July 2023

S M T W T F S
      1
2345678
9101112131415
16171819202122
2324 2526272829
3031     

Navigation

Page Summary

Style Credit

Expand Cut Tags

No cut tags

(no subject)

sci_starborne: Sign of the Fox (pic#181874)
Monday, December 12th, 2011 01:57 am

Was going to make a short post comparing video-hosting sites, but found my password here didn’t work. Again.
Also found my host account login didn’t work.

The host has no record of any previous account password changes before tonight, so now rather concerned my Keepass file has become corrupt somehow.
Except the password for this site was stored in FireFox too. So someone’s been messing with my site in addition to whatever’s wrong with the host account.

Passwords and salts have been re-randomised and backups are in progress. Databases are already backed up.

Very annoying. No arting time, just fucking around trying to fix more things that someone else broke.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

A piss-poor scam premise

sci_starborne: Sign of the Fox (pic#181874)
Friday, August 5th, 2011 08:35 pm

Just had a phonecall from “BT tech support”. Apparently there’s “corrupted temporary files on my computer”.

 

Them: Hello, am I speaking to Mr Turpin?

Me: Yes you are.

Them: Hello, my name is Chester, I’m calling from BT tecnical support about your phone and broadband service. We’ve been monitoring that there’s corrupted temporary files on your computer..

Me: Wait, so you’re intercepting my communications..?

“Chester”: Yes sir, we..

Me: You’re SPYING on my communications??

Chester: Well sir we’re from the research depar..

Me: The only way you could know there’s corrupted files on my computer is if you’re illegally monitoring my communications!!!

Chester: Ah, well sir..

Me: What did you say your name was?

Chester: Ah? Mr Turpin.

Me: No that’s MY NAME! Fuck off please!! *I hang up*

 

Just sayin’, a good scam probably isn’t one that starts by telling you they’ve done something illegal to you.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

You’ve successfully deleted Google+ and associated social content

sci_starborne: Sign of the Fox (pic#181874)
Tuesday, July 26th, 2011 04:47 pm

We’re sorry to see you leave! Please help us improve by telling us why you are leaving and what we can do better. This survey is optional but your feedback is much appreciated.
Please tell us why you’re leaving:

I have been known by the chosen pseudonym “Sci Starborne” on the internet for over a decade. I am known by this name to far more people than by my birth name, and especially by people I actually care about. I enjoy living under this name and having all the associated back-history that goes along with it, so heavily resent being forced into having to use only my birth name which tends only to attract nightmarish ghouls from school-days.

In addition to this, the naming option is illegal under EU law, and perhaps more importantly seeks to squash the original levels of anonymity that motivated much of the original blogging revolution.

I cannot use Google+ in good faith without feeling I am assisting in a march toward a future where all internet usage is licensed and traceable, with the associated further hindrance of anonymous freedom of speech.

If you had left the option to choose a *display name* separate from my real name, I might not be leaving but would still not be inclined to post any original content on your service.

You’ve come up with a nice framework, an improved layout for social networking formats, but the first one that mimics it and allows you to make a page for your pet cat is going to win out. You’ve put too much framework in place with too little sympathy for those who dislike it.

I find this all another reminder that a company motto is in no way legally binding.

FYI: Go to “Account Settings“, click “Account overview” tab, and select your choice “Delete Google+ content or your entire Google profile”

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

HMRC cock-up pt4; The Final Insult

sci_starborne: Sign of the Fox (pic#181874)
Thursday, March 3rd, 2011 07:44 pm

A week ago I called HMRC up to check how the mess was progressing, and got some interesting feedback.

  • There’s no mention on my file about the incident OR there is and they’re not allowed to tell me because it would be an ongoing investigation; options that were both described to me over the telephone. and a spectacular exercise in fruitless paranoia generation.
  • The cover-letter I included is probably now in a waiting list. This waiting list is currently 8 weeks long. Only at that point will my letter even be read.
  • The person whose information I received would have been notified right away.

Tonight I finally got around to giving the person in question a quick phonecall to let them know the documents had been returned. They had NOT been informed. In fact they’d had to take it upon themselves to call HMRC to inform them.

Understandable since getting my call out of the blue, you’d want to be damn sure.

I mentioned the 8-week reply time, and they mentioned they’d been told the same thing. In other words HMRC wouldn’t have informed them about the mistake for over two months! Because they hadn’t gotten to it in their pile of post, despite being informed about it directly!

THIS is why you should have a separate department for security issues; because letting someone know their personal information has been leaked to the world requires a faster response than 1/6th of a year!

A dedicated address or department for urgent security issues is obvious for even small companies, yet somehow it seems to elude the management of Her Majesty’s Revenue & Customs who by law deal with the critical personal information of every single citizen of the UK!

