Wiggly Wayne DDS posted:

finally totp for cars

Shame Boy posted:

i just got some fun spam


thank god we have Digital Experience Specialist James Carter to walk us through how to prevent data access

Lain Iwakura posted:

https://twitter.com/KateLibc/status/1125963290050359301

i'm having fun with this. i wonder what sort of sensitive data exists within

Powerful Two-Hander posted:

"please enter a memorable word in case you forget your pasword or username", ok that's dumb so ill mash the keyboard to make it a random string and put it in keepass....





edit: my keyboard mashing is evidently insufficiently random. Also I tried an actual word and it rejected it for having "3 or more sequential letters". Hope your memborable word doesn't contain "nop"!

ewiley posted:

Wait do people pronounce

Volmarias posted:

The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do.

The new password will be SchoolnameMonthYear.

quote:

A system to transfer money online — used over a million times a day in Canada — is not as safe as it advertises, says a Royal Bank customer who had $1,734 stolen during an e-transfer.

The theft occurred after Anne Hoover of Peterborough, Ont., e-transferred money from her RBC account to her friend Fran Fearnley, only to have a fraudster intercept the transaction and divert the money to his own account at another bank.

"I always use e-transfer," says Hoover. "I thought it was a safe way to send money."

An RBC manager says an internal investigation indicated that Fearnley's email account had been hacked, and when Hoover sent the e-transfer, the fraudster figured out the answer for the security question necessary to deposit the money, and then redirected it to a different bank account.

The bank blamed the theft on Fearnley's email security.

Hoover's security question to her friend was: "Who is my favourite Beatle?" The fraudster would have had a one in four chance of getting it right — John, Paul, George or Ringo. In a test of RBC's Interac system, Go Public was given four chances to answer the security question correctly.

In a statement, AJ Goodman, RBC's director of external communications wrote: "As part of our electronic access agreement, clients commit to using passwords and security questions that are unique and cannot be easily guessed or obtained by others."

In a statement, the company's senior manager of external communications, Adrienne Vaughan, wrote that Canadians must "protect their email and passwords so they do not fall victim to cybercrime and they can safely transact online."

Popa did a quick search of Fearnley's email on https://www.haveibeenpwned.com a website that tracks data breaches and reports almost eight billion occasions when personal accounts have been exposed. The same email address could be acquired from several different sources.

Popa found her email was compromised on two sites when hackers attacked LinkedIn and Verification.io

"That means people have found those e-mail lists. They have sold them to others," says Popa. "Different people have taken what they've needed from those lists, and that's how they got compromised, very likely."

The cybersecurity expert says financial institutions and Interac need to require something called "two-factor authentication" to better protect people's accounts.

"Every time you log into an account you need to use a second factor," explains Popa. "A code that arrives as a text message or as a separate email to a different email address that is only valid for a few seconds or a few minutes after it's received."

infernal machines posted:

security is a process, and a big part of that process is you not being an absolute goddamned idiot just every second of every day

evilweasel posted:

security questions are such a poorly thought out idea

"nobody will ever know what the mascot of your high school was, knowing that is good enough to reset your password!"

Sagebrush posted:

I'm pretty sure that once you get the email and answer the question correctly, that's the end of it and you can deposit the money into any account you want. Really it's just surprising that no one has reported on it until today

Midjack posted:

someone finally found a use for sharepoint

Subjunctive posted:

I wonder how often “proprietary hardware security module” actually ends up without tears.

quote:

In late December, Kathy Machir called Marcela Zavala Taylor, her banker of nine years at Mexico’s Monex Casa de Bolsa, to get cash for contractors building her retirement home in San Miguel de Allende. Typically, Zavala would wire money or dispatch her assistant, Juan, on his motorcycle with an envelope full of pesos. Monex, with $5.2 billion in assets and operations in the U.S., was woven into the lives of Machir and the 10,000 other Americans who’ve moved to San Miguel de Allende.

