 |
| from here and here (screen cap source) |
It's supposed to be for community out-reach, but I can see certain types of offenders being lured out of their smokey homes for a tasty treat.
Friday, January 29, 2021
Thursday, January 28, 2021
We have seen the vulnerability and it is us
 |
| from here and here |
When even security researchers are successfully targeted, that's all the proof one should need that no one is immune to social engineering
Lock Picking Lawyer: SimpliSafe Alarm Bypassed With a $2 Device From Amazon
Watch on YouTube
Have you heard of SimpliSafe before? I know I have. Some of my favourite YouTubers seem to swear by it (or at least swear by the sponsorship they get from the company). I hadn't heard about this weakness before, though, and it seems like an important consideration when selecting a home alarm system. I wonder how many other systems have similar vulnerabilities.
Wednesday, January 27, 2021
How can we trust you with backdoors if you don't trust yourselves?
 |
| from here |
It's really revealing that the police want backdoors to use against other police, apparently oblivious to the fact that that would allow those other police to use the same backdoors against them (and a whole bunch of others). Clearly they aren't putting a lot of thought into this. All they know how to do is ask for more power.
The turtle's got it's eye on you
 |
| found on eBaum's World |
There isn't really any such thing as a security camera. Camera's don't make things more secure, they don't prevent unwanted outcomes, they simply help in catching people after the fact. The best they can hope to do as far as prevention is to serve as a deterrent, but for that to work they have to be plainly visible, not hidden in a mural. People are less likely to be deterred by a turtle looking at them than they are by an obvious camera looking at them.
Tuesday, January 26, 2021
Who Watches The Watchers? shirt
 |
| Product Page |
 |
| Product Page |
The phrase on the bottom of the graphic is Quis custodiet ipsos custodes? which is latin for "Who watches the watchers?"
It's an interesting question in this context. When you're online you're being watched by a bunch of different entities, some of them commercial, some of them government, but who watches them?
Monday, January 25, 2021
Don't let aliens invade your bank account
 |
| from here and here (image source) |
I think I'll stick with more modestly sized laptops, so I only have to worry about hiding my passwords from people in my immediate vicinity.
And then everyone switched to Signal
 |
| found on Izismile |
What happens when you treat your users like shit without having a monopoly? They leave.
Friday, January 22, 2021
Never let them pressure you into unblocking again
 |
| from here and here |
If ad-blocking is good advice for government agencies, it's good advice for everyone else too. Don't let anyone tell you different.
I hope the ad industry has fun trying to block agencies like the NSA with their ad-block-blockers.
Defense In Depth: Surveillance Edition
 |
| found on Dump A Day |
A camera can miss things, that's why you often see more than one, but sometimes cameras can miss things even when they're in frame, so that's where the snitches come in.
Thursday, January 21, 2021
Lock and lobe
 |
| from here and here (image source) |
I suppose this could still be taken by force, but it'll be messy and it would still have that annoying lock attached.
Get you some guard geese
Watch on YouTube
They must be part honey badger because clearly these geese don't care that the gator is larger than them and could eat them. They're chasing that threat away regardless.
Wednesday, January 20, 2021
Will it blend in
 |
| from here and here (image source) |
Nothing screams "Great Idea!" like making your phone harder to find. What could possibly go wrong?
Brutality deterrent?
 |
| found on Piximus |
The question that springs immediately to mind is "Does it work?" I mean, on the one hand it's clearly a misleading label, but on the other hand police forces typically don't select for intelligence when screening prospective hires. Could a crossed wire result in a less violent encounter as a result? Who knows? We seem to be at the stage where anything is worth a shot (no pun intended).
Tuesday, January 19, 2021
Never underestimate your adversary
 |
| from here and here (image source) |
The think about knowing your enemy is that you need to know them well enough to know what they're capable of. Now, I'm not saying that your kid is the enemy, but if you knew they were this strong you probably wouldn't waste your money on that childproof lock.
Identity Thief T-Shirt
 |
| Product Page |
 |
| Product Page |
This actually seems like a fun shirt to wear to a conference, especially a security conference. I'm sure it'll go over real well.
It's a shame there's surprisingly little difference between the male and female versions of this shirt.
Monday, January 18, 2021
How not to protect your identity
 |
| from here |
It's bad enough not wearing a mask (in a pandemic, no less) to an event such as that, but to walk around with your identity printed on a card hanging around your neck? You might as well just have a sticker on your shirt that says "Hi, my name is _________". No doubt while the authorities were struggling to put a name to a face for most of the other perpetrators, in this guy's case all they had to do was read.
Maybe phones should resist interrogation more politely
 |
| found on The Very Near Future |
Modern phones are already capable of resisting interrogation by authorities by using encryption, but the feds don't like that. Maybe if the phones apologized it would smooth over investigators hurt feelings.
Friday, January 15, 2021
What the feds wish "locked phone" meant
 |
| from here and here (image source) |
There are so many things wrong with this technique. If someone wants the actual hardware they can just wait until you're about to use it to actually snatch it - that is assuming you can't just unsnap it from the belt (although it sort of looks like you can). It doesn't protect against any other kind of threat except phone thieves. Of course there's also the inconvenience of having to fumble around with a cumbersome lock whenever an incoming call comes in. How many missed calls before you start not locking it at all?
