That is not a Wallet
It is a sieve. Use it to strain pasta.
A bloke from Washington is suing T-Mobile USA after miscreants were able to steal his phone number and take all his crypto-coins. Carlos Tapang this week told the US state's western district court that the telco broke America's Federal Communications Act when, in November of last year, it allowed strangers to get control of …
Go on then, how were the crims able to do this? Are there any online crypto exchanges/wallets that only require a mobile phone number to get in? Surely a username/password was also required? How did the criminals get those? I wonder if he's not telling the whole story and is simply trying to put the blame for his own poor security practices onto someone else.
There's the problem with this... someone thinks a cell phone is a secure device. If it had been stolen he'd still be up the same creek without an oar. Using it in certain hotspots means that someone is probably listening in and capturing your data going out over the airwaves. Cell phone and security aren't synonymous.
I almost hope there's one or two IT people on the jury to explain it to the others.
And yet HMRC insist on access to accounts via a keycode sent to your mobile in a plain text message.
And a username/password. And some detail from documentation a scammer isn't likely to have, like your last P60. And you can choose a Verify provider instead of UK Government Gateway (in fact they're virtually insisting on it now) which uses better 2FA like TOTP.
> And some detail from documentation a scammer isn't likely to have, like your last P60.
I've not once had them ask for this during login (or submitting a return)
> And you can choose a Verify provider instead of UK Government Gateway
That reads to me like a justification on the basis that we've fucked up our own auth systems, so please instead provide your details to a 3rd party so that we can cop-out of doing things properly
Credas, I had to take all my documentation to my nearest government office (the local Job Centre) for sending to HMRC because the Verify providers said I did not exist... and I wasn't the only one with the same issue.
It was the same documentation the Verify provider said didn't exist...
Is there any genuine legal use for cryptocurrency that isn't better served with normal currency? They sure don't take it at the supermarket.
Criminals stealing from criminals doesn't really bother me that much.
Criminals stealing from rich people that can afford to accumulate a startling $20K in useless cryptocurrency against its possible future use doesn't bother me either.
Based on this article I called T-Mobile. When I had called before (for an unrelated issue), they forced me to set up a numeric PIN that _should_ be validated whenever someone calls T-Mobile asserting to be me.
So today (after verifying my PIN) the representative simply checked a box that said my numeric PIN would be required before a port-out would be processed. This is not an option you can tick through the website.
The representative was very surprised that I was calling in response to an "article". Apparently they are sending texts to customers and she was not aware that the public would be calling unbidden.
Here is the text message they are sending out (for any that are curious):
T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more: t-mo.co/secure
I had a pin on my account to begin with, had to set a stronger one. My original pin was 4 digits, they upped it to 6 digits. If the 4 digit pin will not save me, WTH will a 6 digit??
Surprised that more people don't know that there is a simple solution to this. Payfone (full disclosure: I work there) has an API that prevents account takeover through direct partnerships with mobile carriers:
It's up to crypto companies themselves to implement the technology but I'm hoping that more of them wisen up so that they can protect they customers and reputations.
Thanks for reading.
Biting the hand that feeds IT © 1998–2019