• TInkerghost (unregistered) in reply to Worf
    Worf:
    Actually, the verification could be done by the call.

    When you call a 1-800 number, the owner of that number gets your real phone number. It's called ANI (automatic number identification) It can't be spoofed like Caller ID - the phone number is sent out of band to the destination. So whenever you call a 1-800 number, your phone number is revealed to the callee, regardless of any blocks you may have. (Since they pay for the call, they're entitled to know who's calling them). [snip] (TRWTF is why Caller ID and ANI are two separate systems running in two different methods and not integrated with each other).

    Actually there is a purpose for that. Caller ID is designed to be spoofed - as in the 400 phone lines from BIG Corp all need to say the same thing.

  • (cs) in reply to KenW
    KenW:
    G Money:
    Call display. Cross-reference with fax number. Done.

    Bzzt! You lose.

    How would they go to the "fax machine" (which doesn't exist, since they're receiving their faxes via email) to call to change the address?

    They plug a phone into the fax line?

  • (cs) in reply to ThePants999
    ThePants999:
    Phormer Fone Pholk:
    Phone numbers are static and assigned by the phone company. I've never heard of any phone company that would let you treat phone numbers like DHCP assigned IP addresses that you can just aquire and release within 15 minutes.
    I've never heard of a phone network that could cope with that :-)

    Not a traditional phone network, but would be fairly trivial with VOIP.

  • David Walker (unregistered) in reply to FredSaw
    FredSaw:
    This is like when I accidentally set off the alarm system in my home as I was leaving. I had to go in and wait for the monitor to call, to tell them it's a false alarm, or else they would send the cops out to investigate, and false alarms tend to piss the cops off, and you don't want to piss off your friendly neighborhood cops, because it's like the boy who cried wolf, and the next time might be real, so... I went back in, and waited... and waited... and about eight minutes later (how much damage could a burglar do in eight minutes, do you suppose?), they called.

    Them: Hi, this is WTF Security calling; we've got an alarm signal for your residence. Is everything okay there?

    Me: Yes, I just accidentally set the alarm off. It sure took you a long time to call.

    Them: I called as soon as I got the signal, sir.

    Me: When I set the alarm off I came back in to wait for your call. That was about eight minutes ago.

    Them: I called as soon as I got the signal, sir. I'll just mark this as accidental. You have a nice day.

    Me: You think maybe you ought to ask me for my password first?

    Them: Okay, sir, what's your password?

    Me (getting really pissed now): I don't know what the damn password is, man, I'm a burglar.

    Them (getting about as pissed): Sir, I seriously doubt that you're a burglar.

    Me: Fine, whatever. Tell your boss I'll be replacing you guys with someone a little more dependable. (hang up)

    I was changing the batteries in all of the wireless door sensors at my parents' house. As soon as you open the cover on the sensor sending unit, the alarm rings immediately. (I had temporarily bypassed some zones, but picked a wrong one.)

    The phone rang within 10 seconds. Now that's good service by the monitoring company! They asked me my password before they would talk to me about ANYTHING.

  • TPD (unregistered)

    SQL Injection? a buffer overrun? it's always possible they had discovered a flaw in their system and the "security" reason was to protect their own backs.

  • Andy (unregistered) in reply to Someone You Know
    Someone You Know:
    KenW:
    G Money:
    Call display. Cross-reference with fax number. Done.

    Bzzt! You lose.

    How would they go to the "fax machine" (which doesn't exist, since they're receiving their faxes via email) to call to change the address?

    They plug a phone into the fax line?

    Except the fax line is at the fax-to-email company, not the company you're calling from.

    Regardless, "cross-reference" doesn't mean "verify that it's the same". Presumably they have a list of phone numbers associated with fax numbers, or vice-versa.

    Anyhow, there have been some very good points and I think everyone can agree that verification based on location is just not a good way to do things.

  • Jay (unregistered) in reply to VGR
    VGR:
    Bob N Freely:
    Exactly why I don't bother with a home security system. I have no faith in the companies that provide them, and frankly, any determined thief is bound to find a way around it.
    That may be, but there is something to be said for keeping out the not-so-determined opportunist thieves who can't resist what they perceive as an easy score. A home alarm system doesn't set out to be totally effective, just more effective than nothing at all.

    I figure that any security system -- physical, computer, whatever -- does 3 things:

    1. It keeps out the incompetent criminals.
    2. The competent criminals see that you have a security system and the guy down the street doesn't, so they go after him instead.
    3. For the competent criminals who still decide to attack you, it might slow them down or force them to be obvious enough that human security is alerted.

    As to #1: I'm coming to the conclusion that the vast majority of criminals are pretty stupid. Just read news reports or look at some of those "dumb criminal stories". It occurs to me that people who are really smart and capable are unlikely to burglarize a house or steal a car because there are plenty of legal things they can do to make money, and the risk of getting caught and going to jail just isn't worth it. Even if he has no morals, is somebody who earns $100,000 a year going to risk going to jail to steal a television?

    As to #3: For example, why put a lock on my front door when a competent thief can surely pick the lock and even an idiot could break the door down with a battering ram? But if I'm inside and somebody tries to break into my house, the lock on the door may slow him down long enough for me to tell my daughter to call the police while I get a gun and make sure it's loaded and cocked. And if I'm not home, maybe a neighbor will notice somebody picking the lock or breaking down the door and call the police.

  • (cs) in reply to Andy
    Andy:
    Someone You Know:
    KenW:
    G Money:
    Call display. Cross-reference with fax number. Done.

    Bzzt! You lose.

    How would they go to the "fax machine" (which doesn't exist, since they're receiving their faxes via email) to call to change the address?

