Monday, February 6, 2023

Quick! Try to blend in!

found on Acid Cow

The people who are better at blending in to the background don't have to do as much work, so you could say there's an evolutionary advantage to being able to camouflage yourself even in the retail environment.

Friday, February 3, 2023

That's no moon

from here and here

There are few things as absurd as a spy balloon. Imagine a spy you can see coming miles away. How much are you going to leave out in the open for them to see? Since people are going to see it coming, maybe you should consider making it look like something else, like a novelty balloon. You know, like a disguise.

Don't expect to get privacy if you don't give it

found on Izismile

When was the last time you gave your four-legged friend privacy when they did their business? How's that little dog supposed to even know what privacy is if it's never been given to them?

Thursday, February 2, 2023

I just had a QNAP

from here and here

It's hard to believe, but the year is 2023 and people are still creating products with SQL injection vulnerabilities. I can only guess that the Q in QNAP doesn't stand for quality. It might stand for quick, because that's how fast you can get pwned with a vulnerability like that.

The Bitcoin Kid


Watch on YouTube

Imagine pulling off one of the biggest bitcoin heists and seemingly getting away with it with little more than a slap on the wrist. I wonder who that kid was and if he wound up working in the security industry - or if he even needs to work at all anymore.

Wednesday, February 1, 2023

They're hooked on hopium

from here and here

I think this is probably true for just about everyone on the receiving end of spam, which is why the spammers need so much imagination to believe any of us will pay them. The problem is it's not absolutely everyone receiving spam. There are still a few hold-outs, still a few people out there who fork over their hard earned cash on absolute garbage (or maybe it's not hard earned after all and that's why they're so open to wasting it). Those are the people keeping spammers' hope alive.

Checking for unauthorized treats

found on Dump A Day

Who better to locate unauthorized treats than a pack of ravenous kittens?

Tuesday, January 31, 2023

When you have a password manager

from here and here

It's easy when you don't have to remember them yourself.

Think Before You Click mug

Product Page

Because sometimes you need a reminder. Especially if you haven't finished the contents of the coffee mug yet.

Monday, January 30, 2023

Give a face recognition system nightmares

from here and here (image source)

Right now PPE is doing a fine job of covering up most of my facial features when I go outside, but the pandemic won't last forever (hopefully), so I'm definitely considering this as an alternative. It's either this or go around looking like a bank robber.

Keep your private information private

found on eBaum's World

Just in case you can't read the fine print, it says:

No one is interested in your conversation - trust us. Trust us - we DON'T want to know. Please keep your voice low when talking on your cell phone on the CTA, or send a text instead. Keep your personal conversations personal.

That is excellent advice, and I wish people would follow that everywhere. 

Friday, January 27, 2023

That's gonna be a no from me

from here and here

I've come to expect this kind of data sharing shenanigans from websites, but from brick-and-mortar stores? Why? Don't they save enough money by not printing a physical receipt to more than pay for the service of emailing the receipt?

Don't shoot! I surrender!

found on Reddit

There's probably a lot wrong with this idea, like the fact that it will make it unsafe for unarmed bystanders because everyone will have to be assumed to be armed with one of these and armed forces would have to shoot them as soon as they tried to raise their arms to surrender. It's never a good idea to make real surrender less safe.

Thursday, January 26, 2023

They get everywhere

from here and here

Keeping secrets is hard. It's even harder doing it on a large scale. If there was just a couple of them then it probably wouldn't be that difficult to keep track of them all, but thanks to overclassification there are millions of them. It's no wonder they get everywhere.

Dinner Fork Door Lock


Watch on YouTube

I wasn't sure about calling this a lock, but then I looked around and found there are all sorts of things called portable door locks that aren't really that much different than this, so I guess this qualifies.

Also, go to the YouTube page and check out the description and comments to see why this isn't just a waste of a perfectly good fork. You may not have the threat model that this applies to, but other people do.

Wednesday, January 25, 2023

The P in IoT stands for privacy

from here and here

I'm glad to hear that people aren't bothering to connect their smart appliances to the Internet. Good for them. Maybe the spy-appliance companies will take the hint and get out of the consumer surveillance game. People just want to wash their clothes and cool their food, they don't need devices that spy on you in your own home.

