Something Random

[ddrueding]

It seems that I've had this position long enough that lots of sales peoples CRM databases must know that I am in charge of evaluating and purchasing IT stuff for my company. The receptionist is great at routing all these calls to my desk voicemail that I never answer (currently 98 new voicemails, cleared weekly by logging into the phone system server). One day someone else was working the front desk and forwarded a sales call directly to me. When I picked up the salesman on the other side was furious, stating that he'd been trying to get a hold of me for months and that I'd never responded to any of his calls or e-mails. I apologized profusely for the mistake, explaining that somehow the front desk had connected us, and I assured him it wouldn't happen again. Then I hung up.

 

[LunarMist]

It seems that I've had this position long enough that lots of sales peoples CRM databases must know that I am in charge of evaluating and purchasing IT stuff for my company. The receptionist is great at routing all these calls to my desk voicemail that I never answer (currently 98 new voicemails, cleared weekly by logging into the phone system server). One day someone else was working the front desk and forwarded a sales call directly to me. When I picked up the salesman on the other side was furious, stating that he'd been trying to get a hold of me for months and that I'd never responded to any of his calls or e-mails. I apologized profusely for the mistake, explaining that somehow the front desk had connected us, and I assured him it wouldn't happen again. Then I hung up.

VND=Vietnamese Dong?

 

[ddrueding]

VND=Vietnamese Dong?

Sometimes?

 

[LunarMist]

I don't understand why, but that is obviously in the wrong forum.

 

[LunarMist]

That's what cocaine, hookers and golf outings are for.

It's not the 80s anymore.

 

[LunarMist]

Apparently the IRS is after me and criminal charges have been filed. At first I freaked out, but they are a scam. Then they called back and said the police were coming to arrest me. The bastards should all f'ing die from the most terrible disease. :cursin:

 

[ddrueding]

Apparently the IRS is after me and criminal charges have been filed. At first I freaked out, but they are a scam. Then they called back and said the police were coming to arrest me. The bastards should all f'ing die from the most terrible disease. :cursin:

Indeed. Those kinds of scams are awful. From personal experience, I can attest that the IRS first sends a letter to your employer to withhold your pay. This is how I first found out, anyway.

 

[LunarMist]

Indeed. Those kinds of scams are awful. From personal experience, I can attest that the IRS first sends a letter to your employer to withhold your pay. This is how I first found out, anyway.

One probably would not have received a refund for 2015 either.

 

[jtr1962]

Apparently the IRS is after me and criminal charges have been filed. At first I freaked out, but they are a scam. Then they called back and said the police were coming to arrest me. The bastards should all f'ing die from the most terrible disease. :cursin:

This is why I never answer numbers whch aren't familiar to me. I'll usually do a Google search right after they call, and if they're a known scammer I just block them so they can never bother me again. If they're calling from an area code where I don't know anyone, I just block the entire area code. Time Warner Cable now has Nomorobo as an option. They also have an option to block callers who spoof their caller ID. Combined with a app which lets me block numbers from my PC, only one or two junk calls per week actually ring through. I do the usual procedure for those. Look them up, and if it's a known scammer's number just block them.

We really need the equivalent of the spam blockers email providers use. If a telemarketer calls, you can add their number to the list. Your phone service provider automatically blocks all calls originating from the "junk caller" list. We need to put an end to this scourge once and for all. When these scammers can't get through to anyone, their "business" model will fall apart.

 

[ddrueding]

Once microtransaction systems become ubiquitous, there is a plausible solution to this and SPAM. No message or call is delivered without a small payment. The payment goes to the recipient. If you send and receive about the same number of messages and calls, you break even. If you try to contact millions without anyone wanting to talk to you, you go broke.

 

[LunarMist]

Apparently younger people like to whack each other on the head as she said.
Maybe I should be wearing the kelvars helmet.

 

[timwhit]

There's an Android app called Mr. Number that blocks spam numbers. It's free.

