Friday, April 29, 2022

Making a hash of it by not making a hash of it

from here and here

All the comments I've seen about this so far have assumed this was about end users, which is fair because most people are end users so of course they would see if from that perspective. In reality, though, this is about system designers/architects. You know, the people who make sites and are supposed to hash your password rather than storing the plain text (or reversibly encrypted) version of it? Yeah, if that site says your password is too long it means they aren't hashing the passwords and so are doing it wrong.

In Case Of Fire: Pick Lock

found on Acid Cow

There better not be any unauthorized emergencies going on here. Those are strictly forbidden.

Thursday, April 28, 2022

Which country's flag will you fly today?

from here and here

I suppose this also applies if you're using the VPN to evade region locks enforced by streaming services. Don't let me stop you, though. Hoist the colours if that's your thing.

What it's like to get scammed

Watch on YouTube

The red flags are easier to see in hindsight. What you need to do is figure out how to see them in the moment.

Wednesday, April 27, 2022

Finally a good use for them

from here and here

The argument could be made that some members of congress essentially are terrorists, so maybe the TSA is actually fulfilling it's intended mission when it catches Madison Cawthorn with a gun.

An attempt was made

found on Reddit

Clearly they think this is going to deter burglars, but being "really big" with proportionately tiny feet isn't really the deterrent they think it is.

Tuesday, April 26, 2022

What is xyz.exe?

from here and here

Never mind the annoyance at seeing these new binaries popping up at regular intervals, there's also the issue of investigative fatigue and the diminishing value skepticism has when most of the new binaries your security software alerts you to are just additional Microsoft detritus that came in on the most recent Windows Update.

It's Not Gay If It's TSA shirt

Product Page

We've seen a similar design before but I can't actually find that specific design anywhere. This one is pretty good too, though, and now you too can be an air-passenger hero by proudly wearing this shirt the next time you present your junk for inspection.

Monday, April 25, 2022

Plain text is the best text

from my inbox

Lots of people and organizations have difficulty doing email properly, and scammers are no exception. Everyone is so focused on the HTML portion of the email they forget about the plain text version and you often find things you weren't supposed to see; whether it be the true URL (as seen above it's entirely wrong and totally suspicious) that is often disguised in the HTML email, or what appears to have been a place-holder for a URL in what I can only imagine was some kind of scam template. 

Nice of them to give it such a helpful label.

When Harry Met Fido

found on Dump A Day

Are you not deterred? I know I am.

Friday, April 22, 2022

Redneck Computer Security

from here and here (image source)

On the one hand, this is easier to understand and use (honestly, if toolboxes can be designed to lock this way, why hasn't anyone done it for computers?), but on the other hand the key space for that lock is probably smaller than for most passwords.

Batman knows how to keep a secret

found on Izismile

I wonder if Robin's opsec is as disciplined as this, or if he's just dying to hear from people so he can show off why he's called The Boy Wonder.

Thursday, April 21, 2022

It has one job and that's not it

from here and here

Connecting your printer to the Internet, where all the hackers are, seems like a recipe for disaster. It's not like I can install an antivirus or firewall on the printer. Whatever HP (or similar printer company) needs the printer to communicate to their servers they can put into the printer drivers you install on your computer that is already connected to the Internet.

Ben McKenzie on cryptocurrency

Watch on YouTube

I bet you didn't expect the star of The OC and Gotham to have an economics degree or to speak so cogently about cryptocurrency. Most of the perspectives I've heard about cryptocurrency come from technologists and thus they focus on the technology side of things. This perspective brings a range of concepts that are generally outside the ken of a technologists' expertise, and that makes it a valuable addition to the discussion.

Wednesday, April 20, 2022

It takes a special kind of scumbag...

from here and here

As bad as it is to hack the living, it somehow seems worse to hack the dead.

We should all be meddling kids

found on ImgFlip

There are so many scams in the NFT world it's hard to believe there's actually a legitimate application in practice. Not everyone can see through the deception, though, so it's important to reveal the bad actors for what they are.

Tuesday, April 19, 2022

A dark day for the Internet of Things

from here and here

When a smart home company advertises itself as "keeping the lights on", you kind of expect it to not disappear without a trace while it's executives scrub their existence off of LinkedIn. Maybe that's expecting too much, though.The extreme measures they're taking to apparently avoid accountability are probably going to attract the very kind of attention they're hoping to avoid. Congrats on invoking the Streisand Effect, gents.

Don't Make Complex Passwords, Make Strong Passwords pin

Product Page

This little piece of flair expresses a subtle but important point. For a long time we acted as though complex passwords and strong passwords were synonymous, but that's not really the case. In fact, the we try to force complexity on passwords with ever more convoluted password policy rules, the weaker the resulting passwords become due to eliminating large swaths of possibilities. If you want your password to be strong, the single most important thing you can do is make it long.

Monday, April 18, 2022

As if smoking wasn't dangerous enough

from here and here (image source)

It's weird that our society is so fascinated with things shaped like guns when the people who actually have guns react so poorly to them.

Guard chickens on duty

found on Izismile

It can be difficult to deal with all possible adversaries yourself. Sometimes it pays to bring in help that specializes in dealing with one or more of the adversaries you face.

