Wednesday, January 21, 2015

Had enough credit card offers?

Are you getting too many credit card offers?  Did you know there is an official,  national site where you can opt-out of getting these?   I strongly recommend doing this, not just to safe the environment and the hassle of dealing with junk mail, but also as a security precaution.  These offers are easy to steal out of your mailbox, and the credit card companies will gladly send your "new card" to a "new address" without blinking.

This is also a good idea for those who have issues with the temptation of credit.  If you take the offers away,  you take most of the temptation away.   (People with college-age kids will understand all too well)

All it takes is name, address and social and you are good for 5 years.  If you want it to be permanent, you are going to need to print out a form and lick a stamp (they make it harder or purpose)

Official site is at:  Phone: 888-567-8688

More information available on this at the FTC

Sunday, January 19, 2014

I was singled out by RSA!

At the 2013 RSA conference, I was running around killing time before my talk on building your own intelligence tool, and thought it would be a fun training exercise to participate in their "I am RSA" ad campaign.  What better way to get rid of any nerves then to have a dozen cameras and microphones pointed at you?

I signed the release (I believe I got a sticker or a Starbucks card or something like that too) and I did not think anything of it until a friend pointed out that I was running on the homepage of the 2014 conference.  They seem to rotating a bunch of videos on there, and I was in the top spot last week.  Looking at their list of uploaded videos, I noticed I seem to be the only person (as far as I can see) that is actually named on-screen in any of them .  There are plenty of other people, but they seem to be used only for soundbites, whereas I was deemed worthy for almost a full minute.  Where's my internet millions?
Also: For some reason, it makes it seem like I have huge hands.

Wednesday, August 28, 2013

Dear Apple affiliate team, I hate you because....

Dear Apple affiliate team, I hate you because of one or more of the following reasons:
  • The massacre in Ruwanda
  • Leaving the toilet seat up
  • Sending rejection letters that are beyond useless
  • Turtlenecks
  • That scratch on my car door
  • Eating the last twinkie
I may also hate you if:
  • You drank all the beer in the fridge without asking

Friday, December 21, 2012

Hall of Shame: Office 365

When testing the brand-new Microsoft Office 365, I ran accoss this error:

All I can say: Why? Why would you restrict password length?  This is a new product, so you cannot use the old "We need to be compatible with legacy accounts" on me here.

There is no good reason to do this. Especially when you are securely hashing my password. 
You are storing the password securely, right?  Right?

Monday, September 24, 2012

Hall of Shame: Virgin America

While logging in with the correct password, I get the error message you see here.   If you are like me, you are wondering by now...

  • What happened?
  • Who decided that I need to change my password?  
  • Why is that date important?

Anybody who has ever worked into a major corporation for more that a few months, know that this is not the way one makes users change their password.
In the real world, forced password resets depend on the time that the user last changed their password, and do not use the password reset process.    Normally, you get a simple form which asks for the old password and the new password twice, and you are on your way.

The fact that one need to do password recovery via email most likely means: Somehow, Virgin's password database got compromised to the point that they can no longer trust authentication with a password set before April 26th 2012.  There is no other good explanation.