* Posts by Ben Tasker

1283 posts • joined 23 Oct 2007

Page:

Meet the 1,000 core chip that can be powered by an AA battery

Ben Tasker
Silver badge

Re: Why?

It's part of Skynet:

....the chip can execute 115 billion operators a second while....

But seriously, as others have said - does there need to be a "why" for trying everything new? Once a technology is developed, uses will generally be found for it, and otherwise unthought of technologies sometimes grow up around them

0
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Ben Tasker
Silver badge

Tesco are using DNSSEC for their financial arms right? right? Oh wait, no they're not. Hell, they're not even using HSTS or HPKP

Got curious, turns out they're not the worst of the lot, even if far from great.

0
0
Ben Tasker
Silver badge

Also considering the risk of poisoned exit nodes & MITM, while TOR is great for anonymising your origin you probably can't trust it to protect your identity and personal details that you transmit

Well, how about the App actually verifies the certificate it receives, and they use DANE to ensure that the fingerprint of the provided certificate matches the certificate they _know_ to be real.

Then the exit not only has to MITM the SSL connection (using a publicly trusted certificate), but also has to find a way to return a valid, _signed_ response to the DNS query.

Tesco are using DNSSEC for their financial arms right? right? Oh wait, no they're not. Hell, they're not even using HSTS or HPKP

Implementing actual checks on the certificate being provided would benefit all users, tor and non-tor. Instead, they leave their app checking the local system whilst ignoring the large expanse of network between the client and the server.

4
0

Mark Zuckerberg's Twitter and Pinterest password was 'dadada'

Ben Tasker
Silver badge

Re: As for username and password,

Personally, I don't know the answer to any of my secret questions. I generate a random string and paste that in.

Passwords are in a manager so the questions shouldnt ever be needed, and if they are Ive bigger things to worry about.

Does mean it's a right shit when a site suddenly updates login to include "enter character 6 of the answer to your security question" though.

0
0

Jacob Appelbaum quits Tor Project amid 'sex misconduct' accusations

Ben Tasker
Silver badge

Re: The blog ppst

> No, I linked to a page on the Tor Project blog only, not the website Appelbaum mentions.

Strange then, the second paragraph of the statement is a bit unnecessary IMO, but otherwise not quite sure it'd fall under defamatory, even if the language is a little woolly

0
0
Ben Tasker
Silver badge

IOError's Statement

Jake has (just) published a statement - http://www.twitlonger.com/show/n_1soorlp / https://twitter.com/ioerror/status/739731362404536320

2
0
Ben Tasker
Silver badge

Re: The blog ppst

I don't know, but I suspect at least one of the deleted comments probably linked to the domain that's been, err, dedicated to ioerror - which very definitely does contain a lot of defamatory stuff.

No idea whether the allegations are true (other than that he can be a knob at times), but that site and the social media witchhunt make me sad to be part of the community. There's no reason for everything to have been done quite so publicly (the site in particular), particularly at this stage, and for a privacy loving community to seemingly take so much delight in a public burning doesn't sit well.

5
0
Ben Tasker
Silver badge

> I take it you're British? No freedom of speech, your votes don't count,

Funny, those first 2 seem to apply to the opposite side of the pond too.

As far as the monarchy goes, it seems at last check, they bring in more money that we pay to support them, which seems to be in line with the capitalist dream, no?

7
1

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Ben Tasker
Silver badge

Re: What date is good for you?

> And unless VM support for DX12 comes along, I don't trust virtualizing a gaming rig with a Steam collection that's Windows-only and VM- and WINE-unfriendly.

Not saying it's necessarily the right solution for you, but one option would be to do something like this

http://lg.io/2015/07/05/revised-and-much-faster-run-your-own-highend-cloud-gaming-service-on-ec2.html

Edit - making link clicky

3
0

Don't panic, says Blue Coat, we're not using CA cert to snoop on you

Ben Tasker
Silver badge

Re: Symantec

Browsers need to start tracking the certs for each website and if the certs change, then its untrusted even if Symantec say its trusted.

That's already possible with HPKP and/or DANE.

Googles certificate pinning, is Googles log, I have no reason to trust Googles logs either.

If you don't trust the operator of the site (in this case, Google), why are you exposing your system to their services?

1
0

Thai bloke battles jumbo python in toilet todger thriller

Ben Tasker
Silver badge

Re: Is it just me, or...

Surely we've all dealt with a user or a boss where we've thought I'd rather feed my todger to a snake?

