Tuesday, July 31, 2012
super cyber security
while some online attacks are specific to particular browsers/versions, not all are, and just using safari on a windows machine is definitely not going to keep you safe.
sometimes i feel like somebody's watching me
from here (source image) |
i suppose i must be showing my age with the caption i added to what i gather is actually a street art installation in prague. somehow i feel like it's pretty close to what the artist was trying to say, though.
Monday, July 30, 2012
the more things change...
from here (image source one, two, and three) |
the more things change, the more they stay the same. some companies just shouldn't be trusted, and compromising customer machines with DRM is a pretty good indicator.
(inspiration)
totally rad security
found on very demotivational |
just in case the term pornoscanner wasn't dissuasive enough. i wonder when we'll start to learn what the longer-term effects on the TSA agents who have to stand near those things will be.
Friday, July 27, 2012
yo dawg, i heard you like updates
found on memebase |
keeping your software up to date has never been more recursive.
security olympics
from here (image source one, two, and three) |
well, maybe there need to be a few more security guards than athletes, but nearly 4 times as many? that makes it very difficult to believe the focus is on athletics.
Thursday, July 26, 2012
POTUS on passwords
there's some contradictory advice in this speech bubble song (it is a song. check it, you'll see the rhymes) such as using a passphrase and not using dictionary words (what kind of phrase doesn't use dictionary words?) but overall there's still some good advice here.
when you see it...
this isn't a photoshop, it's a screenshot of nigeriagoogle dot com. it appears to be a prank since you can't actually enter anything in the search box, but i still don't trust it (maybe i'm paranoid). can you imagine someone trying this google/419 scam for real though?
Wednesday, July 25, 2012
i need a dan kaminsky
@SecurityHumor asked for someone to find this for him (i assume it's a him). i don't think i ever encountered this parody of the iphone vs htc evo video but it is pretty funny.
didn't see that one coming
from here (image source one, two, and three) |
well, i guess that's how careful apple is about keeping malware out of the app store, folks - they don't even do a simple virus scan.
Tuesday, July 24, 2012
wile e. coyote was here
from here (source image) |
i assume if you get the caption then you also get why
you should probably steer clear of this deadfall trap (though i'm
wondering who put it together in the first place - it's huge). thankfully looney tunes cartoons have taught us what a number of real world traps look like. shame they couldn't show us online traps too ("ssshhh, be vewy, vewy quiet. i'm phishing wabbits.")
deterrence fail
found on there i fixed it |
it's so poorly connected in every other way, it's hard to believe it's actually plugged into anything. if you're going to put up a CCTV camera, maybe try not to make it look so busted. then maybe it will actually keep the bad guys away.
Monday, July 23, 2012
why not metasploit?
from here |
i'm of two minds about the email mikko hypponen received from an iranian scientist: on the one hand, if metasploit can really cause such problems then the folks behind stuxnet, duqu, and flame must be kicking themselves for having wasted so much money. on the other hand, doesn't rfc1855 have something to say about reposting personal correspondence? i hope the scientist wasn't violating any rules or policies by reaching out.
someone just failed the blade runner voight-kampff test
found on the art of trolling |
i don't think i've ever been quite so bold in proving an IM spambot was an IM spambot. i usually just settle for saying goodbye twice.
Friday, July 20, 2012
frictionless sharing
from here (source image) |
gee, are there any other jokes i can make about facebook screwing people over with frictionless sharing (aka automatic sharing, aka broadcasting your activities even on external sites to everyone you know without asking you)?
Thursday, July 19, 2012
secure password of the weak
from here (source image) |
i suppose the fact that it's posted on a wall for everyone to see doesn't exactly help with the security either.
app store security mechanisms: gotta fool 'em all
found on the art of trolling |
i'm not sure how funny this is, since it actually
happened and people lost actual money, but i suppose the art of trolling
is like that - hilarity depends on who you identify with.
oh yeah, and so much for that find&call app being the first iOS malware. when you're talking about financially motivated malware, apps that do nothing but collect payment from unsuspecting victims are the degenerate case.
oh yeah, and so much for that find&call app being the first iOS malware. when you're talking about financially motivated malware, apps that do nothing but collect payment from unsuspecting victims are the degenerate case.
