230 stories
·
0 followers

Voting Software

15 Comments and 45 Shares
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
Read the whole story
alexanglin
11 days ago
reply
Ottawa, Ontario
Share this story
Delete
13 public comments
caffeinatedhominid
5 days ago
reply
Yep.
tante
8 days ago
reply
xkcd on voting software is spot-on
Oldenburg/Germany
wmorrell
9 days ago
reply
Hazmat suit, too. Just to be safe.
rjstegbauer
10 days ago
reply
Amen!! Paper... paper... paper. It's simple. It's trivial to recount. Everyone already knows how to use it. It's cheap. It's verifiable. Just... use... paper.
ianso
10 days ago
reply
Yes!
Brussels
ChrisDL
10 days ago
reply
accurate.
New York
reconbot
10 days ago
reply
Legitimately share this comic with anyone who represents you in government.
New York City
cheerfulscreech
10 days ago
reply
Truth.
jth
11 days ago
reply
XKCD Nails Secure Electronic Voting.
Saint Paul, MN, USA
skorgu
11 days ago
reply
100% accurate.
jsled
11 days ago
reply
endorsed; co-signed; it. me. &c.

(alt text: «There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.»)
South Burlington, Vermont
alt_text_bot
11 days ago
reply
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
alt_text_at_your_service
11 days ago
reply
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
srsly
11 days ago
Seconding this policy ^^

Peer Review

4 Comments and 21 Shares
Your manuscript "Don't Pay $25 to Access Any of the Articles in this Journal: A Review of Preprint Repositories and Author Willingness to Email PDF Copies for Free" has also been rejected, but nice try.
Read the whole story
alexanglin
23 days ago
reply
Ottawa, Ontario
Share this story
Delete
4 public comments
kellyu
18 days ago
reply
I need to find the black power salute emoji.
Zaphod717
19 days ago
reply
Relevant to my interests...
The Belly of the Beast
alt_text_bot
23 days ago
reply
Your manuscript "Don't Pay $25 to Access Any of the Articles in this Journal: A Review of Preprint Repositories and Author Willingness to Email PDF Copies for Free" has also been rejected, but nice try.
alt_text_at_your_service
23 days ago
reply
Your manuscript "Don't Pay $25 to Access Any of the Articles in this Journal: A Review of Preprint Repositories and Author Willingness to Email PDF Copies for Free" has also been rejected, but nice try.

Software Development

3 Comments and 15 Shares
Update: It turns out the cannon has a motorized base, and can make holes just fine using the barrel itself as a battering ram. But due to design constraints it won't work without a projectile loaded in, so we still need those drills.
Read the whole story
alexanglin
32 days ago
reply
Ottawa, Ontario
Share this story
Delete
3 public comments
awilchak
30 days ago
reply
yep
Brooklyn, New York
alt_text_bot
32 days ago
reply
Update: It turns out the cannon has a motorized base, and can make holes just fine using the barrel itself as a battering ram. But due to design constraints it won't work without a projectile loaded in, so we still need those drills.
alt_text_at_your_service
32 days ago
reply
Update: It turns out the cannon has a motorized base, and can make holes just fine using the barrel itself as a battering ram. But due to design constraints it won't work without a projectile loaded in, so we still need those drills.

Plant Your Flag, Mark Your Territory

1 Comment and 2 Shares

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.

The crux of the problem is that while most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online — such as Social Security numbers, birthdays and addresses.

Some examples of how being a modern-day Luddite can backfire are well-documented, such as when scammers create online accounts in someone’s name at the Internal Revenue Service, the U.S. Postal Service or the Social Security Administration.

Other examples may be far less obvious. Consider the case of a consumer who receives their home telephone service as part of a bundle through their broadband Internet service provider (ISP). Failing to set up a corresponding online account to manage one’s telecommunications services can provide a powerful gateway for fraudsters.

Carrie Kerskie is president of Griffon Force LLC, a company in Naples, Fla. that helps identity theft victims recover from fraud incidents. Kerskie recalled a recent case in which thieves purchased pricey items from a local jewelry store in the name of an elderly client who’d previously bought items at that location as gifts for his late wife.

In that incident, the perpetrator presented a MasterCard Black Card in the victim’s name along with a fake ID created in the victim’s name (but with the thief’s photo). When the jewelry store called the number on file to verify the transactions, the call came through to the impostor’s cell phone right there in the store.

Kerskie said a follow-up investigation revealed that the client had never set up an account at his ISP (Comcast) to manage it online. Multiple calls with the ISP’s customer support people revealed that someone had recently called Comcast pretending to be the 86-year-old client and established an online account.

“The victim never set up his account online, and the bad guy called Comcast and gave the victim’s name, address and Social Security number along with an email address,” Kerskie said. “Once that was set up, the bad guy logged in to the account and forwarded the victim’s calls to another number.”

Incredibly, Kerskie said, the fraudster immediately called Comcast to ask about the reason for the sudden account changes.

“While I was on the phone with Comcast, the customer rep told me to hold on a minute, that she’d just received a communication from the victim,” Kerskie recalled. “I told the rep that the client was sitting right beside me at the time, and that the call wasn’t from him. The minute we changed the call forwarding options, the fraudster called customer service to ask why the account had been changed.”

