Wednesday, May 31, 2023

I hope they protect health information better than they protect baggage

from here and here

I would probably have a pretty cavalier attitude towards an airline asking me to get on a scale, but that doesn't change the fact that it is protected health information and I'm really not sure I trust an airline to protect my health information. Also, just because I'm cavalier about it doesn't mean other people would be or should be.

Did they hand out complimentary lollipops too?

found on Dump A Day

You've got to be a special sort of sucker to not realize why the thing everyone calls a pyramid scheme gives out pyramid-shaped awards

Tuesday, May 30, 2023

Investing in products but not people

from here and here

Too many people, especially decision makers in companies, engage in magical thinking when it comes to security software. They think you just have to "have" it or that it just has to be "active" in order to get the security benefits from it. It doesn't work that way. Security isn't a technology problem, it's a people problem, the technology is just a tool to help the people fighting the security threats. If your company doesn't have enough of those for someone to properly monitor and manage the security software...

Free Shell With Exploit sticker

Product Page

You'd probably put this on a laptop rather than a water bottle, unless you have one of those smart water bottles.

Monday, May 29, 2023

Still gotta be careful to avoid shells

from here (image source)

Long walks on the beach aren't just fun, they'll give you the strongest passwords, too.

The Deliverance Deterrent

found on Reddit

They may not know how to spell, but they sure now how to spook people.

Friday, May 26, 2023

Simon says: HODL

from here and here (image source)

 Apparently the CEO of an AI company is also involved in a project that will give free cryptocurrency to people in exchange for scans of their eyeballs. They really want you to believe that it's not a dystopian nightmare, but all I can think of is how Simon Phoenix broke out of prison in Demolition Man. Even if the technology can spot attempts to trick it, some people are still going to try. 

When you need a diversion for your art heist

found on Reddit

I don't know if the shirt is telling the truth, but I'm pretty sure the security guards are going to be watching her like a hawk the whole time she's there.

Thursday, May 25, 2023

As many as there are stars in the sky

from here and here

 Billions and billions of scam calls served by a single telecom company? I hope they have to pay an astronomical fine, but it makes me wonder what the mind-boggling total across all telecom companies is.

The Hidden DANGERS of Peanut Butter


Watch on YouTube

I had no idea one of my favourite foods was so feared by airport security. Glad I've never had a run in with TSA while carrying peanut butter. I wonder if they would let me eat it before going on the plane.

Wednesday, May 24, 2023

Can't wait to find out how those will spy on me

from here and here

Oh, sure, the prototype is probably fine, but as soon as it's productized it's going to be "Do you consent to the collection of trouser data to enhance your trouser experience?" Hell no.

No one is above the law

found on eBaum's World

It's not just the law. Rules exist for a reason and they're supposed to apply to everyone, but there's always someone who thinks they're too good to follow those rules and they wind up demonstrating the principle of FAFO at some point or another.

Tuesday, May 23, 2023

Brute Force: Now with less brutality

from here and here

My fingers are resting just a little bit easier knowing that there are now attacks against fingerprint authentication that involve a dictionary of digitized fingerprints. I'd just as soon the vulnerabilities involved not get fixed as that would force attackers back to using less civilized means. 

I suppose it might be more accurate to call it a dictionary attack rather than a brute force attack, but what do I know?

Cybercrime Bytes sticker

Product Page

Threat hunters could use a little whimsy in their lives - to help balance out the seriousness of their profession.

Monday, May 22, 2023

Botnet and chill

from here and here (image source)

There are, of course, better ways to deal with malware - assuming you realize that malware is the problem in the first place. If all you know is the computer is overheating then maybe enhanced cooling is a reasonable adaptation.

Maybe it's just the work you had done

found on Dump A Day

I can't imagine facial recognition is going to handle facial modification all that well. If you get cosmetic surgery, be prepared to re-enroll.

Friday, May 19, 2023

When someone shows you who they are, believe them

from here and here

So it turns out the recently charged discord leak suspect was repeatedly caught mishandling classified info, rifling through documents that had nothing to do with his job, and all he ever seemed to get were warnings. One has to wonder how many times were they planning on turning a blind eye to him abusing his access before they finally handed out real consequences.

The price for invading my privacy is extreme awkwardness

found on ImgFlip


If the NSA is in your threat model, putting a cover over your webcam won't be enough. They have many other ways of peering into the dark recesses of your life.

Thursday, May 18, 2023

The "All-In-One" Approach

from here and here (image source)

I think a lot of people would be willing if it meant they could get to their destination on time without missing any flights.

Animals can be scammers too


Watch on YouTube

I would have fallen for this. I don't expect this kind of duplicity from mans best friend. Who knew they could be such good liars?

