Friday, August 29, 2008

if you think counting vulnerabilities is the same as...

if you think counting vulnerabilities is the same as measuring security then you might be a security idiot...

(inspiration)

Thursday, August 28, 2008

if you think it's a good thing...

if you think it's a good thing when your security blocks non-threats then you might be a security idiot...

(inspiration)

Wednesday, August 27, 2008

mentl imidg beetz

disappointment-spam

if you show the world how to exploit a vulnerability...

if you show the world how to exploit a vulnerability and then get 'owned' by people exploiting that same vulnerability, you might be a security idiot...

(inspiration)

Tuesday, August 26, 2008

targitid markiting class

bad-targetting

if you think receiving unrequested offers...

if you think receiving unrequested offers for drugs, porn, or stock tips in your email is convenient then you might be a security idiot...

Monday, August 25, 2008

the state of things

well, i've pretty much run out of both lolthreats and security idiot posts so i think it's time i moved both experiments into a new direction (a new phase of the experiment, if you will)...

since it's clear that i'm not going to be able to produce either of them at the one-a-weekday posting frequency i've been maintaining, i think it's time to think about making this a collaborative process... i would like to encourage others to submit their own for inclusion here - i think there are ample examples of each of them to go by but for the sake of clarity i'll break them both down...

both derive loosely from the joke meme where you hear a joke, you find it funny, you remember it and you retell it later on to a different set of people who in turn may find it funny, remember it and retell it to another set of people... as such, humour is a key property of the meme... without it there's no reason for people to want to keep it in their heads and no reward to passing it along like there would typically be with a joke...

the lolthreat in particular is a visual gag that prompts the viewer to laugh at the bad guys ("because you know you want to laugh at the bad guys") and their often ridiculous attempts at tricking people into taking some action or another... this can serve to demystify threats and attacks and heighten a meme-host's awareness of them... because of it's visual nature, the 'joke' can't be retold in the traditional sense so the replication of the meme happens by way of sharing a link to a particular instance (a staple of internet memes, though a technological barrier to classical memetic transmission)...

the security idiot meme, on the other hand, highlights the often ridiculous ways people or groups think about or practice security... this can serve to deter similar behaviours in those exposed to the meme (because no-one wants to be the but of a joke) and build social pressure against those who are already thinking/acting wrong... unlike lolthreats, the security idiot meme lends itself readily to traditional forms of joke retelling so that on top of sharing links to replicate the meme it can also be passed on by word of mouth without need for technology... this gives it an advantage in replication but also increases the potential for memetic drift as a result of replication/retelling errors and thus calls for a simple and reasonably brief format... also, unlike some other incarnations of this meme, this is not meant to be only for, by, or about security professionals... this is not a slight on security pros, or on the referenced incarnation, but simply a statement of intention that this be accessible to a broader range of people...

both have the potential to increase awareness of security concepts by virtue of having security issues in the underlying context, but they must always focus on the funny first because without that there is no replication of the meme... so if you'd like to participate in this experiment, head on over to the submissions page and go to it...

Submissions

if you have something you'd like to submit and see posted on this site, please use one of the following links:


if you want credit for any of your submissions, please include a name, and if you want i may even include a URL of your choosing to go with the attribution...

monorael spammerz haz 1 trak mind

monorail-spammers

if you instruct people to use grocery bags...

if you instruct people to use grocery bags to bypass your security instead of just letting them through then you might be a security idiot...

(inspiration)

Friday, August 22, 2008

we lowurd r deels sow much

out-of-date-spam

if you think being able to make working replica keys...

if you think being able to make working replica keys (given enough info on the original) means that there's something wrong with the security of the lock system, then you might be a security idiot...

(inspiration)

Thursday, August 21, 2008

persistent spammer is

persistent-spam

if you have the means and the mandate...

if you have the means and the mandate to prevent a personal data breach and you still don't do it then you might be a security idiot...

(inspiration)

Wednesday, August 20, 2008

tempting me

untempting

if you use the court system...

if you use the court system to try to force secrecy and don't realize that court documents are public then you might be a security idiot...

(inspiration)

Tuesday, August 19, 2008

parsul u nebber sent iz stuk

UPSspam

if you seize board games...

if you seize board games that include a (commonly available) ski mask
because you think they could be used in the commission of a crime then
you might be a security idiot...

(inspiration)

Monday, August 18, 2008

xkcd on voting machines



found on xkcd (of course)...

haha, too funny... yes indeed, someone is doing their job horribly wrong, and in this case it's making voting machines out of desktop computers... once upon a time there were these things called special purpose computers that you didn't have to worry about running strange and possibly malicious code because they were physically incapable of doing so... it's so much cheaper and easier to use off-the-shelf components, however, so the real problem with these voting machines is that the people who made them were lazy cheapskates...

i'z prutendin

double-extension

if passwords for chocolate...

if passwords for chocolate seems like an even trade to you then you might be a security idiot...

(inspiration)

Friday, August 15, 2008

omenus link

ominus-spam

if you put other people's confidential info...

if you put other people's confidential info on a memory stick after being told not to and then proceed to lose it, you might be a security idiot...

(inspiration)

Thursday, August 14, 2008

canajun geografi

nonlocal-spam

if you think email...

if you think email is how news of a real war is likely to first be reported then you might be a security idiot...

(inspiration)

Wednesday, August 13, 2008

mai trane uv thot

off-topic-spam

if you think malware profiteers...

if you think malware profiteers should be considered terrorists then you might be a security idiot...

(inspiration)

Tuesday, August 12, 2008

if you lose your money...

if you lose your money because of a trojan that's been detectable by AV for 3 years and then blame the bank for your loss, you might be a security idiot...

(inspiration)

i haz a phlavur

sympatico-phish

Monday, August 11, 2008

wii iz frenz u doan

friendrequestspam2

if you think contact lens solution...

if you think contact lens solution in an airport warrants a brain-damaging beat-down then you might be a security idiot...

(inspiration)

Friday, August 8, 2008

wut u meen u nebber needed

activexthreat

if you think a pilot...

if you think a pilot can't be trusted to take cutlery on a plane where the same cutlery is handed out to passengers then you might be a security idiot...

(inspiration)

Thursday, August 7, 2008

invizibul chinaman

foreign-spam

if you see no problem...

if you see no problem in giving out your credit card number over the phone to claim a free cruise that you 'won' then you might be a security idiot...

(inspiration)

Wednesday, August 6, 2008

if you haven't applied patches...

if you haven't applied patches or updates since the clinton administration then you might be a security idiot...

top 0 methudz

zero-marketing-spam

Tuesday, August 5, 2008

reply 2 invizibul conversashun

imaginary-reply-spam

if you think a picture of a fictional robot...

if you think a picture of a fictional robot on a t-shirt is a threat to airline safety then you might be a security idiot...

(inspiration)

Monday, August 4, 2008

we iz running

misconfigured-spambot

if you think cameras...

if you think cameras are tools of terror then you might be a security idiot...

(inspiration)

Friday, August 1, 2008

i'z redundint as

redundant-spam

if you think your laptop is safer...

if you think your laptop is safer to leave lying around than a huge wad of cash then you might be a security idiot...

(inspiration)