The transfer didn’t happen. Juan didn’t show, Zavala didn’t return calls, and Kathy and Jim Machir discovered that their nest egg was gone. When the Machirs and other San Miguel expatriates met with Monex officials in early January, the bankers told some of them that about $40 million was missing from as many as 158 accounts, many belonging to English-speaking Americans. A dozen people interviewed by Bloomberg News say that bank statements Zavala sent them purporting to show full accounts were apparently falsified. Most say the bank has told them little since they filed complaints, and some say Monex tried to settle for far less than the balances owed. “When they told us we had 6 pesos [32¢] in our accounts, I just felt sick to my stomach,” Kathy Machir says. “Since then, they have not dealt with us in good faith.”

Kenneth Karger, a retired dentist in Fort Worth with property in Mexico, says Monex owes him about $400,000. He stopped getting full statements after June, as did the Machirs. Karger says Zavala told him Monex was changing to a new online banking system and sent emails showing a plausible balance. Later, Karger went through statements he retrieved from Monex and found unauthorized withdrawals and wire transfers.

A notarized letter that Karger’s attorney sent to top Monex executives on April 15 lists 12 allegations of fraud, including transferring money to people whom the depositors didn’t know, making unauthorized investments, and changing account login information. “If a relatively low-level employee can go into your account, change your email address for notifications, change your password, redirect deposits, withdrawals, and wire transfers,” Karger says, “then you have a kindergarten-level security system safeguarding tens of millions of dollars.”

Munkeymon posted:

the process was pretty bad and may be the reason insulin prices weren't capped

I've been wondering for a while now if selling a dumbed down git clone to legislatures to handle what are effectively giant merge conflicts would be a good business or if they'd just stubbornly refuse to do it electronically

quote:

The task of developing the new OS and replacing Windows will fall to a new "Internet Security Information Leadership Group," as first reported by the Epoch Times, citing the May issue of the Kanwa Asian Defence magazine.

Shame Boy posted:

windows the poo

quote:

https://globalnews.ca/news/5328658/canadian-man-sentenced-selling-encrypted-blackberry-smartphones/

A Canadian man who sold encrypted BlackBerry smartphones to criminals worldwide that enabled them to sell drugs and even plan murders while avoiding the prying eyes of law enforcement was sentenced Tuesday to nine years in prison.

Vincent Ramos, 41, of Richmond in the Vancouver area was sentenced Tuesday in federal court in San Diego. He pleaded guilty last fall to one count of racketeering conspiracy.

Ramos also was told to forfeit $80 million in earnings, which included homes, international bank account holdings, cryptocurrency and gold coins.

Ramos ran a company called Phantom Secure that offered gutted, uncrackable smartphones that, for a subscription, could send encrypted text messages through a secure network based in Panama and Hong Kong.

The company also could wipe the phones remotely if they were seized.

Prosecutors said Ramos’ clients included the Sinaloa drug cartel of Mexico and a global drug-trafficking and illicit gambling organization run by former University of Southern California football player Owen Hanson. Hanson is serving a 21-year prison sentence.

Other clients were Hells Angels in Australia who used them to co-ordinate several killings, authorities said. Ramos boasted about his wares after seeing a 2014 news report that said use of his encrypted devices by a suspect in one high-profile murder had hampered the investigation.

abigserve posted:

Winkle-Daddy posted:

this post has inspired me to visit a pawn shop on my lunch break, thanks!

Kazinsal posted:

James Mickens' bit on the Mossad/Not Mossad Threat Model is something that deeply applies here

infernal machines posted:

trying to manage endpoint security on employee owned devices.

Shame Boy posted:

one of the asks from one of our own executives was if we could figure out a way to either "fix" the scale component to not suck, or disable it altogether but still retain it's anti-theft effects

since i seriously doubt it actually has any anti-theft effects i'm pretty sure we can just disable it and everything will be fine

Volmarias posted:

Target just has a camera + screen attached to their self-checkouts at eye level pointed directly at you with a flashing red text of "RECORDING IN PROGRESS". It's loving dehumanizing and infuriating.

Volmarias posted:

It also doesn't address the issue with getting anyone in a position of authority to reclaim your device to give a poo poo about it.

mystes posted:

The police just don't give a poo poo about your cellphone in the first place.

BIGFOOT EROTICA posted:

the point is you go and recover it yourself with 3-4 friends and your firearms

Guy Axlerod posted:

Is there anything to stop large scale aggregate pulling of all points?

Chris Knight posted:

https://twitter.com/pinboard/status/1138195461188145152