 |
| from here and here |
You may have heard the advice work smarter, not harder - for passwords that means using a password manager. Let the manager do most of the work for you.
Monday, January 31, 2022
The new vegans
 |
| found on Reddit |
If you think this is unfair, then I can only guess that you've never met a crypto bro in real life.
Friday, January 28, 2022
The bugs have already been squashed
 |
| from here and here (image source) |
In reality I'm sure this computer can be cracked. It's probably not the unique and special snowflake it appears to be and so it's weaknesses are probably known.
If it is unique, however, then I don't think Shannon's maxim would apply. How could the enemy know the system if there's only one system and they've never had access to it?
Thursday, January 27, 2022
Putting people on ice for a rent-a-wreck price
 |
| from here |
You have to wonder about anyone willing to use a rent-a-hitman when rent-a-cops are such a derided group. Considering people fall for some of the dumbest scams imaginable, however, I suppose I really shouldn't be surprised that people do in fact fall for RentAHitman.com
Wednesday, January 26, 2022
"PCs, not Macs"
 |
| from here |
Many people really did believe quite earnestly that Macs weren't going to have the malware problems PCs did. One otherwise smart individual even went so far as to perform an ill-conceived game-theory analysis to support that idea. The problem was even when that analysis was performed there already was malware for the Mac, and not just proof of concept malware either. There was financially motivated Mac malware that had been ported over from the PC platform. Now, however, we seem to have a sophisticated piece of Mac malware that has no PC counterpart - it's exclusively for the Mac.
Macs may never see the same volume of malware, but they are just as vulnerable to malware as any other platform, and they've been a target for years.
Someone needs a better email address
 |
| found on Acid Cow |
I know scammers supposedly do stupid things so that only stupid people will take them seriously, but how hard is it to make your email match your fake persona? Albert, please, it looks like you're not even trying.
Tuesday, January 25, 2022
What's in YOUR spam folder?
 |
| from here and here |
Finding an email in your spam folder that says you won the lottery isn't terribly surprising. I'd be more surprised if there WASN'T an email in there telling you that you won. The surprise in this case, however, is that it was real and someone could tell the difference between the genuine article and the spam it's drowning in.
Computer Virus device case
 |
| Product Page |
I can imagine that such a case might make someone think twice about trying to use your device without permission.
Monday, January 24, 2022
When "it just works" backfires
 |
| from here |
Some things aren't supposed to just work. Some things aren't supposed to work at all, like web pages reading content from a different origin. Now, as a software developer, I know bugs happen to everyone, but 4 months and counting for a vulnerability that your users can't mitigate is beyond the pale.
That's using your noodle
 |
| found on Reddit |
I'm not sure what they're protecting by leaving the password stuck to the wall like that, but at least it's not 123456.
Friday, January 21, 2022
In sheep's clothing
 |
| from here and here (image source) |
I wonder what this descendant of wolves is up to in that disguise. I'm not sure if sheep would be able to tell the difference or not. Their reputation isn't exactly for being smart.
It certainly isn't to contain the smell
 |
| found on Izismile |
I've seen that public washroom image before and I certainly recognized the lack of privacy but I'm not sure I ever questioned why anyone bothered with transparent walls. It's an excellent question.
Thursday, January 20, 2022
Close but no cigar
 |
| from here (image source) |
If the first lock doesn't stop the theft, the second and third aren't going to do it either. They're just the same preventative measure repeated multiple time. Best case scenario is if you put a ridiculous number of locks on it then maybe the thief will just consider it too annoying to steal.
If you're going to use multiple preventative measures it would be better to make them different so that if one fails maybe another won't.
Scammer vs. Bot
Watch on YouTube
I think the people who made this bot have come up with an interesting approach to the Turing test. Rather than trying to simulate a rational human being (which is difficult) they've instead opted to simulate a scatterbrain who isn't entirely there, and they've done it quite well.
Wednesday, January 19, 2022
Someone's getting fired
 |
| from here |
I know infosec pros tend to preach forgiveness for security fuck-ups by your users, but I don't think the same holds true for nation-state attackers. Someone inside India's Patchwork threat group infecting themselves with a remote access trojan was a pretty serious operational security failure and it's literally their job not to fuck that kind of stuff up.
Say Blockchain One More Time shirt
 |
| Product Page |
Are you as tired of crypto-bros as I am? Why not wear your displeasure on your (short) sleeve?
Tuesday, January 18, 2022
Everyone knows you need an axe for hacking
 |
| from here and here (image source) |
It's important not to let your need to do something override your aim to do an appropriate thing. Otherwise you're going to get an expensive lesson.
How did that get in there?
 |
| found on Reddit |
Honest, officer, I meant to get rid of that before I got here!
Security-related anxiety can play all sorts of tricks on you, and security personnel are in no hurry to make you feel better, unfortunately.
Monday, January 17, 2022
When I think about logging in I touch myself
 |
| from here and here (image source) |
I think this article of clothing would pair well with the keyboard pants from several years ago (I can't believe I never made a meme out of it).
