security memetics

how can i pwn thee? let me count the ways

2010-07-30T18:47:00.000-04:00

found on Liquid Matrix blog

so, not only has this person given away their username and password to the entire world, allowing anyone to log onto twitter and pose as them, but they've also alerted everyone as to where they'll be at a particular time (so someone could either find them there or, more likely, find them absent from their home). might as well hang out a sign that says "want to rob me? i have an opening on the 29th at 4:30pm"

what the bad guys think of the cloud

2010-07-29T18:40:00.002-04:00

from Evil Inc comic

yeah, pretty much the more valuables you put in the cloud the more there is out there for the bad guys to purloin.

have passwords always been complicated?

2010-07-28T18:22:00.000-04:00

there are a number of issues covered in this comedy skit, and i like how it highlights how gullible you have to be to fall for some of the attacks out there.

bike security fail

2010-07-27T18:15:00.000-04:00

from Epic Losers

clearly some folks have as much difficulty with physical security are infosec people see with computer users.

Hijinks Ensue tackles rogue antimalware

2010-07-26T18:30:00.001-04:00

from HijiNKS ENSUE

really, there's more to this than just the comic - you should read the associated blog entry as well. the artist/author has some well founded doubts about the entire concept of going to some arbitrary website and having it supposedly clean your computer.

when passwords meet car doors

2010-07-23T18:04:00.006-04:00

from There, I Fixed It

the theory behind the captioning at There I Fixed It was that the gate latch was added to the car because the numeric code (see that panel above the door handle? that's for entering a passcode) is too hard to remember.

the thing is that the gate latch isn't a lock, it's a latch. if a latch alone was good enough the owner could simply close the door and not lock it (also, you can still use traditional keyed entry judging by the keyhole). it appears that this car door is in such a state of disrepair that it won't actually latch properly and needs to be held closed with this additional hardware. so the true moral of the story is that both security technology (the lock) and the infrastructure it works with (the door) need to be maintained or they won't do you any good.

luigi's password

2010-07-22T18:59:00.001-04:00

found on Gadi Evron's blog

yes, sometimes social engineering is that easy. be careful out there, you don't want to be the next luigi.

secrecy is sharing

2010-07-21T18:51:00.001-04:00

orignally from The Joy of Tech comic

found on Emergent Chaos

it's certainly some bizarro logic at work. reminds me of Pierre-Joseph Proudhon and his "property is theft" concept.

oh firewall, oh firewall

2010-07-20T18:42:00.004-04:00

from Andrew Hay's blog

Oh Firewall (sung to the tune of Oh Christmas Tree)

Oh firewall, oh firewall, your blinking lights protect me
Oh firewall, oh firewall, your blinking lights protect me
Each day you bring me such delight, safety in the dead of night
Oh firewall, oh firewall, your blinking lights protect me

Oh firewall, oh firewall, perimeter protector
Oh firewall, oh firewall, perimeter protector
Your rules are just, in line with policy and won’t be changed because you fuss
Oh firewall, oh firewall, perimeter protector

Each day you bring me such delight, safety in the dead of night
Oh firewall, oh firewall, your blinking lights protect me

unfortunately it seems he only did the one security carol. maybe he'll do more this year. might we request "silent log"?

the best antivirus

2010-07-19T18:40:00.000-04:00

found here

so maybe best is a subjective concept. i'm sure it's the most satisfying, though.

all your grammar are belong to us

2010-07-16T18:01:00.001-04:00

100% credit for this goes to the Sunbelt Blog's Tom Kelchner (and Patrick). it's even Tom's caption. absolutely perfect.

worms are bad, m'kay?

2010-07-15T18:53:00.001-04:00

from the McAfee Labs blog

this was just a picture to go along with their blog post. they gave it the caption "a picture is worth a thousand words", and it's really true, a picture is worth a thousand words, but in this case i think there are only 3 words that will come to the reader's mind

Do Not Want

and frankly, that's a perfectly good message to send. you do not want a worm.

hello security

2010-07-14T18:43:00.000-04:00

from Hello Kitty Hell

honestly, even if it is a real product, i'm not sure i can take it seriously.

matt on travel

2010-07-13T18:36:00.000-04:00

a nice series of cartoons about airport security drawn by matt pritchett of the telegraph.

if you have something that's supposed to be encrypted...

2010-07-12T18:50:00.001-04:00

if you have something that's supposed to be encrypted and you write the decryption key on it then you might be a security idiot...

(inspiration)

if you detect explosives by swabbing bags

2010-07-09T13:46:00.001-04:00

if you detect explosives by swabbing bags instead of using your brain and possibly recognizing the ingredients for gun powder then you might be a security idiot...

(inspiration)

the duhs of security

2010-07-08T18:39:00.000-04:00

found on An Information Security Place blog

protect yourself

2010-07-07T18:30:00.006-04:00

a rather hilarious video from panda, and i really like how the message at the end is "protect yourself" rather than something patronizing like "we'll protect you" or "this product will protect you". that means that it conveys the message that you need to act responsibly rather than the message that X will make it so that you don't have to worry about anything.

of course in the video itself it seems a big panda winds up doing the protecting at the end so that sorta contradicts the message but it's still a much better message than some some vendors use.

Schrödinger's lock?

2010-07-06T18:18:00.000-04:00

from failblog

really i think the absurdity of the message speaks for itself.

if you don't realize that prevention needs...

2010-07-05T18:15:00.001-04:00

if you don't realize that prevention needs to be backed up with detection and recovery then you might be a security idiot.

i iz uplodin mai pichur

2010-07-02T18:06:00.002-04:00

(inspiration from boingboing)

a cell phone thief actually did take a picture with the phone he stole apparently not realizing that when you take pictures with it they get uploaded to a central server instead of just staying local on the phone itself. whoops! bet he'll think twice about trying that one again. don't steal what you don't understand.

if you think disabling anti-virus software in order to install...

2010-07-01T18:30:00.001-04:00

if you think disabling anti-virus software in order to install other software is reasonable then you might be a security idiot

the evolution of CAPTCHA

2010-06-30T12:25:00.001-04:00

from the comic User Friendly

surely in the arms race against spammers this is where we're headed - CAPTCHA's that bots and CAPTCHA sweatshop workers alike can't solve.

spamasterpiece theatre

2010-06-29T18:10:00.001-04:00

awesome that such a well recognized character is tackling such a pervasive problem in such a funny way, reading spam with hashbusters (aka word salad) aloud like it was classic literature.

this is actually the first of a miniseries of videos - you can find more here

andrew hay tries cartooning

2010-06-28T18:03:00.000-04:00

from Andrew Hay's blog