Two to three days after Kerskie helped the client clean up fraud with the Comcast account, she got a frantic call from the client’s daughter, who said she’d been trying her dad’s mobile phone but that he hadn’t answered in days. They soon discovered that dear old dad was just fine, but that he’d also neglected to set up an online account at his mobile phone provider.

“The bad guy had called in to the mobile carrier, provided his personal details, and established an online account,” Kerskie said. “Once they did that, they were able transfer his phone service to a new device.”

OFFLINE BANKING

Many people naively believe that if they never set up their bank or retirement accounts for online access then cyber thieves can’t get access either. But Kerskie said she recently had a client who had almost a quarter of a million dollars taken from his bank account precisely because he declined to link his bank account to an online identity.

“What we found is that the attacker linked the client’s bank account to an American Express Gift card, but in order to do that the bad guy had to know the exact amount of the microdeposit that AMEX placed in his account,” Kerskie said. “So the bad guy called the 800 number for the victim’s bank, provided the client’s name, date of birth, and Social Security number, and then gave them an email address he controlled. In this case, had the client established an online account previously, he would have received a message asking to confirm the fraudulent transaction.”

After tying the victim’s bank account to a prepaid card, the fraudster began slowly withdrawing funds in $5,000 increments. All told, thieves managed to siphon almost $170,000 over a six month period. The victim’s accounts were being managed by a trusted acquaintance, but the withdrawals didn’t raise alarms because they were roughly in line with withdrawal amounts the victim had made previously.

“But because the victim didn’t notify the bank within 60 days of the fraudulent transactions as required by law, the bank only had to refund the last 60 days worth of fraudulent transactions,” Kerskie said. “We were ultimately able to help him recover most of it, but that was a whole other ordeal.”

Kerskie said many companies try to fight fraud on accounts belonging to customers who haven’t set up a corresponding online account by sending a letter via snail mail to those customers when account changes are made.

“But not everyone does that and if the thief who’s taking advantage of the situation is smart, he’ll simply set up an online account and change the billing address, so the customer never gets that notice,” Kerskie said.

MARK YOUR TERRITORY

Kerskie said it’s a good idea for people with older relatives to help those individuals ensure they have set up and manage online identities for their various accounts — even if those relatives never intend to access any of the accounts online. Helping those relatives place a security freeze on their credit files with the four major credit bureaus (and with another, little known bureau that many mobile providers rely upon for credit checks) can go a long way toward preventing new account fraud.

Adding two-factor authentication (whenever it is available) and/or establishing a customer-specific personal identification number (PIN) also can help secure online access. For those who can’t be convinced to use a password manager, even writing down all of the account details and passwords on a slip of paper can be helpful, provided the document is secured in a safe place.

This process is doubly important, Kerskie said, for parents and relatives who have just lost a spouse.

“When someone passes away, there’s often an obituary in the paper that offers a great deal of information about the deceased and any surviving family members,” she said. “And the bad guys absolutely love obits.”

Eschewing accounts on popular social media platforms also can have consequences, mainly because most people have enough information about themselves online that anyone can create an account in their name and start messaging friends and family members with various fraud schemes.

“I always tell people if you don’t want to set up an online account for social media that’s fine, but make sure you tell your friends and family, ‘If you ever get a social media request from me, just ignore it because I’ll never do that,'” Kerskie advised.

In summary, plant your flag online or — as Kerskie puts it — “mark your territory” — before fraudsters do it for you. And consider helping less Internet-savvy friends and family members to do the same.

“It can save a lot of headache,” she said. “The sad reality is that criminals very often only need to answer two or three questions to commit fraud in your name, whereas victims typically need to spend hours of their time and answer dozens of questions to undo the resulting fraud.”

Read the whole story
alexanglin
47 days ago
reply
Ottawa, Ontario
Share this story
Delete
1 public comment
jshoq
52 days ago
reply
This is super important. In this modern age, at least setting up online accounts with critical financial institutions and vendors is necessary. Setup the accounts for yourself and help family members setup them as well. In this story, the victims were elderly and did not know to do these sorts of things. Help out your parents and family to protect them.
Seattle, WA

The first cyberattack took place nearly 200 years ago in France

1 Share

France created a national mechanical telegraph system in the 1790s; in 1834, a pair of crooked bankers named François and Joseph Blanc launched the first cyberattack, poisoning the data that went over the system in order to get a trading advantage in the bond market. (more…)

Read the whole story
alexanglin
83 days ago
reply
Ottawa, Ontario
Share this story
Delete

GDPR

4 Comments and 16 Shares
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
Read the whole story
alexanglin
85 days ago
reply
Ottawa, Ontario
Share this story
Delete
4 public comments
satadru
84 days ago
reply
Also, for GDPR purposes, I live in France now.
New York, NY
Lythimus
86 days ago
reply
another God Damn Privacy Report.
alt_text_at_your_service
86 days ago
reply
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
zippy72
80 days ago
But Sycorax Rock!
alt_text_bot
86 days ago
reply
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
Next Page of Stories