Tuesday, May 31, 2022

Bitcoin can't unfry a hard drive

from here and here

While it's true that some ransomware operators have incorporated blackmail into their business model so that simply restoring from backups is no longer sufficient to resolve the incident, many if not most victims still seem to be unwilling or unable to recover from backups. It's as if they think ransomware is all they need to worry about and they can simply pay the ransom to get their data back, as if that's just the cost of doing business. 

That cryptocurrency won't uncrush a laptop, it won't unflood an office, it won't stop a fire, or any of the other sorts of disasters that really would benefit from backups. Backups are still the best way to get your data back.

EICAR Standard Antivirus Test QR Code case

Product Page

Now you never have to go hunting for the EICAR Standard Antivirus Test File again. You can just take your phone out of the case, scan the case with your phone, and then send the result to whatever needed the EICAR string. 

Monday, May 30, 2022

No cell phone number for you!

from here and here

Twitter isn't even the first company to get caught misusing security contact information for ad targeting, but at least they're paying the price for misusing our info

And that's your first lesson

found on Izismile

Don't expect a refund since you learned the material even without a physical book in your hands.

Friday, May 27, 2022

Threat modeling gone wrong

from here and here

It's amazing that the US has tighter restrictions on Kinder Surprise Eggs (not to be confused with Kinder Joy Eggs) than they do on assault rifles. I wonder how the deliberations for that went. Do you think if there was a chocolate lobby as powerful as the gun lobby that there would be a constitutional amendment guaranteeing the right to bare treats? 

Have fun with passwordless authentication

found on Reddit

They've been trying to get rid of passwords for years, opting instead for things like your phone (as a token) or biometrics, or both. Unfortunately alternatives to passwords require additional hardware and just aren't as reliable as passwords.

Thursday, May 26, 2022

When there are extra antennas that don't improve call quality

from here and here (image source)

I'm sure the little feet touching your face will give it away in this case, but extra antennas (if you're willing to open it up and look) is a bit more generic.

Credit card tap and go is risky


Watch on YouTube

Now you might be thinking that you'd notice someone walking around with a point of sale terminal like that, but what if they aren't carrying it in their hands? What if it was in a large purse or duffle bag?

Wednesday, May 25, 2022

Now anyone can come from the land down under

from here and here

I'm sure I've dated myself with that title, but as badly as the person who thought a 4 digit encryption key was strong enough. They were clearly from far, far in the past. 

Cryptocurrency, Not Even Once

found on Reddit

I wonder if anyone has ever examined the crypto bro phenomenon from the perspective of substance abuse. They certainly seem to have a problem that they need to admit to in order to get help.

Tuesday, May 24, 2022

The cloud was too wet for the file server

from here and here

Don't worry, I've got the decryption shovel right here. Decryption using a key? That would take forever.

Not Even A Kid Can Hack This poster

Product Page

Those sound like famous last words, if you ask me. I have a feeling he simply asked the wrong kid.

Monday, May 23, 2022

How will they SCARE up new customers then?

from here and here

A common element in most VPN marketing is talking about all the privacy threats their service protects you against because it encrypts your traffic - even though most websites are already encrypted. It's almost as if they're stuck in the past (when sites weren't encrypted), but of course the real reason is probably just that fear sells. 

Netflix lost it's chill

found on Izismile

I guess they no longer believe that "sharing is caring". Do they not realize this is how we Netflix & chill in a pandemic?

Friday, May 20, 2022

His special skill is chipping away at your privacy

from here and here (image source)

Of course hes' a little more like-able than his namesake. Probably because he doesn't seem quite as robotic.

The Camouflage Diet (you can't eat what you can't find)

found on Izismile

Even the caption on this picture blends in a bit, so if you missed it, there's a cracker pictured above. See if you can find it (and the caption)

Thursday, May 19, 2022

Pedal protection

from here (image source)

If there WAS supposed to be a bike attached to that then you clearly locked the wrong part.

Not all dogs are good dogs


Watch on YouTube

A common misconception is that other humans are the only things that count as security threats, but that clearly underestimates the capabilities and motivations of animals.

Wednesday, May 18, 2022

How the mighty have fallen

from here and here

This has definitely not been Russia's year. Not only has their misguided invasion gone horribly wrong, now their hacktivists can't even pwn a seemingly easy target like Eurovision. Russia sure has lost a lot of respect on the world stage.

Whatever gets the job done

found on Izismile

You know what they say, if it's stupid and it works then it's not stupid. This may not be barbed wire, but that doesn't mean it won't have the same impact, and from the looks of it I think it probably could.

Tuesday, May 17, 2022

Let's play "Where's Wallet"

from here and here (image source)

Now, in order to really pull this off, you're going to need to put decoy wallets in some of the the decoy pockets, otherwise pickpockets will just look for the one bulging pocket.

I Saw Your Password pin

Product Page

If you need a little extra "flair" for your outfit, this may do the trick and maybe even trigger enough paranoia that people change their passwords

Monday, May 16, 2022

This plan couldn't possibly backfire

from here and here

It's 2022 and apparently the European Union has learned nothing about mandating encryption backdoors

Who's gonna tell him?

found on Izismile

On the one hand, the bear is very clearly not blending in well enough to hide from a predator. On the other hand, his only predator is man, who would be hunting him with a gun, and while the cat and owl may be concealed, the bear has at least partial cover. 

