Posts by MachDiamond 2373 posts • joined 10 Aug 2012
I can't wait to see what the bribe will be to source a UK passport. If they outsource to a firm in Morocco or India, it could be much cheaper than what it would cost if the company was inside the UK.
There are some things that are the provenance of government. Passports and immigration documents are one of those things.
I'd never give my passport information to a company. All they need to know is I have one and no travel restrictions. A big part of the problem these days is that people will fully fill out any form you clamp on a clipboard and hand to them. I'm a big PIA and will just walk out of a doctor's office or other place that insists I give them information I don't think is relevant to their needs.
"The creep cheated. The system is not at fault."
I beg to differ. I'll bet you a pony that ADT has procedures in place that prevent people in accounts payable from writing themselves a check for 6 figures. I doubt any employee or even an executive has sole authority to access an unusually large sum of money.
Tech installs and configures the system and a random supervisor logs in and checks the configuration remotely when it's complete. Any anomalies in standards are called out immediately. Any indication the tech is installing a backdoor is met with a dismissal.
It's not hard to create a system with checks and balances. Only the will to do it is lacking.
Does anybody else have more free credit monitoring from numerous data breeches that it's seeming a bit redundant?
I'm way past the point where I want to start seeing C-level execs in pillory and companies fined into oblivion and anybody with any security job posting to be in serious trouble of being able to take on subsequent employment in that field after enquiries are complete. It needs to be a major liability to store customer's PII and financial details. If it could mean company ending fines, maybe they'd take it far more serious. I'm more than happy to be John Smith 12345 for any miles account and type in my CC number each time. They don't need my bloody life story on file "to serve me better".
"For refunds the common sense approach would be to only store the last 4 digits and get the customer to confirm the rest when processing the refund."
A "confirmation" is when they read you information they have and you "confirm" that it is or isn't correct. I don't play that game they call "confirming my information" as the way I see it, I am giving out sensitive information. They don't seem to understand that, but since I've already been on hold for an hour, I'll wait another to talk with the supervisor.
"In our off we went wholly to google docs for their ability to share,"
The "share" part is that you are "sharing" all of your docs with Google. Not a particularly great idea. There are many other ways to coordinate documents across an organization that don't involve handing them over to a third party. When I worked in aerospace, this was exceptionally important.
With an EV charger, the whole point is you plug in, punch up your credentials and walk away. If you charge up at home or work, you may rarely even use a public charger. I hate those screeching little speakers cranked up to 11 playing inane ads for things I can't afford or choose not to afford.
"AFAIK, BT works through walls. I was unaware that viruses could travel through them though. Anyone for a host of false positives?"
I can just see a phone of an employee pushed under the counter as they are not supposed to have their phones with them while working. Let's say the person works at a petrol station with a service window to the outside. Everybody that walks up gets tagged by the employee's phone under the counter with no regards to the wall and glass between them. I'm sure with some thought I could come up with more examples.
None of this tracing stuff would work on me. I leave off wi-fi, BT, GPS and data when I'm not actively using them. It gives me very good battery life and I'm not leaving as big of a bread crumb trail. Sometimes I even switch the phone off and I've verified it really is off when I think it's off. At least it's not transmitting anything the spectrum analyzer will pick up. Maybe there is a receiver on that can wake the phone up, but I've seen no evidence of that.
Now what I would do is wait until you've unlocked your phone while out somewhere and set it down to respond to the person doing the distracting for me and have it off you in a jiffy. I'll keep fiddling the screen to keep it alive until I can plug in a little widget to keep the phone charged and active so it doesn't relock.
Use cash. If somebody picks your pocket, all you lose is what's on you. If somebody nicks your phone and can do what I describe above, they have your whole bank account which sort of sucks if yesterday was when your direct deposit posted.
For the record, I don't steal from people, but did sleep at a Holiday Inn last night. Actually, my guilty pastime is watching pen testing vids and hackercon presentations on YouTube/Vimeo. I've had a debit card get cancelled while traveling and never go anywhere without the cash to buy enough petrol to get home and some meals. Having cash in pocket also makes me stick to budgets much better. No cash, no coffee.
" there is currently an extortion e-mail going around claiming to have embarrassing video footage of the 'user',"
I get lots of those dropping into mostly my spam catcher accounts that I've generated and used to register at dodgy websites and place I know are going to resell every scrap of data they collect.
What these scammers don't know is that my desktop doesn't have a camera at all and my taste in porn is very mainstream. Am I sharing too much?