Or... alternatively, it might be we're currently in bootnotes ;)

13
0

Hacked in a public space? Thanks, HTTPS

Ben Tasker
Silver badge

Some go further that that and are included on a list pre-baked into the browsers. So on a virgin install of Chrome (for example), if you enter http://www.google.com it should change to HTTPS without bothering to try port 80.

Helps to remove the inherent risk in just HSTS when talking about users who're visiting your site for the first time.

0
0

Hewlett Packard Enterprise hiring temps to cover for redundancies - sources

Ben Tasker
Silver badge

They're your statutory rights, you can't waiver them. They can throw money at you and make you sign something in the hope you don't use them, which is something different

True, however, they can have you sign an agreement which states that in return for the "advanced redundancy package" you won't exercise those rights.

If you then choose to do so, you lose out on the "advanced" element and fall back to being eligible for a statutory redundancy (1 week per year), in the hopes of perhaps getting a better payment, which will almost certainly be calculated using statutory values.

So, no, you can't waive your statutory rights, but by actually exercising them you effectively throw money away.

4
0

'Knucklehead' Kansas bloke shoots self in foot

Ben Tasker
Silver badge

Re: Acts of God...

> Also, ankle holsters are crap except in very particular circumstances.

For example when you're a leggy femme fatale in a movie that's just looking for an excuse to show some leg :)

It might be a limited imagination, but I can't think of a civilian circumstance where it'd likely be beneficial as it's more of a "backup" thing

3
0

Linux greybeards release beta of systemd-free Debian fork

Ben Tasker
Silver badge

> Most of the problems with systemd stem from not knowing or not caring about how to use it

I think that's a little unfair, but, that said, the very presence of systemd on a system can also lead to a systemd blinker coming down when troubleshooting.

I actually spent some time dealing with an issue earlier. For some reason systemd-udevd had started deciding to rename a NIC from it's configured name to "rename2".

I'm sure Lennart's ears were burning for a little while, until I looked a little closer and remembered what fuckwits Realtek are.

The NIC in question is part of a bond, and on the reboot just before the issue, systemd got impatient waiting for the network to come down cleanly, so just shut it off. On boot, the RTL driver reads the MAC from the NICs volatile storage (instead of the PHY) so got the bond's IP instead, which of course matches the other slave. So two NICs matched the same udev rule...oops

Blaming the (sometimes) clusterfuck that is systemd is too easy and rarely solves the problem itself.

But systemd isn't faultless either, just as some distros managed to ship flawed selinux configs (apache context? Nah, won't need /var/www/html). It's got it's problems and journalctl is a fair example (system hung and want to know why? Sorry the binary log is corrupted). Being able to pass through to rsyslogd is a bandaid not a fix for the issue

Or, as others have pointed out, the NTP issues.

5
0

E-cigarettes help save lives, says Royal College of Physicians

Ben Tasker
Silver badge

Re: "E-cigarettes help save lives, says Royal College of Physicians"

In the past when I've said similar, I've had people say "you think the cig is calming you, but actually it's just satisfying the addiction, making the cravings go away"

Because, you know, the twat who pushed untested changes to production clearly had nothing to do with the irritation in the first place..

4
0

The case for ethical ad-blocking

Ben Tasker
Silver badge

> YouTube is advertising for the artists whose material it hosts

Yeah, there are more than a few bands in my collection now who I stumbled across on Youtube, listened to for a bit and then went and bought their album. Some of those were direct sales as well, as they were small bands I'd likely never have heard of if I hadn't come across them on Youtube (At least one of the bands didn't even have an english language website).

5
0

Ad-blocker blocking websites face legal peril at hands of privacy bods

Ben Tasker
Silver badge

To be fair, as much as I don't like it, I personally think he's got a potentially valid argument on this one:

> Adblock detection tools store and execute scripts on the client to detect behaviour of that client (are they using an adblocker).

He's entirely correct that the only storage in use is the cache, which the publisher has little to no control over, and shouldn't really be considered persistent storage in the way the cookie jar is.

On the other hand, that doesn't automatically mean the EPD doesn't apply - it'd be for a court to determine. And he can't be ignorant to the fact that finding out would likely be prohibitively expensive for the advertiser on the receiving end. Far better to fix the behaviour IMO.

He's also right that the response seems to be based on the assumption that scripts are stored, so, again, the above applies - would need to be determined by a court.

But, he definitely seems to be pushing an agenda, and weakens what could be a valid point with some completely out-there arguments.

5
2
Ben Tasker
Silver badge

Re: snooping my machine

Now, if people would only pick sites based on how bad or good ads on them are, then the same evolutionary process would take place on the market of ads, and they would get all better.

Or, perhaps, things could work the way they should. Advertisers sort out the state of their own house, and people pick sites based on the quality of the content they're going there to see. No-one picks a site based on ads, though they may be pushed into avoiding it because of the ads.

As others have said, the "free market" doesn't seem to work with advertisers. Google's Adsense became hugely popular at one point, in part because the ads were largely text based and non-intrusive. Have advertisers learnt from this success, or are they still pushing flashing animated shit over our pipes? Did the popularity lead to a reduction in that kind of shite? Temporarily, maybe, but it seems to have been whilst the advertisers regrouped and then pushed back with even more crap.

12
0
Ben Tasker
Silver badge

Re: Bull

But do they?

I've seen this excuse used in so many places. You don't actually get a choice as the damage is often done before you even get a chance to say "no"

Nail on the head.

Generally, you visit a site because the page you're browsing to looks like it might contain the information you're currently after. But, until you visit, you have no idea what the "cost" will be - what JS will run, what third party trackers they use etc.

Once you've found out (and most users never do, because they don't look), it's too late, because it's already happened. All you can do is not visit in future, limiting it to one occurence (for that site). Which means it isn't anywhere close to informed consent and doesn't count.

33
1

'No regrets' says chap who felled JavaScript's Jenga tower – as devs ask: Have we forgotten how to code?

Ben Tasker
Silver badge

Re: Azer's childish decision

All that was in dispute is the modules name. How that could be used to justify transferring ownership of the module is beyond me and I'd have immediately protected the rest of my code by removing it from the service too.

Agreed, it was an arbitrary decision made with no real grounding in rationality. I'd have pulled my code and then spent some time considering whether I wanted to continue being involved with NPM given the new knowledge

I can understand the logic behind their decision to not allow unpublishing after 24 hours, but on the other hand, it's my code and I now have to ask permission to withdraw it? The end result of that, presumably is going to be for a dependancy to just sit unmaintained

12
1

90% of SSL VPNs are ‘hopelessly insecure’, say researchers

Ben Tasker
Silver badge

That was the argument I was going to make, until they mentioned that just sticking with the vendor's default accounted for a good number of those. That's a different kettle of fish.

That aside, using a certificate signed by your own CA doesn't offer any issues IMO, so long as the clients trust your CA. In fact, if you're using a client that can be told to _only_ trust your CA then even a cert from a compromised public CA becomes less of a vector.

Having a cert issued by a publicly trusted vendor has it's value when it's randomers hitting your service (e.g. a https site), but when the end client is one you control (e.g. a work laptop) or operated by someone you're associated with (like a colleague) reducing trust to a CA you control has some benefits

3
0

Brit spies can legally hack PCs and phones, say Brit spies' overseers

Ben Tasker
Silver badge

Re: English

I though the standard for those was Chinglish?

1
0

Heart Internet in 22-hour TITSUP after data centre power stuffup

Ben Tasker
Silver badge

Re: The servers may be up...

Yeah, I spent some time this morning recovering databases from backup as the sudden power interruption wasn't particularly appreciated by InnoDB.

They did a reasonable job of updating their webhostingstatus page, but I can't help think a cursory notification email would have been nice once they were aware there was an issue

3
0

Leak – UN says Assange detention 'unlawful'

Ben Tasker
Silver badge

> What exactly was he hoping to achieve from this?

The only conclusion I've been able to come to on that one is - his name in the news again.

If the report says it was unlawful, it makes no difference as it has no legal sway whatsoever. Assange's supporters no doubt will be all over the net saying "the UN has ruled Assange's treatment illegal" I'm sure, but other than that very little real difference.

If the report had come back and said it was 100% lawful, does anyone believe he'd actually have walked out of that embassy and accepted arrest?

It's essentially a publicity stunt and nothing more

3
0

BT broadband is down: Former state monopoly goes TITSUP UK-wide

Ben Tasker
Silver badge

Re: self-generated DDoS

It would. 'Cos like I said, while the BT Wholesale CentralPlus service was around (which was designed for and exclusively used by BT Retail), it don't need no username and password for authentication, just the circuit ID,

Ever so slightly different now (or was 6-9 months ago, whenever they put my Infinity in).

The username/password still isn't technically used by a HomeHub. The Modem's MAC is whitelisted and the authentication works/fails based on that - they managed to send out a batch of HH's without authorising them to connect them to the network, so I had a very confused engineer here at the time.