So, presuming it’s not all an insane elaborate ruse and the department actually think the first act of someone actually out to misuse someones personal information would be to inform both that person and the department itself, then I can expect the next edition of this exciting and mind-bogglingly inept adventure to occur sometime around mid-to-late April.

Don’t hold your breath. I fully expect the attached documents to have gone “astray” in their to-do pile by then.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

HMRC Security cock-up Pt2

sci_starborne: Sign of the Fox (pic#181874)
Monday, January 24th, 2011 09:09 pm

Today I finally got around to calling HMRC back. It’s been a frustrating and rushed week with my insurance renewel and some family matters that’s put it off ’til now.

At the suggestion of several friends I called up HMRC rather than the lady whose details they’ve sent me. After 10-15 minutes on hold I got to speak to an advisor, who rapidly put me on hold again when I told them what the problem was. They came back on sounding scared, like they didn’t want to get any more of this on themselves than they could avoid. Perhaps it was my mention that I knew this violated data-protection laws?

They took some of my details, and the details on the incorrect paperwork. Then I was told I had to send it back to them so there could be an investigation.

All well and good? Well, no. The next bit went something like;

Them: “Do you still have the envelope it came in?”

Me: “Yes?”

Them: “Okay, just put it back in there and post it back to us.”

First, the envelope in question is a generic brown windowed envelope, which if I simply replace the documents in will display my address, and possibly be returned back to me again. It is also a used budget-end envelope, with the associated creases and tears from one trip, as well as an existing electronic routing stamp which I worry might furthur confuse it’s transit through the postal system.

Most importantly though, the address I was told to send it to was simply “HMRC” at The Triad in Bootle. No cover-letter, no special department. Just mine and someone elses information being tossed back to them with no reference or alert that it is actually the solitary evidence of their criminal cock-up.

Don’t letters returned to sender as-is usually get binned, or get marked as having been sent to invalid addresses? And with no tracking there’s nothing to stop this sole evidence simply disappearing the moment it’s in the post box.

They assured me the lady in question would be notified of the cock-up, they said, since her information is at risk here. Well let’s be sure of that.

Underwhelmed by their reaction, I called the lady concerned myself anyway to let her know. She fortunately seemed pretty up to speed on these sort of things, and I left her my email and mobile number to contact me on if they do or don’t contact her themselves. I also explained what my own course of action will be;

1) I will photograph the evidence

2) I will photograph my placing it in a new envelope with cover-letter

3) I will send it back to HMRC tomorrow by 1st Class Signed for so I can be sure of it’s receipt.

I will document it at each of these stages, and hopefully this will go a long way to preventing it from being conveniently lost or overlooked.

Will HMRC do things by the book when the proof is most definitely back in their hands? Stay tuned to find out!

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

Taxing security? Very. HMRC have cocked up big-time!

sci_starborne: Sign of the Fox (pic#181874)
Monday, January 17th, 2011 09:43 pm

I don’t like tax return time. The language used in these documents makes my brain spasm. For instance, their phrasing of declared losses comes up as self-contradicting to me; a loss is something I loose.. but claiming for it is something I get? How can I be loosing something I’m getting??

Maybe it’s a dyslexic thing.

Now I’ve got it done though I’m kinda wishing I could do it again, or that it had a practice-run function so I could really rip on the interface. Why did I have to click through 4 pages just to save a copy? Did I really need to be alerted what the file type was, that it would save on the next page after hitting continue, and get an approximation of download time all on separate pages?

But anyway, I had a week off from it while waiting for a copy of last years return. There was a single figure on it I claimed for last year that I needed for this year.

Now I can understand it not being given out over the phone; it’s relatively easy to pretend to be someone else there. However the HMRC website is a secure connection (in theory) which displays your current tax information. The previous return is automatically removed from it after a year apparently, which alone seems moronic; because surely one year on is exactly when you’re going to want to check it. But the information is given out through it, so how come you can’t get the details through there..?

So question-authenticated phone is insecure.

The HTTPS secure website is not considered secure for this information once it’s a year old.

But bog standard 1st Class by Royal Mail is fine.

No signature, no monitoring in transit, no tracking. It could be opened, read, photocopied & I’d never know. It could vanish into the system and all I’d be able to do is request another copy and hope no one’s preparing to rape my ghost in the government machine.

This I could visualise, this was a definite unnecessary risk I had to swallow to get the magic (and aside from this return, utterly irrelevant) number. But as they say; the problem with making something foolproof is how ingenious fools are.

I received two copies of last years return.

