waider: (Default)
Et tu, ThinkGeek? Like most of the sites I register for that actually support it, I registered for this one using an email address with a plus-sign in it[1]. Today, attempting to do a little Christmas Shopping, I noticed that the email field on the shipping address was empty, and filled in the exact same address as I'd registered with. And the site not only told me it looked incorrect, but the text of the error suggested that I could go ahead with it anyway, except there was no way to do that. On top of this, my phone number, which, being an international number, I also helpfully added a plus-sign to, had said plus-sign dutifully replaced with a space[2]. Which is the only reason I can think of that my payment was declined when I got to the checkout; I checked every other single bit of information, and it was all correct. I wound up paying via Paypal, and sending the ThinkGeek folks a little friendly feedback suggesting they fix this mess.

[1] For those of you who haven't seen this before, it's a trick supported by some email systems that allows you to receive mail to your regular address, but also allows you to figure out where that mail came from. So if, for example, I'd registered on somesite.com using waider+somesite as the mailbox part of my address, and then I subsequently received spam from another source to waider+somesite, I'd have a good indication that somesite.com leaked my info to spammers. Of course, I'm mildly surprised that no spammers appear to try to fake this.

[2] This is old-school web stuff: once upon a time, you represented spaces in a data submitted to a web form by replacing them with plus-signs. This has various technical explanations, but ultimately it boils down to laziness on the part of the guys who developed the system. As soon as people figured out that, hey, this made it difficult to enter actual plus signs, a new means of submitting data was decided upon, but the old pluses-to-spaces thing remains in place for backward compatibility with, like, the 500 people who were using the web before it was determined that this was a bad idea. And this bad idea still trips people up, even big-name people who really should know better.
waider: (Default)
It's time to renew my car insurance; the letter advising me of this tells me I can do it online. And so I go to AA Ireland's payments page and attempt to enter my details - only to discover I can't enter my policy code as it's a 10-character string and they have, for some reason, capped the relevant input field at 9 characters. Classy.

update: renewed it by phone instead. Mentioned to the customer service rep that I was unable to renew online. From his disinterested response I don't hold out great hope for it being looked at, much less fixed.
waider: (Default)
When I arrived home this evening, somewhat later than usual thanks to a conference call, I discovered an Amazon package leaning against my front door, made slightly damp by the inclement weather and not carried off by thieves and brigands only because my front door is down a flight of steps (although a similar basement next door was broken into a few years back). This is what we laughingly refer to as postal "service" in Ireland. Bizarrely, there was also a "we were unable to deliver..." notice for something I'll have to collect from the local sorting office; why they didn't just bundle them both together I have no idea.

No, I have not opened the package. I am presuming it to be a Christmas gift from one of my siblings and thus off-limits for another two weeks.

update: Apparently the notice was for the package which had been "delivered" against my front door. Go figure.
waider: (Default)
In my continuing existence as a crash-test dummy for customer service, I attempted to make use of my credit card provider's shiny new online activation system. It asks you for the CVV from the back of the card, plus two random letters from your mother's maiden name - or, I presume, some other thing related to your security question. Predictably - for me, anyway - it didn't work the first time I tried it. I tried again just now and it asked for the 12th and 13th letters of said name. The name in question isn't nearly that long. So, I resorted to phoning the callcentre to activate the card, in passing confirming that they do in fact have the correct name on record, and I've just now offered this as a bug through their online contact system. Really, how hard can it be to test something like this before you roll it out?

update: it turns out that they'd somehow entered the name into the system TWICE, and lost a letter along the way. Excellent.
waider: (Default)
I've been eyeing up Brenthaven's Expandable Trek backpack as something that I could use both for hauling my shiny toy around and also something I could use for commuting to the office (since the office laptop is roughly the same dimensions as the shiny toy). Brenthaven and Froogle both give the list price of this particular piece of luggage as $99.99, with Froogle showing various discounted versions as low as $65 or so. However, the backpack is also stocked in the Apple Store, which is more convenient for me in as much as that would mean shipping from within this country and paying in Euros, except that Apple are using the magical $1 = €1 exchange rate. Right now, that means that if I bought this from Apple's Irish store I'd be gouged a whopping €40 over the (US) list price. For comparison, I went digging for a more local non-Apple supplier, and found a UK site listing the same product (out of stock, alas) for about €75 - not great, but still almost €25 cheaper than Apple.
waider: (Default)
Vodafone seem to have decided that this would be a good time to prevent me from sending text messages to anyone - you know, now that I've got a bit of news to spread. Thanks, guys.
waider: (Default)
My online banking stopped working with Safari. Known problem, apparently. I just tried logging in, got the error page, and recycled back to the front page only to discover that there's now a separate link for people using Safari to follow.

