Monday, January 31, 2022

Mastering passwords

from here and here

You may have heard the advice work smarter, not harder - for passwords that means using a password manager. Let the manager do most of the work for you. 

The new vegans

found on Reddit

If you think this is unfair, then I can only guess that you've never met a crypto bro in real life.

Friday, January 28, 2022

The bugs have already been squashed

from here and here (image source)

In reality I'm sure this computer can be cracked. It's probably not the unique and special snowflake it appears to be and so it's weaknesses are probably known.

If it is unique, however, then I don't think Shannon's maxim would apply. How could the enemy know the system if there's only one system and they've never had access to it?

And now there's a fake dog license in his name

found on Reddit


Thursday, January 27, 2022

Putting people on ice for a rent-a-wreck price

from here

You have to wonder about anyone willing to use a rent-a-hitman when rent-a-cops are such a derided group. Considering people fall for some of the dumbest scams imaginable, however, I suppose I really shouldn't be surprised that people do in fact fall for 


Watch on YouTube

CAPTCHAs keep getting harder and harder. It's only a matter of time before satire becomes reality, and then this video will seem as prescient as The Onion.

Wednesday, January 26, 2022

"PCs, not Macs"

from here

Many people really did believe quite earnestly that Macs weren't going to have the malware problems PCs did. One otherwise smart individual even went so far as to perform an ill-conceived game-theory analysis to support that idea. The problem was even when that analysis was performed there already was malware for the Mac, and not just proof of concept malware either. There was financially motivated Mac malware that had been ported over from the PC platform. Now, however, we seem to have a sophisticated piece of Mac malware that has no PC counterpart - it's exclusively for the Mac.

Macs may never see the same volume of malware, but they are just as vulnerable to malware as any other platform, and they've been a target for years.

Someone needs a better email address

found on Acid Cow

I know scammers supposedly do stupid things so that only stupid people will take them seriously, but how hard is it to make your email match your fake persona? Albert, please, it looks like you're not even trying.

Tuesday, January 25, 2022

What's in YOUR spam folder?

from here and here

Finding an email in your spam folder that says you won the lottery isn't terribly surprising. I'd be more surprised if there WASN'T an email in there telling you that you won. The surprise in this case, however, is that it was real and someone could tell the difference between the genuine article and the spam it's drowning in.

Computer Virus device case

Product Page

I can imagine that such a case might make someone think twice about trying to use your device without permission.

Monday, January 24, 2022

When "it just works" backfires

from here

Some things aren't supposed to just work. Some things aren't supposed to work at all, like web pages reading content from a different origin. Now, as a software developer, I know bugs happen to everyone, but 4 months and counting for a vulnerability that your users can't mitigate is beyond the pale.

That's using your noodle

found on Reddit

I'm not sure what they're protecting by leaving the password stuck to the wall like that, but at least it's not 123456.

Friday, January 21, 2022

In sheep's clothing

from here and here (image source)

I wonder what this descendant of wolves is up to in that disguise. I'm not sure if sheep would be able to tell the difference or not. Their reputation isn't exactly for being smart.

It certainly isn't to contain the smell

found on Izismile

I've seen that public washroom image before and I certainly recognized the lack of privacy but I'm not sure I ever questioned why anyone bothered with transparent walls. It's an excellent question. 

Thursday, January 20, 2022

Close but no cigar

from here (image source)

If the first lock doesn't stop the theft, the second and third aren't going to do it either. They're just the same preventative measure repeated multiple time. Best case scenario is if you put a ridiculous number of locks on it then maybe the thief will just consider it too annoying to steal.

If you're going to use multiple preventative measures it would be better to make them different so that if one fails maybe another won't.

Scammer vs. Bot

Watch on YouTube

I think the people who made this bot have come up with an interesting approach to the Turing test. Rather than trying to simulate a rational human being (which is difficult) they've instead opted to simulate a scatterbrain who isn't entirely there, and they've done it quite well.

Wednesday, January 19, 2022

Someone's getting fired

from here

I know infosec pros tend to preach forgiveness for security fuck-ups by your users, but I don't think the same holds true for nation-state attackers. Someone inside India's Patchwork threat group infecting themselves with a remote access trojan was a pretty serious operational security failure and it's literally their job not to fuck that kind of stuff up.

Say Blockchain One More Time shirt

Product Page

Are you as tired of crypto-bros as I am? Why not wear your displeasure on your (short) sleeve?

Tuesday, January 18, 2022

Everyone knows you need an axe for hacking

from here and here (image source)

It's important not to let your need to do something override your aim to do an appropriate thing. Otherwise you're going to get an expensive lesson.

How did that get in there?

found on Reddit

Honest, officer, I meant to get rid of that before I got here!

Security-related anxiety can play all sorts of tricks on you, and security personnel are in no hurry to make you feel better, unfortunately.

Monday, January 17, 2022

When I think about logging in I touch myself

from here and here (image source)

I think this article of clothing would pair well with the keyboard pants from several years ago (I can't believe I never made a meme out of it). 

