legs.

Wednesday, November 2, 2022

Maybe we should get a license

from here and here

I feel kinda bad for the makers of WinRAR. Since their product is being used by ransomware, they're bound to get negative attention out of it. Maybe if enough of us who never got a license finally did so it will make up for the hassle this will surely cause.

Countermeasures come in all shapes and sizes

found on Izismile

Looks like the dogs of war can be pretty useful.

Tuesday, November 1, 2022

One more reason not to get the checkmark

from here and here

Phishing that targets verified Twitter users seems like important people problems. If you're one of those people then watch out. I think most people aren't, however.

Someone Figured Out My Password sticker

Product Page

If you think learning remembering a new password is tough, imagine being a dog and finding out your new name is Spot12346.

Monday, October 31, 2022

If you want something done right...

from here and here

I'm not trying to suggest that your security should be entirely your responsibility. I know there are improvements that can be made that are outside of the hands of individuals, but if you're waiting on that or worse relying on that - you're gonna be waiting a long time and it's not going to be pretty.

If those external improvements happen, that's great, but until then - you've got to take matters into your own hands.

It looks so realistic

found on Grateful

Not that I'm condoning killing people (goodness knows there's enough death going on already), but this would be an excellent example of using cover to disguise or otherwise hide your activities.

Friday, October 28, 2022

This trick is a treat

from here and here

Honestly, I really ought to do this. This is one of the most practical Halloween costumes I can imagine. It hides your identity, it's easy to use, it folds up into a small space when you're done with it. What's not to like?

Be afraid, terrorists

found on Memebase

When you look like someone out of a horror movie (Poltergeist 2?) it's bound to creep out friends and enemies alike. I'm not sure that would actually serve as a meaningful deterrent, but one can hope.

Thursday, October 27, 2022

Skills not included

from here and here

It was always just hacker cosplay, so why shouldn't everyone get to try it?

Cybersecurity Awareness Halloween Edition


Watch on YouTube

How weird is it that Cybersecurity Awareness Month is the same month as Halloween? It's almost as though someone knew cybersecurity awareness would focus on scaring people.

Wednesday, October 26, 2022

IT Security

from here and here

Of course you won't be able to access the data either, but at least other people can't get it.

(There is no clown, just other people's nightmares)

Maybe you should take care of that before you die

found on Flickr

I'm pretty sure by the time you're a skeleton there's nothing you can do to protect the secrets on your phone, so you should really consider doing something about it long before that happens. Now would be a good time. 

Tuesday, October 25, 2022

Modern Nightmares

from here and here

There's often a certain amount of hacking involved in ransomware deployment, but usually not like that.