    They plug a phone into the fax line?

    Except the fax line is at the fax-to-email company, not the company you're calling from.

    The Real WTF is that it's past 2 in the afternoon and I'm still not awake enough to have thought of that.

  • Stephen Baynham (unregistered)

    Man, that alarm company story reminded me- I used to work for a retail company that had a lot of money running through, so we had one of those under-the-counter burglar alarms. You know, the "WE ARE BEING ROBBED RIGHT NOW SO LET ME PRESS THIS SECRET BUTTON" alarms. During a furniture move we accidentally ripped the alarm out of the wall (which automatically sets it off and lets the company know that the alarm was not just lost, but intentionally cut- it's supposed to be the most dire of alarms). We didn't notice we ripped it out until the cops arrived nearly three hours later.

  • Andrew (unregistered)

    Reminds me, I got an email from $BUSINESS_PARTNER recently about how, due to their new security policy, if you requested a password reset they would no longer be providing it over the phone, but instead, emailing it. Now I understand the point of that, to a certain degree (the email address is considered a trusted point of contact), but wouldn't a callback on the telephone make more sense from a security standpoint?

    CAPTCHA: distineo. distineo, distinere, distinui, distentus V keep apart, separate; prevent, hold up; distract;

  • user (unregistered) in reply to charon

    A while ago at work our alarm system just quit working. When we opened up that morning the control panel was completely dead, no alarm went off, nothing. A few hours later the alarm itself randomly came back to life and of course went off immediately, while the control panel remained dead. We ended up having to cut a few wires to shut it up, and in a panic the control panel got ripped right off the wall and destroyed. Not only did the security company not call, but they didn't return our calls for several hours. The only thing I can see that makes this anywhere near excusable is the fact that an alarm going off during business hours is probably false. Still, your alarm is going off during business hours and you have no way to shut it off, and they're not even answering the phones? Needless to say, we have a new system now. :-)

    charon:
    Belcat:
    Security companies suck. But usually the biggest suckage is if your phone gets cut, no alarm. Or the thief has a cell phone jammer, same thing again.
    Our security company uses an independent radio connection. If they loose our signal, the alarm is set off. (Of course, the radio has a UPS, too)
    And this connection is reliable? You don't get false alarms because of interference or cosmic rays or whatever?
    DutchDude:
    So, after he jiggled the door open, I walked inside, grabbed a letter and showed it to him. He was happy, I paid and he left. Despite me asking when he arrived and again when I handed him the letter if he needed to see my ID, apparently just knowing who lives at a certain address and if they recently got a bank statement can get you inside for a reasonable price.
    The fact that you immediately located such a letter might have something to do with it. If it weren't your house, you'd probably have to hunt around a bit.
  • psm321 (unregistered) in reply to FredSaw
    FredSaw:
    I went back in, and waited... and waited... and about eight minutes later (how much damage could a burglar do in eight minutes, do you suppose?), they called.

    What company was this?

  • SMS (unregistered) in reply to FredSaw

    Who monitored your security system?

  • grammernarzee (unregistered)

    Our password arrangements here at my office seem counter-productive. If you ask for a password reset, they always set it to something 'hard to hack', e.g. G65tuz8i. So what does the average user do then? Well

    1. If too lazy to change to something memorable, they will write it on a post-it note and attach to monitor;
    2. If not too lazy to change, then it will be changed to 'password01', like all the others;
    3. If a bit of a nerd, may be changed or not, and will be held under PasswordSafe, thus reducing all passwords to one. And they force password changes every 90 days, thus ensuring that we follow this goofy procedure. What they should do, is give us passwords that are both memorable AND 'hard to hack'. If they sent me 'dog01cat' or 'bit99bat', then I might be able to remember it without writing it down, which is what you want, right?
  • Chris (unregistered) in reply to FredSaw

    Reminds me of a few months ago. My neighbors moved and their realtor was handling their utilities. The realtor apparently had the wrong address because they got my water and power both shut off. Nice to see that the utility companies go to great lengths to insure that no one maliciously discontinues their customers services. I just hope the realtor got the address straight before they sold the house.

  • RH (unregistered) in reply to T $
    T $:
    FredSaw:
    This is like when I accidentally set off the alarm system in my home as I was leaving. ... *SNIP* ... Me: Fine, whatever. Tell your boss I'll be replacing you guys with someone a little more dependable. (hang up)

    Very amusing story, I wholly enjoyed it. What I don't like about it is that everyone replies by quoting the whole story and taking up a lot more space than necessary. Thank you for writing and have a great day!

    Yeah, guys. Stop clogging the tubes. We're running out of space on the interwebs!

  • May Lovelace (unregistered)

    Give me a break! Stop whining about password pains and hassles. Web things have web ways to deal with that, just used mashedLife.com and that's the end of all your password pains. I can't live without it nowadays.

  • None (unregistered) in reply to FredSaw

    I'm betting you typed in your security code to silence the Alarm noise. Hence they know someone with a valid access code is present.

  • eric bloedow (unregistered)

    those burglar alarm stories remind me of an article i read in a Reader's Digest about what to watch out for in a security company...one part said that some burglar alarms will only send a message to the headquarters of the company-in a different STATE! it could take them several HOURS to get through to the police near your home...

  • eric bloedow (unregistered) in reply to FredSaw

    this reminds me of a story i read on the "not always working" part of the website "not alway right": when an alarm was set off, the alarm company would call, but they would always say ,"is this [homeowner]?" and other VERY dumb questions, so all a burglar had to do was answer "Yes" to every question, and they would write it off as a false alarm!

Leave a comment on “For Security Purposes...”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article