If they did get my contacts, which would be a feat as I don't use the built in contact manager, I'd probably start getting inquiries about where to find the best "movies" since most the people I know and most certainly my "water brothers" aren't too uptight about those sorts of matters. Mom would just have a good laugh.
If you don't want to be spied on, disable the camera and block the mic. Zuckerberg does on all of his portable devices. BTW, blue-tak works a treat for the mic and is removable if you insulate the mic hole with a bit of cling film first. Put some cello tape over the blue-tak so it doesn't get everywhere.
"For anything that is important I use totally unique passwords and a password manager."
I think a good analogy is putting a $600 lock on your collection of bugs you've found in your garden rather than just fastening the clasp on the box. Then effort needs to match the level of security you really need.
I'm not bothered with spending more time accessing my financial accounts online, but I am when I just want to dash off a witless comment on a forum.
"have a personal account with the same bank. No password expiration. "Two factor" verification includes a typical set of predefined questions that could be answered by anyone creeping your facebook (one of many reasons I have no FB account)."
The worst thing is when they verify you by the mobile you are calling from. If I were somebody nicking mobes, the first thing I would do is go after bank/financial targets. What does somebody do if they are out and their phone is taken? So many people have all of their information on the phone and have gone paperless so they have to hope they have some sort of statement from the bank with their account information on it at home so they can all in and get the account locked. That delay can be more than enough time to empty accounts and change passwords for others. For these reasons, I don't keep sensitive information on my phone. I don't even keep my complete contact list on it as some people I know are well known and I would feel really bad about exposing their information. A couple are listed with pseudonyms so I know it's them if they call.
"For sites I have no intention to return to, they get a randomly-generated string that I don't even bother to record anywhere. That's easy."
I try that first to see if they then want to send me a confirming email to set up the account. Now I have to give them one of my pre-made disposable emails from a domain name I have the privacy filter set on so they can't do a simple whois to check up.
In the first case it's just easier to make up a new login than to track and look up one done previously. I only do it properly if I'll be a regular customer or it's a matter of legal consequence such as with a licensing board.
"just the opposite because one day that list will be conspicuously toxic "
Yeah, like the time they have to admit that they've been hacked and while no payment information was leaked, all of the usernames and passwords have been compromised. All of the people that are reusing passwords all over the place are now at risk. Especially those that have forgotten they've ever registered and those that never see a notice.
"If I feel I'll go back again, I'll use a Google Voice number "
In the US there are test phone numbers that just ring. For sites that have figured out that dodge and have banned using those numbers, I use a desk number for the state tax office. If you know how most big entities set up phone numbers, it's easy to guess a few that ring directly on somebody's desk. I don't feel bad about doing that but I would not think it good practice to hand out the number of an attorney since it's cruelty to animals. I would love to see the face of somebody thinking they going to scam some schmuck and the line is answered "Law Office". It's just as good if they get "tax office, agent Bob speaking this call is being logged".
"For very obvious reasons neither Twitter nor Facebook have my phone number unless they've stolen it from someone else's contact list. "
They most certainly have it as soon as they have your email address. It may come down to what they can do with it if they get it from you directly vs some big data company.
You can see why FB and other sites are always pestering you to "share" your contact list with them. They will use it to suggest other people you may know, but that's not the real reason they want it. it's the bribe they are offering.
"That's how it was for my car insurance company site."
Well, we all know how big a target a car insurance web site is. They can hack into your account and...... give me a minute.... I'll get back to you, but it could be really bad, that's what I'm saying.
Screw it, I'll just hack the insurance company's server itself and get everybody's info in one big download.
2. ?
3. profit.
"coronavirus updates for customers."
I keep getting loads of those and it's one thing that I will drop them for. If it is important, they can put it on the website and I'll see it if I have a reason to visit their site. Like many people, I'm not doing as much lately so I'm not visiting those sites that I would regularly. Again, I'm going to reach out and check their web site if I think I might need their services/products. I know that many places are shut or on limited availability.
I reuse passwords as well, but not the ones that I use for banking/finance or sensitive personal information.
If somebody were to hack my credentials here on El Reg, I'd send a message to the admins that my account was compromised and not worry about it. I'm not using the same user name everywhere and I'm not a member of the usual social media data collection sites. I also would never use "Log in with your XXXX account" options.
One of my favorite games is since I have control over my domains, I can create and delete accounts when a site insists on a real email address to send a verification email to add a user. I make a throw-away account, milk the site for what they are offering and then delete the account. Sometimes I leave them active for a few months to see if the original site is selling data as I expect they are. Friends, family and customers get different email account addresses that I don't use for anything else.