So assuming there were only 2 copies sent, then all is fine, right? Well no. Aside from it raising the worrying issue that if a random number of copies are being sent, you can never be sure they’ve all arrived. And aside from the matter that the “copy” is actually a bunch of printed screen-grabs (including program tool-bar!) of it on the data-entry system, one of the copies IS NOT WHOLLY MINE.

One set is fine in that it does technically have the info I need if I squint and don’t mind half the text being light grey on a slightly darker grey background. The other, which has some empty fields the other doesn’t (yet is apparently from the same screen-grabbed program), also starts with the 2nd page being from an advisor’s working form for someone else.

It doesn’t have a document number, so I presume it’s automatically generated and a printer has cocked up at their office; interleaving the first input page of someone elses claim/statement information into my own print-out.

I’m annoyed on a few levels here. Primarily it’s one of security; because my information is removed from the secure site just when I need it, it opens up the possibility of exactly these sort of mistakes occurring. They have a better system which they have elected to actively disable when required.

(The other level is typographic; their internal system prints out a visually clear and informative table of information in laser-crisp black & white, but we plebs have to deal with a printer-cropped all-grey rastered-down bitmap for our use, the likes of which a 7 year old would be embarrassed to produce for their school homework).

And because of this I now had the Name, DOB, address, NI number, telephone number, place of employment, partners name and partners DOB, of a 22 year-old woman living near Manchester who was letting them know of her partners change in employment status.

There is ample information here for someone to steal her identity, and I see that as a direct result of a poorly managed & designed government system.

Of course I’m fairly sure this incident is a breach of data-protection laws, and as such I’m intending to phone the lady in question tomorrow and let her know in case she wants to take action against them. As soon as I figure out how to phrase the conversation without sounding like a scam-artist myself.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

Eye-Fi and mobile phones – instant remote backup of photos?

sci_starborne: Sign of the Fox (pic#181874)
Tuesday, June 29th, 2010 07:24 pm

When I first heard about the Eye-Fi SDHC a couple of years ago, I was very intrigued, but saddened that it seemed so locked in to one service. But time’s gone by now, and it looks like they’ve opened their doors a lot wider.
The Eye-Fi is an up to 8Gb SD card with a built-in 802.11n wifi functionality. The idea is that when a photo is taken, it’s stored and also uploaded by any open wifi point to the web service. And now there’s a number of services including YouTube, but more importantly I feel, the open-source Gallery 2. The Gallery 2 option means it can now upload to your own personal webspace, located in the country and legal protections of your choice.

However it still requires you to get within 27meters (max) of an open wifi point. And with the spectre of an un-redacted Digital Economy Act looming, open wifi points may soon become rather thin on the ground.

However, one of the things that came up in the original discussion of the Eye-Fi was the idea of using a data-enabled SmartPhone with wifi as a bridge. Eye-Fi talks to your phone via 802.11n, phone talks to the internet via 3G or other mobile broadband. It’s a delightfully simple and compelling concept, but one that has apparently seen little development. Perhaps I’ve simply not found it yet, but it’s hard to find discussion of the subject past 2007.
Certainly you could use a laptop for the same purpose, but that shouldn’t be necessary, particularly as open-source phones such as the Android now exist, where the necessary programming should be relatively simple. And in any case, the uptime comparisons are unlikely to favour it.

In a world where police can illegally demand or force you to delete the video and images from your camera, I for one would treasure the warm inner glow from knowing that while the originals are gone, identical copies have already transferred to my phone and on to a secure server on the other side of the planet.

So if anyone knows of a bit of software to turn your SmartPhone into a passive wifi access-point/bridge, I’d love to hear about it, as I’m sure others would.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags:

Family and email security

sci_starborne: Sign of the Fox (pic#181874)
Saturday, June 19th, 2010 01:39 am

I’ve just spent three hours cleaning out my mothers computer. Hadn’t been virus or spyware checked in over two years. Fortunately she doesn’t browse much so she got away with some odd keylogger and AV-avoider. But that seems to have been enough for someone to get into her Yahoo Mail account, change the password and spam her contact list saying she’s in financial trouble in Kuala Lumpur (and to send her money there, of course) before deleting not just those sent items but everything else in the account.

So we finally figured out the password reset secret answers and got the passwords reset using KeePass this time. It will probably take mum some time to get used to it, but the other option is setting her up with webmail on my server instead where I can restore from backups, because there seemed to be no way to restore once the trash file has been emptied..

That said though, half an hour ago I found a link to the mailbox recovery form. It’s only a maybe, and only good for 24hours after deletion,  but it’s a better chance than none at all. And thanks to using KeePass and helping her pick the master password, I could get in to use the form while she’s asleep.

Maybe if we’re lucky, morning will come around and some of her mails will be restored to her.

Mirrored from The blog-hub for Peter "Sci" Turpin.

Tags: