- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Wow, I'm glad I don't live in whatever Napoleonic-era, warmongering nation you do. Lots of sweeping statements there.
Admin
Back in the late 90's I registered a domain using fake information for the contacts for privacy reasons (this was before there was any domain privacy stuff).
After a long time of having the domain hosted at internic, i mean networksolutions, i mean Verisign, i decided i didn't want to support them anymore. I attempted to transfer my domain only to realize i couldn't since i no longer had my NIC handle and all the information (including the email addresses) were fake.
Through many conversations back and forth telling the person on the phone that the company didn't really exist and the information was all fake i was finally told that all i had to do was fax them with a contact change request on company letter head.
This company letter head was created in MS word and had the following contact information in it.
Company 2345 STFU Ln. Bumville Ohio, 55555 555-555-5555
My change request went through immediately.
Admin
Admin
By direct debit, like everyone else I know. I haven't seen a cheque outside of work in some years; and thats because we're getting payments in off doctors - regularly stuck in the past.
Admin
Mr Phish rings you up, pretending to be MoFoCo, and asks you for your password. You tell him your password. Mr Phish says, "No, that's the wrong password ... oops!" <click/> Mr Phish rings you up again and manages to get step one right. "Hi, we're MoFoCo. Can I have your password please?" You tell him your password. Mr Phish says, "FILE_NOT_FOUND ... oops!" <click/>
What are the chances that Mr Phish will get it right next time?
Admin
Admin
I always thought credit cards have become popular just because the US had no proper system for bank transfers, unlike Europe.
Admin
Funny, when you think about their economic power and then people pay with paper on which they wrote a certain amount and declare that as money. That's a RWTF.
Not everything is soooooo good in the land of unlimited possibilities.
Admin
i really htae this web site :)
Admin
That's why I always use 'Pat' as my first name when signing up for customer service. :-)
Admin
Well, not all "credit cards" are credit cards; most ATM cards in the US can be scanned at any (Visa / Mastercard) credit card terminal.
Admin
Given his surname and my own experiences of dealing with them, it sounds as if he was dealing with the IEDR (http://www.domainregistry.ie/), who manage the .ie ccTLD, or possibly one of their resellers.
The IEDR's registration, transfer, and domain renewal policies are utterly byzantine. Go take a read of the site.
Admin
Admin
That makes some sense. As an individual, your signature is your legal authorization, but a company does not have a signature as such; rather it produces documents based on established internal channels of authorization.
Admin
Reminds me of when I moved from Pennsylvania to Virginia and I went to apply for a new driver's license. They said that I needed proof of insurance from a company that can do business in VA. I already had that taken care of, so I took my insurance card, which had my Virginia address, the policy number started with "VA" and the carrier's address at the top was in VA. The lady at the DMV made me take a seat while she had to go talk to her manager because it did not explicitly say "Virginia Auto Insurance" anywhere on the card and that was the only way they could prove if the carrier was licensed to do business in VA.
Admin
Admin
Made me laugh, in the UK parents send their kids to public school so that they will get hit.
Admin
Had major hassle trying to get a bank account a while back... Bank: You need two forms of ID Me: OK, here is my passport and my drivers licence Bank: This drivers licence is provisional Me: Yeah, I can't drive. Bank: We only accept a full licence. Me: Well what other forms of ID do you accept? Bank: Full UK drivers licence or passport. Me: Goodbye.
[Note to non-UKians - provisional drivers licence is identical to full licence, issued by same body, only has a large red "L" on it]
Admin
I am British and had the fun of coming to the US and trying to get residency set up over here. The best part is the social security card loop:
Admin
Had a call from a company about a large overdue bill once. They asked me for my security info so that they could verify my identity (they phoned me at home, on my landline). I said "No, this is an incoming call, you could be anybody". They said "Fairy nuff. call us back on 0800 123 456". I said, OK, put the phone down and went about my day. Didn't hear anything more about the overdue bill for some weeks :)
Admin
As a great man once said: there are two things in this world that are infinite - the universe, and the stupidity of man. Though i'm not certain of the first one.
Admin
Admin
I was thinking this exact same thing. My parents needed some help with their DSL and even though my dad had given me the last 4 of his SS#, when I said I was calling on his behalf they said they couldnt help me. I called right back, said I was him and I was good to go.
I applaud the effort, but seriously if someone has personal information, they are going to get what they need. No point in making them call back twice
Admin
About ten years ago, working for PlastoCard Inc, I walked past a young lady in the customer service department who was trying to deal with a bank that couldn't use a specific modem to connect to our services. She was trying to test the modem, but (unsurprisingly) couldn't get it to work with Win95 and her crappy ancient computer.