Your buttprint is your password
 |
| found on Reddit |
People keep telling us how secure biometrics are, but what's even more secure than biometrics? Weird biometrics! My password is a body part but you don't know which part.
Friday, January 14, 2022
No correction necessary
 |
| from here and here (image source) |
It's technically correct, which is the best kind of correct, and as an added bonus we all get to keep some privacy to boot so don't mess up a good thing.
Thursday, January 13, 2022
Scan it if you can
 |
| from here and here (image source) |
This is literally supposed to be a camouflaged photo, but there aren't many things that pattern is going to blend into.
Pickpocketing Puppy
Watch on YouTube
As always, don't underestimate your adversary and don't let your guard down. I'm sure these were just demonstrations of what the dog can do, but the fact seems to remain that the dog can do these things.
Wednesday, January 12, 2022
Termination gives you more time to chase that Snorlax
 |
| from here and here |
You're supposed to be able to rely on authorities to serve, protect, and just generally do the right thing. That's kind of their job. If they want to play video games all day, they should get a job doing that - and who knows, maybe they will now that they're not stuck in a patrol car anymore.
Death defying stealth
 |
| found on Reddit |
I suppose most defensive stealth is attempting to avoid death, but usually it doesn't involve becoming temporarily dead in the process.
Tuesday, January 11, 2022
Don't hurt yourself, grandpa
 |
| from here (image source) |
I don't know about you but I would still hop the banister if I wanted to get through. I'd give it a good shake first, mind you, but the threat of falling down the stairs isn't enough to deter me.
Trust Me I'm A Reverse Engineer shirt
 |
| Product Page |
It's kinda clever and, honestly, surprisingly colourful compared to most of the stuff I find. Much more cheerful than those dull monochromatic designs (watch me post another monochromatic design next time).
Monday, January 10, 2022
Can't even protect itself
 |
| from here and here (image source) |
I guess surveillance isn't magic after all. Those cameras are valuable, of course someone is going to think to steal them.
Unhelpfully secure
 |
| found on Reddit |
As infuriating as this is, I understand why sites have to do it. Giving this kind of information could help attackers.
But you know what? This is hypocritical, because the security community gives helpful info to attackers all the time in the form of vulnerability research and proof of concept attack tools. It's almost like they have no problem erring on the side of caution when it's just inconveniencing average users, but throw that caution to the wind when it might inconvenience other security folks.
Friday, January 7, 2022
Why some people just add 1
 |
| from here and here |
"I just changed it yesterday!" is a phrase you're likely to hear often from people who need help with forgotten passwords. The old password was committed to muscle memory, they didn't even have to think about it, but the moment they changed it to something that wasn't fixed firmly in their heads it was gone.
Privacy Not Included
 |
| found on eBaum's World |
I'm pretty sure a location like that also has a lot of recreational snorkeling and scuba diving, and I bet the participants get an eye full.
Thursday, January 6, 2022
Lock up your landmarks
 |
| from here and here (source article) |
I actually don't know what kind of theft prevention measures you can use here. What are you going to do, chain it to a tree? Anyone with the capability to move a bridge also has the capability to eliminate any restraining mechanism you might employ like a lock or chain. This kind of threat is beyond traditional preventative measures, but detective measures like motion sensors or surveillance cameras might do the trick. The only issue is that who anticipates this kind of threat in the first place when they formulate their threat model?
Computerphile: Fingerprint Recognition
Watch on YouTube
There are of course additional steps one can add to the process to make sure you're dealing with a live genuine finger rather than some sort of facsimile, but it still boils down to comparing minutae points.
Wednesday, January 5, 2022
For Receptacle Use Only
 |
| from here and here |
I never imagined smart light bulbs could measure biometric properties like body temperature and heart rate. I suppose they must be emitting more than just visible light... at least I hope that's how it works.
The problem now is how can you tell if someone else is using such a bulb and measuring your biometrics without your knowledge or consent?
The street finds it's own uses for things
 |
| found on Acid Cow |
I know there are ways to get around it, but the simple YouTube pranks of the past are spoiled now that ads (of all things) give people a chance to see the true title of the video before seeing it's actual content.
So now you have to ask yourself, what do you want to be protected from more - advertisements, or hearing about how Rick Astley is never gonna give you up or let you down for the umpteenth time.
Tuesday, January 4, 2022
Privacy Theatre
 |
| from here and here |
I guess that we really shouldn't be surprised Apple took the teeth out of it's earlier move to clamp down on invasive ad-tech. They do whatever they feel like they can get away with, and in all likelihood they will be able to get away with this just fine. Their near monopoly position makes it basically inevitable that people will continue to buy their products regardless of their failure to live up to their promise of providing control.
I Know Your Password case
 |
| Product Page |
If you want someone to give you space while you're talking on the phone, this may be just the thing to get them to back up and give you some privacy.
Monday, January 3, 2022
What do you do if you're both?
 |
| from here and here |
"Delete your account" is the best answer I've heard so far. If only it was that simple.
There's more than one way to hack
 |
| found on Reddit |
Not only can axes provide access, they can also deny access if you use them on power or communications cables.
Subscribe to:
Posts (Atom)