Your buttprint is your password

found on Reddit

People keep telling us how secure biometrics are, but what's even more secure than biometrics? Weird biometrics! My password is a body part but you don't know which part. 

Friday, January 14, 2022

No correction necessary

from here and here (image source)

It's technically correct, which is the best kind of correct, and as an added bonus we all get to keep some privacy to boot so don't mess up a good thing. 

Red Alert?

found on

 Yes, a water bottle is just as dangerous as a giant novelty tommy gun.

Thursday, January 13, 2022

Scan it if you can

from here and here (image source)

This is literally supposed to be a camouflaged photo, but there aren't many things that pattern is going to blend into.

Pickpocketing Puppy

Watch on YouTube

As always, don't underestimate your adversary and don't let your guard down. I'm sure these were just demonstrations of what the dog can do, but the fact seems to remain that the dog can do these things.

Wednesday, January 12, 2022

Termination gives you more time to chase that Snorlax

from here and here

You're supposed to be able to rely on authorities to serve, protect, and just generally do the right thing. That's kind of their job. If they want to play video games all day, they should get a job doing that - and who knows, maybe they will now that they're not stuck in a patrol car anymore.

Death defying stealth

found on Reddit

I suppose most defensive stealth is attempting to avoid death, but usually it doesn't involve becoming temporarily dead in the process. 

Tuesday, January 11, 2022

Don't hurt yourself, grandpa

from here (image source)

I don't know about you but I would still hop the banister if I wanted to get through. I'd give it a good shake first, mind you, but the threat of falling down the stairs isn't enough to deter me.

Trust Me I'm A Reverse Engineer shirt

Product Page

It's kinda clever and, honestly, surprisingly colourful compared to most of the stuff I find. Much more cheerful than those dull monochromatic designs (watch me post another monochromatic design next time).

Monday, January 10, 2022

Can't even protect itself

from here and here (image source)

I guess surveillance isn't magic after all. Those cameras are valuable, of course someone is going to think to steal them.

Unhelpfully secure

found on Reddit

As infuriating as this is, I understand why sites have to do it. Giving this kind of information could help attackers. 

But you know what? This is hypocritical, because the security community gives helpful info to attackers all the time in the form of vulnerability research and proof of concept attack tools. It's almost like they have no problem erring on the side of caution when it's just inconveniencing average users, but throw that caution to the wind when it might inconvenience other security folks.

Friday, January 7, 2022

Why some people just add 1

from here and here

"I just changed it yesterday!" is a phrase you're likely to hear often from people who need help with forgotten passwords. The old password was committed to muscle memory, they didn't even have to think about it, but the moment they changed it to something that wasn't fixed firmly in their heads it was gone. 

Privacy Not Included

found on eBaum's World

I'm pretty sure a location like that also has a lot of recreational snorkeling and scuba diving, and I bet the participants get an eye full.

Thursday, January 6, 2022

Lock up your landmarks

from here and here (source article)

I actually don't know what kind of theft prevention measures you can use here. What are you going to do, chain it to a tree? Anyone with the capability to move a bridge also has the capability to eliminate any restraining mechanism you might employ like a lock or chain. This kind of threat is beyond traditional preventative measures, but detective measures like motion sensors or surveillance cameras might do the trick. The only issue is that who anticipates this kind of threat in the first place when they formulate their threat model?

Computerphile: Fingerprint Recognition

Watch on YouTube

There are of course additional steps one can add to the process to make sure you're dealing with a live genuine finger rather than some sort of facsimile, but it still boils down to comparing minutae points.

Wednesday, January 5, 2022

For Receptacle Use Only

from here and here

I never imagined smart light bulbs could measure biometric properties like body temperature and heart rate. I suppose they must be emitting more than just visible light... at least I hope that's how it works. 

The problem now is how can you tell if someone else is using such a bulb and measuring your biometrics without your knowledge or consent?

The street finds it's own uses for things

found on Acid Cow

I know there are ways to get around it, but the simple YouTube pranks of the past are spoiled now that ads (of all things) give people a chance to see the true title of the video before seeing it's actual content. 

So now you have to ask yourself, what do you want to be protected from more - advertisements, or hearing about how Rick Astley is never gonna give you up or let you down for the umpteenth time.

Tuesday, January 4, 2022

Privacy Theatre

from here and here

I guess that we really shouldn't be surprised Apple took the teeth out of it's earlier move to clamp down on invasive ad-tech. They do whatever they feel like they can get away with, and in all likelihood they will be able to get away with this just fine. Their near monopoly position makes it basically inevitable that people will continue to buy their products regardless of their failure to live up to their promise of providing control.

I Know Your Password case

Product Page

If you want someone to give you space while you're talking on the phone, this may be just the thing to get them to back up and give you some privacy.

Monday, January 3, 2022

What do you do if you're both?

from here and here

"Delete your account" is the best answer I've heard so far. If only it was that simple. 

There's more than one way to hack

found on Reddit

Not only can axes provide access, they can also deny access if you use them on power or communications cables.