Friday, February 27, 2015

Let's Make Fire Safe To Touch Too

from here (source image)

Sometimes you hear people demand that this or that way of using technology has to be made safe because that's how people are using the technology - but frequently the way people use technology is fundamentally unsafe, and there's nothing anyone can really do to change that. When that happens, trying to change the user of the technology rather than the technology itself is kind of the only viable option - as hard as getting users to change may be.

What Could Possibly Go Wrong?

found on the chive

I'll bet this guy is taking the bus because airports just can't handle him.

Not that wearing (or inking) a sign indicating actual malicious intentions is very likely, but law enforcement isn't very smart, and this guy has a skin tone they tend not to like anyway. I wouldn't be the least bit surprised if this guy sets off mental false alarms on a regular basis.

Thursday, February 26, 2015

A Sign You're Doing Drive Imaging Wrong

from here

True story. As you can probably imagine I had a less than great weekend. Gotta make sure I maintain a higher calibre set of drive images.

Not So Clever Dog Leash

found on the meta picture


This product is just asking for a (possibly violent) misunderstanding with the authorities. It makes you wonder what the designers were thinking.

Wednesday, February 25, 2015

Because That's What It Takes To Get People To Click

from here

Attackers are only as sophisticated as they need to be, and considering the sorry state of most organizations' security that means most are not very sophisticated at all.

Thought You Should Know This

found on the meta picture

Be honest; you thought sharks were a bigger risk than horses or ants, didn't you? It just goes to show how bad we we can be at estimating risk.

I don't always appreciate infographics, but this one at least is pretty straight forward and uncluttered.

Tuesday, February 24, 2015

The NSA's Favorite Things

from here (source image one, two, and three and source lyrics)

Thanks to Chris Palmer for tweeting an excellent parody of "My Favorite Things". I found the multi-tweet format was a little awkward, though, so I tried to combine it with some appropriate imagery in a picture that could fit in a single tweet (because that's how all the cool kids are bypassing the 140 character limit these days).

IT People Can Relate To This

found on the meta picture

It’s strange how people would often rather put up with a problem than deal with the change inherent in the fix. I wonder how many problems out there are only still problems because people are too lazy to do what needs to be done.

Monday, February 23, 2015

You Didn't Really Need Privacy, Did You?

from here

Gee, I wonder what the NSA needs with billions of encryption keys. Do you think there are really that many threats out there? Oh, right, in a police state everyone is a threat to national security.

The Invisible Threat

found on the meta picture

Is it just me or have the stakes for "Where's Waldo" gotten a lot higher than they used to be?

Friday, February 20, 2015

So Much For Private Phone Conversations

from here

Now that we know about the NSA/GCHQ's theft of the encryption keys used to protect a large amount of the planet's cellphone communications, I no longer think they were confused when they said they wanted 'front doors'. They weren't looking for back doors to be added, they were looking to build acceptance of what they were already doing - stealing the keys to the actual front doors.

They Called It An 'Enhancement'

tweeted by Rui Carmo

Thanks to Rui Carmo for tweeting this meme about Lenovo's malware missteps that recently got mainstream attention. It turns out it's a lot bigger than just Lenovo, but still, Lenovo chose to expose their customers to this, and then tried to deny the security concerns by saying they "found no evidence to substantiate" them.

Thursday, February 19, 2015

Maybe It Should Be Le-Hell-No-Vo

from here

If you haven't heard, Lenovo have been shipping their computers with some pre-installed crapware that generates pop-ups and installs an SSL certificate for performing man-in-the-middle attacks (basically allowing it to read and manipulate encrypted web traffic without you noticing) in order to inject ads into secure pages.

He Would Be In Jail

found on the meta picture

And if Obama were the leader of a different country, he'd probably have been droned to death by now. The distinctions we make between good and bad can be very subjective. That subjectivity makes all sorts of security goals more difficult.

Wednesday, February 18, 2015

It's For 'Educational' Purposes

from here

It always amazed me that people with supposedly legitimate research interest in malware coincidentally have seemingly no interest in developing contacts among other established members of the anti-malware community. They want open access to malware because it's too hard to get samples for their 'legitimate purposes' any other way.

By contrast, there were times in the past when I was handed malware I didn't even ask for - and I am actually singularly bad at forming/maintaining connections with people. What did I do differently? I tried to learn from people (and challenge them on occasion), rather than just learning from code.

Unlocking Your Full Potential

found on failblog

This really gives new meaning to the phrase "unlock the door". Apparently this special key is designed for this, but it's probably not designed to be given out for normal day-to-day access of the space.

Tuesday, February 17, 2015

Maybe We Should Stop Hurting It With WindOws

from here (source image)

Just because something protects you against one thing doesn't mean it will protect you against other things. I imagine it would be a lot harder to see through an ax shield.

Find A Vendor Who'll Treat You The Way Oracle Treats Oracle

link to tweet

Thanks to Chris Lindhartsen for creating this comic comparing Oracle to Kanye West for their efforts to interrupt process of installing Java updates in order to get you to accept a browser toolbar (that I can only assume is providing the funds that prop up their failing business - because why else would they try so hard?).

