Friday, July 1, 2022

******** Mask

from here and here (image source)

I suppose if you pull a Kevin McCallister (Home Alone) while wearing this thing you'll probably wind up with an OK password, but everyone around you will be able to see what it was. It makes shoulder surfing much easier.

Threats come in all shapes and SIZES

found on Izismile

2mm may not sound like much, but apparently it could still do some damage if fired in someone's face

Thursday, June 30, 2022

Get to know the signs

from here (image source)

If you've never tried to lift one of those signs before you should give it a try. You might be surprised, and you'll probably never use them like this ever again.

Jake Davis: How We Hack The Planet


Watch on YouTube

I've seen a number of talks with Jake Davis, and he's good at telling funny stories, but this one includes a story about meeting up with Aaron Barr (of HBGary Federal fame), which makes it extra interesting.

Wednesday, June 29, 2022

Loose lips sink tanks?

from here and here

Apparently there are many people who can't keep a secret, even if it's part of their job.

Patch My Ride

found on Izismile

As inconvenient as software updates for your car might be, at least it's better than crashing the car.

Tuesday, June 28, 2022

In ur devicez, spreadin meowlware

from here and here (image source)

From the looks of it, pair programming can be useful even if you're just modding scripts.

You're Like A Software Update sticker

Product Page

Is this the kind of message you want to send to your coworkers? That's fine if it is, I'm sure we've all been there.

Monday, June 27, 2022

Signs that privacy might be dead

from here and here (image source)

As much as we might hate to admit it, there are many signs out there that people just don't think that privacy is valuable anymore. This public restroom is one such example. I've heard that sharing is caring, but I can't decide which is worse: pooping with friends or pooping with strangers.

American Lock-ic

found on Acid Cow

You can't convince me this isn't art. It may not be a painting but it sure does remind me of American Gothic

Friday, June 24, 2022

Don't just wipe it, doggone it

from here (image source)

Is the data really unrecoverable? I suppose the actual memory chip(s) might be small enough to have survived this superficial chewing, but if you let it go for long enough it won't matter how small the chips are.

The PIN Protector Pup

found on eBaum's World

It doesn't take much to protect against shoulder surfing at the ATM. A bark here, a growl there, it's all about getting advanced warning.

Thursday, June 23, 2022

The more things change, the more they stay the same

from here and here (image source)

Well OF COURSE non-fungible tokens would appeal to a scammer. It's like they're made for each other. Some of us realize that NFTs basically are scams so, I suppose the promise to stop scamming is itself also a scam. It's scams all the way down.

MC Frontalot: Secrets From The Future


Watch on YouTube

I usually consider AI generated images to be something akin to nightmare fuel, but I think they fit the dystopian theme of this song really well. I wonder how many music videos are going to take this approach.

Wednesday, June 22, 2022

That's not what it was called when I did it

from here and here

Unless you've been living under a rock the past several years, you've probably noticed the trend of putting computers into things and calling them smart. Smart phones, smart TVs, smart toothbrushes, etc. Well it turns out that hot tubs are among the things that have become computerized and rather predictably they're not secure. So far the attacks have not involved compromising the hot tubs themselves to run cryptomining malware (hot tub mine machines) but instead the command and control servers run by the manufacturer - which makes me think they should be called bot tubs instead of hot tubs.

Buh-bye crypto

found on Acid Cow

I would certainly not suggest anyone buy it right now.

Tuesday, June 21, 2022

No longer the best browser for downloading other browsers

from here and here (image source)

Internet Explorer is finally dead, sort of. There won't be any more updates so you better get rid of it, but the underlying engine is still embedded in the operating system and Edge will still use the IE rendering engine for it's IE mode for many years to come.

Encrypt Everything hat

Product Page

I don't know if you need to keep your fingers on the keyboard like that, but you definitely should be encrypting everything, and so should all your friends, so get the message out there.

Monday, June 20, 2022

Crypto Winter's silver lining

from here and here

With cryptocurrency prices plummeting it's no longer economical to use video cards for mining, so the prices for the cards are dropping too because of the decline in demand. That's good news for gamers, and video card makers no longer need to deal with the market for their products being subverted by some decentralized finance nonsense.

Isn't it always meant for private events?

found on Funny Junk

Of course a public restroom isn't actually terribly private, but it's the principle of the thing. Also I have to wonder how much more private that flimsy barrier makes it. Probably not very. 

