So, Adobe publishes your personal details and that is not sensitive data ?
Why hasn't GDPR been shoved in its face to educate it a bit yet ? There's massive potential for a stonking big fine there, I would think.
Thrilling news: my Libra account is ready! I can barely restrain my excitement. Nor can I adequately express my bemusement, given that I never signed up to buy into Facebook's craptos in the first place. Indeed, no one can – possibly ever. Yet I received my confirmation this very morning. That is, it arrived a few days ago …
It was a database left unprotected for a time, which Adobe is downplaying as unimportant. There's an Adobe blog post about it in which Adobe bullshits about "transparency" but the post is so well hidden that I can no longer find it.
The German Democratic People's Republic is gone, it's history. I like communism as much as the next man but why keep bringing it up. They had a referendum and built down the wall.
Drunk Danny is smarter than me, he's better looking than me, he's a better fighter than me, he's a much better dancer and lover, and I get all that, I've learned to live in his shadow. What annoys me is he is much better at hiding things than I am at finding them. Car keys, telephone, quarter bottle of gin. It's as if he knows how I think.
You might just have the answer, to create an app that scrambles all of your meta data before posting anything online, just remember to turn it off before communicating with TPTB. Or maybe that's when you should really have it switched on given the appalling treatment that governments give people's personal data.
Wouldnt mind something that spoofed the phone location data, just feeds it the coordinates of some huge house in Washington, or an office building in Virginia - or a range of other humourous selections. Would only mildly inconvenience the serious black hats, but would piss off the lazy marketers - like google - so will never make it into the app store.
"People in wheelchairs have climbed Kilimanjaro"
Climbed? A woman in the New York Times, she had some horrible illness and to illustrate how fit she used to be she said she had climbed Kilimanjaro twice. I commented, "Did you drop your car keys up there?" and over 200 people liked my comment. My most liked comment of all time.
My mates sister climbed a Monro 8½ months pregnant, when most women claim they can't get out of a chair. There is a fine line between mountaineering and illegal termination.
Don't know if anyone else follows the amazing @BootstrapCook (Jack Monroe) on Twitter? Writes amazing cookbooks for those who can't afford fresh truffle oil, avocados and pulled jack-fruit, and instead live on tinned stuff. But foodbank users shouldn't have to live on cold baked beans. She knows, she was one at one stage! Hence her book "Tin Can Cook".
Anyway a couple of weeks ago her Paypal got hacked and she was relieved (temporarily) of £5000. Pah I thought, she should have used 2FA. She HAD! The usual 'send a text to my phone' version, but some toerag had contacted her mobile phone operator, given her date of birth (high security, it's on her Wikipedia page!) and got them to send out a new SIM (or similar) effectively stealing her phone number. So 2FA code goes to the bastards.
The moral? Don't use SMS for 2FA - use an application. I immediately changed my a/c to use the Google Auth app. Safer, but I'm sure some cunning shit will work out a way through that.
Don't use SMS for 2FA
This august redtop reported over 3 years ago that NIST was planning on deprecating the use of SMS for 2FA owing to its risks.
So, with the revised Payment Services Directive arriving in September 2019, what technology did most of Europe's banks decide to use for 2FA?
Not only does it offer very little in the way of genuine security, it also means that people can't make online purchases unless they happen to have a mobile phone signal - and if you're in a rural not-spot, going out to the shops is probably not an option either.
NIST was going to depreciate it, its in the drafts of the latest versions of SP 800-63, but they pulled it from the final release.
German Banks have been burned by this already.
The PSD does not put any requirement s on the security of a second factor, just that there has to be one. Its Specific payment providers that rely on SMS, but not all of them do. Its a matter of voting with your feet and only usiing those that dont.
if you are unfortunate enough to be like me and live in th 5% of the population without decent signal, SMS is most likley to get through, and push notifications and WiFi become your friend.