Wednesday, May 17, 2023

Some authorities have training that's out of this world

from here and here

Somebody is exceptionally lucky to still be alive after being shot at 47 times, with 9 actually hitting him. I'm glad he survived, of course, so this is a happy fail; but it also illustrates how terrible some cops (deputies in this case) are at their job. If their trigger fingers are that itchy and their aim is that bad, the argument could be made that they shouldn't be carrying guns at all because they're a menace to the public. So much for being highly trained professionals.

Who doesn't love cookies?

found on Reddit

Considering cookies are one of the technologies that allow you to be tracked online, maybe you should be a little more discerning about which sites you accept cookies from.

Tuesday, May 16, 2023

You can't just pay lip service to data protection

from here and here

Clearview AI, the biometric surveillance company everyone loves to hate because they add you to their system without your consent, is apparently ignoring French regulators trying to call it to heel over violations of the European Union's GDPR. While they haven't paid the fines yet, they're now going to be growing by the day, and the EU has already thrown out existing data transfer arrangements with the US over GDPR violations (like the Cambridge Analytica scandal) in the past. 

Elliptic Curve shirt

Product Page

Now you don't have to be behind the curve on cryptographic fashion.

Monday, May 15, 2023

I feel safer already

from here and here

It probably shouldn't come as any great surprise that Twitter's new encrypted DMs are a mess. When you consider everything that's been going on at Twitter for the last several months, and also how difficult it is to get encryption right, it stands to reason that they may not really have the right talent for it anymore.

Not that that helps the users at all. If you're a high risk user you should probably treat Twitter's encrypted DMs as though they're not encrypted. If you aren't a high risk user, then you should probably treat them as if they're giving you a false sense of security.

The first one was better

found on Izismile

It seems that once upon a time America actually appreciated and valued the idea of privacy. If people want to make America great again, they should go back to that.

Friday, May 12, 2023

What are the chances hackers will take the year off?

from here and here

There's a security vulnerability in the secure boot feature of modern computers. While the patch for this 0-day was already released, it won't be enabled by default until Q1 2024. That's a long time to wait for a fix. In theory you can probably enable this fix sooner than that, but most people aren't even going to be aware of it, so most of the vulnerable computer population will remain vulnerable for basically a year, giving attackers ample opportunity to take advantage of it.

Never tempt fate or hackers

found on Izismile

You might think that the only way they could get into your WiFi is by guessing your super powerful secret password, but not only is your password probably not as strong as you think it is, it's also probably not the only way in. WiFi routers have vulnerabilities just like other computerized systems.

Thursday, May 11, 2023

Your tradecraft is trash if you do

from here and here (image source)

I'm not saying don't use any garbage can for your dead drops, only that you shouldn't use one that is so literally under surveillance. Practice some situational awareness and recognize those cameras are a threat to the operational security of your clandestine activities.

Can You Spot The Imposter?


Watch on YouTube

Blink and you'll miss it, but those aren't all sheep. There's one good boy who can blend in quite well. Hopefully he uses that ability to help protect the sheep by sneaking up on predators.

If you succeeded, you're prepared to go look for anomalies in your network traffic or host intrusion detection system.

Wednesday, May 10, 2023

Bleed-only memory

from here and here (image source)

Making shivs out of computer memory is definitely an unusual choice. I suppose they could also make a garrote out of a USB cable, or shuriken out of DVDs.

But as far as cyberweapons go, these are as close to satisfying the criteria as anything else.

Airborne malvertising can't be far behind

found on eBaum's World

It's one thing to put some advertising slogan into the sky by flying a banner behind a plane or something. You might even fit a short URL up there that way. This, however, lowers a lot of barriers to getting your browser to their web site. That can be a boon for people advertising a legitimate product, but also to people trying to compromise your device. 

I know there's some debate about whether QR codes are dangerous from a cybersecurity perspective, and I get that in certain contexts it's relative effectiveness as an attack make it less attractive than more traditional approaches, but this is a scale that hasn't been considered before - a single QR code that can reach millions of people at once.

Tuesday, May 9, 2023

Privacy? Check!

from here (image source)

It's compliant with the privacy policy, therefore privacy has been protected, right? RIGHT?!?! 

If only things actually worked like that.

Cryptography mug

Product Page

It doesn't matter what sort of nonsense you want to say, you should have the ability to say it in secret if you want to.

Monday, May 8, 2023

Give it a funeral, it's half buried already

from here and here (image source)

If you want to know of a good product to prevent this from happening, I suggest a vacuum cleaner rather than antivirus. Antivirus cleaning has more to do with disinfection, and unless you believe in the concept of "clean dirt", no kind of disinfection is going to help here.