 

[timwhit]

There's an Android app called Mr. Number that blocks spam numbers. It's free.

https://play.google.com/store/apps/details?id=com.mrnumber.blocker

 

[LunarMist]

https://play.google.com/store/apps/details?id=com.mrnumber.blocker

Thanks, but they are calling the normal phone. I have an Andoroid blocker for certain area codes on the work smartphone number. (The area code that phone has gets a lot of Mexican spams.) My main smartphone doesn't get any calls so far, but only three people know it. I often remove the batteries from the phones when traveling, unless at the airports or the registered hotels.

 

[LunarMist]

This is why I never answer numbers whch aren't familiar to me. I'll usually do a Google search right after they call, and if they're a known scammer I just block them so they can never bother me again. If they're calling from an area code where I don't know anyone, I just block the entire area code. Time Warner Cable now has Nomorobo as an option. They also have an option to block callers who spoof their caller ID. Combined with a app which lets me block numbers from my PC, only one or two junk calls per week actually ring through. I do the usual procedure for those. Look them up, and if it's a known scammer's number just block them.

We really need the equivalent of the spam blockers email providers use. If a telemarketer calls, you can add their number to the list. Your phone service provider automatically blocks all calls originating from the "junk caller" list. We need to put an end to this scourge once and for all. When these scammers can't get through to anyone, their "business" model will fall apart.

Wasn't there some standalone machine you were talking about a while ago? I cannot remember if you had one for a while.

 

[jtr1962]

Wasn't there some standalone machine you were talking about a while ago? I cannot remember if you had one for a while.

I never bought it but you're probably thinking of this.

 

[Howell]

Apparently younger people like to whack each other on the head as she said.
Maybe I should be wearing the kelvars helmet.

Apparently the infants and elderly like to fall.

 

[snowhiker]

Goofy website behavior.

http://www.bta-mall.com/

Anybody heard of this site or used it?

Their listed address and phone:
1-646-657-8981
58 E 14th St
New York, NY 10003
U.S.A

Anyways I go to hope their home page. Type "21024413" (a car part I'm looking for) in search box and get a result. The correct part. ACDelco GM OEM cruise control module. $47.96. I click on link to get product page. Sometime the price is $47.96 and in stock. Sometimes $409.71 and out of stock. If I'm on the page with the $47 price and I re-load page, the $409 page comes up. WTF.

All my other searches for this part are in the $200-450 price range. Don't care about my cruise control enough to pay $400 but $50 is a no brainer.

----->>>>> Anybody else notice this goofy behavior? Perhaps a weird noscript/adblock/ghostery/cookie interaction. Don't want to buy @ $50 and get charged $400.

 

[LunarMist]

http://www.bta-mall.com/

Anybody heard of this site or used it?

Their listed address and phone:
1-646-657-8981
58 E 14th St
New York, NY 10003
U.S.A

Anyways I go to hope their home page. Type "21024413" (a car part I'm looking for) in search box and get a result. The correct part. ACDelco GM OEM cruise control module. $47.96. I click on link to get product page. Sometime the price is $47.96 and in stock. Sometimes $409.71 and out of stock. If I'm on the page with the $47 price and I re-load page, the $409 page comes up. WTF.

All my other searches for this part are in the $200-450 price range. Don't care about my cruise control enough to pay $400 but $50 is a no brainer.

----->>>>> Anybody else notice this goofy behavior? Perhaps a weird noscript/adblock/ghostery/cookie interaction. Don't want to buy @ $50 and get charged $400.

Are you seriously expecting the price for a legitimate part to be so low compared to other sources unless it's pulled from junkyard?

 

[LunarMist]

The site will not allow me to place an order for that part, so either give them a call on Monday or look elsewhere.
Maybe it's a long shot, but is there a possibility the part was part of any recall?

 

[snowhiker]

Are you seriously expecting the price for a legitimate part to be so low compared to other sources unless it's pulled from junkyard?

I don't actually expect to get part below cost, just wondering why cost is 10x as much on one page vs another page.

 

[LunarMist]

I don't actually expect to get part below cost, just wondering why cost is 10x as much on one page vs another page.