Wednesday, July 18, 2012
LiveCD
and that would be a parody of weezer's "pork and beans". by the way, if you want to know more about banking with a LiveCD, check out brian krebs' article about it.
they hoped for problems between my keyboard and chair
like some noob browsing pornsites in his underwear
won't be friending strangers, no matter how cool
cuz i know in the end that i'd just be playin' the fool
i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked
everyone likes to pretend there's nothing wrong
but they let the problems build up and go on too long
zuckerberg knows the way to be privacy smart
maybe if i mimic him my leaks won't even start
i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked
i won't scare
i won't scare
i won't scare
i won't scare
i won't scare
i won't scare
i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked
angry hacker
Angry hacker took an axe,never question a hacker with an axe, even if he might better be classified as a cracker without it. you don't want a lizzie borden situation on your hands.
accessed servers in their racks.
When they saw what he had done,
he threatened to burn everyone.
Tuesday, July 17, 2012
someone's going to have a bad time
from here |
i don't think it's a secret that intellectual property holders seem to like abusing the authority they've been given with the DMCA, but busting presidential candidates? yeah, that's only going to work so many times before it backfires.
that moment when...
from here (source image) |
it's often said that security is a trade-off. that's because security has a cost. sometimes it's really not worth it.
Monday, July 16, 2012
the book worm has turned
found on failblog |
while this may not be a realistic confrontation (or perhaps it is, it's been over a decade since i was in school), it is no less true that computers have given power to those who were powerless, and power can corrupt anyone.
Friday, July 13, 2012
fish mouths
from here |
this was supposed to be canned fish mouths. as strange as that idea is, i never would have expected to see something that could eat me before i ate it. careful what you open, whether in the real world on in your computer - labels can be misleading and you could get bitten by something bad.
no wonder they're called Yahoo
nearly a half million passwords were extracted from the service in unhashed, unprotected, plaintext form? no wonder they're called Yahoo.
if the company Yahoo ever deserved the derogatory meaning of the word "yahoo", getting caught doing precisely NOTHING to protect user passwords seems like one of those times.
Thursday, July 12, 2012
dark comety
from here |
if you don't maintain the moral high ground, don't be surprised when you take a spill on the slippery slope.
(inspiration)
Wednesday, July 11, 2012
flashdriving
from here |
well, i suppose crushing flash drives under the wheels of your car might not be the most ecologically friendly approach, but given what those supposedly lost flash drives are actually there for i'm sure it would be personally satisfying.
Tuesday, July 10, 2012
how not to pull someone over
i don't tell many stories here, but sometimes i encounter something that bares closer scrutiny.
a couple weeks ago i was walking from the office to the bus stop when i passed what appeared to be some kind of law enforcement officer (judging by the uniform he was wearing) pulling over another vehicle. the officer had already exited his vehicle, trained some kind of tripod mounted equipment on the suspect vehicle, and was approaching the suspect vehicle as i came on the scene. the officer opened the passenger side door and leaned into the vehicle, apparently searching it, while the suspect driver remained in the driver's seat.
now, that alone seems a little strange to me after having seen plenty of cop shows; but it gets better, because you see the officer's own vehicle had it's windows rolled down and it's trunk wide open while he was half inside the suspect vehicle, distracted by the task at hand, and no doubt his view of his own vehicle would have been obscured even if he had been keeping an eye on it. imagine for a moment what kind of mischief i, or some other passer-by, could have gotten into with such unfettered access to an officer's vehicle and all it contains. the officer was in no position to see me, let alone stop me. it's a good thing i'm such an honest citizen or something much worse could have happened.
those in a position of authority often have special privileges including the ability to carry and use equipment that the average person doesn't have. what they must also realize is that with that comes special responsibility to maintain control over such equipment at all times. of course, if i was instead witnessing the filming of some ultra-low-budget crime drama, i think similar principles still apply.
