Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Stymie
Jan 9, 2001

by LITERALLY AN ADMIN
here's a nutty thought: maybe change your email account and move on with your life instead of stalking and harassing someone over a simple mistake

Adbot
ADBOT LOVES YOU

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

mystes posted:

If they order flowers, immediately call customer service and ask to change the note to say "From, an idiot who doesn't know what his/her email address is."

I'm not touching any of that poo poo anymore. I just set a filter with any email that has her name in the "To" header and mark it as read and archives it.

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER

in secfuck of yester-week: the highest danish court of justice ruled on a case of “what happens when you’re defrauded of your digital signature credentials?”

in short, Denmark has a system of digital signatures and logins using 2fa. You use it for things like logging into your bank account or signing for a loan. I did this last year when buying my house. Currently it’s named “NemID”

if someone else gets hold of your credentials and 2fa device (most commonly a piece of cardboard with codes on it like you’re keying in the nuke codes) and uses this to take a loan or buy an iPhone, then you are still 100% liable for these loans or purchases. The court ruled NemID as higher than a signature or contract.

recently this kind of fraud has been targeted at the lowest rungs of society, homeless, foreigners and the mentally retarded who are left with debts and a court / banking system telling them to go gently caress themselves.




this has been my banking 2fa story thanks for reading

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

why yes, let's declare open season on scamming old people and non-native Danish speakers. what the h*ck were they thinking

Jabor
Jul 16, 2010

#1 Loser at SpaceChem
wanna bet that it gets changed instantly the moment a politician or rich person ends up getting scammed that way?

Vomik
Jul 29, 2003

This post is dedicated to the brave Mujahideen fighters of Afghanistan

Boiled Water posted:

in secfuck of yester-week: the highest danish court of justice ruled on a case of “what happens when you’re defrauded of your digital signature credentials?”

in short, Denmark has a system of digital signatures and logins using 2fa. You use it for things like logging into your bank account or signing for a loan. I did this last year when buying my house. Currently it’s named “NemID”

if someone else gets hold of your credentials and 2fa device (most commonly a piece of cardboard with codes on it like you’re keying in the nuke codes) and uses this to take a loan or buy an iPhone, then you are still 100% liable for these loans or purchases. The court ruled NemID as higher than a signature or contract.

recently this kind of fraud has been targeted at the lowest rungs of society, homeless, foreigners and the mentally retarded who are left with debts and a court / banking system telling them to go gently caress themselves.




this has been my banking 2fa story thanks for reading

if you're liable for the purchases do you at least get to have the bought stuff transferred to you?!

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

Vomik posted:

if you're liable for the purchases do you at least get to have the bought stuff transferred to you?!

good thing you don't live in denmark lol

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

based on my understanding they would prefer all non-danes to gtfo

mystes
May 31, 2006

It's sort of like how banks refused to believe transactions could be fraudulent after the rollout of chip and pin in various countries, because even if the cards were stolen the thieves shouldn't know the pin. Except, because of a flaw in the protocol it turned out that it was possible to do a trick to effectively downgrade the cards to chip and signature or something like that.

spankmeister
Jun 15, 2008






Danish is incomprehensible gibberish so I would not at all be able to identify a phishing mail.

4lokos basilisk
Jul 17, 2008


mystes posted:

It's sort of like how banks refused to believe transactions could be fraudulent after the rollout of chip and pin in various countries, because even if the cards were stolen the thieves shouldn't know the pin. Except, because of a flaw in the protocol it turned out that it was possible to do a trick to effectively downgrade the cards to chip and signature or something like that.

I have had payments go through on japan after I botched the pin

tbh they probably have people manually approve all transactions too

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER

Vomik posted:

if you're liable for the purchases do you at least get to have the bought stuff transferred to you?!

that’s the worst bit you don’t even get to keep the 10 iPhones the scammer bought

mystes posted:

It's sort of like how banks refused to believe transactions could be fraudulent after the rollout of chip and pin in various countries, because even if the cards were stolen the thieves shouldn't know the pin. Except, because of a flaw in the protocol it turned out that it was possible to do a trick to effectively downgrade the cards to chip and signature or something like that.

it’s like that, except lower courts can’t rule that you don’t have to pay because of fraud, because this system is the perfect signature that in no way can be abused

Powerful Two-Hander
Mar 10, 2004

Mods please change my name to "Tooter Skeleton" TIA.


some guy in America keeps signing up to job sites with my email address so he probably wonders why he's never receiving anything. I also receive bank notifications on my other account with the same name, presumably from the same guy.

Once I got an invite to a family bbq and I think I did reply all to that and tell them to get their poo poo together and tell the guy to use the right address. or maybe I goatse'd the entire family idk it was a long time ago

Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang



*points to Lindsay Lohan*

Cybernetic Vermin
Apr 18, 2005

Boiled Water posted:

in secfuck of yester-week: the highest danish court of justice ruled on a case of “what happens when you’re defrauded of your digital signature credentials?”

in short, Denmark has a system of digital signatures and logins using 2fa. You use it for things like logging into your bank account or signing for a loan. I did this last year when buying my house. Currently it’s named “NemID”

same issue in sweden, despite the system being slightly more careful using a 2fa app which will display a reason-for-approval-request thing (e.g. "approve transfer of xxx kronor", "sign document xyz"). i think it helps, but getting old people on the phone is of course as always enough for at least some success-rate. i have to think also that android malware will target this stuff a lot harder as time goes on, which will turn into a real shitshow.

