Monday, July 31, 2017

The future of health care

from here

Going for my annual checkup is cheaper for me than flying somewhere, but that may be because I'm in Canada.

When best practices should be the only practices

found on Stack Exchange

I know this best practice. I follow it as best I can, but after spending a week trying to figure out a way to use PBKDF2 securely with just ordinary .Net (no  extensions or additional 3rd party libraries) and failing, I'm starting to see why people continue to violate this best practice.

Friday, July 28, 2017

We occupy the enclosures identified by numbers less than 4

from here

Confession time: the style and substance of the memes I create are sometimes randomly selected. When Joseph Ducreux and exploit came up (and after I spent some time making sure I knew exactly how to make a Joseph Ducreux meme, aka an archaic rap meme) there was really only one option - use All The Things by Dual Core.

The Internet of Nagging Things

found on LinkedIn

As more and more things become connected, and as they all seemingly have conditions under which they'll send you a notification or alert or some other kind of message that the makers think needs your attention, just imaging what a home full of smart devices like that will be like. Imagine what it will be like when 2 things are vying for your attention at the same time, or 3 things, or 5, or 10. The more smart devices you have, the more likely the occasional overlap will be and the more devices will overlap with each other attempting to get your attention. It'll be like the film "Cheaper by the Dozen" except instead of a bunch of precocious children it'll be a bunch of appliances with sensors and alerts and updates that need to be applied.

Thursday, July 27, 2017

A Roomba with a view

from here and here

Selling data about the insides of people's homes seems pretty creepy if you ask me. What's next, selling photos from inside people's homes?

Still young enough

found on Memebase

As we get older, our memory starts to fade. If you can still remember  a changed password after a holiday, good for you, but it won't always be that way, so start developing alternative strategies.

Wednesday, July 26, 2017

The FUD was strong with that one

form here

I remember a friend of mine downloading a special (older) version of Norton AV specifically because of it's purported ability detect/disinfect Michelangelo even though by that point the virus was a year or two old and should have been handled just fine by any up-to-date AV.

A lock is a terrible thing to waste


Watch on YouTube

I hope their car upholstery is brown because that would make most people crap their pants. Those two, however, don't seem sufficiently scared of the lumbering threat just outside their car. The bear may not have got them but sooner or later they're going to be food for something the way they're going.

Cars have locks for a reason. Use them.

Tuesday, July 25, 2017

This post gave my computer AIDS

from here

Just in case you thought ransomware was a relatively new phenomenon, the AIDS trojan dates back decades.

I love free things!

found on Memebase

Sometimes "free" is all the enticement a person needs to fall for a trap.

Monday, July 24, 2017

Traveler's Jackpot

from here

No security is perfect. Something (or someone) always falls through the cracks, so if you happen to be one of the lucky few, count your blessings and maybe buy a lotto ticket.

Encrypted USB Flash Drive

product page on Amazon

I'm not trying to say this is the best option. I know there's software-based full disk encryption products that can create encrypted volumes on flash drives, and that's probably the way I would go, but I also know that those kinds of approaches can be complicated and difficult for some people to use. There's no one-size-fits-all security, and this might just be the best option for some people. As weak as I'm sure the PIN code the average person enters is likely to be, it's probably still better than no encryption at all. This isn't going to protect your secrets from the government, but it might just protect them from a sibling, a spouse, or a thief of some sort.

Plus, it can serve as the thin edge of the wedge that gets people thinking more about securing their data.

Thursday, July 20, 2017

Cheaper locks mean fewer knocks

from here

They say that locks just keep honest people honest, but they don't say anything about creepy (though I suppose picking your lock in the middle of the night while you're asleep is pretty creepy).

Not all locks are created equal, though, so next time you have to pay for a lock you might want to think of it as an investment and not skimp on it.

MD5 is not alive

found on Meme Generator

The cryptographic hash function MD5 has been deprecated for over 2 decades and people still use it. We tell end users to keep their software up to date, but where's the hand wringing over software vendors keeping their security knowledge up to date? MD5 is dead, stop trying to bring it back in your software projects.

Wednesday, July 19, 2017

F-ing Mathematics, How Do They Work?

from here

This is one of the most absurd image macro memes I've ever used, but it fits well with one of the most absurd statements I've ever heard a politician make about encryption.

That moment when you realize you should have had a password

found on Randowis

Passwords can prevent more than just someone pretending to be you.

Be sure to check out the other excellent comics on Randowis.

Tuesday, July 18, 2017

Let digital Darwinism sort things out

from here

Do you ever get tired of trying to convince people not to do dumb things? I sometimes do and I wonder if maybe it would be better to just let nature take it's course. I try to be more optimistic most of the time, though.

Giving three fingers to scareware

found on Meme Generator

It is possible, at least in theory, to interrupt the execution of malware before it has a chance to do anything. Better to not let it open in the first place, though.