I see a Password111111111111111 in your future

found on Reddit

I suppose at some point you'd need to use different numbers besides just 1, because it'll become difficult to remember how many 1's you need to enter.

Friday, May 5, 2023

You can't get shit done

from here and here (image source)

When security is misaligned it might as well not even be there at all.

So much for incognito mode

found on ImgFlip

Best make sure you've got a strong password on your router. I'm sure there's all sorts of things in the logs you wouldn't want people to find

Thursday, May 4, 2023

Don't know what you've got till it's gone

from here and here (image source 1, 2, and 3)

Would you choose meaningful or meaningless? It appears that Google is opting for meaningless. While they argue that the people don't understand the precise meaning of the lock icon, at least it does have meaning and even an imprecise understanding can still be beneficial. The "tune" icon they intend as a replacement conveys no information whatsoever. Removing all meaning is a cynical solution to the problem of misunderstanding the meaning.

If you miss seeing whether your connection is secure you can find out about that by clicking on the "tune" icon, just as you could with the lock icon, and the "tune" icon is arguably is more obvious about the fact that you can click on it, but the fact is that even people who knew you could click on the lock icon didn't bother, so they aren't going to bother with the new one either.

And then there's the older generations who aren't as quick to adjust to changes, and who have been trained to look for the lock icon for years. They are going to be left scared and confused because the lock icon is going to be missing from their bank website, from Facebook, from their email provider, etc. Some of them are just going to throw up their hands in defeat and give up on the Internet - no, really, some do give up and you might too if the rug were pulled out from under you over and over again throughout the years. Imagine how confusing it would be if the interface for traffic lights changed every decade or so. Imagine the accidents that would ensue all because something we were trained on was taken away and replaced with something unfamiliar. 

How To Use Your Smartphone to See Through Walls


Watch on YouTube

It's a neat trick, but more important than what you could do with it is how it can be used against you. It may not give a particularly clear picture through walls, so you don't need to be worried about being caught naked (yet), but it can clearly be used to monitor your movements.

Wednesday, May 3, 2023

They snooze, we lose

from here

Ad companies' problem with ad blocking is partially of their own making. If ads were safer and less intrusive the people wouldn't mind so much and ad blocking wouldn't be as popular as it is. 

The ad companies are taking a different approach, of course. They use tracking because they think relevance is their main problem, and they take entirely insufficient steps to tackle safety because they think that's someone else's problem.

Or maybe just pull the cable leading into it

found on Reddit

Sure you COULD follow the directions on the sign, but that would risk personal injury and it would take longer which would give the attackers more time. It's easier to defend those machines if you can cut off the attack at a single point.

Tuesday, May 2, 2023

Invasion of Privacy: The Next Generation

from here and here

The mind-reading technology is still impractical right now, but it will only get better, smaller, and more affordable over time. That latter point is especially true if it goes down the path of so many other technologies and gets funding/subsidies from ad companies - because of course they want to know what you're thinking.

Bathroom Privacy Sound Generator

found on CNET

The Japanese definitely take their bathroom time seriously. You only have to look at their high-tech toilets to see proof of that. Apparently one of the features of some of their toilets is a sonic mask to drown out your own bodily sounds so that you can keep those sounds private and not be embarrassed by them. It seems now there's also a mobile device to produce the same effect, which means now we can have that peace of mind elsewhere without the high-tech toilet. You can read more about it on CNET and from there try your best to navigate the Japanese site it's on.

Monday, May 1, 2023

How much verification is too much?

from here

This is the precise problem I've been having with GMail. I enter the correct password and then GMail decides that's not good enough. Then they say they needs to verify me so they sends a code to my recovery email, and when I present the code back to them they decide that's not good enough either. Why attempt verification that way if you aren't going to accept the results? Anyway, now they want a cell phone number to send a code to, but I don't have a cell phone and even if I did I have little faith left that the result of that would be any different than the email verification.

Unfortunately I made the mistake of tweeting about the problem and as a result scammers have been sending me messages for days promising to help me get back into my account if I just contact them through Instagram or Whatsapp. I can recognize them for the scams they are, but not everyone would, so essentially Google's attempts to curb account take-overs are actually creating opportunities for account take-overs. 

That is some privacy policy

found on Dump A Day

Even though there isn't a lot of privacy in a public restroom, there are still lines we shouldn't be crossing. I'm sure we can all imagine how this policy actually came about. It may go above and beyond violating what we commonly think of as the unwritten rules of public urinals, but the sign is specific enough to tell us what happened and how it was received, even if we've never witnessed it ourselves.