Friday, December 30, 2016

The security of modern technology

from here (source image)

Whenever something says unbreakable, run the other way.

You can call me "Hunny" but not "Honeypot"

found on Pinhumour

There's more than one way to avoid an attack, and you should definitely think outside the box, but damn that is cold. I know they say you don't have to outrun the bear you only have to outrun the person beside you, but if you've got a gun you might want to try shooting the bear - even if you don't kill it you can at least you can shoot one of it's kneecaps. Better that than using it to turn your buddy into a decoy in order to get away easier.

Thursday, December 29, 2016

If stealing a man's beer isn't right I don't want to be wrong

from here (source image)

Typically corrections are the domain of the authorities (corrections officers working in a correctional facility, for example), but that doesn't mean folks don't try to take matters into their own hands.

Threat models

found on GIF Trunk

Whether this is good or bad really depends on your threat model. If you don't consider models a threat then their ability to bypass your security isn't a problem. On the other hand, if this is a model threat, then you've got problems.

Wednesday, December 28, 2016

Is it that Donkey Kong you kids are always playing?

from here (source image tweeted by @lawblob)

Oftentimes online you'll see people joking about grannies being unfamiliar with technology. This isn't that. This is joking about grannies not being familiar with Sonic the Hedgehog, while quite possibly everyone else is. So if your threat model is your grandma, then that seems like a perfectly reasonable security question to use - otherwise try something else.

Striking "Awwww" into the hearts of criminals

found on LOLPix

On the one hand you have increasingly militarized police forces using "shock and awe" (as well as too much force), and then on the other hand you have this kind of police force using a completely different kind of awwww and which is actually quite shocking when you're accustomed to the first kind.

Sunday, December 25, 2016

The song doesn't say anything about him knowing crypto

from here

Tor isn't just for naughty people, though. It also helps protect nice people from naughty people.

Be on the look out

found on Patch

I'm guessing the reward is being offered by someone who didn't get what they had hoped for.

Saturday, December 24, 2016

No cookies for you!

from here

Isn't it amazing that we not only revere a spymaster when we're little, we reward them with cookies.

And then we grow up and secretly become the spymaster for the next generation.

Haven't you learned your lesson yet?

found on The Columbus Dispatch
Y'know, if Obama would just dismantle the mass spying apparatus he wouldn't have to worry about things like this (or what Trump will do the apparatus).

Friday, December 23, 2016

V rira fcrnx va pbqr

from here

Can you guess what the title means? I'll give you 13 guesses and the first 12 don't count.

Crooked is as crooked does

found on Izismile

How drunk or high do you have to be to think that's a straight enough line when you're cutting out your counterfeit one dollar bills?

Thursday, December 22, 2016

What's in a name?

from here (source image)

A sourpuss by any other name might smell as sweet but certainly wouldn't be as big a target. You might think that only applies to criminals, but there are all sorts of scenarios where a poorly chosen name or alias can make one or ones company a target. I can't imagine an business called Unbreakable Security would get very far before falling prey to a tidal wave of scrutiny, for example.

You don't always get to pick names, but when you do, try not to choose one that puts a target on the entity that will bare that name.

The Not-So-Great Wall

found on Evil Milk

Who needs a boat? I'm pretty sure you could just swim around that - you might even be able to wade around it.

Wednesday, December 21, 2016

When all you have is an attacker mindset everything looks like a vuln

from here

While thinking like an attacker has it's benefits, don't lose sight of the bigger picture - preventing incidents. The act of thinking like an attacker should inform the way defense is carried out, not the way attacks are carried out, especially when the asymmetry of attack vs. defense already favours the attacker.

Unfortunately it seems many people don't appreciate the fact that vuln-centric models of security and incident-centric models of security compliment each other.

Beating swords into ploughshares

found on Slightly Warped

It's not always possible to prevent an attack. Sometimes all you can do is make the best of a bad situation.

I imagine these could have been reused as weapons but this is perhaps a better use. It certainly subverts the attackers intentions.

Tuesday, December 20, 2016

Who needs backdoors when techniques like this exist?

from here and here

Looks like criminals are going to need some new opsec in light of this new evidence gathering technique.

The man with the axe

found on The Grohl Troll Comics 

It's a funny pun, but in truth he's well equipped to perform DoS attacks of the low-tech variety.

Monday, December 19, 2016

My other security pass is a Harley

from here (source image)

It's amazing to me that someone actually built this security gate.

One more reason not to be a Grinch on Christmas


Watch on YouTube

Whoville isn't a real place and if you rip people off and take all their Christmas presents they're not going to sing about it, they're going to come after you.

Friday, December 16, 2016

Some devices need to get the axe

from here

There actually is something called a smart axe, but there aren't any electronics involved.

Yet.

I'm sure it's only a matter of time.

No victim is too small

found on Time Bounce

Some people think they have nothing a cyber criminal would want (maybe they never buy anything online, or they don't do online banking, etc.) and so don't worry about cyber security, but the truth is that if you have a computer that is connected to the Internet there are criminals out there who want to pwn you. That computer itself can be valuable as a tool for victimizing others.