The majority of payments don't require a second factor authentication, if the bank is reliable enough, this can be up to £500, however
if you are unfortunate enough to be like me and live in th 5% of the population without decent signal, SMS is most likley to get through, and push notifications and WiFi become your friend.
Unless you're *also* with AT&T, and those wankers don't let you do WiFi calling (or any sort of usage that might prevent them from reaming you on extra charges). Nope, no SMS at my house until (maybe, if the wind is pushing the tower the right direction) the message decides to show up 4 hours later, or more likely not appearing until you leave the house and drive 1000 yards down the road.
The majority of payments don't require a second factor authentication
The can with the bit of PSD2 that says card payments require 2FA was kicked down the road for 18 months. That's going to be more fun when it comes in because card details aren't considered a strong factor, so the fact you've just inputted them into a website will mean nothing, it's going to need something like a card reader + PIN or an SMS code + a password that the customer knows.
A card reader + PIN validation would be secure, which is why banks will go with SMS + a password.
I buy cheap tinned jackfruit from the local Chinese grocery emporium and turn the contents into a sorbet with some added lime juice. It’s delicious and a cure for the winter blues. I bet Jack would approve.
I use the entire contents, reserving the drained nicely jackfruit flavoured syrup but boosting it with some more sugar and sorbet improver stuff. Fruit gets blended then passed through a sieve thingy before being recombined with the boosted syrup with lime juice added to taste before being bunged in the sobettier.
Technical relevance, the top removable stirrer motor tips forward these days cutting its power so I used epoxy to glue metal washers into the cover to keep it upright. It needs one more washer and it should be perfect again. Beats balancing tinned goods on the arse end of the motor.
I've only ever had the canned variety, but it was quite good in the drink that was made in the Vietnamese restaurant I went to (non-alcoholic, although I'm sure someone can come up with a spiked version). It was jackfruit, sweetened condensed milk, and ice, all put into a blender.
Hmm. I need to get to the store.
It was my birthday recently, and both my first love and my ex-fiancee sent me congratulations three days later. I'd been sad for three days, then confused until I remembered I always used to lie about my birthday. To avoid dumps. And my first pet was my mums maiden name. And I don't have a bank account. I'm a honeypot trap for scammers.
[Edit: Oh Muscleguy, I bought frozen Durian fruit from the Leith Walk Chinese supermarket and left it in the High Riggs Job Centre. It doesn't smell when it is frozen, just when it thaws. Trust me, they deserved it]
If you move in the same area you can keep your landline phone number (still useful at times).
It was years after we moved before we stopped getting unsolicited calls quoting our old address.
Come to think of it, we haven't had any calls quoting our new address.
That might narrow down the source a bit.
You can get virtual (SIP) numbers with geographic STD codes which you can keep even if you move out of the area. I use one of these for friends & family who want to call a landline (cheaper than mobile from landline or if on PAYG mobile.) The actual landline number is given to business & officialdom then shunted directly to voicemail without causing my phone to ring. This avoids being bothered by spammers, scammers and any business who hasn't taken their responsibilities toward TPS registered numbers seriously. It also makes the "landline" usable from any location via a smartphone app. Oh, and the audio quality knocks real landline into a cocked hat. But you could do all of this with two virtual numbers and just ignore the actual landline.
"The actual landline number is given to business & officialdom then shunted directly to voicemail without causing my phone to ring."
Just wait until you need hospital appointments. Or even better, have a hospital appointment that's cancelled on the day because of an emergency.
I have a VOIP (Vonage) line for the house set on "do not disturb". Too many scam/spam calls to keep live, so it's shunted straight to voicemail.
But being Vonage, I get a push notification on my phone (usually) plus email and SMS copies of the voicemail transcript (email also has an MP3 attached). If they care about us enough to leave a message, we'll know.
Also, the really important numbers (kids' school, main doctors) have our cell phones as alternate contacts and WILL try those after leaving VM on the house (Vonage) line.
