 |
| from here and here |
Y'know, with a name like "ran somewhere" you'd think the process would be faster.
Wednesday, August 31, 2022
How you learn to stop using LimeWire
 |
| found on Izismile |
I'm not going to pretend that you can't remain safe while downloading things you shouldn't be downloading, however, it's I think it's fair to suggest that children probably can't do it.
Tuesday, August 30, 2022
Let's make data brokers broke
 |
| from here and here |
125 million phones could cover more than a third of the population of the entire United States, and yet I've never even heard of the company Kochava before. If this single unknown company is tracking that many people, just think of how many people are being tracked by all the other unknown data brokers out there.
This Image Is Not Available In Your Country sticker
 |
| Product Page |
If you've ever seen anything like this then you've encountered geo-blocking, which is one of the few remaining good reasons to use a VPN. Unfortunately there are no VPNs for real life, so this is going to be like a splinter in people's minds.
Monday, August 29, 2022
No clicks for you
 |
| from here and here |
Of course heartless corporations are going to double-down on their toxic business practices, but don't listen to their arguments. Ads have been a security threat for a long time, and if an advertising company hasn't come to terms with that fact about the Internet yet then they don't deserve your attention.
No Whammies!
 |
| found on Imgflip |
This is quite an apt comparison. "Investing" in cryptocurrency is very much a gamble, and there are many ways for you to lose everything. Maybe it would be safer if people treated it like gambling instead of investing, and only put into it as much money as they can afford to lose. Of course there are still people with gambling problems who lose everything that way too, but at least people would have a better idea of what they were getting into and what kinds of risks are involved.
Friday, August 26, 2022
Never trust your attackers
 |
| from here and here |
It's not the first time and it won't be the last time that ransomware operators proved themselves to be untrustworthy. I know it's a tough position to be in, but if you get compromised you have to prepare for the possibility that the data will be leaked. Paying the people who attacked you to not make things worse has no guarantee of success. Why should they keep their word once they have what they want? It's not like they're honourable, they wouldn't have attacked you in the first place if they were.
I've got a reputation to protect
 |
| found on Reddit |
I don't know about you, but I certainly use Google in incognito-mode. Not even specifically dumb questions, but all the time. One of these days I'm probably going to have to figure out how to make every browser window an incognito window.
Thursday, August 25, 2022
A Facebook Challenger Appears
 |
| from here and here |
It's hard to believe anyone could give Facebook a run for their money, but it sounds like Oracle is doing just that. Not in the context of social networking, however, but rather in the context of global surveillance.
It's difficult to imagine why Oracle would be interested in my political views and physical location, but I suppose those are details an authoritarian regime could use about it's citizens.
How did the Enigma Machine work?
Watch on YouTube
I knew there were rotors in the Enigma machine, but this gave me so many more details. Could I build my own version after watching this? Maybe, but it's easier to just use computer software these days. Besides, the Enigma machine did eventually get cracked by the allied forces, so it wouldn't be secure even if you did build your own. It's still really interesting to see how complex it was.
Wednesday, August 24, 2022
The pitfalls of copy&paste
 |
| from here and here |
When it comes to copying what you find online, I always advise people to learn from the code rather than simply copying it. Copying may be expedient, but it's risky too. If you don't understand the code you're copying then you run the risk of using it in inappropriate ways, including using compromised encryption keys like the folks at Hyundai appear to have done.
And don't let them stick to the wall
 |
| found on Reddit |
Treating your passwords like your underwear is certainly fertile ground for humour, but it begs the question: do your passwords pass the sniff test?
Tuesday, August 23, 2022
Transparency Theatre
 |
| from here and here |
There are so many allegations made in this whistleblower complaint that subverting transparency reporting is really just the tip of the iceberg, but it certainly seems novel to me.
Respect My Privacy shirt
 |
| Product Page |
 |
| Product Page |
Asking that people respect your privacy is getting harder and harder these days, but how can anyone argue with a cute kitten flipping you the bird?
Monday, August 22, 2022
You don't really think they're going to give those up, do you?
 |
| from here and here |
The government is no more likely to hand over vulnerabilities for fixing than they are to lay down their arms, even though that makes us all less secure as a result. Don't count on their help to make software more secure when they have vested interest in it remaining vulnerable.