I saw two different prices on different parts of the same page on Amazon last night, so stiff happens. It was fixed today though. I usually add to cart to see what the vendor will be charging.

 

[LunarMist]

Horrible email:

4 Signs You're About To DIE Of a Heart Attack [my name]

perpetually pigmaean rightsized rippiers
ripstops sultan sylvae tallyshops
tamaris tatty vandalise walkyries
washered accentuality actings amoks
antiman caeoma calumniatory cankeredness
cannabis dab dactyliology dandles
democrat factionalizing factive fadge
fairer faultfinder favisms gaffsails
gargoylism gelding genuflexions geothermal
hagiographists handkerchers hardihead haruspices
haul inhuman labours laigher

WTF???

 

[mubs]

I got an email from soc@slcsecurity.com in my spam folder. That domain goes to an outfit called jigsawsecurityenterprise.com.

The body of the email said there had been a potential breach and my data was exposed. It correctly listed the main email account I use, and a password that I modify a bit for different web sites. It was a sales pitch for their security services.

I maintain all my passwords in Word files, and a check showed this is not a password currently in use; perhaps a decade or so ago. I use slightly modified passwords only for infrequently used, low-priority sites, with financial, banking, email etc. being truly random, maximum length, combination of upper and lower case alpha, special chars and numerics. So I'm not worried.

My Linked-in password was breached along with millions of others, but that was so long ago (2011 ?) and I changed my password immediately when notified by Linked-in.

 

[Howell]

Why not use keypad instead of word files?

 

[mubs]

Didn't get you Howell. The passwords are stored in Word files. Since they're gobbledygook, I copy and paste them when logging in.

 

[Newtun]

Didn't get you Howell. The passwords are stored in Word files. Since they're gobbledygook, I copy and paste them when logging in.

"Speaking" of passwords, does anyone here believe in Steve Gibson's theory that "padding" a base password with enough repetitive characters can make a very secure password?

. . . padding an easily memorized password with equally easy to remember (and enter) padding creates unbreakable passwords that are also easy to use.

 

[Stereodude]

"Speaking" of passwords, does anyone here believe in Steve Gibson's theory that "padding" a base password with enough repetitive characters can make a very secure password?

It all depends what method is being used to crack it. It should be robust against a dictionary or brute force attack.

 

[Handruin]

Why not use keypad instead of word files?

Didn't get you Howell. The passwords are stored in Word files. Since they're gobbledygook, I copy and paste them when logging in.

I suspect this may have been an auto-correct error by Howell. He may have been referring to Keepass as a way of storing passwords. This is what I use to store mine and also to generate very long and complex passwords for various sites.

 

[sedrosken]

"Supported Operating Systems : Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7 / 8 / 10, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, ...)."

That's a pretty wide range of support. I can understand still supporting XP and Server 2003, but why still support 98? That's been out of support for ten years! And if you're supporting 98, why not 95? This is just weird all around.

Anyway, thanks for the tip, using this from now on.

 

[Howell]

I suspect this may have been an auto-correct error by Howell. He may have been referring to Keepass as a way of storing passwords. This is what I use to store mine and also to generate very long and complex passwords for various sites.

Sigh, yes that's what I meant. I even typed it in directly instead of swyping. Thanks.

 

[ddrueding]

Some kind of password management system should be considered required at this point if you have things of value accessible over the internet. Keepass is one, I use LastPass. Any of the recent hacks highlight four attributes that passwords need:

Unique - You should never use the same password on more than one thing. This contains a breach to the site that was hacked (or you were phished into revealing).
Frequently changed - The older a hacked password database is, the more widely circulated it becomes. The longer it has been since you changed a password, the more people potentially know it.
Not accessible on your computer without knowing another password - If your computer gets 0wned, you don't want everything to be compromised. Disable the "saved passwords" feature of your web browsers, don't have a text file on your desktop called "passwords".
Not accessible only from your computer - HDD failure, anyone?

