Thursday, October 31, 2019

Hall of shame: NetBenefits

This may be getting repetitive, so instead of explaining everything that is wrong with this picture, I would like to suggest a new rule:

If a site has a maximum length restriction on their password, that usually means that they are not storing it securely, which usually means the development team did not pass "Security 101". 

I'll let you decide if that is a prediction of the quality of the rest of their offerings.

Wednesday, January 21, 2015

Had enough credit card offers?

Are you getting too many credit card offers?  Did you know there is an official,  national site where you can opt-out of getting these?   I strongly recommend doing this, not just to safe the environment and the hassle of dealing with junk mail, but also as a security precaution.  These offers are easy to steal out of your mailbox, and the credit card companies will gladly send your "new card" to a "new address" without blinking.

This is also a good idea for those who have issues with the temptation of credit.  If you take the offers away,  you take most of the temptation away.   (People with college-age kids will understand all too well)

All it takes is name, address and social and you are good for 5 years.  If you want it to be permanent, you are going to need to print out a form and lick a stamp (they make it harder or purpose)

Official site is at:  Phone: 888-567-8688

More information available on this at the FTC

Sunday, January 19, 2014

I was singled out by RSA!

At the 2013 RSA conference, I was running around killing time before my talk on building your own intelligence tool, and thought it would be a fun training exercise to participate in their "I am RSA" ad campaign.  What better way to get rid of any nerves then to have a dozen cameras and microphones pointed at you?

I signed the release (I believe I got a sticker or a Starbucks card or something like that too) and I did not think anything of it until a friend pointed out that I was running on the homepage of the 2014 conference.  They seem to rotating a bunch of videos on there, and I was in the top spot last week.  Looking at their list of uploaded videos, I noticed I seem to be the only person (as far as I can see) that is actually named on-screen in any of them .  There are plenty of other people, but they seem to be used only for soundbites, whereas I was deemed worthy for almost a full minute.  Where's my internet millions?
Also: For some reason, it makes it seem like I have huge hands.

Wednesday, August 28, 2013

Dear Apple affiliate team, I hate you because....

Dear Apple affiliate team, I hate you because of one or more of the following reasons:
  • The massacre in Ruwanda
  • Leaving the toilet seat up
  • Sending rejection letters that are beyond useless
  • Turtlenecks
  • That scratch on my car door
  • Eating the last twinkie
I may also hate you if:
  • You drank all the beer in the fridge without asking

Friday, December 21, 2012

Hall of Shame: Office 365

When testing the brand-new Microsoft Office 365, I ran accoss this error:

All I can say: Why? Why would you restrict password length?  This is a new product, so you cannot use the old "We need to be compatible with legacy accounts" on me here.

There is no good reason to do this. Especially when you are securely hashing my password. 
You are storing the password securely, right?  Right?