They never ask for permission to be confusing
 |
| found on Izismile |
I'm sure there's a perfectly logical explanation for that authorization prompt (maybe it's a 3rd party calendar app that wants access to the built-in calendar?), but that doesn't change the fact that the way it's presented is quite confusing to regular people. It almost makes me wonder if this could be exploited by malware somehow.
Thursday, January 14, 2021
The one time you should be a Karen
 |
| from here |
Honestly, in this one particular context, be a Karen. You're entitled to let technology do the remembering for you.
Wednesday, January 13, 2021
If unsatisfied customers disappear, is there still a problem?
 |
| from here |
Thanks to Naomi Wu for working so hard to raise awareness of what is clearly a serious issue, and shame on Signal for not doing more to educate users on the safety considerations of using their app.
In theory, secure messaging is meant to protect those who might otherwise be in danger if the contents of their messages were found out. If at-risk Signal users are getting disappeared under normal usage conditions then the question has to be asked whether Signal is fit for purpose.
I never knew my passwords
 |
| found on Acid Cow |
It's funny because it's true. You can't be tricked or coerced into giving up your passwords if you don't currently know what they are.
Tuesday, January 12, 2021
We don't need no stinkin' keys!
 |
| from here (image source) |
Of course, even if you were somehow able to solve the problem demonstrated above, a screwdriver will take the entire mechanism off the door. I'm really not sure what the intended application of this lockable sliding latch is supposed to be, but for the life of me I can't see a way to make it actually be secure.
I Drink Because Your Password Is Password mug
 |
| Product Page |
It's kind of a weird thing to drink out of if you're doing that sort of drinking, but I guess you have to keep up appearances at work.
Monday, January 11, 2021
Tactitools for tactifools
 |
| from here and here (image source) |
Tools are easy enough to misplace as it is. Making them blend in just makes it all the more difficult to find them. If you really want something other than the standard shiny chrome looking ones, might I suggest a neon or dayglo colour?
Galaxy brain state sponsored hacking
 |
| found on Imgur |
It would take a while, but if you could disrupt the pipeline that drives kids into armed service for a military power, eventually they won't be a military power anymore.
Friday, January 8, 2021
When your OpSec is as bad as your legal advice
 |
| from here |
You'd think that a lawyer would know not to take part in something as obviously illegal as a violent insurrection at the Capitol building. You'd further think that a lawyer would have the good sense not to post evidence of such illegal activity on social media for the world (and your employer) to see. Apparently in at least one case you'd be wrong.
Finally, surveillance we can all agree with
 |
| found on Imgur |
I'm sure there's an interesting story behind this sign, I just hope there aren't any pictures.
Thursday, January 7, 2021
If Houdini had a backpack
 |
| from here and here (image source) |
Maybe if Newt Scamander had employed something like this his fantastic beasts wouldn't have kept getting away.
You'll never look at a chain lock the same way again
Watch on YouTube
If your home is protected by a chain lock like this one, you better make sure there isn't enough room for someone with skinny arms to reach in with a rubber band and adhesive tape.
Wednesday, January 6, 2021
The unintended costs of mass surveillance
 |
| from here |
So Singapore is letting police access contact tracing data and people are concerned, and perhaps rightfully so. Over and over again, governments have proven they can't be trusted not to use the data they collect for purposes other than the data was intended. The United States exemplifies this and as a result they are unlikely to ever be able to do meaningful contact tracing because people don't trust that the data won't be used for other purposes - and that lack of trust is costing lives. There are other factors also costing lives, but even without those factors, contact tracing would still be a problem and without contact tracing it's impossible to get ahead of an outbreak.
Can't a guy rest in peace?
 |
| found on Acid Cow |
I suppose the argument could be made that there are no more outcomes for him to worry about, but privacy is still privacy, and if people really didn't care about what happened after they were gone they wouldn't make wills.
Tuesday, January 5, 2021
How do you "accidentally" add hard-coded credentials?
 |
| from here and here |
Believe me, I can imagine how this backdoor got added to the Zyxel firmware. In theory they may be developing the firmware with the built-in account for testing purposes and then they remove or disable that code in the final build that they intend for release. But if that's what they're doing then this mistake begs to happen over and over again.
Maybe they should make a product that's testable in it's final releasable form instead.
My Parents Went On The Internet And All I Got Was Some Lousy Malware shirt
 |
| Product Page |
For when the malware your family finds for you (one way or another) doesn't quite measure up to your expectations.
Monday, January 4, 2021
IoT's security disadvantage
 |
| from here and here |
The Internet of Things is always going to have security problems and updates and other device maintenance tasks are a big part of the reason
Hopefully it's just for deterrent purposes
 |
| found on Acid Cow |
I've heard it said that some guys don't take a hint. I've even heard that some guys point blank won't take no for an answer. I hope things don't escalate much further
Friday, January 1, 2021
It's finally dead...ish
 |
| from here and here |
It may be EOL for Flash but that doesn't mean people won't do plenty of inadvisable things trying to keep it alive. Expect to see cyber-criminals capitalizing on the situation in 3...2...1...
Revenge on a IRS Phone Scamming Company - Call Flooder
Watch on YouTube
Making scammers angry enough to curse at you? Yes please, I want more of that. Interferring with their business of exploiting others is just icing on the cake.
Subscribe to:
Posts (Atom)