Friday, May 13, 2022

Like a firewall for your store

from here and here (image source)

"But how do you let legitimate traffic through?"

See how much like a firewall it is?

It's probably not actually burglar-proof, though. I'm fairly certain the Koolaid Man could get through. 

Roomba, how could you?

found on Izismile

It's a funny pun, but some of those robot vacuums actually do send data about your home back to the manufacturer. 

Thursday, May 12, 2022

Are there any privacy settings for that?

from here and here

Ever have one of those dreams where you're naked in school? I think being caught attending a parliamentary session from the comfort of the commode beats that hands down, especially since it's not a dream. Unfortunately I don't think there's any way for the software to protect you from making that kind of lapse in judgement.

CAPTCHA Nowadays


Watch on YouTube


If you feel like CAPTCHAs are getting harder and harder as time wears on, you're not alone, and you're not crazy. They really are getting harder because people keep coming up with ways to defeat them. I'm not sure we've reached the point seen in this video (yet), but it may only be a matter of time.

Wednesday, May 11, 2022

Are you here for tourism or terrorism?

from here and here

Can you guess where the (presumably) infrequent flyer came from? Why do I presume they're an infrequent flyer? Because you'd have to be to think you could take an explosive on a plane in this day and age.

A gate is only as strong as it's weakest lock

found on Acid Cow

You've heard the saying that a chain is only as strong as it's weakest link? Well as this multi-user access gate demonstrates, something similar can be said of gates and locks. Of course most gates only have 1 lock so you might not even think of it in those cases, but even then it's still true (trivially so in fact).

Tuesday, May 10, 2022

The biggest lie in InfoSec

from here and here (image source)

Virtually no one actually takes your privacy and security seriously, except maybe (hopefully) you. When businesses say this they're lying. A company that actually took your privacy and security seriously wouldn't collect your data in the first place and so wouldn't need to placate you with such hollow platitudes, because there wouldn't be a need to mention it in the first place. 

Crack Hashes Not Skulls shirt

Product Page

It feels weird posting a link to a product on Ebay. I'm not sure how long that's going to be around. I'm going to be honest, though - if someone is launching attacks I'd much rather be cracking skulls. Perhaps that's just me.

Monday, May 9, 2022

Where do the crooks sit?

from here and here (image source)

These chibi cop cars are too cute to take seriously. This is like the cop car version of a couple of kids standing on each others shoulders under a rain coat trying to pretend to be an adult. The problem (besides the obvious logistics problem) is that this undermines the respect that we're supposed to have for authority figures.

It's never truly done

found on Reddit

The thing about windows updates is that it's never done. There will always be more to fix.

Friday, May 6, 2022

Keeping honest people honest

from here (image source)

The anti-theft devices applied here are definitely not going to stop a thief of any calibre. It appears that there are instructions for cutting through wire (like the kind used by the anti-theft devices) right on the packaging of these pliers. You could probably swipe one of thees pliers with one hand tied behind your back.

Pick (almost) EVERY Type of Lock


Watch on YouTube

It's not really every type of lock but it is a lot of them and the information density in this video is very high. I've seen explanations for how to pick standard pin tumbler locks before, but this explains so many more types of locks and I'm surprised how similar some of them are to traditional pin tumbler locks (so much so that you can use the same tools in some cases).

Thursday, May 5, 2022

Close only counts in horseshoes and rolling pins

from here and here (image source)

I've heard that the street finds it's own use for things, but I think it's also good to know how to recognize threats so that you don't risk life and limb rolling dough with a hand grenade. 

To CAPTCHA is human, to modulo divide

found on Reddit

Something tells me in the future we may regret setting that precedent for what our defining criteria is. 

Wednesday, May 4, 2022

You're gonna need those hotfixes eventually

from here and here

You may think this is fine, but sooner or later you're gonna get burned.

That's when you need a VPN

found on Imgur

VPNs are supposed to protect your traffic from prying eyes, but since most sites are encrypted these days your traffic is generally already protected without a VPN. That doesn't mean you should let your guard down when faced with the creepiest free WiFi.

Tuesday, May 3, 2022

Finally a good use case for IoT

from here and here

Fortune really has not shone on the Russians lately. Maybe they can repurpose those Russian hackers of theirs to break the protection on these bricked tractors and harvesters they stole

Rug Pull rug

Product Page

I was trying to think of a use case for this rug celebrating cryptocurrency scams and then it hit me - you use it to decorate your office or cubical in case you happen to work with a crypto bro who's always trying to convert you. It will either offer an opportunity to educate them or it will keep them away.

Monday, May 2, 2022

Watch out for skid marks on the Internet of Shit

from here and here

Thanks to Rob Rosenberger for using the term "cyber commando" and prompting me to wonder about alternate interpretations. If you're wondering whether smart underwear are real - they are, and it's the most sophisticated technology you've ever pressed against your taint. It does raise some interesting privacy questions, though, especially since it has privileged access to your privates.

Future Facebook employee

found on Izismile

I suppose it's possible this person might also have a bright future as someone's FBI agent.