* Posts by Compression Artifact

56 posts • joined 7 Feb 2015


Glad you're not on the Anthem hacker hit list? Not so fast – millions more affected

Compression Artifact

The morning after the breach, I mailed security freeze requests to the three credit reporting agencies; and I've gotten the confirmations back from them. The consensus of security experts seems to be that this is Step #1 and that once this is done, credit monitoring services provide very little additional protection (despite what the hyperventilating commercials say).

The postage wasn't cheap--certified mail with return receipts times 3. I'm sending the bill to Anthem. We'll see what happens.

FCC Republicans slam brakes on net neutrality, but this wagon ain't slowing

Compression Artifact

Gasoline/petrol onto the fire

"Unfortunately the issue of the rules designed to protect consumers from cable companies abusing their position as gatekeepers to millions of internet users has become increasingly partisan – and hence unreasonable – in recent weeks."

In the last ten minutes Rush Limbaugh threatened that net neutrality will mean:

1) Owners of web sites will have to be licensed and prove they are operating in the public interest.

2) Customers paying $15/month for internet service will be entitled to the same level of service as customers paying $1000/month.

Is there any indication that this stuff is actually in the secret rulings about to be revealed?

Inside GOV.UK: 'Chaos' and 'nightmare' as trendy Cabinet Office wrecked govt websites

Compression Artifact

"trendily-designed webpages bereft of useful information"

"The disclosures paint a picture that contradicts the public image of supremely confident digital gurus modernising the British government's many websites, and making them more efficient."

Indeed, "modernising," "websites" and "efficient" are three concepts that don't fit together in the same sentence. Across the internet, the average web page with a few kilobytes of useful information is now said to be over a megabyte.

Occasionally I'll stumble across an ancient web site (usually someone's personal site) that is not 99.8% crap and that actually follows recommendations for usability, portability and accessibility simply by keeping it simple. Most of these look like they were made by techies who simply wanted to exchange information.

I think much of the problem is that nowadays anyone with a word processor and a screen big enough to compose wall posters fancies themself a web designer.

Gullible Apple users targeted by bogus order cancellation scam

Compression Artifact

"Protip: Don't click links in emails from unknown senders. Ever"

Nearly all of the scam emails I get are from KNOWN (or ostensibly known) senders. These include friends whose machines have been compromised, imposters who have stolen customer databases, and companies who are violating their privacy agreements and sending me crap emails I have opted out of. The last two are usually indistinguishable to the point that the (real) company itself (when contacted by phone) cannot tell me if it's something they actually sent.

The usual tip-off is not an unknown sender, but either 1) something I've supposedly opted out of or 2) an unexpected or nebulous subject line: Something like "Click here to read your e-Card" (with a link to a site registered in Indonesia). Whenever I get such emails from anyone, I do a View Message Source before opening it. There's usually a bomb under the hood.

Phishers, scammers pile into worried Anthem customers in FRAUD FRENZY

Compression Artifact

Re: Not Surprised

To get a small sample of these entities to which Anthem is outsourcing, go to their web site and check out all the domains that are running JavaScript on the various pages you are using while logging on to your account. Anthem trusts that they will not get hacked themselves and do anything nefarious; but I don't.

Fortunately, almost all of these domains (including the most questionable) can be selectively blocked with NoScript with no apparent loss of website functionality. I.e., in addition to having no role to play in my health care, many of these subcontractors seem to have no legitimate role in the mechanics of the website.

Compression Artifact

Not Surprised

I use a different email address with each company I deal with; so if I ever get spammed, I know whose customer database got leaked. In mid-December, 2014, the special address I use for Anthem and the state health exchange started getting weird emails. They claimed to be either Anthem or the exchange (or their representative), but all the links went to strange domains.

Anthem could not tell me whether they were subcontractors (running surveys, etc.) or scammers using leaked email addresses. These emails had all the hallmarks of the latter. Even if they were the former, I would consider sharing my email address with marketroids to be a HIPAA privacy violation.

When the breach was announced a couple of evenings ago, my first thought was "Finally, they noticed."



Biting the hand that feeds IT © 1998–2021