The only winning move is not to play

found on eBaum's World

You'll never be caught clicking on the wrong thing if you never click on anything.

Tuesday, January 24, 2023

Too much faith in technology

from here and here

A networking failure shouldn't cause lights to get stuck in the ON position, and not anticipating those kinds of failures in your design is a pretty good indication that you didn't anticipate malicious misuse either. A good engineer anticipates failure. A good security engineer also anticipates malicious misuse. There are probably a number of security vulnerabilities in the system in addition to this lighting control DoS.

I Play With Malware sticker

Product Page

Maybe it's just me, but this seems like the kind of sticker which, if it were on your laptop, could keep people away from it if you accidentally left it unattended in the coffee shop. Either that or someone would call the cops.

Monday, January 23, 2023

Don't let the computer feel insecure

from here and here

Computers with attachment issues is the main reason I dislike SSO.

Have you never heard of Incognito Mode?

found on Izismile

Stop giving your parents palpitations and start protecting your private browsing. Your browser should either have special Incognito windows or Private Browsing windows, depending on who makes the browser. Learn to use them automatically for everything. You might even be able to configure them as the default.

Friday, January 20, 2023

Are they trying to set a record?

from here and here

Eight breaches in five years is a bit over the top, if you ask me. I wonder what would happen if the fines scaled up for each breach you had. How many breaches until companies ACTUALLY took the security of our data seriously?

He fails the IRL version too

found on Reddit

I'm sure we're all familiar with the fact that some people, by way of some kind of defect, appear to be blind to the presence of traffic lights. Imagine how hard CAPTCHAs must be for those poor souls.

Thursday, January 19, 2023

Another one bites the dust

from here and here

I don't imagine anyone is going to lose any sleep over the authorities taking down a crypto exchange that worked with cybercriminals, except maybe the people who are next.

Never underestimate your adversaries


Watch on YouTube

You wouldn't leave the key in the lock if you were locking up a person, so why do so when you're locking up a cat? 

Wednesday, January 18, 2023

Nobody tells government employees what to do

from here and here

It's not every day the solution to a problem is staring you in the face. Maybe the 130 people who used the password ChangeItN0w! would have been better able to see the solution if the password box wasn't masked.

Peeper prevention

found on Dump A Day

I don't know if Randall Munroe of XKCD is a peeper, but if he is I'm sure this would work on him. 

Tuesday, January 17, 2023

First time cyber

from here and here

I don't know why I've never heard of cybercrime against a liquor store before, especially since it's such a staple of real-life crime. I know we've already seen it happen to convenience stores.

Anti Facial Recognition mask

Product Page

I couldn't find any research about this specific pattern to suggest it does more than any other mask to foil face recognition, but face masks in general do significantly lower the confidence of a match, and if you pair this with a pair of dark sunglasses you should be good to go even if it's a dud. On the other hand, the pattern could also serve as a conversation starter so you could help others start thinking critically about whether they want to be surveilled by facial recognition systems.

Monday, January 16, 2023

Jeepers creepers, no one can hide from those peepers

from here and here (image source)

Sometimes surveillance cameras are installed in such a way as to blend seamlessly into the background. Other times you get nightmare fuel.

Get yours today!

found on Reddit

It's not a limited time offer, and you don't have to worry about supplies lasting, but if you want them then there's no point in waiting.

Friday, January 13, 2023

With features like that, who needs keyloggers?

from here and here

I know it's not intentionally a keylogger, but there isn't much separating it from one. It does record keystrokes and it does output them without your knowledge or consent. The main difference is that it doesn't provide a way to get your keystrokes into a particular hacker's hands - although if it just starts spitting them out randomly it is entirely possible some of your sensitive keystrokes may find their way into some random hacker's hands. That would be very unlucky, but this is Friday the 13th.

How to make your mom regret she had you

found on Dump A Day

Money may be fake, but her contempt sure looks real. Maybe don't invalidate the thing she toiled all those years for in order to give you a good life. After all, she brought you into this world and she can sure as heck take you out of it.