The voicemails are automatically emailed. If it's somebody who actually needs to speak to ME, rather than an unsolicited sales call or scam, then they will leave a message. The bad guys don't tend to bother. If I ever do need to be in frequent contact with an organisation there is the possibility of providing them with a dedicated number.
"So it got me thinking it ought to be possible to upload harmless but misleading photos to social media and let the hackers and spammers get on with it."
I doubt they check much - just fire off emails. All of which reminds me I must change my very obviously eBay-specific email address and set the old one to bounce. After all, the real eBay aren't going to email me to click on some link to fill in a customer survey and offer to reward me with an Amazon voucher.
some organisations make it easy for ID theft. I only discovered a couple of years ago that Companies House have made available online (free of charge and to anyone anywhere in the world) scans of documents giving my full name, address, date of birth and images of my signature and similar for my wife. I queried this with the data protection registrar and apparently Companies House are currently legally required to publish all this information. Terrific!
"... Companies House have made available online (free of charge and to anyone anywhere in the world) scans of documents giving my full name, address, date of birth and images of my signature ..."
Their Dutch colleagues used to do something similar which was greatly appreciated by fraudsters. Now they black out some of the information (esp. the signature). If you want to check that you have to turn up in person at a "Kamer van Koophandel" office to see the unredacted form of the company registration documents.
It truly scares me just HOW MUCH junk mail I started to receive when I registered my limited company. You'd like to think that Companies House were more selective about who can get access to your address, but they seem happy to give it to any old clown who thinks that someone in IT will purchase their services via an unsolicited flyer.
Is there a lawyer in the house?
If I changed my signature to the word "none", neatly printed, could I insist that people accept it as my signature and could I then simply deny that my signature on a document was proof of anything?
I ask, because if forging a signature really does just become a matter of cut and paste, like typing my name, then it *is* worthless as an authenticator and so there is surely some incentive for people to try to make it *obviously* worthless and for the law to accept that it is worthless.
I significantly changed my signature since the discovery, so at the very least I can point to the fact my "old" signature has been put into the public domain and is effectively worthless as an authenticator. I can claim that any documents since "signed" with that signature are fake. Whether that would stand up legally I don't know. The tricky bit is remembering to sign documents with the new signature after using the old one for fifty years!
There was a case where an American embassy clerk in Poland would sign documents with just a line in the signature space. Another worker was forging this signature for visas etc. When caught, the forger claimed that drawing a line was not forgery. I don't know how the case was decided.
I use 'None' to sign just about anything.
Oft times folks seem to just be happy to see something 'there' because their rules say the space cannot be left empty.
Such a waste when you're told to use your finger to electronically sign for some parcel or other.
Real fountain pen's in the other pocket leaking ink.
Companies House data is "public", but that doesn't mean it is no longer "personal", especially if you're there as a sole trader. You can still take action against anyone storing and processing that data illegally, for example without your consent... The ICO is inundated with complaints about it, but if you get bored you can always just take them to court for damages (after checking their entry in Companies House to find the boss).
I am also having an ongoing discussion with CH regarding what they're doing to stop spidering of their site, which is relatively easy to detect by them. They have a public obligation to publish, but they need to do it in a way which doesn't unreasonably endanger our privacy.
There's a story in this - incompetent CH site design leads to massive breech of privacy of anyone who's ever been a director.
As you must have something to hide, right? Think of the children you must be a terrist, etc, etc.
You WILL be monetized like it or not, which is the real reason. Corporation governments don't like people they can't steal money from...
I keep nine current alternative email addresses, five alternative physical addresses, and four alternative phone numbers. The email addresses will eventually get read, but they have no relationship to anything valid.
In spite of all I do, I've been peppered with the most common robo-calls on my business phone. Despite the laws making such activity illegal, I still get them. I guess the police are useless now.
It will be techno "toadies" like us who will begin to zap call centers with our lasers from space. I don't expect that to create any police interest, either.
