| hads | So someone sent me an email saying there is a security issue with my website which emails you a termporary password. "I keep my email account open 24/7 on my cellphone, so if someone had stolen my phone they would have access to the account." | 20:33 |
|---|---|---|
| hads | morning | 20:33 |
| thumper | morning | 21:05 |
| mwhudson | morning | 21:27 |
| G | hads: then I think that guy has bigger problems, like with just about every other website he uses :P | 21:44 |
| G | morning | 21:44 |
| hads | Indeed, I tried to be polite about it. | 21:45 |
| mwhudson | you should suggest he uses his phone as a 2fa device | 21:56 |
| ojwb | morning | 22:36 |
| ojwb | hads: boggle | 22:36 |
| ojwb | the assumption that email is a secure way to reset a website password is problematic, but it's pretty much ubiquitous | 22:37 |
| ojwb | the sites I really have a problem with are those which send you back your password itself | 22:39 |
| ojwb | like mailman, which insists on doing that monthly | 22:39 |
| hads | Yeah, these are all salted hashed so a temporary short lived plain text one is generated. | 22:40 |
| ojwb | yeah, that's arguably current best practice | 22:40 |
| ojwb | is this for nicegear? presumably that would allow them to see things like his previous orders, which you presumably also emailed to him... | 22:41 |
| hads | Yeah | 22:42 |
| hads | Nevermind the rest of the things on the phone. | 22:42 |
| ajmitch | or being able to reset any other account out there that doesn't use 2fa (though the 2nd factor is probably on the phone) | 22:42 |
| ojwb | there's a bank ad currently which touts being able to send payments to your facebook friends | 22:44 |
| ojwb | so there's now a clear monetary incentive for scammers to get you to friend them on facebook | 22:45 |
| ojwb | some days i think I'm just getting old and cranky, other days the world seems to have lost the plot | 22:46 |
| ojwb | like credit cards you just need to wave at the till to pay with... | 22:47 |
| G | ojwb: the ASB one? | 22:52 |
| chilts | morning | 22:52 |
| ojwb | G: maybe - it has Brian Blessed in | 22:52 |
| G | that is actually what I like about Westpac's mobile platform, they have a 'Cashtank' app, it does one thing, and one thing only, and that is show me how much money is in my main account, it can't do anything else - lose my phone no biggy on that department, my money is safe | 22:53 |
| * ajmitch feels like such a luddite without a modern phone | 22:53 | |
| chilts | G: "NO BIGGY! YEEE BIGGIE!!!!" | 22:53 |
| chilts | +S | 22:54 |
| chilts | damn | 22:54 |
| * chilts likes Brian Blessed | 22:54 | |
| G | chilts: well they'd still be able to read my e-mail, but the main thing is that my savings are safe because there is no way to get from the cashtank app to any other banking function (unless Westpac has a pretty big hole in their API) | 22:55 |
| chilts | yeah, sounds like a good app that Cashtank one | 22:55 |
| chilts | I was merely commenting on the ASB adverts :) | 22:55 |
| chilts | (the one where the farmer saves the sheep and says "no biggie" | 22:56 |
| chilts | I'd prolly install something like that, ie. a read-only interface to my accounts | 22:56 |
| G | oh right, I skip the ASB ads, they bug me | 22:56 |
| chilts | heh | 22:56 |
| chilts | they used to for me, but this series is ok | 22:57 |
| chilts | on the other hand, I moved away from ASB 'coz they were crap | 22:57 |
| chilts | for not as bad as ANZ | 22:57 |
| chilts | s/for/but/ | 22:57 |
| chilts | interesting typo | 22:57 |
| G | Westpac does some pretty silly things, they appear to be more spammy than any other bank (in terms of marketing/offers with statements/credit card bills etc) | 22:58 |
| G | my favourite is I get e-mails from a Branch Manager, i've only ever visited his branch once | 22:59 |
| ojwb | probably lonely | 23:02 |
| G | yeah, I kinda wish there was a mainstream bank that just didn't suck (they are all sell-outs) | 23:04 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!