New around here? Register your SA Forums Account here!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $10! We charge money because it costs us money per month for bills alone, and since we don't believe in shady internet advertising, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Ask/Tell > Tell me about common cons/scams: "Thanks, you suck. Hello, this is Linda."
«257 »
 
  • Post
  • Reply
CaptainSarcastic
Jul 6, 2013



 AT&T is best avoided for multiple reasons. That they keep running what was called the Hemisphere program, where they happily hand over logs to law enforcement with no warrant or due process, is bad enough on its own. But I also worked for them briefly though a third party doing telephone customer support and their internal systems were the dumbest poo poo I've run into. To find information they used an internal wiki, which in and of itself is whatever. But they had it set up so instead of pages getting updated they just created new pages, so you couldn't bookmark a page for future reference because it could be out of date but you had no way of knowing that without doing a fresh search every single time you needed to reference something. Bonus was that the search function was unreliable and using the same search terms wasn't guaranteed to actually find the necessary information so not being able to rely on bookmarks for common pages was even more frustrating.

* # ? Nov 7, 2025 18:52
  • Quote
Adbot
ADBOT LOVES YOU

# ? Nov 8, 2025 19:12
  • Quote
Krispy Wafer
Jul 26, 2002

I shouted out "Free the exposed 67"
But they stood on my hair and told me I was fat

Grimey Drawer

Yngwie Mangosteen posted:

I worked at a security camera software company, and until I ran Wireshark for some other QA test, I found that logins were sent plaintext, labeled:

u/n: (name)
pass: (password)

When I reported it, they did a hash of the password.

Guess what happened if you copy and pasted the hashed string into the password field.

Does that mean anyone getting your username/password could then log in and see your camera footage. Because ouch.

A lot of people get their first emails from their ISP and then reuse that for all their most important stuff like Apple and Amazon. Which is why I was so angry that AT&T was being sloppy with their user email security. If someone hacked their att.net email, they could get access to EVERYTHING. I encourage people to create dedicated email addresses for stuff like Apple and then only use those emails with those accounts. That way some random hack on a small retailer site doesn't cascade into you losing access to your digital life.

CaptainSarcastic posted:

AT&T is best avoided for multiple reasons. That they keep running what was called the Hemisphere program, where they happily hand over logs to law enforcement with no warrant or due process, is bad enough on its own. But I also worked for them briefly though a third party doing telephone customer support and their internal systems were the dumbest poo poo I've run into. To find information they used an internal wiki, which in and of itself is whatever. But they had it set up so instead of pages getting updated they just created new pages, so you couldn't bookmark a page for future reference because it could be out of date but you had no way of knowing that without doing a fresh search every single time you needed to reference something. Bonus was that the search function was unreliable and using the same search terms wasn't guaranteed to actually find the necessary information so not being able to rely on bookmarks for common pages was even more frustrating.

After AT&T outsourced its portal page to Yahoo, I worked in their small biz web hosting. This was essentially a value added service, so corporate mostly ignored us. Suddenly we had a huge influx of new users and management ran out and hired new contractors and bought lots of new Apache servers. And then we started getting angry phone calls from business customers who had never signed up for web hosting. Turns out AT&T had also outsourced its sales and an office in Miami was adding web hosting to everyone's account. I did a bunch of research to figure out exactly who was doing this and management just shrugged. That company is and was a loving poo poo show.

* # ? Nov 7, 2025 19:03
  • Quote
Yngwie Mangosteen
Aug 23, 2007

Krispy Wafer posted:

Does that mean anyone getting your username/password could then log in and see your camera footage. Because ouch.

See footage, delete footage, add a scheduled offline period, disable motion tracking, quietly turn off or re-route the recording location, and, depending on the camera, adjust the viewing angle, etc.

The software interfaced with just about every common camera model, and was used by lots of actual large companies, schools, etc.

* # ? Nov 7, 2025 20:02
  • Quote
PhazonLink
Jul 17, 2010

Did someone say anime horse girls?

KYOON GRIFFEY JR posted:

lmao

the best password truncating is when its difference truncating on the login page, the password reset page, or the password change page.

