Friday, July 29, 2022

Now that is a special character

from here and here

Logon the clown hates repetition.

Logon the clown is a capitalist, but only some of the time. 

Logon the clown wants your digits.

Logon the clown hates $@%* words.

Logon the clown believes size matters, but Logon the clown has limits.

Don't tempt fate or hackers

found on Reddit

As a general rule it's best not to make a target out of yourself. Remember that the nail that sticks out gets hammered down.

Thursday, July 28, 2022

There's a reason he only got one victim

from here and here

I'm sure I'm not the only one who has seen the results of some comically misconfigured spambots before. I fully expect there are other misconfigurations that are just so broken that no one would ever see the results, except maybe the attackers themselves.

A CIA-Issued Rectal Tool Kit For Spies

Watch on YouTube

Thanks to movies, the world of spies has a reputation for being full of sexy, suave, sophisticated agents. It's a good thing we never saw 007 pull a toolkit out of his butt. That would have ruined the mystique.

Wednesday, July 27, 2022

The most dangerous thing they ever caught

from here and here

They may have caught it but they didn't stop it. They don't stop much, after all.

Good thing you didn't forget which finger to use

found on Acid Cow

There are a variety of reasons why unlocking a phone with just a fingerprint might not be a good idea (such as the fact that it can be entered without your consent by an intimate contact or compelled from you by the authorities) but if those kinds of adversaries aren't part of your threat model then forgetfulness is certainly an argument in favour of fingerprint unlock.

Tuesday, July 26, 2022

I don't know what the scammers expected

from here and here

I'm not sure how much time and energy the scammers wasted by hacking's twitter account, but I am sure it was wasted time and energy. You won't find suckers that way. 

PWNED sticker

Product Page

While you can get this design on other things, and they may even be more legible, I kinda like the idea of being able to slap this sticker on anything, maybe even other people's belongings as a prank. 

Monday, July 25, 2022

Does it involve worms?

from here and here

I'm not sure why phishing over different mediums requires different words, or why it is that all these different -ishings are so annoying, but they are so let's not make any more of them.

Zuckerberg laughed on his private island where no one could hear him

found on Izismile

Are your devices listening? Yes, especially if there is any voice assistance technology in them, because it's almost certainly not in them but rather in the cloud where real humans also listen in for training purposes.

Friday, July 22, 2022

Transportation Security

from here and here (image source)

Before seeing Ms. Marvel I had no idea shoe theft was a big problem (even though I myself was once a victim of winter boot theft). Now that I've made the connection, though, as silly as this looks it might actually be a viable solution (at least for open toed footwear).

All capybaras are what now?

found on Memedroid

I can sort of see putting a cat in a police K9 outfit - even though they're not dogs, they have at least been know to attack. But a capybara? I have never of a capybara that wasn't way too chill to attack. 

Thursday, July 21, 2022

Extra fees in 3...2...1...

from here and here

I have a feeling VPNs are going to take a hit because of this new Netflix policy. It may only be rolled out to a few countries right now, but as soon as it becomes widespread it's going to present VPNs with a problem. It directly attacks location shifting, which is one of, if not THE main use case for VPNs. People aren't going to want to pay as much for VPNs if there are going to be additional fees from other services in response to using a VPN.

You might be thinking that VPNs will still be necessary for security/privacy, but you don't really gain much in those areas now that the majority of websites use HTTPS. VPN companies may still be able to sell their services on this use case, but then they'll just be peddling snake-oil.

Senior loses $60,000 in computer virus banking fraud scam

Watch on YouTube

It's one thing to tell people to be careful online, but how can they really know what to look out for? That's why examples are important, and as bad as this is for Katharina Muir, at least her experience can serve as a warning to others and give them a more concrete example to look out for.

Wednesday, July 20, 2022

When GPS means Global Pwning System

from here and here

Here I was thinking that the worse case scenario for a GPS tracker was that it broadcasts your location, but it turns out that's the least of your worries if you have one of these GPS units installed in your vehicle.

I always feel like somebody's watching me

found on Acid Cow

I have a soft spot for pranks, and I would very much like to try this one some day (if I ever travel again)

Tuesday, July 19, 2022

High Security

from here and here (image source)

It'll take a bigger man than me to attempt such a daring robbery. At least during the daylight hours when climbing up that thing makes you into a spectacle. Maybe it'll be better under the cover of darkness.

Or maybe bike thieves will just always prefer the lower hanging fruit (the bikes already on the ground).

It's A Buffer Overflow Thing, You Wouldn't Understand shirt

Product Page

Whoever made this t-shirt design seems to have had the foresight to recognize that not everyone wants to boast about the same thing, so in addition to buffer overflows there's privilege escalation, false positives and more. 

Monday, July 18, 2022

Living In The United States Of Amazon

from here and here

Apparently Jeff Bezos makes the rules now, and he's decided to imbue his own employees with the powers normally held only by judges who grant search warrants. Something about private sector judges seems deeply unsettling.

Why people give up on answering the phone

found on Acid Cow

I don't answer the phone anymore, and this pretty much sums up why. The spam calls are more frequent than the real ones, so if anyone needs to get in touch with me they need to leave a message 

Friday, July 15, 2022

Keep everything locked down so nothing gets out

from here and here (image source)

Considering what can travel through the pipes, I think this may have legitimate applications in some areas. Thankfully I don't personally live in those areas. 

Countermeasures that are outside the box

found on Reddit

It's certainly an unusual approach to sexual harassment. I wonder how good an idea it is in our worsening anti-LGBT+ environment, though. It might backfire so maybe don't try this at home?