"No problem," I thought, "I'll just reboot the machine and fiddle the COM port mappings in the BIOS." So I phoned internal tech support.
Me: "I need to get the modem here working, and I'm rebooting. What key do you press on a McMicky PC to get into BIOS?" IT: "What communications software are you using?" Me: "Um, PlastoFantastix." (Damn, the F2 key doesn't cut it on her computer. Reboot again.) IT: "That's not on our list. We don't support that one." Me: "Who cares? I'm not asking you to support the comms software. I'm asking you how to get into the BIOS." (Blast! The F1 key doesn't do the trick either. Reboot again.) IT: "But if we told you, then you'd be changing the computer so that it supported Plasto... whatever it is. And it's not on the list." Me: "Look, as the name suggests, it's software that PlastoCard produces. We built it. Anyway, the software has been on this machine for three years now. I'm just trying to get it to talk to a new modem." (Poopie! Even the escape key, it does nothing. Reboot again.) IT: "But if you can get the BIOS to talk to the modem, then we'd be supporting FlaxoPlant... er, comms software that isn't on the list. We don't do that." Me: "It's OUR fucking comms package! I build it! Me! Here! PlastoCard supports the fucking thing! All I want is the right key to press so that I can get into the BIOS on this fucking piece of shit!" (What about the first three letters of the company that builds this junk? Hmm. "Del", yes, that gives me the Blue Screen of Life. Hooray!) Me: "Never mind, I've fixed it myself. Now I can support software that isn't on the list, and there's nothing you can do about it, you little prick..."
And that's internal "admin" inside a tech company.
Addendum (2007-10-26 19:09): Oh, wait. Domain registration companies are "tech."
Bwaaahahahahaha...
Admin
http://www.antiquebottles.com/rl/tc/PondsWifeDrink.jpg
Quite sweet, but not what you're looking for.
Admin
Admin
LaserJests aren't crappy! I use one all day and it can even fax :)
Admin
MS Word is a hacker tool! Ban it!!!!111!one
(probably an in-joke for Germans...)
Admin
Seems that your poster is unfortunate enough to use Demon as an ISP.
Admin
I used to rather like Demon, back in the old days of modems that made screechy noises. Turnpike was quite a neat mail client, supported unlimited mailboxes, and you got your own subdomain. Plus, they used SMTP to give you "push email" back when a blackberry was a fruit you got on bramble bushes.
Dunno what they're like nowadays though.
Admin
This isn't a WTF, it's a standard legal practice to avoid being held liable for actions of a third party. By requiring letterhead, they make you either represent yourself correctly (in which case there's no problem) or misreprsent yourself. In the second case, they are not liable for the damages because they are a direct result of criminal behavior (fraud, forgery, etc.). So it's perfectly understandable that they do this sort of thing.
And it also makes sense from a customer service perspective. The alternative to the identification-by-letterhead method of authentication is necessarily more involved and requires more effort. Customers generally tend to not be too excited about excessive effort. That means if there's a competitor who's offering a less complicated way to authenticate (even if it's less secure), the customer is likely to make the switch.
Finally: why subject customers to this extra effort (which requires additional time, i.e. money on the site of the company) in 95 cases to avoid the 5 cases of fraudulent transfers. Even at 90/10 and 80/20, most people (outside of the IT and security fields) would probably not accept the extra burden.
Admin
"The transfer was approved. John smiled, having successfully circumvented the ISP's security armed with sophisticated hacking tools like MS Word templates and a crappy LaserJet printer."
Does the adbox that followed this article count as a WTF?
HP Multifunction Devices HP Multifunction Devices - Copy, Print, Scan & Fax. Learn More! advertise herewww.hp.com/go/enterprise
Admin
<a rel="nofollow" href="http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"" target="_blank" title="http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"">http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"
http://forums.worsethanfailure.com/forums/permalink/134295/134295/ShowThread.aspx#134295
HTH. HAND. :-)
Admin
Also, although I've had to provide letterhead for phone transfers in Australia ("That doesn't look like a real letterhead! You could have just done that on a laser printer!"), I've never had to provide letterhead for a domain transfer in Australia.
Admin
This ignores the fact that most bright people have ordinary children, and had ordinary parents ('regression towards the mean').
Or to put it another way: your grandparents don't really have much effect on the way you turn out. "From shirtsleeves to shirtsleeves in 3 generations."
This particular misunderstanding was very popular in the 1940s, because at the time it was possible to be well educated and still hold this belief. Much less so now.
Admin
Money order - most common for people with credit so bad the bank won't let them have an account.
