Thursday May 17

Archive for the ‘J! True Stories’ Category

« Older Entries
May
23/09
Who’s In The Hotel: Security FAIL
Last Updated on Saturday, 23 May 2009 11:58
Written by jj
Saturday, May 23rd, 2009

I think I’ve waited an appropriate amount of time to post this. I don’t want to implicate the exact hotel, but here’s another security fail to share with you all on this lovely holiday weekend…

Several weeks ago I walked in to a major chain hotel around 9:00 or 10:00pm. When I approached the front desks (there was a grouping of them) I wasn’t met with a hotel receptionist. I was greeted instead with what seemed to be the entire hotel guest list printed (in alphabetical order by surname) and left on the top of the counter.

It took several mintes (specfically, just over four minutes) for a hotel representative to realize I was there and come from an office they were tucked into somewhere behind the desks. I didn’t mind the extra wait, it gave me time to look over the list, giggle and even take some photos. One of which is provided in a blurred format below. (And no, there was no two-way mirror giving them a view to the front check in.)

This post and the “What’s Your Preferred Internet Password?”  post are a tribute to Johnny Long and the Security FAIL image project.

Tags: , ,   |  Posted under J! True Stories, Travel  |  Comments  1 Comment
May
22/09
What’s Your Preferred Internet Password?
Last Updated on Saturday, 23 May 2009 12:05
Written by jj
Friday, May 22nd, 2009

Oh, so what; you’re not going to tell me?

It should be fine for me to ask, Priceline does…

I’ve seen references to a ‘popular travel site’ using this question from years ago, but I certainly never expected to see this in 2009. When you log in to the Priceline.com site, it asks for your email address and your security question (or as they call it, your sign in question). I was shocked when I used Priceline to book recent travel to the West Coast and had to set my login preferences.

One of the options under personal information is to set your security question to “What is your preferred internet password?”. I’d have to say that’s irresponsible AT BEST.

Well, at least it’s a secure https page, right? ;)

 

# # #

Tags: , ,   |  Posted under J! True Stories, Travel  |  Comments  4 Comments
Jul
03/08
Grande Theft Auto… What Was He Thinking?
Last Updated on Monday, 21 July 2008 11:37
Written by JJ
Thursday, July 3rd, 2008

Well, it didn’t happen to me- but here’s another J! True Security Story for you…

I went to the salon today to ‘get my nails did’ and was greeted with quite a ruckus. The entire staff is Vietnamese- no big surprise there- but the owners and most employees speak English extremely well and so everyone is always chit-chatting throughout the salon.

The wife side of the husband-wife team was especially giddy as she shared a little gem of a story with me today… and I didn’t feel I’d be doing you justice to keep it to myself. 

They (the salon staff) all live in one of the larger cities here in NC. One of their friends (a middle-aged guy) was out shopping Monday and was sitting in his car in a parking lot during a coming- or going- to a store. A young girl (mid-20’s) came up to his car and motioned to ask for use of his cell phone.

Now, at this point in the story, I could have told you the rest…

photo_girlcell.jpgHe opened the window a bit and the young lady asked to borrow his phone for a moment to call a family member. Turns out she had some car troubles and needed a ride. Being the nice gentleman that he is, he lent her the phone and she took a couple of steps away to make the call. Only… she didn’t stop. Evidently she got about 4 cars down the row before our chivalrous guy got out of the car and gave chase.

When he got in reach, she pushed him down to the ground and – yep – ran back to his car, phone still in hand… and drove away.

He now has no car and no phone. So, ironically enough, he then had to approach a stranger and politely ask for the use of their cell to phone home and let the group know he was bamboozled. A few tears were shed, but his wife assured him it would be fine and he shouldn’t be scared. (No, I’m not making that up).

I was giggling right along with her (and the guy’s wife, who happened to be there).

Moments later I thought to myself, “I hope that doesn’t happen to me!” Almost in the same instant I realized… it probably wouldn’t. I’ve been a bit of a paranoid freak since I was little, thanks probably in most part to having two ex-military intelligence parents. For all my life I’ve been raised with ‘the security mindset’ as Schneier refers to it.

Always suspicious… always calculating… always aware… and certainly never underestimating a situation.

And so then I had to muse… WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my ‘inside voice’, but I do have to wonder why you’d sacrifice the security of a vehicle for a $50 cell phone.