Just paste that Eiffel Tower in one eye, the Taj Mahal in the other and the Sydney Opera House in that mirror, while the exif puts you in Santiago (no further specification whether it is Santiago de Chili, Santiago de Compostella or one of twenty odd other ones), while posting from some other, undisclosed location.
Damn, my secrets are out.
As an aside, didn't The Reg have a story recently about a singer or something who was stalked/assaulted by said stalker who tracked her from her persistent selfies that had 'useful' reflections in her eyeballs or something?
Was able to narrow down which apartment she lived in and all.
"before social media was discovered by ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls."
...and if your 'fragile masculinity is emboldened by '15-year-old schoolgirls' you still won't look good in the eyes of your peergroup.
Leans out of the banged up old Rolls Royce with a bottle in your hand and yell 'scholars'
- Withnail & I reference
I make no efforts to leave a false trail, nor to hide where I live. A Reg reader who could be arsed will find sufficient information to figure out who I am and where I live, and a fair amount about my interests and activities. Hiding that seems futile: if the Assassins Guild were to get a commission on me, they could already track me down by more traditional means.
I still get spam in a range of languages, some of which I can't even read. In fact I think most of it is foreign and firmly aimed at inhabitants of other countries (indeed, often continents), possibly because my spam filter speaks better English than Russian, Korean, Arabic, or .... dammit, even Spanish. So no surprise when my prize is denominated in OZ$, or any other currency I may or may not have heard of.
Also can't be arsed to clean up breadcrumbs scattered all over the place.
The Assassins Guild have very competent employees, yet I'm not dead. Yet.
Because if they want to track you, they'll devise ways and means to do so, and then it'll be extra arse work ensuring you sanitize your history properly.
If I google myself, I can still find old and odd stuff I've posted all over the Net, and to clean that up, nah. Got better things to do with my time than stressing over such things.
I went to one of their conferences! Can't remember which one, though, the brain cells have decayed over the years, but it was great. We need more of that kind of thing.
I just keep telling myself that just because they haven't posted an update for almost 13 years doesn't mean they're _completely_ dead. Please?
The worst case of "spamming" I ever experienced came almost 30 years ago - well before myspacebook and big data base leaks, et al. Apparently hell hath no fury like a company scorned, because a person with my name decided to run up amazing bills at places from retail to school loan companies, and for years I would get called by collection agencies trying to get me to pay for "my" defaults. Took a lawyer to stop that one; it was and apparently still is totally legal for companies to share any information they have on anyone with the same name in their records as the person who came, got credit, and left. I wonder how many companies are still trying to call my long disconnected land line......
Something similar happened to me. I started getting phone calls and letters from a company about overdue invoices regarding a company with a very similar company name to mine and they were also only based a few miles away. Sounded like a fly by night company that appeared, bought a load of computer equipment then closed down and disappeared just as quick. Luckily the company defrauded quickly figured out that they'd screwed up and my company wasn't the one they'd been conned by; so no lawyer necessary.
When I got my new cellphone number, I kept getting treatening calls for the previous owner of the number. Things along the line of 'pay up or we'll see you in court!'
That I told them said name didn't exist at this number wasn't working. So I basically told them to 'put up or shut up and I'd be happy to have my day in court'.
Somehow, that stopped them dead after the first try.
There have been several stories recently about people who continue to text dead relatives (it's comforting on an emotional level) and getting really nice responses from the person who got the recycled number.
having a person with your own dead relative's recycled number call YOU, would be many many times less likely
Just post some pics of weird things, and use location data for REALLY interesting places (center of the Pentagon, or area 51) and see what "happens". Posting pictures of places that don't like pictures would be VERY interesting.
Sorry, I haven't done this, but it would be a tempting thing.
Given where I work, I must be anon. Give my regards to Ft. Mead!
ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls
Thanks again for tea through nostrils, Mr. Dabbs.
The downside is that we're still paying these twats (or dicks if you prefer male organ based perjoratives) far too much salary and far, far too much for expenses.
Biting the hand that feeds IT © 1998–2020