Thursday, January 12, 2023

How do you mess up water and detergent that bad?

from here and here

Now, I'll grant you even a dumb washing machine could theoretically short circuit, but this short circuit is apparently controllable with software, which makes me think maybe software shouldn't be involved.

Worst Criminal Disguises


Watch on YouTube

Some of these crooks have been seen here before, but some of them are new. That produce bag mask idea was fresh.

Wednesday, January 11, 2023

Patch 'em if you got 'em

from here and here

Is there ever a good time to apply updates? People are rarely at their computer unless there's something they're trying to do, and when they aren't at the computer it's usually powered off or in sleep mode. The person who solves this problem will make Patch Tuesday a lot easier to deal with - especially when there are nearly 100 updates included.

Glad we finally solved that problem

found on Reddit

This looks like it will be about as effective at stopping terrorists as the TSA is, and it'll cost a lot less money.

Tuesday, January 10, 2023

Suddenly beaters don't look quite so bad

from here and here

It's honestly kind of shocking how many cars are vulnerable to hackers and how much they can do to them. Makes me glad I use public transit.

You Wouldn't Base64 A Password pin

Product Page

Well, I sure hope you wouldn't base64 a password. You're supposed to hash those things, and base64 encoding is not the same as hashing. It's not even close. Base64 encoding is reversible, which is not a property you want when you're protecting people's passwords.

Monday, January 9, 2023

Some jail birds have friends in high places

from here and here

They say the old ways are the best ways, and using homing pigeons to sneak things past security personnel is definitely an old way, so it makes you wonder why you don't hear about it happening in jails more often.

Cyber threats come in all shapes and sizes

found on FailBlog

If it's not squirrels chewing through power and telco lines, it's Mr. Whiskers here chomping down on the edge of the screen and breaking it. Animals can be threats too. Don't underestimate your adversaries, especially the cute ones you might never have suspected even were adversaries.

Friday, January 6, 2023

It's a tracking device that also happens to make phone calls

from here and here

Do Russians not watch the same movies and TV shows that we do? Tracking a cell phone is child's play for the authorities, so I find myself wondering what was going through their heads when Russian soldiers gave away their position by using their cell phones. Perhaps the answer is "nothing"

Unforgettable

found on Dump A Day

I guess you're either the one they want to remember or the one they want to forget

Thursday, January 5, 2023

Assuming Twitter still has anyone left to send them

from here and here

Well, it was only a matter of time before Twitter suffered a large data breach if Peiter Zatko is to be believed. I don't know how they're going to tell the affected users now that they have no communications team. I guess Elon is going to have to do it himself.

Open a Master lock 176 with a Master lock 176


Watch on YouTube

If this is real, it's hilarious, but also an excellent warning to not use that lock.

Wednesday, January 4, 2023

Sorry for the data breach

from here and here

Companies are always trying to assure you that they take your privacy and/or security seriously, but they say it so often (and apparently do so little to back it up) that it's become meaningless. 

It would almost be better if they said "sorry for the data breach", in the same vein as "sorry for your loss", except that they are ultimately responsible for it.

On second thought, it would be better if they just put their money where there mouths are and actually did the work required to protect us properly.

Checkmate Mr. Smartypants

found on eBaum's World

For every person there is a way to fool them. It's just a matter of finding the right bait.

Tuesday, January 3, 2023

Your passwords are safe for now

from here (image source)

Add this the the long list of destructive ways to stop the bad guys from getting your data. Too bad they stop you from using it at the same time.

You Can Trust Me shirt

Product Page

A great shirt for physical penetration testers, just not while they're on the job. 

I found this novel design while searching around for interesting security-related merchandise, and quite by accident I hovered over something and saw Graham Cluley's name pop up because it turns out this is his design. So thank Graham for this, and by thank him, I mean of course buy his shirt. 

Monday, January 2, 2023

It's camouflage time

from here and here (image source)

Camouflage doesn't always have to mean that splotchy green and tan pattern, it can be anything if it blends in well, and this watch background definitely does that. It could also serve as a means to verify the owner should the watch ever get lost. I don't think most people are quite that hairy.

Apparently some people CAN put a price on privacy

found on Reddit

It appears to only seat 3, so I guess not only can some people put a price on privacy, some don't even set the price very high.