Computer Security 2 | ***Dave Does the Blog

https://buy-zithromax.online buy kamagra usa https://antibiotics.top buy stromectol online https://deutschland-doxycycline.com https://ivermectin-apotheke.com kaufen cialis https://2-pharmaceuticals.com buy antibiotics online Online Pharmacy vermectin apotheke buy stromectol europe buy zithromax online https://kaufen-cialis.com levitra usa https://stromectol-apotheke.com buy doxycycline online https://buy-ivermectin.online https://stromectol-europe.com stromectol apotheke https://buyamoxil24x7.online deutschland doxycycline https://buy-stromectol.online https://doxycycline365.online https://levitra-usa.com buy ivermectin online buy amoxil online https://buykamagrausa.net

If you need further proof that the Social Security Number is not a security code

So one interesting thing I've learned from my foray into the world of Unemployment Insurance is that Colorado uses the SSN as your userid and identifier for pretty much everything (actually, use for unemployment claims was part of the original usage of the Social Security Card. Though they make some passing effort to keep it secret / keep it safe (e.g., when you log into the site, where your SSN is your default userid, the userid field is masked; when you sign in at the county work assistance office, you key your SSN onto a keypad (which, annoyingly, is a computer numeric keypad, not a phone keypad), it's clearly not actual security, because not only does the online system require an additional password (which you define), but for pretty much any functionality they also send you a 4-digit PIN through the mail.

So, let's count all of that:

1. Your SSN (which often comes printed on paperwork)
2. Your login account (SSN) password (definable by you)
3. A 4-digit PIN (assigned to you and sent through the mail)

So again we have the too-common tension between the SSN being some sort of sooper-sekrit code that you should never let anyone know because with it you can apparently have all your bank accounts stolen because banks are STOOPID, and an acknowledgment that it needs additional passwords because, well, people can pretty easily learn it and then do things with your unemployment account unless there is an additional layer of security.

I kind of wish we'd just treat it as a public national ID number and go on from there. As a security measure, it's nearly useless, even if assumed in too many places.

View on Google+

Backup everything. And then backup your backups

A backup system is only as good as the last restore you successfully made from it. Those are words I have had branded in my brain (right there, at the pain centers, yeah, right there OUCH), more than once.

And I'm not the only one: https://www.credera.com/blog/ux/deleting-toy-story-2/

View on Google+

The Cheat of Cheating the Cheaters

While it's hard to feel too much sympathy for the customers of Ashley Madison being cheated by someone they thought they could trust, it was still a dickish strategy by the site's management (or whatever the fembot equivalent of "dickish" is). I'd be quite happy to see seeing fraud charges filed against the affair site, even if it's based on evidence hacked from their files.

How Ashley Madison Hid Its Fembot Con From Users and Investigators
The developers at Ashley Madison created their first artificial woman sometime in early 2002. Her nickname was Sensuous Kitten, and she is listed as the tenth member of Ashley Madison in the company’s leaked user database. On her profile, she announces: “I’m having trouble with my computer … send a message!”

View on Google+

Chrome will block autoplaying Flash ads starting tomorrow (huzzah!)

Helping security, reducing battery drain, and improving quality of life? Oh, yeah!

Google Chrome to block auto-playing Flash ads starting September 1 | Ars Technica
Video players will still work; non-essential content—like ads—will be blocked.

View on Google+

People like to use easy passwords (et al.)

I use a number code on my phone, but +Kay Hill uses an ALP like this. So this one's for her.

Originally shared by +Les Jenkins:

My lock pattern isn't super-complex, but it is 7 nodes long and features a couple crossovers. It had occurred to me when first setting my lock pattern that anything too simple would be easy to guess. My wife has me beat with an 8 node pattern, but no crossovers.

New data uncovers the surprising predictability of Android lock patterns | Ars Technica
Like “p@$$w0rd” and “1234567” many Android patterns are easy to guess.

View on Google+

Silly Nigerian Scammers Are Not So Silly

A lot of us like to laugh at those atrociously written / edited scam letters promising you vast riches of possibly-ill-gotten gains (you can't scam an honest man), if only you'll send your bank account info. They're so poorly crafted, with misspellings and grammar errors, and so implausible in their very subject, it must mean the scammers are just about as dimwitted as the hapless suckers they rope in.

Or … maybe not. It may be the scammers are just weeding out the less gullible in order to get the well-and-truly feeble-minded as their victims. After all, emailing is cheap, but time is money.

'By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.'

http://research.microsoft.com/pubs/167719/whyfromnigeria.pdf

Maybe not so silly.

View on Google+

Dear Web Sites I Like

I realize that the need to "monetize" or somehow pay for your interesting and worthwhile content is a critical component of your web world.

That said, when you throw the door open to this kind of craptastic "promoted content," any incremental money earned only comes at the cost of damage to the credibility of anything you choose to say.

In fact, I have been known to not direct traffic to a page or article because of this sort of schlockery.

Lie down with dogs, get up with fleas.

(Dear Web Sites I Despise … pay no attention to the above.)