Friday, April 15, 2022

It really was a pipe dream

from here and here

I'm sure it took a lot of time, money, and effort to develop Pipedream, and now it seems it was all for naught because everyone got advanced warning about it.

I suppose my feelings on the matter could best be summed up as:

Watch on YouTube

The Emergency 911 Getaway Plan

found on Reddit

There's more details in the comments on Reddit if you need to know more about the story. Of course the plan was doomed to fail. If she was trying to avoid arrest, I'm not sure why she didn't just put the items back when she realized they were on to her. There wouldn't have been anything to charge her with if she returned the items before trying to leave. Some crooks aren't very bright, I guess. 

Thursday, April 14, 2022

It's just for forgotten passwords now

from here and here

Does anyone really use personal email anymore? I keep in touch with people through Facebook or Skype now. Almost no one I know still uses email for keeping in contact with others. The spammers won. They get to rule the inboxes now, and we'll make it a lonely experience for them by leaving them as the only ones left on there. 

The Spear Of Privacy

Watch on YouTube

Who needs fancy anti-drone equipment or specially trained birds of prey when a well aimed stick can take an invasive, unwanted drone out of the sky?

Wednesday, April 13, 2022

Think behind the box

from here and here (image source)

Sometimes compromises have to be made. Circumstances aren't always ideal and we have to do the best with what we've got. That isn't to say that privacy isn't valuable, but other things are valuable too and we can't always avoid conflicting interests.

At least they're being transparent about it

found on Reddit

Sometimes you have to wonder about the so-called privacy policies that companies are always updating. Do they even deserve to be called that?

Tuesday, April 12, 2022

So much for that cert

from here and here

It's not like you can actually prove someone is ethical. That interpretation of the Certified Ethical Hacker could never work, even though it's exactly the message it sends. In reality, all the certification really means is that the certificate holder has a certain set of skills associated with ethical hacking. Just because someone has all the skills of a banker doesn't mean you should trust them with your money and as it turns out this supposed ethical hacker shouldn't be trusted with your money either.

Too bad for the other (presumably) more ethical hackers who made that certificate part of their professional reputation - this crook has damaged it's value, perhaps significantly.

Black Hat board game

Watch on YouTube

Sometimes a picture alone isn't enough to decide whether you want a thing. I think that's especially true of something like a board game. You really need to see it in action to get a feel for it, and this video review of Black Hat the board game seems to accomplish just that.

Monday, April 11, 2022

Follow the money

from here and here

Realistically, if the feds can track down purveyors of child sexual abuse material through the blockchain, they can track down ransomware operators too. There's absolutely no added complexity.

The lonely machine

found on Izismile

Too bad there's never a "Yes" option, so we can't give the computer any comfort.

Friday, April 8, 2022

Turn the other cheek

from here and here (image source)

I sometimes question whether fingerprints are actually more secure than passwords, but I'm not sure if buttprints have the same caveats 

You shouldn't need Google to tell you that

found on eBaum's World

Of course, if your FBI agent were doing his job, he'd already know.

Thursday, April 7, 2022

At least there's not a huge gap they can see through

from here (image source)

It seems the incentives relating to getting security/privacy right in this bathroom are as misaligned as the sliding bolt hardware.

The Lying Robot

Watch on YouTube

Can we get rid of CAPTCHAs now? It kinda looks like they don't work anymore.

Wednesday, April 6, 2022

Better hope they forget their passwords

from here and here

If your company is in the technology industry, you should certainly know better than to allow people to retain access to your systems when they're no longer employed by your company, and even more so if your company deals with banking or other financial services.

He's seen things you people wouldn't believe

found on Acid Cow

Your FBI agent may be in the same boat. Maybe they can get group therapy together.

Tuesday, April 5, 2022

Why do so many devices need babysitters?

from here and here

It's bad enough expecting people to update their ever increasing list of devices, but now you have to actively monitor them too? I don't know about you but I've already got a full time job, I don't need another, especially if it's unpaid. I understand that routers are targets, but there's got to be a better way to mitigate the threat than expecting home users to be vigilant about a device they normally don't even interact with.

NSA Inside stickers

Product Page

I don't know which would be funnier, sticking one of these on your own laptop for everyone to see, or sticking one of these on someone else's laptop while they're in the bathroom. It seems you get multiple so you can try both, but I'd suggest going with the latter one first for maximum effect.

Monday, April 4, 2022

Just some basic breachers

from here and here

I suppose one of you will have to change.

It seems a little bit weird for state backed attackers to treat a zero-day like a commodity bit of code. Usually you expect to hear about them used in a high-value targeted attack, not sprayed by multiple threat groups at the same time. Did each of those groups know the other was also using the same exploit? Were they coordinating their efforts or just racing to get their attacks out the door before the other had a chance burn the exploit in a noisy attack?

The Dude does not abide by your scams

found on Izismile

I feel the same way about calls concerning my non-existent Visa card.

Friday, April 1, 2022

And take a bite out of crime

from here and here (image source)

I don't know about you but I would be scared away from any place that had lizards that big hanging all over it. It's way better than any "Beware Of Dog" sign.

Privacy Intensifies

found on Daily Haha

If I had pants like that, I'd make sure to eat plenty of beans in order to keep things hidden.