Posts by Blacklight

Jaunts and escapades

I was lucky enough to be invited to speak at a supplier's gig, overseas, at their expense. Said gig was in Vegas however, which didn't appeal.

Got to Vegas, got to room in 'well known hotel' - and found a food cart in the room. "Oooh" I thought, suspecting they'd put out some buffet thing for my arrival (they hadn't asked if I was vegetarian etc)....except when I lifted the lid on one container - it was half eaten food. Room was also a mess.

One call to reception and I was upgraded to a suite. Result. Only for two nights mind.

Simarly a later company wanted me to back to the US for other activities - and they had a corporate policy about class of flight being dependent on length. Anything over 6 hours was business class. My flight? 6 hrs, 15 mins. Oh noes....

When did it start?

Do we know?

I have GDrive synched to my server, and backed up to Backblaze with a version of each file retained for at least 12 months. If we know when this started I can at least get anything "vanished" since that date.

Well it's clearly working as designed....

I upset a German bank a long time ago, by replicating 'an error'.

For a while I lived in deepest darkest south Germany (so south it is technically Switzerland, but the German's nicked it), and returned some years later for a holiday - and attempted to use my NatWest Switch card (that dates it doesn't it?) in a Sparkasse ATM.

Removed card from wallet, inserted card into machine, machine immediately reboots itself.

Once rebooted, of course, there is no sign of my card...and the bank was closed - and the phone numbers went to answer services services.

Next morning, waited outside the bank until they opened, and explained (in halting German) that their pesky machine had b0rked and could I have my card back please?

The attendant's response was (gesturing at the machines) "all the machines are working, if your card has been taken, it's because your bank has reported it stolen". I protested.

Eventually, someone checked the machine, and found the card. I could see them looking at it, but still refusing to give it back. I protested a bit more, saying I'd been using it happily in other places and it was fine, and offered to ring my bank to have them explain.

After a few minutes I was handed my card back, and asked to show them what I did.

So I put the card back in the same machine. And it rebooted again.

They apologised, retrieved my card again, and I toddled over the Deutsche Bank and I withdrew some cash from their machines quite happily.

No idea what combination of info was on the magstripe that clearly b0rked Sparkasse machines, but it did tend to mean I used "larger" banks after that :)

Many flops....

At one point I was happy to have a PC that could read 5.25" 1.2MB, and a 3.5" that could read up to LS120. And an IoMega drive that could take ZIP100 and ZiP250. And a multitude of storage cards (yay, MagicGate).

But the LS120 drive and Zip drives both died clickety deaths.

And the cards are now nearly all microSD (with an SD or USB adaptor).

It's like the BBC Domesday. Great until you can't read it.

And a shame, as kit typically still works. My car has a PCMCIA slot. My PC has a ln LTO3, except I killed it and now can't read some tapes. Yay for cloud etc.

Does your CMDB extend to password stores & credit cards?

Similar thing at "an/other" financial organisation, where Azure was setup with a credit card. A personal one. Something got productionised, and then the card holder left the company. Some payment reminders presumably went to an inbox which was no longer serviced (or more likely in existence).

Not long after, an Azure subscription magically vanished. Which was nice.

Password storage (actually secure) *was* a thing. Checking how it was funded, less so....

The reset card

In the early 2000s I put a NatWest card into a German Sparkasse ATM.

It reset, and ate my card.

The next morning I had about an hour of joy convincing the bank to return my card from the bowels of the machine (and they were adamant the machine was fine) - until we got them to let me put it in again, and lo, it reset (again). They gave me the card back, and I used it in another bank across the street....

So yeah, something in a (foreign) magstripe took out an ATM - which was nice.

Argh!

This.

So much this. And lazy arse people.

I have a firstname.surname AT gmail.com account, and I use the dot. You don't need to use the dot.

I also have a few people with "my name" who have "similar" accounts, i.e. firstname.initial.surname@gmail.com - and do they use the initial?

No.

Do I get the emails?

Yes.

I've had someone's flight tickets to Australia (STA did sod all - I considered actually pitching up for a free holiday) - emails from the police on a crime, from Westminster on a political topic, pictures of someone's family, home extension details, washing machine repair info, invites to a stag do, photo print order etc - and various other crap.

I've also (maybe helpfully) clicked the "Not me" links (when provided) and/or logged in and "closed" the account. So far, none of the accounts have contained any information beyond the name & email address. I then setup a FB group and invited people with "my name" to it, to try and nail a few down - but most have buggered off since. Ah well.

The other joy is that I share a name with a couple of IT professionals, and I've had agencies call me thinking I'm one of the others, and they spill plenty of info before I shut them up....(I'm assuming they search for a name in whatever CRM they use (Excel?!) and ignore multiple results...)

Nope

I have a setup I like, that does what I want.

I don't want errant things burrowing holes to get DNS via other methods.

Go away.

Blighty?

Not available from the UK store (yet)

Frictionless....

My social media of choice is beer.

My social media account is my bar tab.

Please discuss with the landlord. Kthxbai!

Panopticon

For sweet, sweet omniscient surveillance....

Le sigh...

"Let's all think of the clever, and not think of the function...."

Yes, it might put up a bit of cost, but how hard is it to also incorporate a remote sounder, like most wireless doorbells? Or even some local (encrypted) storage, so it can take/store pics of people who did come to the door?

If your internet backhaul is down, isn't the result going to be the same? At least Hue & Lightwave etc continue working with whatever settings they have been given, if the cloud goes down. My home automation system uses a cloud UI to configure, but once it's got it's config. it doesn't need the internet.

Failover modes people, failover modes....

Erm....

I may be wrong (probably am!) but is the other issue resolved?

i.e the one whereby when the router powers up, for 7 seconds or so, there is no encryption set on the WiFi? o_O

Thus, if you are quick enough, you can get onto the WLAN - and then (again, if quick enough) - either use the default web admin password to find a WLAN password (even if it's been changed), so you can then reconnect shortly after, or do a quick network probe? Granted that's a tight window of opportunity, but still!

[EDIT] Ah yes - a powershell to reboot a SuperHub - if you know the password. Assume it's default, and a bit of cross site jiggery-pokery with a form post/social engineering - and away you go, router reboots, WLAN available briefly...[/EDIT]

Personally, opt for "SACM" (standalone cable modem) mode and use my own WiFi. I'd still be using 802.1x EAP too if the firmware I use was updated to not break RADIUS :( (choice of stick with RADIUS but keep other vulns active, or upgrade and lose RADIUS)

If you don't have your own router, change the WiFi AND admin passwords - which should be standard OpSec anyway. It wouldn't be that hard for device manufacturers to trap all web traffic when the thing is in "default" mode and force passwords to change, before letting it go fully operational....

Lenny

I've just installed Lenny onto our PABX as a handy extension. Now I'll probably get no calls...

I also love that other default message (with the correct English pack) that says "All members of the household are currently assisting other telemarkers. Your call will be answered in the order it was received"...(and then dumps them on permanent hold music)