Thursday, December 15, 2016

One of the many security benefits of deleting things

from here

Is Yahoo competing for the biggest breach? They've got to at least be in the running now, right? I almost feel bad for the state sponsored attackers who only got half that many accounts a year after this new breach is believed to have happened.

(Inspiration)

Privacy comes in many shapes and sizes

found on Distinguished Baloney

Protecting your privacy requires implies controlling access to your personal/private information, but for that to happen there needs to be forethought into how your personal/private information can be accessed. It's not always checkboxes on a screen or closing the drapes. There are all kinds of situations and all kinds of ways information can be uncovered. Don't be afraid to think outside the box.

Wednesday, December 14, 2016

How do you do, fellow kids

from here (source image)

I don't know what the real story behind this photo is, but I'm pretty sure whoever locked their locker with handcuffs isn't fooling anybody.

Priorities

found on Meme Generator

Truthfully, if you're having a heart attack I think maybe THAT should be your priority, not your browser history. If your browser history is really that big a deal, learn how to use your browser's incognito mode.

Tuesday, December 13, 2016

DDoS Is Gonna Be So Last Year Next Year

from here

If zcash mining botnets actually winds up being profitable, I think DDoS botnets like Mirai may go out of style - not because they aren't profitable too, but because a miner is easier to monetize.

Are you using the right tools to defend yourself?

found on The Meta Picture

People actually use the wrong tools quite often, though perhaps not to quite so hilarious an effect.

Monday, December 12, 2016

No Honour Among Scammers

from here

There really isn't any honour among spammers so there's little reason to click those unsubscribe links on actual spam. Better instead to report the spam to an organization like Knujon.

Watch hackers break into the US power grid


Watch on YouTube

I think it's really interesting to see how much is involved outside of typing away madly at a computer the way hacking is normally represented in TV and movies. Just think, these guys could have thrown your entire region into darkness if they had been maliciously inclined.

Friday, December 9, 2016

Doesn't Anyone Read Company Policy?


from here

I know there are lots of sites you'd probably like to be able to visit while at work, but sometimes it's better to let work be a place where you just do work and home be a place where you do all that other stuff. After all, even if they did stop blocking it that doesn't mean they wouldn't also monitor the heck out of it (and nobody likes that).

That's One Safe Baby

found on Hotick



Thursday, December 8, 2016

Why Governmental Malware Is A Bad Idea

from here

I understand why people want to take down pedophiles, it's a noble goal, but throw the rest of the world under the bus in the process.

Hackers R Watching U

product page (other products with the same design)

It's an interesting design, and probably a true statement if you aren't careful.

Wednesday, December 7, 2016

More Than One Way To Skin A Cat Burglar

from here (source image)

Don't be afraid to think outside the box. There are many ways to prevent unwanted things from happening.

Defenses Can Stop More Than Just The Bad Guys

found on Imgur

Unfortunately the techniques we use to protect things sometimes get in the way. CAPTCHAs are so notorious for this I'm a little surprised someone hasn't come up with a browser plug-in to bypass them the way there is for blocking ads.

Tuesday, December 6, 2016

You Can't Specialize In A Field That Broad

from here

Security is so broad that it shouldn't even be considered a single field. It's more accurate to think of it as a collection of many quasi-related fields. A person can have expert knowledge in one of those fields but not all of them, and more often than not it seems they fail to recognize their own ignorance in those other fields they don't have expert knowledge in.

Respecting Privacy Reduces Lens Flares

found on Sizzle

No, your world is not supposed to look like a Michael Bay or J.J. Abrams film. Stop peeping at your neighbors.

Monday, December 5, 2016

No One Uses Just Signatures Anymore

from here

One of the most persistent misconceptions about antivirus is that it's just signature-based scanning. Antivirus vendors moved on from that model decades ago. That doesn't mean they dropped signature-based scanning, but rather that they added many other things into the mix.

How To Lock Your Bike


Watch on YouTube

I've posted so many depictions of bike security done poorly I'd almost given up hope on the very idea of bike security. Maybe it's time to amplify some constructive bike security advice instead of just highlighting the failures.

Friday, December 2, 2016

How Corporations Could Help Defend Privacy

from here

It seems to me that if enterprises stood up for the technology they use to protect their networks when people connect from home or on the road, their lobbying power could be pretty substantial, and the effects could benefit everyone.

Can't Talk Now. Sending Secret Messages

found on Dump A Day

I have to wonder, even if the message was not visible, did the smell not give it away?

Thursday, December 1, 2016

Poetic Justice

from here

A ransomware hacker getting himself hacked seems like a "couldn't happen to a more deserving guy" sort of situation.

That's Not A Suspicious Skill At All

found on Daily Fail Central

I don't know about you, but it occurs to me that this kind of camouflage skill would be advantageous for child predators.