Thursday, July 14, 2022

We take your security, seriously

from here and here

Surely there are better ways of providing support than implementing a backdoor account. At the very least, a support account shouldn't have fixed, known credentials.

Mike Shake: This is Why Combination Locks are Completely Useless

Watch on YouTube

As far as the bike lock is concerned, I think most thieves would just use a cutting tool rather than try to actually decode the lock. This still seems like an interesting skill to learn, though, and who knows, if you're fast enough then maybe you can make decoding the lock seem legit enough that people won't question it when they see you trying to open the lock.

Wednesday, July 13, 2022

It's a good thing politicians would never try to spam or scam us

from here and here

Leave it to the "Don't be evil" company to continue to find new ways to be evil. And yes, I know that politicians would in fact try to spam and scam us. The former president and grifter-in-chief already has scammed people by email under the ruse of fighting the election results.

As of writing, there's still time to voice your concerns to the FEC (by email it seems -

It'll be rare stamps in the post next

found on Dump A Day

I'm not sure if our hero here actually thought the coinstar would recognize that they were rare coins and pay more for them, or if he got caught without an appropriate fence for them and needed to get rid of them fast, or if he literally just thought he was stealing pocket change. 

Tuesday, July 12, 2022

Your mileage may vary

from here (image source)

I've seen cars chained to posts as though they were bikes, and I've seen cars padlocked as though they were gates, but this might be the first time I've seen cars 'protected' as though they were phones.

I Know Your Password pin

Product Page

You can never have too much flair (or at least that's what the movie Office Space taught me) so why not add a vaguely threatening button/pin to your flair collection. Make people secretly question the security of their online accounts every time they see you.

Monday, July 11, 2022

We're never going to have trustworthy computing at this rate

from here and here

Not that I trust Microsoft's vision of "trustworthy computing", but people have been sounding the alarm about office macro malware literally since the macro feature was invented. To have macros finally disabled after all these years and then almost immediately re-enabled again is a huge disappointment.

Adventures in risk assessment

found on Real Funny

Would you give him a ride? I mean, I know he's got an axe, but how many axe murderers are there really? I think most killers would use a different, more easily concealed weapon. 

And yet, I suspect no one is going to give him a ride. He'd probably have difficulty even without the axe because we look at him and weigh the potential risks against the potential good feeling of doing something nice for someone, and even the smallest risk now outweighs that good feeling these days.

Friday, July 8, 2022

That was the 'nothing' I clicked on

from here and here

Any kind of weird or unexpected behaviour from an email attachment is probably a bad sign.

Superman's got the right idea

found on Reddit

Part of me wonders if that's just dog money (dogecoin?), but the rest of me agrees with the hypothetical man of steel here, and I'd like to think he could see through the scam even without his x-ray vision. 

Thursday, July 7, 2022

That's a nice network you've got there. It'd be a shame if something were to happen to it

from here and here

If you're wondering which came first, my suspicion is that the companies started exploiting fear first. They had a financial incentive whereas early attackers weren't monetizing their attacks and were trying to go unnoticed. Capitalizing on fear draws attention that they didn't want back then. 

Scammer Payback: I Found their Scam Call Center....Let's call them

Watch on YouTube

It's interesting to learn how easily scammers can get spooked. That means it doesn't take much to disrupt their operation, at least temporarily. And because it doesn't take much, that makes it feasible to keep disrupting them.

Wednesday, July 6, 2022

How not to get a handle on physical access control

from here and here (image source)

Security is often accused of making things less convenient, but this is absurd.

You might think this would stop shoulder surfing, but in fact if someone was going to do that they'd likely be doing it from off to one side, and as this photo demonstrates, the handle obscures less from such an angle. It's greatest impediment is to the person standing directly in front of the lock.


Are bird cops also bastards?

found on Klyker

Normally we think of authority as being something that's used against people, but people aren't the only threats

Tuesday, July 5, 2022

You'd think they'd have better defences

from here and here

At first when I read about the British Army getting their online accounts breached I was thinking they should have better defences, but then it dawned on me - they're stuck with the same tools we are. Online sites don't have a special set of security features just for the military. Those sites aren't holding back security features from the rest of us that could help us protect our accounts. We're all in the same boat and that's why we all get the same outcomes. 

But it is really weird to think that the military is just as vulnerable as the rest of us when it comes to online account take-overs.

Smart Jewelry

Watch on YouTube

Normally I'm skeptical of "smart" technology, but this high-tech panic button disguised as jewelry actually seems like a pretty good idea. My only concern is whether it's transmissions can be used to track you. That might not be the threat model this is meant to address, however. I imagine run of the mill attackers on the street aren't employing sophisticated signal tracking equipment, and the kind of people who do employ it are going to need something more than just a panic button to deal with.

Monday, July 4, 2022

But it's "for your security"

from here and here

Twitter and Facebook have both been caught misusing the 2FA details for ad targeting and they are probably not alone.

There are many ways that online sites could have chosen to implement two factor authentication. It stretches credulity to think that they just happened by accident to choose the one that benefits their advertising businesses.

No, I think any security benefits were actually a secondary concern and that's why the online world has settled on a technology that is actually inferior from a security perspective.

Hope you're not in a hurry to leave

found on Izismile

Making it hard to get in is understandable, but making it hard to get out? That's going to be a problem. I don't think the fire marshal will approve.

Friday, July 1, 2022

******** Mask

from here and here (image source)

I suppose if you pull a Kevin McCallister (Home Alone) while wearing this thing you'll probably wind up with an OK password, but everyone around you will be able to see what it was. It makes shoulder surfing much easier.

Threats come in all shapes and SIZES

found on Izismile

2mm may not sound like much, but apparently it could still do some damage if fired in someone's face