Security Memetics

Like stealing healthcare data from a law firm

2023-07-17T15:30:00.019-04:00

Apparently if you suffer a data breach, the data in question may at some point end up in the hands of a law firm. The problem, however, is that law firms are not magically secure, so it's possible for the data to be stolen a second time - which one law firm is finding out the hard way. As data breaches continue I have a feeling we may see this happen more frequently.

The patches that never end

2023-07-13T15:30:00.003-04:00

from here and here

Maybe you thought Internet Explorer would be ancient history by now, but unfortunately Microsoft is still making security updates for it.

Worst Wifi Password Ever

2023-07-13T10:30:00.001-04:00

Watch on YouTube

Tricky passwords can be a double-edged sword. You have to make sure they aren't more trouble than they're worth.

Someone needs a longer sentence

2023-07-03T15:30:00.002-04:00

from here and here

I've heard of individuals being threatened and harassed online before, but a dictionary? That takes a special sort of irrationality, which you'd think would make them extra dangerous, but apparently the judge felt otherwise.

Protection isn't always effective

2023-07-03T10:30:00.002-04:00

found on Dump A Day

Something that we must all keep in mind is that there is no protective measure that is perfect. They all fail under the right (wrong) circumstances.

Time to sharpen some wooden stakes

2023-06-30T15:30:00.008-04:00

from here and here (image source)

If you look closely at the right hand side it does seem to be bent outwards, which suggests the force came from inside the cemetery. It's also fairly low to the ground, which makes me wonder - is this a pet cemetery?

"Relevant" ads are creepy AF

2023-06-30T10:30:00.004-04:00

found on Reddit

Presumably they can't actually read your mind. I assume they just correctly recognize that you're similar to people who have expressed the same thoughts you've only ever thought inside your head and are acting on that similarity, but it's still creepy.

A little TOO 'universal'

2023-06-29T15:30:00.002-04:00

from here and here

A lot of things went wrong with Kias and Hyundais to allow them to be stolen as easily as they have been, but one that stands out to me is that there's a receptacle the same size as a USB plug that you can just plug a USB charging cable into and twist like a key to start the engine.

Password policy frustration

2023-06-29T10:30:00.001-04:00

Watch on YouTube

The better designed systems will show you the full set of password policies all at once rather than revealing them individually like this. That way the user should be able to create a new password with the fewest number of failed attempts.

What gave it away?

2023-06-28T15:30:00.004-04:00

from here and here

I suppose you don't necessarily have to be a master of operational security to be a flight attendant, but if you're going to call in a bomb threat on the plane your ex-boyfriend is on then a bit of opsec would probably help.

Why we need end-to-end encrypted messaging

2023-06-28T10:30:00.025-04:00

found on 9Gag

I think we can all agree that we'd like to be able to speak privately with the important people in our lives and that some of the things we share would be deeply embarrassing if they were revealed to a wider audience. I'm sure we'd all like to be able to enjoy the freedom to communicate that way, but it's hard to feel that free when we hear about how the authorities are spying on our communications.

Fundamentals First

2023-06-27T15:30:00.010-04:00

from here and here

Yes, there is a novel side-channel attack that involves video recording of power LEDs, and yes I'm sure it's important to protect your smart card readers against such an attack, but I'm also fairly certain most information security departments are still struggling to deal with phishing and ransomware and aren't anywhere near being in a position where dealing with this novel (and frankly low probability) attack is the best use of their resources.

In OWASP We Trust mug

2023-06-27T10:30:00.017-04:00

Product Page

If you're in software development, raise some awareness around the office of the OWASP Top 10 vulnerabilities. They're still being found in software even after all this time, which means not enough effort is being made to avoid them.

Stolen And Purchased

2023-06-26T15:30:00.002-04:00

from here and here

I'm kind of surprised that SAP's first clue they had a data breach was when they purchased their own hard drive off of Ebay. But if people can just waltz out of their data center with hard drives in their pockets or something then I guess I shouldn't be surprised after all.

That mental image, though

2023-06-26T10:30:00.002-04:00

found on Reddit

Deterrence is ultimately a mental exercise, it operates on the mind of the people you hope to deter. As such, it's probably a good thing to try things a little off the beaten path because "Danger!" and "Keep Out!" are things people have seen a million times and so are desensitized. This one paints a very evocative mental image, though maybe it sparks a bit too much curiosity.

"Smart" Armour

2023-06-23T15:30:00.003-04:00

from here and here (image source)

Of course the person whose phone saved them from a bullet was actually just really, really lucky. Phones aren't bulletproof, and body armour made out of them would cost far more than they'd be worth. Of course if you did do it then you'd probably want the phones to partially overlap each other, like dragon skin body armour, rather than what the guy above was doing.

Sometimes the obvious countermeasures are the easiest ones to forget

2023-06-23T10:30:00.001-04:00

found on Reddit

Stay out of the water, stay out of the bad part of town, stay out of untrustworthy websites, etc. If you always remember those sorts of obvious things, good for you, but plenty of people need reminders, and some never knew in the first place. So don't just remember for your own sake, remember to share those steps with others as well.

One way to make cookies bite the biscuit

2023-06-22T15:30:00.002-04:00

from here and here

Actually blocking cookies seems to create problems with a surprising number of sites, so using incognito mode or private browsing mode in other browsers to limit the lifetime of the cookies to as long as the browser window is open is the next best thing. Neither stop other forms of tracking, though.

The bear essentials of deterrence

2023-06-22T10:30:00.001-04:00

Watch on YouTube

If you can scare away your adversary then your job is done.

Got it, got it, need it, got it

2023-06-21T15:30:00.004-04:00

from here and here (source article)

I knew crooks used the MOVEit vulnerability to breach a lot of organizations, but when the number is so high that you start assuming all breaches are the same group, then things start to get a little ridiculous.

Magical "Security"

2023-06-21T10:30:00.002-04:00

found on Harry Potter Fandom

When your security practices are informed by magical thinking, even children will find a way around your protective measures.

Moving your data into their hands

2023-06-20T15:30:00.002-04:00

from here and here (image source)

The MOVEit vulnerability has been exploited far and wide, but this latest one involving the DMV seems particularly far reaching.

Mom & Hacker tote bag

2023-06-20T10:30:00.002-04:00

Product Page

Don't sell moms short when it comes to technology in general and hacking in particular. My mom may not have been a malware reverser, but she was certainly able to exploit technological loopholes.

Jeepers creepers where'd you get those peepers

2023-06-19T15:30:00.006-04:00

from here and here (image source)

If it weren't for the normalization of surveillance we wouldn't get amazingly disturbing images like this one.

Cursed Camouflage

2023-06-19T10:30:00.002-04:00

found on Dump A Day

Yes, you can definitely disguise one inappropriate thing as another inappropriate thing, but when people eventually realize what they were staring at they're going to hate themselves.