Doing these purely in your head may be possible for some; I would be very impressed.

If you don't need to get to things on the go, this could be as simple as a printed list of sites, their random-string-ish passwords, and the date that password was set. Otherwise sign up for one of the services or do something tricky with password-protected files on redundant thumb-drives or something.

 

[Chewy509]

Or use a function as the password generator:

$ echo passphrase@slashdot.org | sha256sum | base64 -w 0

MjAzZGM4MDZmNTIyN2I4YTQ5YjYxZjQxMDBiZWJiYWVlOGE0ZDZmYTAyZGYxMmM3ZGY4YTgzMzE2NjA2MmM2OCAgLQo=

That way you just need to remember the passphrase (which can be stored in plain) for each site... Simply create a new passphrase every few months, reset your login password, and you should be good for a while...

These days, it's not about complexity, but simply length...

One of my favourites to illustrate: https://xkcd.com/936/

PS. The above code assumes *nix like environment.

 

[Howell]

But it is also about complexity. Especially as more databases are compromised. Unfortunately, these days websites are inconsistent about how many characters and of what kind they will allow. One seen one that allowed 30 but many are 20 and 12. So your passphrase better have an embedded indicator of how much of the hash to use. I use a Windows cli hashing function for legal files if anyone wants it.

 

[mubs]

I suspect this may have been an auto-correct error by Howell. He may have been referring to Keepass as a way of storing passwords. This is what I use to store mine and also to generate very long and complex passwords for various sites.

I guess you're right. Wasn't a major vulnerability discovered in one of the major password keeping programs (Lastpass ?) recently? I tried one of these for a while and found it irritating, and went back to my old method that I've been using for around 15 years. My method is proprietary (heh heh), stored with innocuous names (not "password") and stored in a folder several levels deep and the whole partition is TrueCrypted.

 

[time]

"Speaking" of passwords, does anyone here believe in Steve Gibson's theory that "padding" a base password with enough repetitive characters can make a very secure password?

Sure. If it's not in a 'dictionary' - i.e. Google can't find it - then the only cracking method is brute force. By definition, that can't tell for example if you just repeated the same character 10 times. In fact, you can take any dictionary word and just add some padding to make it a reasonable length and therefore an unbreakable password.

Realistically, any password of at least 8 characters is unbreakable with current brute force methods. One with 12 characters is unbreakable for the foreseeable future. Someone guessing or stealing your password is a much more credible threat.

 

[ddrueding]

I guess you're right. Wasn't a major vulnerability discovered in one of the major password keeping programs (Lastpass ?) recently? I tried one of these for a while and found it irritating, and went back to my old method that I've been using for around 15 years. My method is proprietary (heh heh), stored with innocuous names (not "password") and stored in a folder several levels deep and the whole partition is TrueCrypted.

No vulnerability has ever been found. Someone did get to the parts of the database that need to remain open, that is it. And it was a year ago.

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

 

[Stereodude]

Realistically, any password of at least 8 characters is unbreakable with current brute force methods. One with 12 characters is unbreakable for the foreseeable future. Someone guessing or stealing your password is a much more credible threat.

What?!?

http://arstechnica.com/security/201...s-every-standard-windows-password-in-6-hours/

 

[Handruin]

I guess you're right. Wasn't a major vulnerability discovered in one of the major password keeping programs (Lastpass ?) recently? I tried one of these for a while and found it irritating, and went back to my old method that I've been using for around 15 years. My method is proprietary (heh heh), stored with innocuous names (not "password") and stored in a folder several levels deep and the whole partition is TrueCrypted.

I consider Keepass and LastPass as completely different utilities for managing passwords. I keep my Keepass database only on my local workstation and not synch between systems or available ion a cloud system. Doing it this way is less convenient but I still feel better about it in this form than in a proprietary format. Rolling your own security is a tricky and slippery slope.

 

[Handruin]

What?!?

http://arstechnica.com/security/201...s-every-standard-windows-password-in-6-hours/

And...that's dated 2012...GPUs have advanced a lot since then.