a couple weeks ago i was walking from the office to the bus stop when i passed what appeared to be some kind of law enforcement officer (judging by the uniform he was wearing) pulling over another vehicle. the officer had already exited his vehicle, trained some kind of tripod mounted equipment on the suspect vehicle, and was approaching the suspect vehicle as i came on the scene. the officer opened the passenger side door and leaned into the vehicle, apparently searching it, while the suspect driver remained in the driver's seat.
now, that alone seems a little strange to me after having seen plenty of cop shows; but it gets better, because you see the officer's own vehicle had it's windows rolled down and it's trunk wide open while he was half inside the suspect vehicle, distracted by the task at hand, and no doubt his view of his own vehicle would have been obscured even if he had been keeping an eye on it. imagine for a moment what kind of mischief i, or some other passer-by, could have gotten into with such unfettered access to an officer's vehicle and all it contains. the officer was in no position to see me, let alone stop me. it's a good thing i'm such an honest citizen or something much worse could have happened.
those in a position of authority often have special privileges including the ability to carry and use equipment that the average person doesn't have. what they must also realize is that with that comes special responsibility to maintain control over such equipment at all times. of course, if i was instead witnessing the filming of some ultra-low-budget crime drama, i think similar principles still apply.
DNSChanger is finally DONE!
from here |
i dunno about you but i am SO tired of hearing about that piece of malware. glad the temporary DNS servers were finally shut down with little ill effect so we can all go back to worrying about other, more important things
Monday, July 9, 2012
if it works once, it can work twice
found on there i fixed it |
padlocks on the gas and trunk. at first blush it might seem like those aren't inherently bad
security, but then consider the fact that the car wasn't built to use
padlocks there - the real security is in how securely those pieces of
metal the locks fit into are attached to the car. is it glue? are they attached with screws? i once rented a room that used this method for locking the door - the little bits of metal were attached with screws, and of course i had a screwdriver.
Friday, July 6, 2012
facebook privacy super fail
you've heard of those parties that got out of hand after it was shared with too many people on facebook? well that can happen for anything and to anyone. be careful what you share on facebook, not just when you're sharing your own stuff but other people's stuff too.
"hacker", you keep using that word...
found on failbook |
honestly, if this is what qualifies as a hacker then they hardly seem important at all.
(also, this apparently originally comes from here if you feel at all inclined to check out the artist's other comics)
Thursday, July 5, 2012
drop that zero and find yourself a hero
found on failbook |
as important as updating is, there comes a point when enough is enough and you have to seriously consider kicking that software to the curb (aka uninstalling it).
call them phone support scammers, maybe?
Hey, you just called me / and this is crazy / but you're a fake av scammer in India / bad move, maybe?
— Chris Boyd (@paperghost) July 5, 2012
i really like this example of the call me maybe meme, even though i'm more familiar with those scammers who call you up and tell you there's a problem with your computer being called phone support scammers. they do use the same scare tactics as fake av programs though.
and of course it's always funny when those kinds of scammers call up people in the security industry - you might as well be a pick pocket trying to rip off a cop.
Wednesday, July 4, 2012
f* the police
found on failbook |
yes, that's right, this was on failbook, which means someone actually posted that picture on facebook and apparently went to jail for it (or so it would seem). it might just be one of the ultimate lolthreats when the bad guy laughs at his own idiocy.
incorrect password
found on memembase |
yes, "found", as in i didn't do it. i've seen this joke on twitter but apparently someone thought it would make a good rage comic.
Tuesday, July 3, 2012
plane vs. tweezers
Airports have now banned tweezers. I think anyone who can hijack a plane with tweezers deserves the plane.
— Martyn Bowden (@martyn_bowden) May 3, 2012
he makes an excellent point. i mean there has to be a limit to what ridiculous hijacking attempts you're going to seriously try to prevent. i hear in prison they actually make shivs out of toilet paper - can you imagine banning that on planes?
eye c(ispa) u
found on very demotivational |
i suppose a bunch of eyes is even creepier than a bunch of cameras. perhaps that makes the point about the privacy-busting nature of cispa even more effectively.
Subscribe to:
Posts (Atom)