I think I may be the victim of a “phone scam”. This morning two lasses came round claiming to be students just moved into the house a couple of doors a way. The said they were trying to set up their internet connection  but they needed a corded phone to check the line - of course they all had mobiles but not much use! In the spirit of kindness I lent them a phone, but it hasn’t some back.

I’ve read about phone scams but didn’t really know what one was until now. I expect the guys from the real hustle are explaining what you can do with four thousand used land line phones…

Update! They just brought it back, with thanks and cake (students feeding me? isn’t it supposed to happen the other way round?).  People being nice to each other, I’m sure this is more frequent occurrence than The Daily Mail would have us believe but they make their money out of worrying the worried with “news” of real scams. If we weren’t worried we wouldn’t buy the rag so they have keep up worry levels to keep up sales.

Too much security? I’m always complaining about it - however unless my wife has really spent £160 on XBox games like Metal Gear Solid (or something like that) then I may have to slightly change that to - Too little security, I’ve always said so.

It would be typical if if my wife’s card had been cloned / abused / whatever (what do I mean “if”, do I really think she’s got an Xbox stashed in the wardrobe? All those shoes are just a false lid to her gaming haven?) as she is always shredding innocent details (I keep saying “your name & address is in the phone book”, “yes it’s a receipt that has 4 digits of your card on but no one can use it”) and warning her aged P’s to look after their details. In fact we spent last night shredding years worth of her mum’s financial records. She still leaves a check on the step for the milkman though - name, address, bank details!

Anyway looks like we’ve got to spend hours on the phone getting it sorted

I’ve got to decide what outcome I want here, do I want it to be stolen card details? Hmm, which is going to be cheaper - a ripped off credit card or marriage counselling and gaming addiction counselling?

A friend (no really) has a couple of PC’s they want to pass on but the friend is an accountant (see it is a friend & not me) and they want to make sure the disks are sanitised of any confidential data before they let them go. I had a google and came up with eraser at http://www.heidi.ie/node/6 . Is it safe idea to use freeware for your security?

 I’d go for the “boot nuke disk” but I guess that leaves no OS for the next user. Still that resolves any licence issues too. Any other suggestions as to what to use and how?

I’m sure I’ve said before that if you make safety / security procedures too complex people will just bypass them and leave you worse off than before. Another example has just arisen from good old Tesco. To get into my account they want the 1st 3rd  & 4th digit of my pin & the 2nd 5th and 8th letter of my password. Typing all of it would be easier, missing 1 digit out of my pin isn’t going save my account from hackers is it? As for my password I end up either writing it down & counting which letter is where or reciting it down my fingers (usually out loud or at least with moving lips!). Either way it would be more secure if I just typed the damn thing in. My other gripe with Tesco security is they only accept 8 character passwords. Well I say accept, you can type 12 characters on the register page but they trim it to 8 and if you enter more than 8 on the login they reject it.

All in all longer passwords and none of the 1st 3rd & 8th would make life easier AND more secure.

As a man with more books than is good for him (or the house) I do list books I no longer want on Amazon as a seller. Not all of them as some (most) aren’t worth anything - a lot of books are listed at 1p and the seller makes a bit on the postage. By the time amazon have had their cut that’s a quite small bit.

Selling on ebay makes more as their cut is less BUT with amazon you don’t need to mess around with photos & flashy listings. Just a basic entry under the ISBN and aim to be cheaper (or more collectible) than anyone else. The real benefit of Amzon over ebay is that it doesn’t cost to list & the listing stays active for 60(?) days and after that you can re-list if you want so it is all round less work. If/When a book sells they send you an email.

Just like round here, Amazon have re-vamped their site. One of the irritating things is they no longer include the buyers address in the email they send so you have to log on to get it. I suppose this is better from a security point of view, the less information in clear text mails the better. Not sure if this is why they have done it but maybe it does make sense.

http://www.itpro.co.uk/news/192123/infosec-08-virtual-desktop-on-a-flash-drive.html

This is brilliant. Everybody (who is anybody?)  has a PC or access to one. Using virtualization and this you could carry “your” pc on your keyring then slap it into your home desktop / laptop / friends PC / the machine in your holiday home / flat / hotel…

I used to use Tanden removable drive PC’s when I first worked from home. I just took the disk into the office & booted what looked like my PC. 

Imagine never being more than a fiddly bootup away from your PC - hot desking worldwide! 

I wish companies would keep their forms up to date or at least in sync. Having applied for a credit card on paper (don’t ask me why it couldn’t be done online) I then came to activate it on line. I was initially bemused when it told me my details did not match their records. Bemused because all I had entered was my mothers maiden name and my email and

You sometimes wonder if in a world of management speak stating the obvious is genuinely seen as a clever thing. Over at

http://www.forbes.com/technology/2008/04/09/virtualization-rsa-malware-tech-virtualization08-cx_ag_0409virtual.html

Someone is (being paid for!) saying if malware controls the virtualization host it will have access to all the virtual machines and their data without the virtual machines knowing!!! Well I never, that’s as if someone bugs the telephone exchange you won’t find the bug on your handset and they’ll hear all the calls not just the ones on your phone.

Who’d have thought it? Well who’d have thought you could get paid for telling people something quite that obvious.

Then again someone is probably being paid for the comment “Rather than the usual pattern, where we deploy a technology and wait for it to get hacked, wouldn’t it be cool to try and secure it first?”

Wow, someone should suggest to the O/S people to try adding some security when they design things. OK, you may think Microsoft didn’t but I think you’ll find they just didn’t do it very well. They didn’t design it to be full of holes (except maybe any employees who moonlight for anti-virus companies).

And “wouldn’t it be cool”??? Surely doing the obvious is the opposite of cool, what we used to call “sensible”.

I am assuming the people designing virtualization software are putting some security in there and that it will be considerable more secure than end user systems just because it is not designed for end users. It can’t be tweaked with downloaded screen savers and won’t have clots (oops, busy, non technical people) opening dodgy emails.

 Going back to the phone exchange analogy, I hope it might be a bit harder to get in there and plant a bug - or am I being optimistic and expecting people to do the obvious (cool?) thing?

One thing I almost appreciated with my new big company is the need to use a hard password. They require you to use a 12 digit mixed case with numerics and you must change it every 12 months. A bit of a pain but I can appreciate the need for it.

However (you knew that was coming!) I’ve just discovered that each machine has an admin level account set with no password! Der, how secure is that? This is (I assume) to let support get access but to leave it blank? Maybe the logic is that even if it was set to a serious value then it would soon become well known and so pointless - but it would still be an improvement. A proper password hashed against the m/c serial number would be better.

Given the general efficiency round here it could just be the original account setup to allow config (these m/c’s arrive with user name accounts and passwords hashed against personal details so someone has set them up individually and we don’t use the Administrator account) and no one thought to remove it or give it a password.

As ever, it’s talk the talk, make the employees jump the hoops but at company level don’t even attempt to do it right.

So, have you checked your m/c - just nip into control panel, user accounts and see what accounts are there and if you don’t like them delete them or reset their passwords to something sensible.

Not having a good day, so far I have :