Random Nonsense – Page 27

Citigroup – URL hacked? Seriously?

Apparently the hackers who stole all kinds of personal information to Citigroup’s website did so by URL hacking.

This is just unconscionable. Even before you get to cyber-security 101, SOMEONE should have figured out that putting the account number in plain text in the URL was a terrible idea.

I don’t care who you are, the first thing you need to know about dealing with a website is that your server cannot trust a user’s input. This can be for any number of, even very innocent, reasons – but primarily as a way to be ward against potential problems. It just sickens me that their website had what amounts to zero security. URL hacking isn’t even really hacking at all, it’s just a matter of tweaking URL address inputs. It’s essentially the equivalent of dialing a company’s phone number and changing the extension by one digit just to see if you can escape phone-tree-voice-mail-hell. 1 2

I mean, would you, as a bank, put deposit or balance information into the URL? NO. Otherwise in 5 seconds everyone would alter their links to include “&currentbalance=100000000000”. 3 Why, then, would you ever include plain text bank account numbers in the URL and not actually verify that information on the server side?! I mean, this is the kind of security you get with WordPress for free just by installing it.

The Citigroup website is very Web2.0, rounded corners, social-media and blogging links. It looks great. Did they just have their web designer handle security? How the hell did this happen?!

Okay, Sony, Facebook, Twitter – these things get hacked because of lame or re-used passwords. Those guys got hacked because their attackers were smart. Citigroup got hacked because they are too stupid to handle a basic website, let alone someone’s money.

Or purgatory? [↩]
Definitely purgatory [↩]
Or, better yet, “&currentbalance=pony” [↩]

Freecycle.org – why are you so terrible?

I’ve spent probably an hour today trying to give away an awesome sofa couch and matching stuffed chair. I tried to list it on Craiglist, but they had this terrible system where you had to give a phone number and wait for an automated phone call or SMS. It only allows you submit or try a phone number every five minutes. When the automated phone call doesn’t come through, you’re stuck trying another number. Oh, and you can only try up to three numbers in a 12 hour period. I just want to GIVE AWAY some awesome furniture! I’m not applying for a line of credit. After futzing around for an hour or so, Craigslist apparently gave up and let me post anyhow.

In the meantime I tried out Freecycle.org. What a fiasco. It took me 60 seconds to figure out how to sign up. To post anything you have to join a group – but joining a group was even less intuitive than the way to sign up. Once you joined a group, you were punted to a Yahoo Groups page. But, to do anything further you had to then sign up for a Yahoo! account – not that any of this was explicit.

I eventually just went old school – and wrote FREE on some cardboard and put them on the sofa and chair in the driveway.

Windows 8?!?!

What the hell? I’m not done hating Windows 7 yet!!!

Surprising spam comment

There was this spam comment to a recent post referencing Doctor Who’s sixth season:

..As with the series of Doctor Who last year the final two episodes before the finale have been much more small scale and in some ways a little different. Last week we had a largely Doctor-less story Love and Monsters and this week we got Fear Her a which is set largely in one single.

The wildest thing about this comment is that it isn’t entirely off base. The comment relates to the third season of Doctor Who with Martha Jones and the two episodes “Love and Monsters” and “Fear Her.” 1 Someone supposedly named “E. Keith Owens” using the e-mail address “timmy_b_dickerson_dzn57@hotmail.com” who posted that spam comment apparently stole it from this website.

I have to wonder – is this a crazy new form of spam? Did they just type in a few keywords and then get two blogs – mine and that other one – then try to copy/paste our content as comments into each other, and try to get a link back to their crappy foreign exchange website? 2

What incredible nonsense. As with stupid scareware, why don’t smart people just spend their time creating things that offer value in exchange for money?

Incidentally, two of my least favorite episodes. [↩]
I deleted your link. So there. :P [↩]

Yesterday was a good day

Twice yesterday I had someone ask me, “Do you know something I don’t know?”

Whenever someone asks me that question, I get downright giddy and reply, “I know many things you do not know.”

Before I had robots…

My favorite open source project was WordPress. Now, don’t get me wrong, I love me my WordPress, but I tend to usually spend my precious tinkering time with robots.

But sometimes, such as this very morning, I enjoy just a little bit of tinkering. I’ve made a few very subtle changes to the blog. You shouldn’t notice unless you do something very odd here. If you do, you might notice a little extra wibbley wobbley in your timey wimey.

Congratulations Renosis!

Renosis and I had a friendly dispute. We decided to settle it by challenge – a Maker challenge.

I have a feeling Maker disputes are different from other kinds of disputes. Even though we were competing against each other, we still consulted each other, bounced ideas off one another, and, I like to think shared in each other’s successes. But, at the end of the day, he got more Likes for his epic Gangsta Chess Set than I got for my Fez Pezsta.

Would you like to know what the dispute was? Of course you would!

Renosis was sending me two of his extra bearings and a few extra hardware bits for the X-Axis Follower and wouldn’t accept any payment in exchange. We were both being stubborn about that point – he didn’t want to accept the $11 and I was insisting on paying.

If I won he would accept the $11. If he won, I would not pay him $11. :)

Google Giveth, and Google Taketh

So, apparently NOW I can access Google Groups while still logged into my Google account. However, now I can’t be logged into two separate accounts at the same time.

I think this is more irritating.

Is there some kind of Google competition for ways to be more aggravating? ‘Cause they’re winning.

Doctor Who Teasers – Matched to episodes so far

Last week I posted a list of 41 teasers from the current Series 6 of Doctor Who. I don’t think any of these actually count as spoilers, but in case you do – stop reading. :) Continue reading Doctor Who Teasers – Matched to episodes so far

How Makers Settle Disputes

So, here’s the deal. Renosis and I are settling a friendly disagreement by participating in a design challenge. The rules are simple:

We have 24 hours to upload and publish a Gangsta derivative STL on Thingiverse, starting 5/26/2011 at 11PM EST.
On 5/31/2011 at 11PM EST, the person with the most number of likes wins.

Here’s all you have to do, go to Thingiverse to see my brand new Fez Pez Gangsta, aka the Pezsta, and click Like!