* # ? Nov 7, 2025 21:03
  • Quote
Flipperwaldt
Nov 11, 2011

Won't somebody think of the starving hamsters in China?

PhazonLink posted:

the best password truncating is when its difference truncating on the login page, the password reset page, or the password change page.
I can't dissuade my mom from using her isp provided email address. The isp was sold and the new isp has updated the webmail frontend. The new frontend has a different idea of what invalid characters for a password are than the old one, or the actual current mail server for that matter. Her password was grandfathered in and she cannot log into the webmail anymore. Changing your password can only be done by logging into the webmail. She had her password changed through the phone helpdesk, who emailed it to her after changing it, which for obvious reasons wasn't very useful. In round two, they dictated the new password over the phone. Hurray, she can log into the webmail. However, phone and laptop are now misconfigured. I wasn't available to remedy that, so I logged into the webmail and went to change the password back to the old one, unaware what the problem had been at the start of this. Note that there isn't a list of invalid characters anywhere. There isn't a check that says to try again. There is just a generic message saying "oops, something went wrong!" when you press submit. And then the password change goes through anyway! So, everything works, but she's back to not being able to log into the webmail, or change her password to something else. I guess we were lucky the password change procedure didn't strip the invalid characters from the password before saving it. We're going to try calling the helpdesk back tomorrow.

Absolute shitshow. Biggest isp in this country, millions of customers.

* # ? Nov 7, 2025 22:14
  • Quote
PhazonLink
Jul 17, 2010

Did someone say anime horse girls?
"you have to use special characters, no we're not going to tell you which ones are allowed and which arent and its not just the "easy" shift+ ones."

* # ? Nov 7, 2025 22:37
  • Quote
Flipperwaldt
Nov 11, 2011

Won't somebody think of the starving hamsters in China?



 I also don't know how any of that is necessary or can happen if you're not basically loving plaintexting the password.

* # ? Nov 7, 2025 22:51
  • Quote
BiggerBoat
Sep 26, 2007

Don't you tell me my business again.
House cat owner here that's had more than three escape and get outside to tell everyone that, most of the time, the cat will come home or at least stay very close by.

* # ? Nov 8, 2025 01:09
  • Quote
Facebook Aunt
Oct 4, 2008

wiggle wiggle

BiggerBoat posted:

House cat owner here that's had more than three escape and get outside to tell everyone that, most of the time, the cat will come home or at least stay very close by.

Okay, but what if the cat knows your passwords? You know those little bastards are storing them in plain text.

* # ? Nov 8, 2025 05:55
  • Quote
SubG
Aug 19, 2004

It's a hard world for little things.

PhazonLink posted:

"you have to use special characters, no we're not going to tell you which ones are allowed and which arent and its not just the "easy" shift+ ones."
And then when you add one it gives you a SQL error.

* # ? Nov 8, 2025 09:13
  • Quote
Discendo Vox
Mar 21, 2013

 They wouldn't be special characters if we told you what they are!

* # ? Nov 8, 2025 14:59
  • Quote
dirby
Sep 21, 2004


Helping goons with math

PhazonLink posted:

the best password truncating is when its difference truncating on the login page, the password reset page, or the password change page.
I think I've been to a couple sites where my email could contain dots on account creation, but not on login (or maybe not on password reset?). That's been fun.

* # ? Nov 8, 2025 15:50
  • Quote
Adbot
ADBOT LOVES YOU

# ? Nov 8, 2025 19:12
  • Quote
Flipperwaldt
Nov 11, 2011

Won't somebody think of the starving hamsters in China?

Discendo Vox posted:

They wouldn't be special characters if we told you what they are!
We called the helpdesk back and they gave a new temporary password and after logging in to change it, the form for it now mysteriously had acquired a list of password requirements! Including a list of special characters that would potentially improve security. That list included all special characters that were in the original password that doesn't work!

Good job, dipshits :thumbsup:

* # ? Nov 8, 2025 19:09
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Ask/Tell > Tell me about common cons/scams: "Thanks, you suck. Hello, this is Linda."
«257 »