If you are content producer that has a YouTube channel, you probably got a notice about it. Since you don't pay YouTube to host your 'channel', YT isn't under obligation to not kick you off. I expect there is something in their ToS that does say they'll delete your account or "may" delete your account for any reason they choose. If you make your livelihood via any sort of social media, you have to be darn careful of not getting the boot. There have been many sellers on Amazon that got the choppy chop with garages and warehouses full of imported tat that they were going to suddenly find hard to shift. That's the peril of basing your income on a giant monolithic company that finds it better for them to kick you to the curb rather than stick up for you. They know that them impact on their bottom line is the change stuck to the bottom of the cup holder in your car. It's also a money loser to investigate whether what YOU claim is correct. There will be another book/video out next week with an infomercial star touting a new method for making money on any or all of those platforms that will bring in the person to replace you.
"showing them basic, scientific principles which anyone with a pencil and paper can use to disprove their crackpot theories just provokes"
You are assuming that the person has the ability to follow logical reasoning and already knows many of the underlying concepts your are going to use to build your proof.
There is also the problem of convincing somebody that countries aren't working on weaponizing viruses as there is no control, no way to estimate the effect and no way to aim it. Something as naughty as nuclear weapons and nerve gas can be directed and the effects quantified. Somebody getting on a plane after being dosed with either isn't going to convey them back to you.
With CV19, most all of the theorized concepts about source, spread and mortality/morbidity dovetails very nicely with what's being seen. Many scientists/doctors have been concerned about "bush meat" markets in large cities along with the lack of sanitation in such places. The spread followed major transportation lines nearly to perfection and the M/M fits within expectation towards the right hand side of the graph. I think we will see more data analysis models that account for herd stupidity along with mutation rates at varying levels of infection penetration per number and density that public health researchers can use to identify and grade outbreaks. It will leave governments still holding the bag to decide whether the cure or the disease is more detrimental to society. That last part scares me the most.
"not many 5G handsets emit 1000W"
I think the number of 5G handsets with a 1kW transmitter is very close to exactly zero. The battery pack would need a trolly to move it around to get any sort of talk time. The upside is you could route your calls through orbiters around Mars if you're clever.
How the heck did you get to the top of the atmosphere?
Insolation at ground level is closer to 800W/sqm. It also depends on where you are and the time of the year and the weather and...... 1kW/sqm is just a handy metric to measure solar panels.
"slow to do so, because they make money out of the ads."
They make S-tons more money selling PII than ads. I also wonder if The Man will pay them more for linking up the loon network participants.
If a company wants to pay the price for the most in-depth info on somebody, they might want to know if the person they are considering hiring or promoting holds "non-mainstream" views that might reflect bad on the company down the road.
"Countries seem to have fallen into two camps; either allow wide free speech and accept there will be idiotic rubbish mixed in there that you then have to go back and remove, or tell the people exactly what they can say thus getting rid of all the crackpot theories but also a lot of personal freedom."
There is a limit. The old "you can't cry "FIRE" in a crowded cinema" is the go to example, People in many places are allowed free speech, but if it crosses a line into misinformation that could hurt or kill people, there's a difference. The same could be said for writing or saying something that causes people to burn their home down. Somebody coming up to another person on the street and shouting offensive epithets at them is not protected speech. Freedom of Speech is a concept to prevent government from suppressing dissenting talk and is mostly centered on opinion and subjects that can be approach in many different ways with each one being valid though maybe flawed. I find the claim of FoS against FB and YT to be nonsensical. In the US, the right to FoS includes the phrase "the government shall pass no law that abridges"... The Government can't silence you but a company has no such restriction.
The damage that patently false information can do is endless. I have no problem with the suppression of idiot manifestos that encourage people to burn down cell phone towers or tell others that vaccines are a government conspiracy and the "truth" about how poisonous they are is never talked about. Half of my family is or has been in the medical/dental fields. I got my certificate as an EMT and have followed studies on pandemics, virology and public health as I find them very interesting subjects. If I though it would do any good, I'd create a reading list for anti-vaxxers to work through, but I fear they would only label me as part of the conspiracy and put whatever I suggest on the book pyre.
Darwin put off publishing "On the Origin of Species" for so long partly due to his insecurity about his data since it went directly against current thinking. He may have never published if whatshisname wasn't about to scoop him on the hypothesis that we now take as theory. It's that painstaking work and data collection that makes the difference. A proper scientist may still come up with wrong conclusions, but it will be a far cry from just making something up.