Friday, June 17, 2022

Clean your own house first

from here and here

I realize that Microsoft Defender is a lot better than MSAV was, and that it may even be good enough for PCs, but I don't think it's reached the point of making PCs safer than Macs yet.

In addition to that, I have difficulty imagining most Mac owners using an antivirus at all, never mind one by the makers of Windows. Many Mac owners joke that Windows IS a virus.

Maybe some day MS Defender for Macs will make sense, but not before they clean up their reputation and their own platform.

I don't recall learning about One-Time-Pads in driving school

found on Funny Junk

Perhaps they want to make sure you come to a provably secure stop?

Thursday, June 16, 2022

Shhh... Be vewy, vewy quiet

from here and here

It's been a long time coming but Amazon Prime Air is finally coming to a backyard near some folks in Lockeford, California. Sure there are already other drone delivery pilot programs, but I'm not sure they'll be able to hold a candle to the amount of online retail business Amazon does. So I think we'll have to wait for Amazon's service to take off before we see a major shift in the modus operandi of porch pirates. Will we start calling them prime pirates? Who knows, but taking out a drone before it gets anywhere near someone's house seems like a win for thieves (especially when you see what they've done to shipping trains), so I have no doubt that it's going to become open season on delivery drones.

Turn Stainless Steel Bolts into a Pocket Safe


Watch on YouTube

Not only is it a beautiful peice of work, but in seeing how it's made we gain a better understanding of how it works.

Wednesday, June 15, 2022

If you have to say it, you didn't do it

from here and here

If your organization uses this business furby, you might want to switch to something with fewer vulnerabilities. 

Cybersecurity: The Few, The Proud, The Paranoid keychain

Product Page

That's one laptop you should definitely never leave unattended.

Tuesday, June 14, 2022

Guess they'll just have to steal more

from here and here

I can't imagine Kim Jung Un is very happy that all that cryptocurrency his country stole has now dropped significantly in value. On the bright side, though, at least they didn't have to actually work (or mine) for it.

No prevention is perfect

found on eBaum's World

I guess anything can be a nest if you're brave enough.

Thursday, June 9, 2022

Too Much Security

from here and here

Verification requires I enter the number for my non-existent cell phone? Whoops, there goes another account.

Verification requires me to retrieve a code from a recovery email that no longer exists? Whoops, there goes another account. 

Verification requires me to enter a phone number and country but the country is stuck on Afghanistan? Whoops, there goes another account. 

Verification requires a voice number that hasn't already been used to verify a different account? Whoops, there goes another account.

I should be able to decide whether or not extra security mechanisms are required for my accounts.

Did the CIA Really Try to use Cats as Spies?


Watch on YouTube

Just think, if cats had been trainable we wouldn't be complaining about Alexa listening in on us in our own homes because we'd have started that decades earlier with Fluffy and Mr. Whiskers.

Wednesday, June 8, 2022

Risky Superspreading Aerosols

from here and here (image source)

Thanks to Lisa Sass for tweeting this image of some place I definitely wouldn't want to be. It doesn't seem like there are any masks at all. I'm sure they've all been vaccinated, but that's only a single layer of defense and I'd expect security practitioners to know better than to rely on a single layer of defense, especially when the stakes are so high.

Gives new meaning to private self-reflection

found on eBaum's World

They go to the trouble of giving you privacy dividers and then wipe out the privacy benefits by putting mirrors on everything. If you want your junk reflecting off of every surface, this is the public washroom for you.

Tuesday, June 7, 2022

Must not have been on the blockchain

from here and here

I imagine if the job offers had been on the blockchain, rescinding them would have been a lot more complicated what with it being an immutable public ledger. Perhaps they would have had to fork the project in order to invalidate the transation? Although that hasn't always gone to plan in the past and it would get pretty tedious if they had to do it with any regularity. Maybe they would have used some kind of smart contract as an employment contract (assuming they even use employment contracts rather than being an at will employer).

WannaCry Ransomware sticker

Product Page

I wonder how many people would be fooled by sticking this onto one of their devices. 

Monday, June 6, 2022

Tick Tock, Microsoft

from here and here

While I realize it can be tough when all supported versions of Windows are affected, I would still expect Microsoft to move a little faster to deal with a zero-day that's actively being exploited.

It really caps off the room

found on Reddit

I don't necessarily look up, but I do look away. You should too. It demonstrates you respect the other person's privacy/security. 

Friday, June 3, 2022

Old MacDonald has defenses, E-I-E-I-O

from here and here (image source)

Everything has a weakness. Even military grade camouflage.