When you click on it, it goes to an IP address, and you get a certificate error on account of this (hostname doesn't match certificate). This is exactly how people get spoofed by phishing sites, and here's the Bank of Ireland doing it all by themselves. Most excellent.

update: for bonus points: the IP address doesn't have a reverse lookup (although whois reveals that it's at least in BoI's IP space); and for extra bonus points, there's a "Protect yourself online" link which, when you follow through it and click its "Proceed" button, dumps you back to the real site where your hapless Mac browser will fail to work once more. A+.
waider: (Default)
I've finally given in and run up Firefox on the Mac.


Because I can no longer access either my online banking or my motor tax renewal forms with Safari. Who'd have thought I'd be driven to open-source technology by a bank and local government?
waider: (Default)
Bank of Ireland Life Online, but without the www still goes to a domain control/placeholder page. Seriously. Who let these people near the Internet?
waider: (Default)
Bank of Ireland, once again: http://bankofirelandlifeonline.ie/ currently redirects to a placeholder page with the text, "we've just hosted our site with irishdomains.com but we haven't moved in yet.". Add a www in there and you get the Bank of Ireland Life site you'd have expected. Oh, and the placeholder has a "click here to log into the site management stuff" link.
waider: (Default)
(cropped to avoid screen-filling; it's a stock Netscape iPlanet Server (or thereabouts) internal error page.)
waider: (Default)
Ulster Bank: better than BoI. If by "better" you mean "lost more laptops".

Friends First: Mail Merge is hard!
waider: (Default)
The VFI are still the same bunch of misanthropes as the last time I checked: they're expected to criticise proposals to lower the legal blood alcohol limit for drivers, because let's face it, people should be allowed drink and drive, nanny state, our own business, etc. etc. etc.

And Bank of Ireland aren't quite done on their admission of laptop losses; apparently they lost one in Kildare 7 years ago. The bank seems to be treating it as an unconfirmed allegation, while RTÉ seems to be taking it as fact.
waider: (Default)
In this case, the left hand knows exactly what the right hand is doing: they’re both giving you the finger. (link)
And a lovely quote, too.
waider: (Default)
My website and email are currently offline due, as best I can tell, to some sort of upstream routing issue at the ISP. From the pattern of failure - existing connections remain functional, new connections can't establish - I'm guessing someone's poked about on a router and messed up the ACLs. Or maybe a router is in the process of dying horribly. I'd call the tech support/customer care line, but they only operate from 8 to 8 on normal working days, and today's a bank holiday. THANK YOU ESAT BT.

update: service restored at approx 5:39pm

update to update: and then my webserver spontaneously rebooted.
waider: (Default)
Last week, the bank said that medical records, bank account details, names, addresses and dates of birth of 10,000 customers were on the laptops.
In an update, Bank of Ireland said an assessment had concluded that the risk of fraud arising from the thefts was 'very low', as the data on the laptops did not include bank account passwords, PINs or copies of signatures. (link)
This is so pig-headedly wrong I can't come up with a suitable comment. You have someone's date of birth, bank account details, name, and address? You can get some pretty funky fraud going right there, with a little ingenuity and some social engineering to grease the wheels of the process.
waider: (Default)
I got an IM this morning from someone I've not talked to in a long time. It was a url for what appears to be a photo-sharing site. I say "appears to be" as the first thing it wanted me to do was give it my MSN username and password to log in, and it's not a Microsoft site, so I declined and opted to read their T's & C's instead.

Which explains why I got the IM in the first place:
We may temporarily access your MSN account to do a combination of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.
I am very much NOT going to link to the site, I will just point out that it's "myfriendz.info" and leave you explore if you see fit. Don't log in, though.
waider: (Default)
"Bank of Ireland apologises to customers and is committed to moving as quickly as possible to allay the concerns of affected customers," the company said in a statement last night. (link)
Indeed. Moving as quickly as possible by not saying anything for months (the laptops were stolen over a period between June and October last year).

The opposition parties are, as expected, getting their mouths in on the act: Labour deputy leader Joan Burton said "I am calling on the Financial Regulator and on the Information Commissioner to make a clear statement on the implications of these security breaches,", because, no doubt, a clear statement is more important than, say, some action. Somewhat more usefully, Fine Gael’s communications spokesman Simon Coveney called for "...the mandatory encryption of all sensitive personal data carried portably; and for the strengthening of the Data Commissioner’s powers to investigate and enforce regulations, even where a complaint has not been made." - both measures I agree with, although I suspect the latter can only practically be accomplished by random checks since we don't yet have the ability to confer psychic powers on the Commissioner; the former is loosely specified in the existing legislation under the requirement to "adequately secure" data on a sliding scale based on its importance, impact of its disclosure, etc.
waider: (Default)
Bank of Ireland - my bank - have lost 4 laptops containing information on 10,000 customers. No, that's not right. They lost the laptops last year and only reported the loss on Friday. A cursory glance at the Data Protection Commissioner's website doesn't reveal any requirements for disclosing this sort of breach, mind you.


waider: (Default)

April 2017

232425262728 29


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 23rd, 2017 03:14 pm
Powered by Dreamwidth Studios