Friday, April 28, 2023

Our founder who art investing, HODL be thy name

from here and here (image source)

I think it was Ben McKenzie who said don't invest more than you can afford to lose.

Can you spot the big cat?

found on Izismile

Hiding in plain sight has benefits for both attackers and defenders. That's why nature is full of examples of camouflage.

Thursday, April 27, 2023

Advanced Persistent Teens

from here and here

So I had kind of gotten the impression that the age of children being a significant online threat was a thing of the past. With all the talk about the commercialization and professionalization of the threat landscape I thought that meant the kids in the past had grown up and professionalized while the next generation of kids did something else entirely. Apparently I was wrong. Kids are apparently still a significant part of the threat landscape.

I guess I really shouldn't be surprised, though. All the intellectual and social rewards that drew kids to it in the past are still there now, and now there's the addition of financial rewards too. There's little reason for the next generation of kids to go elsewhere when what they want is right there.

We Tested Car Break-In Products

Watch on YouTube

It's one thing to watch experts use these kinds of tools, but it's quite another to see... less practiced individuals give it a try. It highlights that there can still be a fair bit of skill involved, so don't get discouraged just because these tools exist. It's not just anyone who can use them so chances are no one is performing a non-destructive etry on your vehicle while it's locked.

Wednesday, April 26, 2023

Freaky Friday Jailbird Edition

from here and here

Well here's a new twist on "You've got the wrong guy". I wouldn't want to be the guy left behind, but even worse, I wouldn't want to be the guard who not only failed to see through the impersonation but also failed to recognize it might be a possibility. Authentication by the honour system is not something you should try with criminals.

The unspoken cost of porch piracy

found on eBaum's World

This also demonstrates the importance of continuity planning. Don't wait until you run out of an important resource before you buy more. Instead order more long enough ahead of running out so that you always have some in reserve in case of emergencies like this.

Tuesday, April 25, 2023

Authentic fakes now for a low, low price of FREE

from here and here

I originally thought this verified fake Disney account had perhaps paid the $8 that Elon Musk wanted for blue checkmarks, but on closer reading it seems the account had a gold checkmark and those actually cost $1000. Or at least they're supposed to, however it appears some got handed out for free, so not only did Twitter not verify the account was an authentic representative of Disney, they didn't even verify the account owner was an authentic paying customer. 

Furthermore, it appears this isn't the only mistake they made. Accidentally "verifying" people who can't pay and who can't verify their phone number because they're dead means the entire verification process is fake. There is no authenticity here.

I Don't Remember My Password pin

Product Page

I don't remember mine either. That's what password managers are for. 

Monday, April 24, 2023

Let's see you "tailor" your marketing to that preference

from here and here

So I log into my ISP, of all things, and I get a pop-up that informs me that ads are a fact of life and if I want relevant ads I should give them more information about myself. They can go pound sand.

I hope he knows how to shoot from the hip

found on Acid Cow

On the plus side, it's going to be very difficult for anyone to steal his side-arm.

Friday, April 21, 2023

Department of Pearl Clutching

from here and here

Of course the FBI is raising a stink about Facebook switching to end to end encryption. And of course they're going to say they're worried about kids. Here's an idea - if the children really are their only concern, why not simply ask tech companies to disallow encryption when communicating with children? It's not a hard sell to suggest that kids require supervision. Problem solved, if that is in fact the real problem. I doubt it is, however.

When there's no more chill

found on Dump A Day

Maybe it's just me, but I would have thought that if your relationship with someone is so bad that you have to block them then surely you'd also stop using their Netflix account, wouldn't you?

Thursday, April 20, 2023

It'd be a shame if your flying computer crashed

from here and here

Apparently military helicopters are now just computers that happen to fly, and if you don't apply patches you're asking for trouble.

Using Movie Quotes to Waste an IRS Scammer's Time

Watch on YouTube

Well that was an experience. It's kind of an absurd video but make sure you watch to the end for a surprise.

Wednesday, April 19, 2023

For Rent-A-Cop caliber bad guys

from here and here

It takes a special sort of stupid to fall for, and even more so if you're looking for employment there. I think maybe, instead of renting out their services, they should have tried renting out the space between their ears.

Bringing balance to the force

found on Funny Junk

Isn't balance what society is after these days? Isn't that why the news covers "both sides" of things? Maybe the Insecurity guy is contributing something worthwhile.

Tuesday, April 18, 2023

Hey guys, look at my top secret clearance

from here and here

There's a pretty surprising detail about the alleged leaker of classified documents on discord. I'm not sure how such a character trait slips through the vetting process. There IS a vetting process, right? I'm sure they don't just give every Tom, Dick, and Harry top secret clearance. Right?!

Trojan Horse shirt

Product Page

Well, it's definitely an eye-catchingly colourful design. I'm sure it will attract attention.

Monday, April 17, 2023

Always check for a bounty program beforehand

from here and here

I'm not saying there's anything wrong with wanting something in return for your efforts, but be honest about your motivations and be more curious about how that process works. Don't just assume everyone hands out bug bounties, because they don't, and if the company in question doesn't then it's best to not even mention it.