There's no such thing as perfectly secur...

found on Reddit

 Well, I suppose your accounts aren't perfectly secure, but at least you don't have to worry about your passwords getting stolen by malware, now.

Thursday, June 2, 2022

Timmies rustling your privacy jimmies

from here and here

I wonder how much of peoples data plans got used up by this app sending location data to the server every few minutes. If you want to get away with something you're gonna have to be more discreet than that.

The lowest tech ATM robbery


Watch on YouTube

He's got no heavy machinery, no vehicle of his own, no apparent tools of any kind. It seems like he just unplugged it and started dragging it away. I honestly would have thought ATMs would be heavy enough that you couldn't do that. I certainly have my doubts that he would have been able to hoist it up into the bus. Not without help, at aleast.

Wednesday, June 1, 2022

When privacy's highly prized

from here and here (image source)

If you do use this technique, make sure people see you going in there with the launcher. It should save on both the cost of extra rockets and clean-up.

That CAPTCHA is already too fresh

found on Izismile

It's a good thing you don't have to read this code out to a human. 

Tuesday, May 31, 2022

Bitcoin can't unfry a hard drive

from here and here

While it's true that some ransomware operators have incorporated blackmail into their business model so that simply restoring from backups is no longer sufficient to resolve the incident, many if not most victims still seem to be unwilling or unable to recover from backups. It's as if they think ransomware is all they need to worry about and they can simply pay the ransom to get their data back, as if that's just the cost of doing business. 

That cryptocurrency won't uncrush a laptop, it won't unflood an office, it won't stop a fire, or any of the other sorts of disasters that really would benefit from backups. Backups are still the best way to get your data back.

EICAR Standard Antivirus Test QR Code case

Product Page

Now you never have to go hunting for the EICAR Standard Antivirus Test File again. You can just take your phone out of the case, scan the case with your phone, and then send the result to whatever needed the EICAR string. 

Monday, May 30, 2022

No cell phone number for you!

from here and here

Twitter isn't even the first company to get caught misusing security contact information for ad targeting, but at least they're paying the price for misusing our info

And that's your first lesson

found on Izismile

Don't expect a refund since you learned the material even without a physical book in your hands.

Friday, May 27, 2022

Threat modeling gone wrong

from here and here

It's amazing that the US has tighter restrictions on Kinder Surprise Eggs (not to be confused with Kinder Joy Eggs) than they do on assault rifles. I wonder how the deliberations for that went. Do you think if there was a chocolate lobby as powerful as the gun lobby that there would be a constitutional amendment guaranteeing the right to bare treats? 

Have fun with passwordless authentication

found on Reddit

They've been trying to get rid of passwords for years, opting instead for things like your phone (as a token) or biometrics, or both. Unfortunately alternatives to passwords require additional hardware and just aren't as reliable as passwords.

Thursday, May 26, 2022

When there are extra antennas that don't improve call quality

from here and here (image source)

I'm sure the little feet touching your face will give it away in this case, but extra antennas (if you're willing to open it up and look) is a bit more generic.

Credit card tap and go is risky


Watch on YouTube

Now you might be thinking that you'd notice someone walking around with a point of sale terminal like that, but what if they aren't carrying it in their hands? What if it was in a large purse or duffle bag?

Wednesday, May 25, 2022

Now anyone can come from the land down under

from here and here

I'm sure I've dated myself with that title, but as badly as the person who thought a 4 digit encryption key was strong enough. They were clearly from far, far in the past. 

Cryptocurrency, Not Even Once

found on Reddit

I wonder if anyone has ever examined the crypto bro phenomenon from the perspective of substance abuse. They certainly seem to have a problem that they need to admit to in order to get help.

Tuesday, May 24, 2022

The cloud was too wet for the file server

from here and here

Don't worry, I've got the decryption shovel right here. Decryption using a key? That would take forever.

Not Even A Kid Can Hack This poster

Product Page

Those sound like famous last words, if you ask me. I have a feeling he simply asked the wrong kid.

Monday, May 23, 2022

How will they SCARE up new customers then?

from here and here

A common element in most VPN marketing is talking about all the privacy threats their service protects you against because it encrypts your traffic - even though most websites are already encrypted. It's almost as if they're stuck in the past (when sites weren't encrypted), but of course the real reason is probably just that fear sells. 

Netflix lost it's chill

found on Izismile

I guess they no longer believe that "sharing is caring". Do they not realize this is how we Netflix & chill in a pandemic?