Don't try anything fishy
 |
| found on Acid Cow |
Security cat is going to be watching you swipe your card very carefully, so there better not be any funny business or things will get hairy.
Friday, August 19, 2022
A bug so nice they patched it twice
 |
| from here and here |
If you have Zoom then you better get patching, again. The patch from earlier this week wasn't good enough but now they've got it for sure this time, honest.
Always check to see if you can pull the faceplate off
 |
| found on Acid Cow |
You often can pull the faceplate off if a skimmer has been installed, but they're usually much smaller than this.
Thursday, August 18, 2022
They had a doodie to protect their customers
 |
| from here and here |
If you received the gift of poop and wondered who sent it, finding out may now be possible. Anonymity was necessary for a site like this because taking an action like this has consequences, and now those consequences can play out because the anonymity has been lost.
How not to lock a sliding door
Watch on YouTube
It may sound like a sliding lock and a sliding door should go well together, but they really really don't.
Wednesday, August 17, 2022
Because the name "Big Brother" was already taken
 |
| from here and here |
Candid Camera and all the hidden camera shoes that came after it were always a little creepy when you think about them secretly recording people without their prior consent. That's pretty much the same thing that the new surveillance comedy show from Amazon will be as well, except this time the cameras will be everywhere, and it will give people yet another reason to participate in a surveillance state that feeds data directly to police without permission.
Don't let that be the chosen one
 |
| found on Reddit |
You should definitely use an adblocker to protect you from malware served through ad networks, but maybe not that particular adblocker. It seems to have a conflict of interest.
Tuesday, August 16, 2022
Maybe backups would have been faster
 |
| from here and here |
I've heard that one of the reasons victims pay is that it can be faster to pay the ransom and decrypt the data than to restore from backups, but if it can take hours for a bitcoin transaction to go through then maybe that argument isn't so clear-cut after all.
Malware tuque
 |
| Product Page |
A very simple design idea. I wonder if they also make a balaclava.
Anyway, it's a black hat, but if you find yourself identifying more with a white hat, they have those too.
Monday, August 15, 2022
Don't look him in the eye
 |
| from here (image source) |
I know it's not that we don't value privacy, but there are certainly times when we don't act like we value it. Public washrooms a good example of that. For all the problems they have it seems like no one is trying to design them better and some people are obviously designing them worse.
Passwords are like underwear - they shouldn't stick to things
 |
| found on Izismile |
Look, I get it, passwords are hard to remember. However, if you have the sort of job where people visit you at your desk or worse where you give television interviews on TV, then this is not the memory aid you should be using. Put it in your wallet if you must, but not out in the open where anyone (everyone) can see.
Friday, August 12, 2022
How would a businessman like him profit from those?
 |
| from here and here |
Y'know, if I took nuclear secrets home with me, I'd definitely expect the authorities to show up looking for them. That Trump managed to act surprised is a testament to his skill as a con-artist.
Home surveillance can be ruff
 |
| found on The Funny Beaver |
I think every dog owner has experienced this. If they see you with food they are going to watch you like a hawk. Kiss your privacy goodbye until they see you finish it.
Thursday, August 11, 2022
That's not suspicious at all
 |
| from here and here |
It's always a good idea to be suspicious of any strange behaviour on your computer. It might be innocuous (like Windows Update slowing everything down from behind the scenes) but it might also be a sign that your computer has been compromised. The only way to find out is to investigate further, but that won't happen if you don't at least have some suspicion about it.
DEFCON 17: Making Fun of Your Malware
Watch on YouTube
Want to see attackers fail? This old DEFCON presentation demonstrates some of the technical and operational failures by malware authors and operators. Also, this gives a little taste of DEFCON for the people who can't attend this year.
Wednesday, August 10, 2022
Surveillance with a smile
 |
| from here and here |
So both Tim Hortons and the RCMP have been spying on people. I'm starting to wonder about my home and native land. Is everything spying on me? Are even those damn geese spying on me?
I suppose technically neither Tim Hortons nor the Royal Canadian Malware Purveyors are actually spying on me because I don't have a mobile phone for them to attack (and people question my decision to forgo cell phone ownership).
Attacks need to be kept up to date too
 |
| found on Izismile |
I think the youth of today know better than to get into a strange van for some free candy. Funny pictures, on the other hand, might not trigger the same suspicion since it wasn't explicitly drilled into anyone's head.