Frankly, when you approach a company with a report that mentions a deadline to act and payment they never agreed to, quite a few are going to interpret it as some sort of shakedown or blackmail. One of the best indicators that a company won't do that is if they do in fact have a documented bug bounty program.

When everyone is part of your threat model

found on eBaum's World

I'm not sure we would have much of a civilization if we couldn't trust each other most of the time, but if this is how much you trust people then I suppose you should act accordingly. 

Friday, April 14, 2023

Never trust a crook

from here and here

If it weren't for the desperation that ransomware victims often feel, I suspect a lot fewer would believe those trying to take advantage of them. Even if you do get your data back, that doesn't mean the crooks won't try to extort you later, and paying lets them know you're a viable source of funds for them.

Not so secret entrance

found on Acid Cow

Someone is going to have to do a better job of hiding their secret doors.

Thursday, April 13, 2023

For all your high top security password needs

from here and here (image source)

I didn't know there was a way to make Chucks even better.

If the 'Forgot your password' thing was a person

Watch on YouTube

Thankfully password managers seem to help me avoid this problem, so I've never been stymied by a password devil.

Wednesday, April 12, 2023

Lag Tuesday

from here and here

It's not just the games themselves. Everything is slower to respond on that one day of the month. Even in the background, updates still interfere with what you're doing. It's a shame that keeping up to date slows everything down.

One of the reasons unsubscribing is the wrong approach

found on Izismile

It's better to use disposable forwarding email addresses when you sign up to things. That way you'll still get the emails delivered to your inbox when the service is behaving appropriately, but when they start to misbehave like this you can just nuke the address and never have to hear from them again.

Tuesday, April 11, 2023

Taking Pwn2Own on the road

from here and here

Hacking a car through it's headlights is certainly a novel approach to automotive theft. Learning that the same thing could also be accomplished in other areas (even punching a hole in the side and grabbing wires inside) make it clear that this is going to take some doing to fix.

Cyber Security sticker

Product Page

Blam! Ka-Pow! Cyber-Security! Tune in next week at the same cyber-security time, on the same cyber-security channel.

Monday, April 10, 2023

No stolen info for you

from here and here

I know it's basically a game of whack-a-mole, but every whack makes more work for the bad guys and frankly they deserve it.

Not all bypass tools are created equal

found on Bored Panda

It's actually just street art, but the implication that you can bypass the locked gate by jumping over it seems to be intended. Also it does demonstrate a real phenomenon about bypass tools - some are better than others. Sometimes they're a lot better or a lot worse.

Friday, April 7, 2023

Who wants a ride in the peeper-mobile?

from here and here

The privacy issues with Teslas are beyond what I would have expected. Intimate moments captured by your car and shared around the Tesla offices like a joke? Or that simply walking past one in a parking lot can get you captured on camera and uploaded and examined by data labelers? Yikes.

Never underestimate your adversary

found on Animal Comedy

Don't worry about these two jail birds. There will be plenty to eat where they're going. Just make sure you make it harder for them to get back in because they were released.

Thursday, April 6, 2023

Never gonna remember this one

from here and here

Of course with all those constraints, the number of possible passwords that satisfy them all is actually smaller than if there were fewer constraints, which actually makes it easier to search through the entire set of possible passwords. In an effort to make passwords more secure, it actually makes them less secure.

Kids Meet A Hacker

Watch on YouTube

It's funny how at least one little girl already knows that she's got to stop giving him information. I'm sure she'll have great OpSec when she grows up.

Wednesday, April 5, 2023

Sometimes it's smarter to be dumb

from here and here

When the advice to deal with a vulnerable Internet of Things device is to unplug it (effectively returning you to the dumb way of doing things), that's when you know "smart" isn't worth it.

Your qualifications are a perfect fit

found on Izismile

After you lose everything in a crypto crash, or a hack, or any number of other ways your highly volatile investment could go bust, you're gonna need some way to make yourself whole. It may take a while but it'll be good experience.

Tuesday, April 4, 2023

Were their locks even attached to anything?

from here and here (image source)

Maybe the different outcomes are enough to teach the ex-bike-owners some principles about how to better secure their bikes. Like making sure the lock actually goes through every part of the bike.

In Case Of Emergency Delete My Browser History sticker

Product Page

To be honest, I think this works better as a reminder to yourself to delete your browser history regularly, rather than actually relying on the kindness of strangers (and their ability to get access to your system). Normalize deleting your own damn history, or better yet, use Incognito mode.

Monday, April 3, 2023

Can't be shy if you want to fly

from here and here

I hope you all don't mind biometric surveillance creeping slowly but steadily into your everyday lives, because it sounds like the creeps at the TSA have definitely settled on the creeping strategy.

There's more than one way to blend in

found on Piximus

Emerson said that a foolish consistency is the hobgoblin of little minds, and few things demonstrate that better than what passes for camouflage. The camouflage pattern that you normally associate with the military is used on so many things that it's become a joke. That's why it's good to be reminded sometimes that there are other ways of achieving that particular effect.