View on Google+

Why hacking is often so easy

The biggest problem with security is not the genius hacker, or the obscure exploit. It's people doing stupid thing — too often with encouragement of policy and procedures that allow (or even encourage) stupid things.

(And, I'll note, this is one of the consequences of "Hey, let's outsource as much of the federal government's work as possible, because public employees are bad and expensive and outsourcing and privatizing saves money! Woot!")

(h/t +Yonatan Zunger)

The US agency plundered by Chinese hackers made one of the dumbest security moves possible
Contractors in Argentina and China were given…

View on Google+

Social Logins

Given a preference, I create my own account. LastPass makes that trivial.

Failing that, I'll use Twitter, since if I need to delete the account it's no big deal.

I'll use Google sometimes, for something I figure I'll be using long term.

I would never, ever, use Facebook as my social login, and have eschewed sites that required it.

(h/t +steph wanamaker)

Originally shared by +Scredible:

Facebook Near 2/3 of Social Logins
Twitter Tops Yahoo
According to customer identity-management solution Gigya, Facebook is approaching the two-thirds mark when it comes to social logins, accounting for 64 percent of them in the first quarter of 2015.
Gigya also found that Twitter overtook Yahoo for the first time during the first quarter. Google+ remained firmly in second place, well behind Facebook but well ahead of the rest of the pack (Yahoo, Twitter and LinkedIn).
When given a choice, which network(s) do you favor for social login?
Read more: http://clk.ie/8DGrKf
#SocialLogIn #CustomerIdentity

INFOGRAPHIC: Facebook Near 2/3 of Social Logins; Twitter Tops Yahoo
Facebook is approaching the two-thirds mark when it comes to social logins, accounting for 64 percent of them in the first quarter of 2015, according to customer identity-management solution Gigya.

View on Google+

Best quote from the secure desktop project workshop this week: “It sounds funny, but if the guy can’t change his clock, we’ve failed.”

Best quote from the secure desktop project workshop this week: “It sounds funny, but if the guy can’t change his clock, we’ve failed.”

View on Twitter

RT @steve_buchheit Adobe, I’m sick and tired of updating Flash every fucking week

RT @steve_buchheit Adobe, I’m sick and tired of updating Flash every fucking week If you have to update that often, it’s broke. Fix it for the long term.

View on Twitter

Heavens to Bit.ly

Well, one mostly-sussed-out mystery solved. Bit.ly links weren't working from my company's network, and it turns out that the company has blocked it because the service was so widely used in phishing attacks.

Of course goo.gl and t.co and other shorterner services all seem to be functioning fine, but presumably phishers will be moving on to those sooner or later.

It's a bit annoying, since bit.ly is used in a lot of Twitter links, including my own and some other folk I follow regularly. This is why we can't have nice (or convenient) things.

View on Google+

The Amusing Art of WiFi Network Naming

I'm afraid we use ones a lot more prosaic around our house, though at least we do rename them from LYNCSYS19347 and other such defaults.

One of the ones in our neighborhood, for a time, was "MomFartsAlot". Either "Mom" had a great sense of humor, or else wasn't a computer person.

These are pretty amusing, though I think "Use this one Mom" is the funniest (and, simultaneously, most practical).

Originally shared by +Geeks are Sexy:

[Via 1 | 2 | 3]

The Funniest Wi-Fi Names Ever [Pics]
[Via 1 | 2 | 3]

View on Google+

More passwordy badness

So consensus seems to be this set of leaks is "old news" stuff that's previously been out in the wild.

For the sake of the family (here and California-wise), I've checked all our Gmail addies and they come up as clean.

That said, occasionally changing Google passwords is not a bad idea.

Originally shared by +Les Jenkins:

Well shit.

5 Million Gmail Passwords Leaked, Check Yours Now
According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know.

View on Google+

Sneaking into an office

A nice little guide for how to get into, and stay in, an building, particularly an office building (though a lot of the same principles would apply to factories, schools, apartments, etc.).

Nothing particularly new, if you read a lot of appropriate fiction, but a good summary to use as a writing resource. Yeah, that's it, as a writing resource.

The only thing that's missing is the usual mention of a clip board (perhaps more applicable these days in a factory setting), but carrying something in your hands (a tablet? file folders?) provides an opportunity for good "business," something to fumble with or drop or excuse you for tailgaiting through a locked door.

How to Convince Someone You Work in Their Building
There are fewer opportunities to put your social engineering skills to the test better than trying to convince someone you work at their establishment. Whether you just want to serve yourself a drink refill at a restaurant or you want to surprise your significant other with a birthday bouquet, here’s how to get in unnoticed.

View on Google+

Yeah, Home Depot’s cash registers got hacked, too

Similar to the Target attack last Christmas, it appears that credit and debit card data in April and beyond was stolen. HD hasn't yet released info about how widespread the breach was.

I honestly can't recall if we went to HD in that time frame; we've been there a couple of times this year, but much less than usual for a variety of reasons. (I suppose I should look at my credit card statements, duh.) I'll be monitoring this story.