As others have said, yesterday, CHAP was failing. Prior to that though packets were making it 1 hop into BT's network and then falling off the network

0
0

The monitor didn't work but the problem was between the user's ears

Ben Tasker
Silver badge

Re: Old IT joke

Try explaining to the new Commanding Officer in a military unit why it is that the power-cut has affected his office (not operationally essential) and yet all the sockets and lights in IT's office are still functional.

The operational reasons of making sure the office, DC and path to the DC stay live are obvious, but the explanation is somewhat undermined when it's pointed out that your coffee machine is plugged into one of the "essential" sockets.

13
0

Research: By 2017, a third of home Wi-Fi routers will power passers-by

Ben Tasker
Silver badge

Re: Non-starter, at least here in the US

That's assuming it surfaces over your usual IP address as NAT of course. Anyone know?

I can't remember exactly which of the two it is (I believe the latter) but the way BT's works is either

- Goes out over a VPN

- Goes out with specific DSCP markings to differentiate

(IIRC it changed from one to the other at one point)

In either case someone downstream will be able to tell the difference - it certainly gets NAT'd away from your WAN IP before it goes anywhere near the net at large so won't help with snooping by Google either

0
0

'No safe level' booze guidelines? Nonsense, thunder stats profs

Ben Tasker
Silver badge

Re: What's the point of living?

@Stuart 22

I've just marathoned the last season of Peep Show so in my head it was Jeremy's voice saying - fits perfectly so have an upvote

0
0

It's 2016 and idiots still use '123456' as their password

Ben Tasker
Silver badge

Re: idiots still use '123456' as their password

Depends how many drinks she's had ;)

2
0
Ben Tasker
Silver badge
WTF?

Errrr

Not to be picky, but the blog linked to in TFA has a recent post appearing to be the one TFA is referring to, except that it was posted a year ago and the included list is from 2014's top 10.

El Reg hasn't accidentally fallen for the tweet old content as if it were new trick has it?

Edit: looks like this is the correct link https://www.teamsid.com/worst-passwords-2015/

2
0

What if China went all GitHub on your website? Grab this coding tool

Ben Tasker
Silver badge

My site uses on the wire encryption, so shouldn't cause any issues for anyone visiting my humble slice of the net.

On the other hand other sites may not keep up with things, and gating punishes the users not the admins (though if it's severe enough, they may well see a drop in traffic which should provide some motivation if they figure out why).

Personally, if I were implementing the gating (and couldn't opt not to) the one big change I'd make is to implement a notification system, something like the following

- User A visits example.invalid via HTTP, feature X is gated so browser effectively disables feature on that site

- User A's browser generates a HTTP request to example.invalid with a recognisable request path (something like /gated-feature-denied.html) with a User-Agent string including a URL to documentation explaining the gating

At the moment it relies on users actually bothering to tell site admins, which most won't. If you're going to punish the users, make it damn easy for the admins to realise this is the case.

0
0
Ben Tasker
Silver badge

"I only want my HTML, and don't need no stinking cert" crowd are unlikely to be too bothered about JavaScript.

I wouldn't be so sure on that one.

Personally, I'm against the idea of browsers gating "core" functionality on the presence of SSL/TLS. Ultimately the user is being punished for something they have no control over. You can argue they can go elsewhere or bitch to the webmaster, but what if they've spent hours trying to find something niche and this site looks like it has it, but is http only?

On the other hand, blocking certain things might be more appropriate. You can have JS but no XMLHttp/XHR and no cross-domain requests (i.e. posting a form to another domain). But then you're increasing complexity and likely still leaving holes.

Either way though, sites need to start getting their act together and looking out for their visitors. Especially anywhere which might be considered a popular destination, such as an IT centric UK based lesbian website ;)

1
0

BTC dev: 'Strangling' the blockchain will kill Bitcoin

Ben Tasker
Silver badge

Re: Bit bollocks more like

I sat down with a colleague and tried to work out how to pay for something in Bitcoins. It's the most fiendishly complicated way of paying for anything that I've ever seen

Open (or log into) wallet. Enter recipient address and amount, click send.

What's fiendishly complicated about that?

Laying your hands on BTC is only slightly more complicated than getting your hands on foreign currency (assuming you're going the exchange rather than mining routes).

There are plenty of (valid) criticisms of bitcoin, but I'm really struggling to see ease of use as one of them. Unless you count finding a merchant willing to accept them of course.

Even at the other (seller's) end, it's not particularly difficult. Generate a transaction specific address, display that and outstanding balance to user. Monitor transactions against that address, waiting for n confirmations and then mark payment as complete.

5
2

Dear Santa: Can gov.UK please stop outsourcing?

Ben Tasker
Silver badge

Re: Law against offshoring

Also a bit crap if you expand and go global. Now available in Asia, but sorry Asians, our call centre is open 9-5 UK time.

It'd probably keep jobs here temporarily, but UK based businesses would be unable to compete with non-UK business so we'd likely all end up jobless in the long run

10
2

The Police Chief's photo library mixed business, pleasure and flesh

Ben Tasker
Silver badge

Re: Not NT 4.0

Knowing some users, Warp.

5
0

New HTTP error code 451 to signal censorship

Ben Tasker
Silver badge

Re: An actual use for it...

Including a tryagain date in the status code isn't the best way of doing it, status code descriptions should be (relatively) static.

But adding a x-will-be-available-at or the like would be a nice touch, especially if people stick to the same header (much the same way as x-forwarded-for became defacto).

It could also be nice, for dmca type takedowns, to have a "standard" x-see-more containing a link to chilling effects or similar

4
0
Ben Tasker
Silver badge

Re: Shirley

Not necessarily, the client may have erred by being geographically located somewhere the content is censored.

But, actually, it's not a server error anyway. The client has erred by either requesting content that isn't available (404) or content the client isn't authorised to request (403).

The 5xx range is for where an action the server needs to complete has failed (upstream unreachable, parse error on a cgi script etc).

4xx is definitely the right range for this use, though it's applicability does seem a little limited. You'd use it if you've received a takedown, but an on the wire censorship mechanism is unlikely to use it

3
0

DEAD MAN'S SOCKS and other delightful gifts from clients

Ben Tasker
Silver badge

Re: Never answer 'Whisky' to a non Whisky drinker.

The trick is to clarify a little, I was kindly given a good bottle of scotch a few weeks ago as a thank you.

Though I will normally try and put people off getting me wine, whisky, rum or brandy as my tastes run expensive. It's one of the downsides of having had good staff discount at an offlicense in the past.

0
0

UK police cuff suspect over VTech toy hack

Ben Tasker
Silver badge

Re: The real question is why hasn't anyone at VTech been arrested?

Agreed. This news sounds more like a case of shooting the messenger rather than dealing with the twatspanners who thought playing fast and loose with their customer's data was an acceptable thing to do.

As other poster's have said, we need to start going to the top and targeting the champagne guzzling C suites who view security as a cost centre which can be cut/ignored to boost profits.

3
0

Donald Trump wants Bill Gates to 'close the Internet', Jeff Bezos to pay tax

Ben Tasker
Silver badge

> I do hope he wins the nomination. I can't conceive of a world in which he wins the election

I've a strong (and slightly worried) feeling that if Clinton were to win the nomination, a lot of people would vote for Trump instead.

11
1

Pirate Bay domain suspended thanks to controversial verification system

Ben Tasker
Silver badge

Re: Hold on...

> It only has to be an entity that can be responsible for the domain. Any number of anonymizing services will protect peoples' privacy and civil rights.

Be wary of who you choose though. Nominet's view is that the domain is "owned" by whoever is named in the whois. So if you're talking about a .UK you're effectively signing ownership of the domain over to a third party, at least in terms of anything where you might want Nominet to get involved. So make damn sure that anonymizing service is one you trust

3
0
Ben Tasker
Silver badge

Re: If You've Done Nothing Wrong, You've Nothing to Hide

> I use a domain privacy service. Costs a fiver a year. Is that no longer allowed?

Depends on the Registrar. Our own Nominet went through an unpleasant phase not that long ago.

They changed the rules so that if your site is commercial, you must populate the whois with valid/accurate data (i.e. not a privacy service). The problem is, their definition of commercial was a bit, eh, broad. Carry ads? Commercial. Make reference to selling something? Commercial

They're now trying to overhaul the way privacy services work on .uk so that when you select "private" your details still go to Nominet, they just won't be published in the whois. Because part of the reason we use privacy services couldn't possibly be that we don't trust nominet themselves?