The moral of the story…  There are two. 1) Involve someone with a ‘security mindset’ and 2) Your security is only as strong as your people. A sweet damsel in distress… social engineering at it’s finest…

# # #

Tags: , ,   |  Posted under J! True Stories  |  Comments  No Comments
Jun
09/08
PCI, PII, a Roofer and a SSN
Last Updated on Monday, 21 July 2008 11:43
Written by JJ
Monday, June 9th, 2008

Yet another J! True Security Story for you…

This weekend I met with a roofer at my rental property to take measurements, see what needed to be done and get an estimate. When we met at noon, it was over 100 degrees there in central North Carolina and we spent just short of 3 hours going over everything.

The roofer, let’s call him Ross, was from one of the larger commercial home improvement stores. This particular store was offering a consumer credit program with 12 months interest-free financing. There was also a full window replacement project to follow right behind the roof. While I was prepared to pay cash for the roof and/or windows, the no-interest option offered an advantage, so I read the terms and conditions and gave the go-ahead.

Before I realized what was going on, my friendly roofer Ross was filling out a consumer credit card application for me. I remembered thinking this was odd, as we leaned against his truck, still outside in the heat. I think I mumbled something to the effect of “oh, it’s strange they make you guys do this part too..”. He had asked for all the usuals- my current and previous addresses, annual income and – of course- my Social Security Number. And, after standing in 100+ degree heat for 3 hours, I gave it all to him without batting an eye. As soon as he had it all, he called into to the mothership and was processing my credit app over the phone as I stood by to answer any new questions.

This day happened to be Ross’s wife’s birthday and they had some afternoon plans once our appointment was over. I was his last appointment of the day before he headed home to the missus for her birthday celebrations. I thanked him for his time, wished him a happy weekend and went on about my day.

What was wrong with this picture? I didn’t quite figure it out until a tall glass of tea cooled me down and returned my brain to normal operating temperature. What in the name of security did I just do? All my information (including my new credit card number) was written down on that credit form and tucked into his little notepad with the other miscellaneous papers, product glossies and forms he was carrying around… in his personal truck… on a weekend… D’OH.

I’m sure it will be fine (that’s what we all tell ourselves, right?). But in the off chance something happens… well, let’s not even go there.

# # #

Tags: , , , ,   |  Posted under J! True Stories  |  Comments  2 Comments
Apr
01/08
Trouble in the Neigborhood
Last Updated on Tuesday, 12 August 2008 04:14
Written by JJ
Tuesday, April 1st, 2008

Another J! True Story   (yes, with a typo in the title ;)

Yesterday, the emails and group posts were flying around like crazy. Our little neighborhood has a private Yahoo Group for residents to communicate and connect- I’ve been overjoyed to have the online venue and it certainly proved useful these past couple of days.

We live at the end of a cul de sac, with a lovely wooded area occupying the space past our fenced-in back yard. Past the woods is a main street they’re in the process of widening. (I know, grrreeat). A couple of weekends ago, two adult men (who were obviously out of place) came up behind our house out of those woods. Our lab/rottie mix (who looks like a full Rottweiler) took notice and wasn’t happy.

So, as any good dog owner would do in that situation… I let her out to have at it. The yard is fenced, so there was no danger of anyone (them or her) getting hurt. But- it was enough to scare the crap out of them and their lackadaisical walk quickly turned into a swift gait the other direction. I couldn’t help but giggle a little.

Mission Accomplished. For now anyway.

I didn’t think much about it until yesterday when my inbox lit up with posts to our online neighborhood group. It seems there have been several similarly suspicious situations (say that 3 times fast) occurring at various times of the day and night in our little corner of Earth. Mostly, what we (the neighborhood) deemed a childish prank has now turned into a full blown ‘security’ issue. (You knew that word was coming!)

It started with harmless prank doorbell-ringing, but the offense list has grown to include instances of beating and kicking doors in the wee hours of the morning. Other neighbors have noted recent instances of someone coming onto their back deck and tapping on the back door, only to have disappeared before the home owners could make it downstairs. Each time the culprit takes off if -or before- the occupant can respond. There have been only a couple of partial-sightings, where another neighbor caught a glimpse of the incident, and it has been confirmed that these are not kids. From the posts yesterday from a handful of folks, I’d say there were at least a dozen or so instances already documented.

So that leads me to wonder… are they merely childish pranks… or are these adults scoping out a neighborhood and testing to see who’s home… ?

Either way, midnight window-tapping and 3:00am kicks at your front door (which evidently left dents) are nothing to dismiss. We’re asking the local Police Department to increase the frequency of their drive-thrus in the area. And, I’m thinking of having the group organize a neighborhood camera system.

For now, our 75-pound, four-legged black and tan security system helps me feel a little better about it all.

# # #

Tags: , , ,   |  Posted under J! True Stories  |  Comments  2 Comments
« Older Entries

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Topics