Home Depot confirms breach but stays mum as to size
Home supply retailer confirms card data stolen, likely starting in April.

View on Google+

So bit.ly is working from my h…

So bit.ly is working from my home computer, and from my phone, which makes me think it’s something (DNS? Firewall?) thru my office Internet.

May be a DNS issue (or company…

May be a DNS issue (or company firewall?). I can get to http://t.co/3MVnWaEPEK and bit.ly links from my phone, not from my work PC.

Huh. Looks like bitly (and all…

Huh. Looks like bitly (and all those bit.ly links) is down. Since that’s how the tweets of my blog posts get shortened, that’s irksome.

Movie Hacking vs Real Hacking

I'd love to see that in a movie some day.

(h/t +Gerard McGarry)

Originally shared by +nixCraft Linux Blog

So true: Movie hacking vs. real hacking (social engineering). Credit – http://www.smbc-comics.com/index.php?id=2526#comic
#hackers #socialengineering #humor #funny #IT #security #laughteristhebestmedicine

View on Google+

4 days ago

The #grift goes on.

[The Washington Post] #Dell inks $9.7 billion #Pentagon contract after #Trump acquires #stock

https://www.washingtonpost.com/politics/2026/05/28/dell-inks-97-billion-pentagon-contract-after-trump-acquires-stock-praises-company/

6 days ago

Good Lord. It really seems to be the case that with enough power and little enough shame, you can do *anything* to stroke your ego.

[The Washington Post] #Trump appointees push $250 #banknote with his portrait

https://www.washingtonpost.com/investigations/2026/05/28/trump-250-bill-pushed-by-treasury-appointees/

2 weeks ago

Easy Three Ingredient Tomato Soup https://hill-kleerup.org/blog/margie/easy-three-ingredient-tomato-soup.html

2 weeks ago

The Best Homemade Tomato Soup https://hill-kleerup.org/blog/margie/the-best-homemade-tomato-soup.html

2 weeks ago

Creamy Tomato Soup with Ground Beef and Noodles https://hill-kleerup.org/blog/margie/creamy-tomato-soup-with-ground-beef-and-noodles.html

3 weeks ago

Bourbon Vinaigrette https://hill-kleerup.org/blog/margie/bourbon-vinaigrette.html

3 weeks ago

Chive/Lilac Blossom Vinegar https://hill-kleerup.org/blog/margie/chive-lilac-blossom-vinegar.html

1 month ago

I have to say, my first question was "How the hell do I *avoid* getting a Trump Passport?"

Here's the apparent answer.

https://gizmodo.com/how-to-get-a-passport-without-president-trumps-face-on-it-2000752195

1 month ago

GOP: Parents, there are scary people out there who might do #gunviolence to your #kids. So buy them a bullet-proof backpack and tell them to cooperate with active shooter drills.

Also GOP: Nation, there are scary people out there who might do gun violence to our #DearLeader. So build him a yuge bulletproof bunker / #ballroom covered in gold with lots of security so that he can dance the night away safe from mingling with the dangerous hoi-polloi.

1 month ago

"Image of Trump to be featured inside new passports to mark America’s 250th"

There is no limit to the narcissistic ego of #DonaldTrump. We will be decades in erasing the self-serving graffiti of this creep.

https://www.washingtonpost.com/politics/2026/04/28/us-passports-trump-image/

1 month ago

New post from Popehat.com!

The Comey Threat Indictment Is A Grave Embarrassment To The United States Department of Justice And The Rule of Law
The Department of Justice Is Dead; Long Live The Department of Trump

Read more here: https://www.popehat.com/p/the-comey-threat-indictment-is-a-grave-embarrassment-to-the-united-states-department-of-justice-and

1 month ago

Garlic Herb Cream Cheese Dip or White Stuff https://hill-kleerup.org/blog/margie/garlic-herb-cream-cheese-dip-or-white-stuff.html

1 month ago

Jalapeño-Corn Dip https://hill-kleerup.org/blog/margie/jalapeno-corn-dip.html

1 month ago

Roasted Fresh Tomato Soup https://hill-kleerup.org/blog/margie/roasted-fresh-tomato-soup.html

1 month ago

"FBI's #KashPatel to sue The Atlantic for #defamation over report on heavy #drinking"

That embarrassing moment when you don't want to seem like a snowflake, but the performative bullying culture you operate in insists you bluster and sue, even as your lawyers try to tell you about defamation law (and the Streisand effect) and all you want to do is go out and do shots with your buddy Pete.

https://share.google/UykyIKN9MJ21zMt8s

The views expressed by me on this weblog are mine alone and do not necessarily reflect the views of my employer, my church, my party, my candidate, my community, my wife, my friends, or, on occasion, myself.

Views expressed by others are, well, theirs. I reserve the right to delete them, but it’s usually better to let the marketplace of ideas hold sway, even if some packages are long past their expiry date.

Stuff I link to? Sometimes it’s because I agree with it. Sometimes because I disagree with it, but want to point (mockingly, in some cases) to my sources regardless; I have a liberal arts background; I believe in citations. And linking to stuff is what the Internet is about.