Tuesday, August 9, 2022
A 2nd VPN?
 |
| from here and here |
And if you use a 2nd VPN, what hides your browsing from that? A 3rd VPN? Eventually you're going to have to trust someone with your browsing traffic. Maybe instead of using a VPN you could just switch to an ISP you trust.
You Clicked That Link Didn't You shirt
 |
| Product Page |
Consider this apparel the next time you have to travel to a user's desk to deal with a malware alert. You can start the conversation by just pointing at your torso.
Monday, August 8, 2022
Turning your relationship into a rocky road in 3...2...1...
 |
| from here (image source) |
The only reason you'd want to lock up your ice cream is if someone you live with, someone who shares physical access to your freezer, was eating it and you didn't want them to. This isn't going to stop them. It's only going to upset them and that's not good when you're living with them. I would think twice before employing this technique if I were you.
So much for good fences making good neighbours
 |
| found on Funny Junk |
Privacy is, unfortunately, something that can be pretty easily violated simply by disregarding social norms. In this case, however, there are all kinds of possible solutions (a taller fence, a paintball, a high powered laser pointer, a well aimed/focused solar cooker, etc.)
Friday, August 5, 2022
No ransom for you!
 |
| from here and here |
True story. It wasn't even my job, but when you're one of the few people able to help it kinda becomes your responsibility. I did try to get my employer to donate to the maintainer of the service that identified which decryptor to use, but I never thought to ask for a raise or bonus for myself. Apparently some people think that was a missed opportunity.
The cost of protection
 |
| found on Funny Junk |
Protection often isn't free. You have to consider those costs against the value of what you're trying to protect and the likelihood that it needs protection. Now I'm not trying to say Mr. Whiskers here isn't worth $24k, but that is a lot of money to spend protecting a rodent against a threat it's unlikely to face, or a threat that can be mitigated more easily and cheaply by keeping him in his cage out of harm's way.
Thursday, August 4, 2022
Whatever happened to the useful ones?
 |
| from here and here |
One the plus side, I do get fewer useless alerts than I used to, but the useless ones still outnumber the useful ones by a wide margin. I don't even remember the last time I got a useful one. These days it's usually Windows telling me the firewall is disabled when it's perfectly fine.
Maybe I don't see useful alerts because the attacks never reach the computer with the firewall software in the first place. Maybe NAT-enabled routers were all most of us ever really needed.
Kid Changes His Grades By Hacking, He Lives To Regret It
Watch on YouTube
Remember kids, it's better to use your skills for good than for evil. Evil may pay better for a while, but something usually comes along to make it not worth it in the long run.
Wednesday, August 3, 2022
Why I let the computer generate my passwords
 |
| from here and here |
People are really bad at creating strong passwords, so you might as well let the computer do it for you, and let it remember them for you while it's at it.
Hope that's not your only defense
 |
| found on Imgur |
While that might stop me, I suspect that not only are there plenty of millennials who can drive stick there are also plenty of older people who steal vehicles.
Tuesday, August 2, 2022
A naked data grab
 |
| from here (source article) |
I haven't made a secret about my feelings towards the Internet of Shit, but most of the time those connected objects at least provide the user with some compelling reason to use them. Often they give the user some novel feature or make something more convenient.
This scarf doesn't do any of that. It provides no extra functionality to the wearer beyond what a normal scarf would. You don't get to see the data, only some 3rd parties do. The best case scenario is that maybe someone will pay you to wear it, and you better hope they do because by extracting biometric data out of it they are definitely getting something of value in return.
Warning May Spontaneously Start Talking About Cryptography shirt
.jpg) |
| Product Page |
Y'know, there was a time when I was prone to talking about my nerdier interests. I should probably try to be like that again... as soon as it's safe to be around people.
Monday, August 1, 2022
When advertising companies make browsers
 |
| from here and here |
I mean, when you factor in the fact that Google is an ad company, their desperation to keep tracking people makes sense, but it's still desperation, and each year they drag out the end of tracking further just looks more and more desperate.
All it takes is one bump in the road
 |
| found on Reddit |
One bump in the road / one password breach and it's all over.
That's not to say that you couldn't have come up with a secure password when you were 7 years old, but rather if everything is dependent on that one password then it's a single point of failure. A single password breach would expose all of your accounts.
Subscribe to:
Posts (Atom)