A Mystery of Security Memes

The era of memes is in full swing. The internet is filled with funny pictures on different topics. Even today, we can say that memes have become a cultural phenomenon.

However, in trying understanding the popularity of memes, it is worth considering two aspects. Firstly, a meme is not just any funny picture on the internet – It is not always a picture and not always on the internet. The second thing is that memes can be good and useful.

We’ve already told you more about computer memes in our blog.

A meme is a unit of cultural information. It can be any expression, idea, symbol, image, or sound that is transmitted from person to person based on imitation. The last criterion is fundamental – because it is only through imitation (replication) that the meme’s whole mechanism is built.

Today, we decided to analyze the popularity of memes and talk about making sense of security memes.

Wow! 2020 is over! Now, you should ensure your security protection in 2021. Read this article and know how to do it.

What are security memes?

A meme does not depend on a specific situation to have relevance as a cultural information unit, but rather it is a kind of universal code. In practice, this is manifested in cases where the same meme is used to explain various situations. In other words, a meme becomes a meme only when it turns from a specific precedent event into a context-free unit of information.

The security meme, in particular, is like a kind of online folklore. The meme has replaced the joke. After all, now at a meeting or in a company, no one exchanges jokes – everyone discusses the latest memes. And we have to accept that. Memes are not bad! Memes are part of our internet security culture, an attribute of the modern digital society. Let’s learn more about this phenomenon.

Memes can be divided into many classifications. For example, according to the method of origin, there are:

Intentionally created (so-called “forced memes” that are created by marketers or users to promote a brand or themselves).
Co-opted (those that seem to arise spontaneously but are immediately picked up by interested parties and promoted for some purpose).
Self-generated (absolutely folk art, a meme in its purest form, which spreads virally).

Semiotic memes are usually divided into visual, auditory, textual, and mixed memes.

Visual – The most popular. This is your favorite pictures, macros, advice, comics, photoshop contests, and so forth.
Auditory – Songs, slogans, mottos. The ice is melting between us!
Text – Any verbal expressions, neologisms, poems, or slogans that exist in text form. Rhymes-pies, for example.
Mixed – These include video memes because they combine visual and auditory features. According to some sources, mixed memes include images with text because they combine both visual and verbal content.

Don’t forget about cybersecurity in your daily life. Read the security advice of David Geer and stay protected.

How to understand security memes

First, when analyzing the true meaning of any meme, you need to follow these steps:

Step #1. Find out the background. Firstly, you need to understand the background of the story shown in the picture. Look for information about the issue or event mentioned in the meme.

Step #2. Pay attention to the characters. Most often, the true meaning of a meme is conveyed by certain characters who tell a joke.

Step #3. Look for funny moments. The meaning of security memes is always deeper. So don’t expect that you will be able to understand the meme from the first viewing.

Still don’t understand the security memes? Well! Now we’ll sort out a couple.

CISO vs Pentester

*Note:

The CISO (Chief Information Security Officer) is the person who chooses which antivirus the company will use, which regulations users will comply with, and develops (or follows) plans to improve the company’s information security. The CISO makes decisions. He may not know exactly how the security features work or how complex two-factor authentication works.

The “pentester” (penetration tester) is a “white hat” hacker. Such people are hired by large companies when they want to check the level of security. The pentester’s task is to try to obtain user passwords, important information, access to the company’s money, and so on by hackiing methods.

Why is this funny?

CISOs can be too confident in the security of the company. After implementing a large system to protect against attacks, the CISO calls pentesters to check the system and ensure that the money is not spent in vain. One good system (or two or three) cannot protect the company. And the pentesters show it all the time.

The joke is in the self-confidence of the CISO, who covered only part of the company’s “holes” with one system.

You can watch the video joke here.

The company’s first “bug bounty”

*Note:

A “bug bounty” is an opportunity for hackers to earn extra money by finding the holes of companies legally. Sometimes companies allow all pentesters to test their external services or websites for vulnerabilities. If vulnerabilities are found, the company pays the money. Sometimes this is a small reward of around $50. Sometimes the amount reaches $1,000 or more.

Report/broken vulnerability – When a hacker (pentester) finds a vulnerability, he writes a small report with a description of all his actions and screenshots confirming the vulnerability’s presence. A broken vulnerability is a “hole” in the product, described by a hacker on a special site.

Why is this funny?

Sometimes companies want to save money on bug bounties. Instead of paying honest rewards, they try to downplay the vulnerabilities found, pretend that the vulnerabilities did not exist at all, or do not respond to reports for a year. So, companies want to save on payments and at the same time get the information about the vulnerabilities found. Professional hackers quickly leave such companies.

The joke is that some companies stubbornly do not want to listen to common sense and colleagues/competitors’ sad experience.

Scan instead of pentest

*Note:

A vulnerability scanner is a program that scans computers and other hardware for holes and, in fact, vulnerabilities. It determines the operating system and its version, installed patches, and so on. It can be used as part of penetration testing (pentest).

Pentesting is the process where pentesters search for and exploit vulnerabilities to get passwords, customer data, secret information, and so on.

Why is this funny?

There are companies that, instead of full-fledged penetration testing, issue scanner reports as an alternative. But, scanning in an average company takes several hours. Such worke does not require the skills of a specialist and, as a result, is inexpensive. Just press one button. Penetration testing is a more complex task that lasts for several days, sometimes weeks. For such projects, specialists with experience are allocated, who can give information about operating systems and receive confidential information.

The joke is that not everyone understands the difference between scanning and pentest. This understanding may be lacking even for those who carry out the work.