BlankSystemDaemon
Mar 13, 2009



Boiled Water posted:

that’s the worst bit you don’t even get to keep the 10 iPhones the scammer bought


it’s like that, except lower courts can’t rule that you don’t have to pay because of fraud, because this system is the perfect signature that in no way can be abused
Ah but you see, it can't be abused except for all the ways it can be abused! :denmark:

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER

Cybernetic Vermin posted:

same issue in sweden, despite the system being slightly more careful using a 2fa app which will display a reason-for-approval-request thing (e.g. "approve transfer of xxx kronor", "sign document xyz"). i think it helps, but getting old people on the phone is of course as always enough for at least some success-rate. i have to think also that android malware will target this stuff a lot harder as time goes on, which will turn into a real shitshow.

there's also an app which is better than the missile control card of keys but also worse since it's on your phone and suddenly your phone is a higher authority signature than your actual signature

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

Powerful Two-Hander posted:

Once I got an invite to a family bbq and I think I did reply all to that and tell them to get their poo poo together and tell the guy to use the right address. or maybe I goatse'd the entire family idk it was a long time ago

I made a joke on the little league hockey league mailing list and the president of the company threatened me with calling the police. This was long ago as well.

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER

CRIP EATIN BREAD posted:

I made a joke on the little league hockey league mailing list and the president of the company threatened me with calling the police. This was long ago as well.

bonus points: being called a hacker

Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.



Krankenstyle posted:

*points to Lindsay Lohan*

rude!

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano

Krankenstyle posted:

*points to Lindsay Lohan*

Lol I was just thinking of this the other day, good times

(https://forums.somethingawful.com/showthread.php?threadid=3712267&pagenumber=511#post456016998)

DrPossum
May 15, 2004

i am not a surgeon
BGP fuckup from Sunday

https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/

Cloudflare posted:

An Internet Service Provider in Pennsylvania (AS33154 - DQE Communications) was using a BGP optimizer in their network
...
DQE announced these specific routes to their customer (AS396531 - Allegheny Technologies Inc). All of this routing information was then sent to their other transit provider (AS701 - Verizon), who proceeded to tell the entire Internet about these “better” routes.

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.
hey bill, cyberwar!

Shame Boy
Mar 2, 2010

quote:

These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing.

:heysexy:

flakeloaf
Feb 26, 2003

Still better than android clock

Keep going I'm about to heap spray

The Electronaut
May 10, 2009

CRIP EATIN BREAD posted:

I made a joke on the little league hockey league mailing list and the president of the company threatened me with calling the police. This was long ago as well.

The Boy Scouts of America have their own social networking platform. Some dumbass Scout Master or parent signed up with my email address. It took a bit of effort to disassociate my email address with their poo poo (deleted the person's account in the end) because they don't email address verification.

Media Bloodbath
Mar 1, 2018

PIVOT TO ETERNAL SUFFERING
:hb:

just business as usual at Verizon. :justpost: routes

Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang




shh Dave, Whitney's hacking

Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang




:tipshat:

Last Chance
Dec 31, 2004


lmfao good poo poo

Farmer Crack-Ass
Jan 2, 2001

this is me posting irl

Powerful Two-Hander posted:

some guy in America keeps signing up to job sites with my email address so he probably wonders why he's never receiving anything. I also receive bank notifications on my other account with the same name, presumably from the same guy.

Once I got an invite to a family bbq and I think I did reply all to that and tell them to get their poo poo together and tell the guy to use the right address. or maybe I goatse'd the entire family idk it was a long time ago

lol one time someone accidentally sent me an invite for a wedding on the other side of the country, i wrote back and said "hey wrong address buddy, i'm all the way over here in oregon lol" and they laughed and invited me to attend too

Share Bear
Apr 27, 2004

using a correct email for most people is when mr burns, seeing krusty buying his own branded cereal, asks where the burns-os are and krusty laughs him off

DrPossum
May 15, 2004

i am not a surgeon

Shame Boy
Mar 2, 2010

this morning BBC had a story on ransomware that was pretty standard, except at the end they went and interviewed a company that's apparently ransomware consultants or something? where companies will contract the whole "deal with the criminals" part out to them, and they'll try to negotiate the price down and handle buying the bitcoins and stuff like that. seems like a fun job

haveblue
Aug 15, 2005



Toilet Rascal
professional hostage negotiators, except the hostage is your company's data

flakeloaf
Feb 26, 2003

Still better than android clock

definitely not associated with the original ransomware guys either, nopenopenope

Midjack
Dec 24, 2007



sounds more like someone bought a bunch of buttcoins and is cashing them out this way.

Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug
seems good, keeps every dumb rear end real estate guy from knocking on my door at the ungodly hour of 9am to ask me about how owned they are

mystes
May 31, 2006

Shame Boy posted:

this morning BBC had a story on ransomware that was pretty standard, except at the end they went and interviewed a company that's apparently ransomware consultants or something? where companies will contract the whole "deal with the criminals" part out to them, and they'll try to negotiate the price down and handle buying the bitcoins and stuff like that. seems like a fun job
The scary thing is that the consultant must be at the legit end of the spectrum, because it actually admits that it specializes in negotiation with the authors of the ransomware.

Reportedly most ransomware consultants claim to try to decrypt the files on their own but actually secretly just pay the ransomware authors (a lot of companies/municipalities don't want to pay the ransomware authors, or at least don't want to have to admit that they knew they were paying the ransomware authors).

The problem is that now everyone knows that all these local governments are vulnerable to multiple-year-old exploits and will pay tons of money to get their data back from ransomware, which means that ransomware is probably going to become even more widespread in the near future.

Incidentally, I think this makes a very strong case for forced automatic updates for software.

mystes fucked around with this message at 15:28 on Jun 26, 2019

Adbot
ADBOT LOVES YOU

Midjack
Dec 24, 2007



mystes posted:

Incidentally, I think this makes a very strong case for forced automatic updates for software.

which would last right up until someone force updates something that breaks an especially critical system, and then force updating goes away forever.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply