 |
| from here and here (image source) |
I think it was Ben McKenzie who said don't invest more than you can afford to lose.
Friday, April 28, 2023
Can you spot the big cat?
 |
| found on Izismile |
Hiding in plain sight has benefits for both attackers and defenders. That's why nature is full of examples of camouflage.
Thursday, April 27, 2023
Advanced Persistent Teens
 |
| from here and here |
So I had kind of gotten the impression that the age of children being a significant online threat was a thing of the past. With all the talk about the commercialization and professionalization of the threat landscape I thought that meant the kids in the past had grown up and professionalized while the next generation of kids did something else entirely. Apparently I was wrong. Kids are apparently still a significant part of the threat landscape.
I guess I really shouldn't be surprised, though. All the intellectual and social rewards that drew kids to it in the past are still there now, and now there's the addition of financial rewards too. There's little reason for the next generation of kids to go elsewhere when what they want is right there.
We Tested Car Break-In Products
Watch on YouTube
It's one thing to watch experts use these kinds of tools, but it's quite another to see... less practiced individuals give it a try. It highlights that there can still be a fair bit of skill involved, so don't get discouraged just because these tools exist. It's not just anyone who can use them so chances are no one is performing a non-destructive etry on your vehicle while it's locked.
Wednesday, April 26, 2023
Freaky Friday Jailbird Edition
 |
| from here and here |
Well here's a new twist on "You've got the wrong guy". I wouldn't want to be the guy left behind, but even worse, I wouldn't want to be the guard who not only failed to see through the impersonation but also failed to recognize it might be a possibility. Authentication by the honour system is not something you should try with criminals.
The unspoken cost of porch piracy
 |
| found on eBaum's World |
This also demonstrates the importance of continuity planning. Don't wait until you run out of an important resource before you buy more. Instead order more long enough ahead of running out so that you always have some in reserve in case of emergencies like this.
Tuesday, April 25, 2023
Authentic fakes now for a low, low price of FREE
 |
| from here and here |
I originally thought this verified fake Disney account had perhaps paid the $8 that Elon Musk wanted for blue checkmarks, but on closer reading it seems the account had a gold checkmark and those actually cost $1000. Or at least they're supposed to, however it appears some got handed out for free, so not only did Twitter not verify the account was an authentic representative of Disney, they didn't even verify the account owner was an authentic paying customer.
Furthermore, it appears this isn't the only mistake they made. Accidentally "verifying" people who can't pay and who can't verify their phone number because they're dead means the entire verification process is fake. There is no authenticity here.
Monday, April 24, 2023
Let's see you "tailor" your marketing to that preference
 |
| from here and here |
So I log into my ISP, of all things, and I get a pop-up that informs me that ads are a fact of life and if I want relevant ads I should give them more information about myself. They can go pound sand.
I hope he knows how to shoot from the hip
 |
| found on Acid Cow |
On the plus side, it's going to be very difficult for anyone to steal his side-arm.
Friday, April 21, 2023
Department of Pearl Clutching
 |
| from here and here |
Of course the FBI is raising a stink about Facebook switching to end to end encryption. And of course they're going to say they're worried about kids. Here's an idea - if the children really are their only concern, why not simply ask tech companies to disallow encryption when communicating with children? It's not a hard sell to suggest that kids require supervision. Problem solved, if that is in fact the real problem. I doubt it is, however.
When there's no more chill
 |
| found on Dump A Day |
Maybe it's just me, but I would have thought that if your relationship with someone is so bad that you have to block them then surely you'd also stop using their Netflix account, wouldn't you?
Thursday, April 20, 2023
It'd be a shame if your flying computer crashed
 |
| from here and here |
Apparently military helicopters are now just computers that happen to fly, and if you don't apply patches you're asking for trouble.
Using Movie Quotes to Waste an IRS Scammer's Time
Watch on YouTube
Well that was an experience. It's kind of an absurd video but make sure you watch to the end for a surprise.
Wednesday, April 19, 2023
For Rent-A-Cop caliber bad guys
 |
| from here and here |
It takes a special sort of stupid to fall for RentAHitman.com, and even more so if you're looking for employment there. I think maybe, instead of renting out their services, they should have tried renting out the space between their ears.
Bringing balance to the force
 |
| found on Funny Junk |
Isn't balance what society is after these days? Isn't that why the news covers "both sides" of things? Maybe the Insecurity guy is contributing something worthwhile.
Tuesday, April 18, 2023
Hey guys, look at my top secret clearance
 |
| from here and here |
There's a pretty surprising detail about the alleged leaker of classified documents on discord. I'm not sure how such a character trait slips through the vetting process. There IS a vetting process, right? I'm sure they don't just give every Tom, Dick, and Harry top secret clearance. Right?!
Trojan Horse shirt
 |
| Product Page |
Well, it's definitely an eye-catchingly colourful design. I'm sure it will attract attention.
Monday, April 17, 2023
Always check for a bounty program beforehand
 |
| from here and here |
I'm not saying there's anything wrong with wanting something in return for your efforts, but be honest about your motivations and be more curious about how that process works. Don't just assume everyone hands out bug bounties, because they don't, and if the company in question doesn't then it's best to not even mention it.
Frankly, when you approach a company with a report that mentions a deadline to act and payment they never agreed to, quite a few are going to interpret it as some sort of shakedown or blackmail. One of the best indicators that a company won't do that is if they do in fact have a documented bug bounty program.
When everyone is part of your threat model
 |
| found on eBaum's World |
I'm not sure we would have much of a civilization if we couldn't trust each other most of the time, but if this is how much you trust people then I suppose you should act accordingly.
Friday, April 14, 2023
Never trust a crook
 |
| from here and here |
If it weren't for the desperation that ransomware victims often feel, I suspect a lot fewer would believe those trying to take advantage of them. Even if you do get your data back, that doesn't mean the crooks won't try to extort you later, and paying lets them know you're a viable source of funds for them.
Thursday, April 13, 2023
If the 'Forgot your password' thing was a person
Watch on YouTube
Thankfully password managers seem to help me avoid this problem, so I've never been stymied by a password devil.
Wednesday, April 12, 2023
Lag Tuesday
 |
| from here and here |
It's not just the games themselves. Everything is slower to respond on that one day of the month. Even in the background, updates still interfere with what you're doing. It's a shame that keeping up to date slows everything down.
One of the reasons unsubscribing is the wrong approach
 |
| found on Izismile |
It's better to use disposable forwarding email addresses when you sign up to things. That way you'll still get the emails delivered to your inbox when the service is behaving appropriately, but when they start to misbehave like this you can just nuke the address and never have to hear from them again.
Tuesday, April 11, 2023
Taking Pwn2Own on the road
 |
| from here and here |
Hacking a car through it's headlights is certainly a novel approach to automotive theft. Learning that the same thing could also be accomplished in other areas (even punching a hole in the side and grabbing wires inside) make it clear that this is going to take some doing to fix.
Cyber Security sticker
 |
| Product Page |
Blam! Ka-Pow! Cyber-Security! Tune in next week at the same cyber-security time, on the same cyber-security channel.
Monday, April 10, 2023
No stolen info for you
 |
| from here and here |
I know it's basically a game of whack-a-mole, but every whack makes more work for the bad guys and frankly they deserve it.
Not all bypass tools are created equal
 |
| found on Bored Panda |
It's actually just street art, but the implication that you can bypass the locked gate by jumping over it seems to be intended. Also it does demonstrate a real phenomenon about bypass tools - some are better than others. Sometimes they're a lot better or a lot worse.
Friday, April 7, 2023
Who wants a ride in the peeper-mobile?
 |
| from here and here |
The privacy issues with Teslas are beyond what I would have expected. Intimate moments captured by your car and shared around the Tesla offices like a joke? Or that simply walking past one in a parking lot can get you captured on camera and uploaded and examined by data labelers? Yikes.
Never underestimate your adversary
 |
| found on Animal Comedy |
Don't worry about these two jail birds. There will be plenty to eat where they're going. Just make sure you make it harder for them to get back in because they were released.
Thursday, April 6, 2023
Never gonna remember this one
 |
| from here and here |
Of course with all those constraints, the number of possible passwords that satisfy them all is actually smaller than if there were fewer constraints, which actually makes it easier to search through the entire set of possible passwords. In an effort to make passwords more secure, it actually makes them less secure.
Kids Meet A Hacker
Watch on YouTube
It's funny how at least one little girl already knows that she's got to stop giving him information. I'm sure she'll have great OpSec when she grows up.
Wednesday, April 5, 2023
Sometimes it's smarter to be dumb
 |
| from here and here |
When the advice to deal with a vulnerable Internet of Things device is to unplug it (effectively returning you to the dumb way of doing things), that's when you know "smart" isn't worth it.
Your qualifications are a perfect fit
 |
| found on Izismile |
After you lose everything in a crypto crash, or a hack, or any number of other ways your highly volatile investment could go bust, you're gonna need some way to make yourself whole. It may take a while but it'll be good experience.
Tuesday, April 4, 2023
Were their locks even attached to anything?
 |
| from here and here (image source) |
Maybe the different outcomes are enough to teach the ex-bike-owners some principles about how to better secure their bikes. Like making sure the lock actually goes through every part of the bike.
In Case Of Emergency Delete My Browser History sticker
 |
| Product Page |
To be honest, I think this works better as a reminder to yourself to delete your browser history regularly, rather than actually relying on the kindness of strangers (and their ability to get access to your system). Normalize deleting your own damn history, or better yet, use Incognito mode.
Monday, April 3, 2023
Can't be shy if you want to fly
 |
| from here and here |
I hope you all don't mind biometric surveillance creeping slowly but steadily into your everyday lives, because it sounds like the creeps at the TSA have definitely settled on the creeping strategy.
There's more than one way to blend in
 |
| found on Piximus |
Emerson said that a foolish consistency is the hobgoblin of little minds, and few things demonstrate that better than what passes for camouflage. The camouflage pattern that you normally associate with the military is used on so many things that it's become a joke. That's why it's good to be reminded sometimes that there are other ways of achieving that particular effect.
Subscribe to:
Posts (Atom)