Monday, July 17, 2017

The Internet is full of strangers

from here

A recurring theme in cyber security is that the lessons we learn in real life don't seem to get applied to the online world. We need to do a better job of drawing parallels between the two worlds.

String beats car lock


Watch on YouTube

Did you know it was that easy to break into a car? Maybe this is why that style of car lock seems to have gone out of fashion.

Friday, July 14, 2017

Hollow promises are hollow

from here

It seems to me that AV conspiracy theories are a little on the simplistic side. There is literally no reason for a government to try to compel an AV company to ignore their malware. There are lots of ways to make it ignore the malware without contacting the AV company at all.

Criminal Customer Service

found on Amazing Super Powers

People say the ransomware business model has good customer service (and it needs to because it's basically trying to convince people to pay), but I don't think ransomware makers ever offered their victim's tea before.

Thursday, July 13, 2017

AV firms aren't the Russian hackers you're looking for

from here

Why is it that, when the Russian government is believed to have launched cyber attacks against the U.S., they take it out on private Russian businesses instead of the Russian government?

If we're going to go back to wringing our hands about The Red Threat again, maybe hold leaders responsible instead of giving them a pass while sticking it to their constituents.

Safe and secure, living the pug life

found on iFunny

If one dog can serve as a deterrent, surely 7 dogs can be even more of a deterrent.

Wednesday, July 12, 2017

Funny how that keeps happening

from here

I wonder how many people have gotten out of trouble because ransomware eliminated the evidence for them. It's not just trouble with parents, either. I could imagine something like this happening with law enforcement as well.

At least it's more private now

found on The Art of Trolling


Tuesday, July 11, 2017

Dear sir/madam, your assistance is required

from here (source article)

You actually should take scam emails more seriously. Not because they might be legit (they aren't) but because the scams get shut down sooner if people actually do something about them instead of dismissing them as obvious scams.

What I think of when I hear the term "Security Evangelist"

found on Imgur

Considering how much faith is involved in IT security, perhaps this is appropriate.

Monday, July 10, 2017

Could I buy some chocolate chip session cookies

from here

I think teaching young girls how to avoid cybercrime is actually a great idea. Apparently there's a simmilar program in the Boy Scouts, which is also good.

Security Fail Compilation


Watch on YouTube

Apparently I'm not the only one who is amused by security fails, nor the only one who wonders how many bike security fails there can be.

Friday, July 7, 2017

And watch smoke come out of security peoples ears

from here

Firewalls don't make your computer hot, there's no flaming wall inside your computer you can turn on and off like a desk lamp.

Long hair can hide a multitude of things

found on Izismile

You were probably thinking this would be about hiding a mole or a birthmark or maybe some kind of scar, but nope - someone went and hid an actual bottle of vodka in their hair. This is one of the few times I wish I still had long hair.

Thursday, July 6, 2017

One of the worst places to get spyware

from here

It's unlikely the steady march towards putting computers in everything had anything to do with peeping on you when you're pooping, but smart toilets are essentially computers you crap in and it's actually pretty likely those computers will be susceptible to spyware.

How not to protect yourself from the smell of other people

found on Izismile

There's a bunch of conjecture about this actually being a religious countermeasure to maintain purity while flying over cemeterie, but I would suggest that the hull of the plane does a far better job of protecting you from things outside the plane than this plastic bag would. The bag can only protect you from things inside the plane, and even then putting a plastic bag over your head is generally bad news. Humans have this funny habit of dying when they can't breathe.

Wednesday, July 5, 2017

As if millions of crypto nerds cried out in terror and were suddenly silenced

from here

According to the news about GnuPG, you're probably going to want to update the library before you use your keys again, lest you want the software to leak enough information for the keys to be recovered by a malicious 3rd party.

But they're easier to chase down

found on The Meta Picture

Don't be fooled by things that seem too good to be true. Security is a trade off. You mitigate one problem that was hard to deal with by transforming it into a different problem that hopefully is easier to deal with. Just make sure that the different problem really is easier to deal with. If the threat changes to people chasing you down and harming you then those extra pounds aren't going to serve your interests at all.

Tuesday, July 4, 2017

Keeping the bad things IN?

from here (source image)

I don't know what they've got in there but I do know what they're protecting - they're protecting us.

It's spying on you right now

found on Vitamin Ha

Don't be surprised if your credit card is used to buy lots of tuna in the near future.

Monday, July 3, 2017

Legalize Crypto

from here

Yes, there really was a virus that told you your PC was stoned.

It's not just liars whose pants are on fire


Watch on YouTube

This makes me glad I'm not a carjacker. I kinda wonder what would happen if the carjacker happened to have a metal snow shovel, though. Based on the explanation of how the blaster system works, a well placed snow shovel might cause this carjacking countermeasure to backfire.