Monday, February 16, 2015

Thanks TSA

from here (source blog)

While we're handing out thanks, I need to thank Kevin Underhill for raising awareness of this event and coming up with the term "air pirates". The question remains, however, what threat the TSA thinks it really thwarted by confiscating an unloaded cannon barrel from someone's checked luggage.

Troy Hunt: How I Hacked My Way To Norway


Troy Hunt - How I hacked my way to Norway from NDC Conferences on Vimeo.

Don't read too much into the title of the video. He didn't make his way there by hacking, rather he found hackable things of interest (in some cases so ridiculously easily hackable we might want to not even call it hacking) on his journey from Australia to Norway.

Friday, February 13, 2015

I'm Gonna Go Long (Really Long)

from here (source image)

Some activities are just unsafe no matter what. There's only so much stupidity that technology can protect against before Darwin takes over.

A Pretty Good Safety Idea

found on the meta picture

It's hard enough to imagine a young child having the presence of mind to challenge for a password, can you imagine one trying to use security tokens or biometrics for this application? I can't, and that doesn't bode well for the goal some people have of eliminating passwords entirely.

Thursday, February 12, 2015

When You See This, Be Afraid

from here (source image)

Thanks to Paul Moore for tweeting this picture of a password recovery page revealing that the organization in question stores passwords in an inadequately protected format. If I have an account at your site, you should not be capable of telling me what my password is.

Seems Legit

found on the chive

Sometimes the authorities can be pretty clever. It helps when their adversaries are dopes.

Wednesday, February 11, 2015

That's One Way To Solicit Government Favors

from here and here

There comes a time when smart devices just get too smart, and I tend to think that televisions that record and transmit your conversations cross that particular line. And is there even any doubt that the government will find some way to get that data? I didn't think so.

He Went A Little Too Far

found on the meta picture

Gee, that's not going to raise suspicion AT ALL.

Tuesday, February 10, 2015

I Can See The Evidence, Can You See The Evidence?

from here (source image)

Thank to @virgiltexas for capturing and sharing that hilarious exchange between Joe the social media guy at Chipotle and Matt Grigas regarding a recent security incident. Poor Joe doesn't seem to have had a great handle on situational awareness here.

They’ll Never Find It There

found on the meta picture


How sad is it that you can bring your own gun into a theatre but not your own food? Are we really protecting the right things with policies like that?

Monday, February 9, 2015

Too Bad You Can't Inoculate Against Stupidity

from here

There is no cyber-autism, you can't tell if you're infected by listening closely to the sound your hard drive makes, and the cure is definitely not worse than the disease (you'd really choose ransomware or banking trojans over AV?).

The First Rule Of Attribution Club Is ...

tweeted by Dave Marcus

Thanks to Dave Marcus for tweeting this Spidermantripping meme demonstrating how difficult it is to take attribution seriously anymore. The first rule of attribution these days seems to be to pull something ridiculous out of your arse.

Friday, February 6, 2015

Attribution 8-Ball Says Ask Again Later

from here

China isn't really a new cyber-boogeyman, it's a very old one. In fact China is who the term APT (advanced persistent threat) used to refer to. However, with all the talk about North Korea and Russia recently I suppose it's nice to get back to the classics.

Context is Key

found on memebase

If this is what enhanced interrogation looks like, sign me up!

Thursday, February 5, 2015

The Police Department Likes Your Photo

from here (source image)

In case you haven't guessed, it's a lot harder to claim you don't know anything about a particular item of contraband if the police have a picture of you hugging it.

Vending Machine Dress



I know this is intended to protect the wearer from criminals, but I have the distinct impression it would work just as well at protecting criminals from the police. At least as long as there isn't a breeze.

Wednesday, February 4, 2015

Are You Giving The Public Access To Your Privates?

from here

Some folks expected penetration testing jokes in response to the news that high tech pleasure devices were exposing their users. Consider this the road less traveled.

If people who had their selfies stolen felt violated, unauthorized adult access is going to give that feeling a whole new dimension.

If You Think You’ve Had A Bad Day At Work, This Guy Had It Worse

found on the meta picture

Despite what some seem to think, authority isn't a superpower. It doesn't give you free reign to do whatever you want.

Tuesday, February 3, 2015

From The Makers Of The Pwnable Document Format

from here and here

Are you like me, folks? Are you getting tired of installing Adobe Flash patches every couple of days? Are you wondering if perhaps there's a better way to solve this problem?

Me too...

Format Earth

found on the meta picture

Even God has tried to wipe and re-install. He only tried it once, though, because he realized there had to be a better way.

Monday, February 2, 2015

They're Certainly Not The National Spelling Agency

from here (source image)

Thanks to Shane MacDougall for tweeting a terrific typo in an NSA job ad on Google. I suppose a job ad on Google that's simply misspelled is at least a little better than putting job ads on pizza boxes.

Ultimate Zoo Prank

found on the meta picture

I predict brown trousers in somebody’s future. It seems the old trojan horse trick of renaming a destructive program to something more tempting works in real life too.