"they wear masks while holding signs declaring Covid is fake. "
Ever notice the well designed and professionally produced signs at some of these "spontaneous" events? It's as if a print shop got an order the week before after some graphic artist finished several designs for the event.
it has me wondering if the vast majority of print shop owners are subversives that only have the business to make enough money to fund the cost of protest signs. Not.
"Calling them loons and fruitloops isn't working.
Pointing out their utter lies isn't working.
Suggestions ...?"
With bees you puff some smoke over them to calm them down.
The US is rapidly decriminalizing pot. Stoned people don't do much thinking or type long diatribes on Social Media. At least nothing coherent.
In the case of Corona viruses, the default position should be there IS H2H transmission and airborne transmission as well until shown otherwise. One of the unique things about HIV is that it's so hard to catch that it takes intimate contact in most cases to pass along.
The biggest downfall of the US and possible world response is the lack of an all out effort to do as much testing of as many people as possible in the shortest period of time. The US hasn't tested 2% of the population to date. The numbers reported are based on the number of tests given and not the number of people. Many hospital and emergency workers are tested regularly skewing the assumptions. If the data was there to show that the vast majority of people are immune, asymptomatic or only had a very mild reaction, proper emphasis could be put on figuring out why other people get so very ill. No data, no facts. This isn't the sort of thing where testing a couple of thousand people in one area will yield any results that can be applied to the wider population.
"Remove his dangerous, life threatening "sarcasm" and let him sue you for it afterwards."
And take away the best proof that all politicians are whacked out on the drugs we aren't allowed to buy ourselves?
I keep hoping that US voters start feeling a bit of shame over the crops of presidential candidates that have floated to the top over the last few decades. If the rest of the world is looking down and shaky their heads, maybe it will get noticed. The uncontrollable laughter might help too.
I was going to suggest the best thing to do was remove the Reply-All button and put it a couple of menu items deep so it's still there, but far less convenient than typing in the group list server address. A couple of pop-up dialogs asking "Are you sure you want to reply to all?" would not go amiss.
Another good fix is to have auto-responders that people put on when on holiday not reply if there are more than X recipients on the email or if the sender's address has "list-Serve" in it or some other similar wording. When the person comes back they will have all of those group messages and there was no need to have the auto-responder broadcast that they were out each time one was sent.
Part of the problem is over eager MBA's with no technical experience and too young to alway be thinking about the long game. Of course there becomes a point where you are supporting more and more installations and selling less and less hardware as the competition comes up with something that tops your one. If the model is to fund the server with hardware sales, you have a classic pyramid scheme. It's going to fail at some point. There has to be a an ongoing service contract that keeps the server funded. With some forethought, the server would be very generic and able to support new product being introduced. The biggest issue with IP cams is that most people have dynamic IP addresses and need a central static address server to allow people to find their camera automagically. If the software on the consumer's device that connects with the cam stops being updated at some point, at least the last version will continue working until a OS update finally breaks it. I have old devices around for just that problem. I buy some old computers and fondleslabs to use with obsolete gear that does useful stuff but not for wide enough of a market to still be produced.
Companies too often live by planned obsolescence. If they were really smart, they'd built stuff that lasts for ages and rely on their engineers to come up with new stuff that people will want to upgrade to. If it's time for something new and my old has worked great for years, I'm more likely to go with that brand again. The converse is even more true.
"Until the manufacturers start making the devices able to connect to other servers, and publish their entire software stack, every single thing you buy today has a single point of failure."
By having a flexible server option, maker of IoT landfill would also have a way out. They could sell the service to another company that can continue support. They could also just release the software stack so people like us can do something with the hardware without spending loads of time trying to reverse-engineer the firmware since it's often not worth the time. The hardware would then have some resale value and people can flog off the kit on eBay for some dosh rather than the stuff being put on a tip.
"What all politicians and most others do:
Find someone to blame as quickly as possible. Silence anyone who contradicts this."
SOP in the US. The legislature (the wonks what pass laws) just sit in their mansions and blame the President. To be certain, President Trump is ill-equipped for this. Earlier this year the major focus of most of the US Federal Government was to get the president tossed out to the exclusion of most everything else. After this and right at the forefront of the outbreak, they all went on a month long Easter holiday, which they've extended. Now they are all battling to attach pet projects to any legislation aimed at keep some sort of economic activity going and people fed. A few of the bright ones will realize that a hungry population with their utilities shut off for non-payment aren't going to sit still and take it quietly. The US Government has been broken for some time. All they are missing is race jackets with all of their sponsor's patches sewed on.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
SUBSCRIBE
Biting the hand that feeds IT © 1998–2020