1
0

PHP 7.0 arrives, so go forth and upgrade if you dare

Ben Tasker
Silver badge

Re: Not backwards compatible can cause a lot of problems

3. It introduces weird scope for errors and restriction for no good reason.

Particularly in 3 which now complains if you've mixed tabs and spaces for your indenting. It is bad practice and should be avoided, but it's not exactly the easiest thing to spot if you've got limited tools to hand at the time

3
0

Amazon's new drones powered by Jeremy Clarkson's sarcasm

Ben Tasker
Silver badge

Re: All the things

> You have that correct, but somehow you feel this is dishonest?

It's not dishonest, as such. But taking it to an extreme, look at the tricks Verizon likes to pull in the US - FiOS runs past >90% of households in $area. Of course actually getting them to connect you is something entirely different.

> Show a little faith. Sure, they probably will crash and burn, but no need to go on moaning about the inevitable like some dreary greek chorus.

I was more complaining that El Reg's usually faultless lazer vision seemed to have failed to burn through that statement. Mind you it was ~4am so perhaps I missed something

1
0
Ben Tasker
Silver badge

If Amazon is going to achieve 30-minute delivery for items of that ilk, it will need a lot of rather large warehouses in many, many places, just to keep stuff within 16 km of everyone.

You forgot to enable corporate speak on your babelfish. They've no intention of being to deliver to even the majority within 30 minutes. They said

Amazon adds that it hopes “one day … to deliver packages to customers around the world in 30 minutes or less.”

Which roughly translates to - We're going to have depots in various locations worldwide so we can claim global reach. But to actually benefit from our 30 minute delivery time, you'll have to be one of the relative few who live close to those locations. But look, drones, cool eh?

Drones may be relatively cheap, but running warehouses isn't and if they want to achieve 30 minutes delivery to the majority, not only will they need more warehouses, they'll need to hold more stock. All of which costs money, so they'll just tell everyone about their new delivery service and you'll find out you're not eligible when the postie arrives

11
0

Hello Barbie controversy re-ignited with insecurity claims

Ben Tasker
Silver badge

Re: The Great Unwashed are not so paranoid

> The great unwashed are too careless with their personal information. They do not realize that hackers are looking for easy targets and they paint a bulls-eye on their backs.

The problem is it's not just hackers or truly 'personal' information either

There's plenty of stuff that I did as a teen that I'm fucking glad isn't available online. Like everyone else, I'm happy to talk about some of the antics I got up to, but there are other things that are best left buried. I'm sure most people my age probably have at least a few things they feel that way about.

The "great unwashed" though, are posting their antics on facebook, and then complaining when they become a meme. In a decade or so, someone's going to go onto goofacetwat.er and search for their name and dredge it all up again.

I know people who are against the IPB, but don't think twice about letting their social media 'friends' know every time they take a shit. Of course, the latter is their choice, but it still seems bizzare

20
0

Millions of families hit in toymaker VTech hack – including 200,000+ kids

Ben Tasker
Silver badge

Re: Naff

The second problem is that even if it does hit the mainstream news (based on what I've heard people saying in response to the TalkTalk problem) most people still won't understand the issues, and will carry on as before.

Especially as VTech are playing the same card as TalkTalk - focusing on direct financial consequences (we don't store credit card details) - rather than acknowledging that losing non-financial data can also be harmful.

As an example, a particularly "entertaining" section from their official statement

In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

Correct, but they did lose (from earlier in their statement)

- Name

- Secret question and answer

- Mailing address

- IP address

Which is pretty identifying. Given people re-use secret questions all the damn time, that's more than enough for me to get in contact as "your ISP". All I need to find is a phone number, which is fairly simple given the information above.

I'd have more respect for them if their statement simply read "We fucked up"

1
1
Ben Tasker
Silver badge

Re: Naff

Our littlun got given one for xmas a few years back by a family member.

They're not bad pieces of kit, per se, but definitely shouldn't go for the price they do. But VTech are out and out robbing bastards (the one cartridge that comes with the tablet is loaded with nothing but ads).

Not received an email, but logged in to check what might have been lost

- kids name: beetlejuice

- kids dob: wrong day,month and year

- account email: dedicated mailbox

- account pass: random string unique to vtech

- address: 200 miles out

Some would say I have trust issues, but time and time again I seem to be being proven right.

Companies need to stop asking for data they don't need and can't protect

43
0

Microsoft rides to Dell's rescue, wrecks rogue root certificate

Ben Tasker
Silver badge
Joke

Re: "Dell's dumb DLL"

I was supportive of your plans, right up until you used the term "Nosh", then my brain decided "fatty, disgusting sausages" could only have been a simile for something I don't much fancy wrapping my lips around.

You ruined the dream man......

0
0

Page:

Forums