Yup, but the password reset link can only be used once and forces them to change the password (and can also be made more secure by making the link time-sensitive and maybe verifying the link is followed from the same IP that requested it). The problem with sending out a new password via email is that someone else could have used it to get in and you'd be none the wiser.
Posts by Robert Brown
21 publicly visible posts • joined 13 Aug 2007
UK watchdog snaps on glove to probe Tesco's 'security fails'
Google Wallet PIN security cracked in seconds
Superuser Prompt
If you've rooted and have Superuser, it'll prompt you if an app tries to run as root and will ask for permission. So this can't happen silently under default settings. Of course this doesn't protect you against a stolen phone, either rooted and then stolen or stolen and then rooted...
Spotify scores over £1m a month from subs
Nation's moral guardians snap over 'shag bands'
Apple decrees Spotify worthy of iPhone
Time to wipe my iPod
Excellent, at last.
I already subscribe so I'm looking forward to deleting all the MP3s off my iPod touch and updating the songs via WiFi.
@Glen 1 (b). Yes hopefully,although 2 of my favourite albums have recently been deleted from Spotify (or made not available to UK, either way its the same effect).
Spotify: iPhone sideloads for £120 a year, unlimited
What I've been waiting for...
I listen to everything on Spotify now - even if i have the same albums on MP3. So much quicker to use than iTunes and a much better UI as a whole. It took me a couple of months to decide to part with a tenner a month, but has definitely been worth it for no adverts and now the high bit-rate option.
The ability to listen when I'm not at a computer is all that's missing - this will fill the hole, assuming Apple let it in. I have an iPod enabled car stereo, so I'm hoping that I can load the Spotify app up on my Touch, set the playlist going and then listen on my long commute to work. I don't expect the Alpine XDA-x100 to be able to control playback, but hopefully it'll output the sound and allow me to control the volume. Pity Apple don't let a finer grain of control for applications authorised by the user to allow for background play and control via the connector, as they do with the built in music app.
Windows 7 UAC vuln not a vuln, MS repeats
@Well, personally ..
The reason it fills the entire screen and fades everything behind it is so the user knows it is the OS prompting and not a malicious program. With any other sort of alert this prompt could be spoofed by the program itself.
If it could be spoofed I suppose what it could do was to keep asking the user if it could continue and then keep appearing if the user clicked No. The user would get pi**ed off with this and eventually click Yes, allowing the program to do what it wants if that happened to be the real OS dialogue. Also,Vista might control this so you can only have one instance of the elevated privileges prompt appearing once per process so the user cannot be tricked in this way if Vista is the only thing that can fade the screen. I wonder if you could spoof this prompt though by taking a screen shot, fading it and the displaying it as your app's background at full screen?
BT cuts 0870 charges
@O2 Freefone
Wasn't free for me when I was on O2. The "drop the 0" was something to stop you inadvertently dialling an 0800 number expecting it to be free. Instead you got a message saying dial again without the 0 to accept the charges.
Fair enough if these numbers aren't free from a mobile, but why can't they just take the minutes our of your tariff's free minutes? Very clinical and money grabbing IMO.
Sony Ericsson Cyber-shot C905 eight-megapixel cameraphone
Return to form after the K850i excuse for a camera phone
I've had this phone for a couple of months and it's excellent. Infinitely better than the K850i as a camera phone.
Good points:-
- Fast and slick user interface.
- Brilliant call sound quality and from external speaker.
- Did I mention the excellent camera?
Bad points:-
- Eats battery with wi-fi enabled. Even in power saving mode. Even when not actively used.
- No manual lock. You have to open and close slider again, or wait for auto lock timeout.
- Texting is very tricky. The T9 software is very good, but I still haven't got used to the spongey feel of the number keys.
I recommend it, unless you're one of those people that sends tens of texts a day then I'd look at something else.
Also as another point, Orange seem to let me send MMS's with 2MP pictures included. What's the maximum now, or do they scale it down on their MMS server for the recipient?
ArseASA rules 'Feck' non-offensive
iPhone developer stoops to straight bribery
Software update nobbles Sky+ boxes
Wish they'd roll it back!
I've had this problem since Thursday, although I have upgraded the HDD to a 250GB drive. Wondered whether it was because they'd not tested it properly, or whether they'd only tested it with standard Sky + boxes. If it's the former then I wish they'd apply a roll-back until they've developed a fix for the new version!
Phisher-besieged PayPal sends users faux log-in page
Why not stop sending emails with links and URLs?
PayPal have the following footer on their emails:
"How do I know this is not a Spoof email? Spoof or 'phishing' emails tend to have generic greetings such as "Dear PayPal member". Emails from PayPal will always address you by your first and last name."
What's the point in that if they then send emails with random domain links? At any rate, finding a user's first and last name wouldn't be too hard if you had their email address. e.g. if you were FredBloggs@hotmail.com a phisher could run that against a database of first names and deduce that the match is the first name and the remainder is the last name and then generate an appropriate greeting.
A better solution would be for Paypal never to send links or even URLs in messages and just state that they have to type Paypal.com into their address bar. But that's too easy.
'Podestrian' risk rising for drivers, warns insurer
Renault looks to wee-hued windows to cut car power draw
Net game turns PC into undercover surveillance zombie
Jesus Phone vuln delivers fanboys to phishermen
Possible solution?
Something should really be done about links in emails. It is there for convenience, and is really useful on devices that don't have real keyboard input so typing would be too cumbersome. Would a message box work clarifying the domain solve this? 'You are about to navigate to the domain "securelogin.facebook.com" on HTTPS. Continue?' This could be a standard thing on all email clients, much the same way as not downloading images is (or not).
Companies don't do themselves any favours with the types of links they put in emails either. e.g. http://email1.paypal.co.uk/u.d?PG2ZaAmgKj7fd4Uep=390 . If they want average joe to be able to identify phishing emails, they need to keep it simpler.
Took someone long enough
Thought it was a bit poor having no option to not download external images. You'd have hoped someone at Apple would have noticed the lack of feature and identified it as a high priority issue. No-one else seemed to have identified it either when I spotted it happening and Googled the problem.
Annoying when you see a spam email come in, so ignore it and read the others, delete after reading them and then the email client goes and opens the next one in the list which happens to be the spam one and loads the images. Grr!
Council employs automatic PC shutdown
What about the cost of time lost in the morning?
I usually think that shutting your work PC down every day means that so much time is lost each morning waiting for Windows to load and then loading all the programs you were using again. Sure, there's hibernate but how many people in the council will know about that?
I wonder if these costs have been factored into the savings?