A wire transfer.
A credit card. Some landlords (Casto, for one), do accept Amex, for example. You can even get your rewards, which can be 2% of rent, back, if your card has rewards. Nifty.
So where's the problem, exactly?
Admin
Re.3: you don't. If you think you do, you didn't try the right bank.
Admin
This wasn't a problem twenty years ago (at least not in Georgia), but the IRS seems to have imposed some sort of stupid rule since then that requires an SSN on an account so that the interest is taxable.
I tried to open an account with the BofA and hit precisely this problem. Never mind that the interest on a current account is a risible 1% (and this was before the Greenspan Put.) Never mind that I was prepared to forego the interest and just have a plain vanilla account with no SSN attached. Apparently, it just isn't possible.
I've got an SSN, so I don't personally care, but I'm sure there a few out there who could do with a tip on this one.
Admin
There seems to be some misunderstanding about what security means. Security does not mean "unwavering assurance." All security is beatable. The goal is (generally) to minimize fraud.
Sometimes, typing in your ZIP code at the gas pump reduces credit card fraud to a tolerable, manageable level. It doesn't beat all cases of credit card, but it beats enough of it that the rest can be managed.
Requiring company letterhead reduces fraud enough that the remaining cases of fraud can be managed in other ways. Letterhead is not a guarantee. It's just a bar raised up a little so that the number of people who figure out how to get past it has been lowered to a count that they can manage.
That policy is not stupid, people who don't understand how security really works are stupid.
Admin
Not the IRS: It's the international war on terror. Banks are required to tie accounts back to people so that terrorist cash flows can be traced. These rules are being applied internationaly, are a pain in the butt internationaly, and were major software projects for the banks.
Although I'm sure the IRS is loving it.
Admin
In other words, you are advocating eugenics.
Admin
E for effort, shorly? ;-)
Admin
8
Admin
Some years ago I was closing a bank account owned by my parents. I had a power of attorney (PoA) to allow me to do this legally.
So I mailed a copy of the PoA to the bank but they rejected it, since it wasn't an original with a raised notary seal. Their suggestion: that I FAX them the original complete with the seal.
Maybe they've got a fancier FAX than I do, but mine doesn't have the ability to generate a raised seal on paper...
Admin
6
Admin
This sounds like he was dealing with MelbourneIT - they take "letterhead" as a proof of right to transfer. Pathetic, really.
Admin
:-) Darn, now people are going to figure it out.
Back in my teens I was heavy into chemistry. It started with being a science nerd all my life. Then I got a chemistry set. Then the books - first "kiddy" chemistry books from which I quickly graduated to high school chemistry text books and by the 8th grade undergrad college textbooks and by high school graduate textbooks.
Very quickly my "hobby" was being starved by the fact I couldn't get a decent breadth of chemicals. I had sources. My 8th grade science teacher had one of everything in the VWR catalog (literally) and was very progressive about youth education - pass the special safety and knowledge tests to get "Access: All Areas". Also I had a buddy down the street with similar proclivities plus a father who worked for a local TV station which had a photolab which required chemicals from a VWR catalog. His father lovingly piggybacked anything we said we needed.
But this wasn't enough once I was in high school and once my friend wasn't around. So first I discovered the educational value of trade magazines and figured out a little bit about the marketing involved in them - namely how to fill out the free subscription card to always get the $100+ trade rag for free. Primary was to put a company name - even made up. Once I was on those mailing lists I started getting onto various company mailing lists and even started getting chemical supply catalogs. I soon wanted to order some of the delicacies I found. But how to do it? I reviewed the Ts&Cs listed and discovered I needed an account first but I could pay for stuff COD. All I needed was... wait for it... an introduction and request on corporate letterhead. Even before the days of desktop publishing this was pretty trivial to do (the 1970s).
So I quickly made up some letterhead, got my "corporate" accounts and product ordering conduit up and running. The rest is history - and sadly crucible that formed this serial entrepeneur is now probably broken for future generations as we regiment the next generations to stay within the lines and never get out of the box. Anywhere but America next time I fear.
Admin
I did this, myself, back in the days of INTERNIC; they required letterhead to prove ownership, but didn't even verify the fax number.
Admin
What happened to someone I know once, he called to make a change to the cellular phone service but he wasn't the person who signed up, so the person who worked for the phone company told him to call back and tell them he is the person who signed up. So, the guy even tells you how to circumvent their own weak security, but you still have to call back anyways
Admin
I bought 3 items on a portal website that would be supplied by 3 different suppliers.
I got an email from one of them asking to confirm my delivery address, so I printed off the original order, scanned it and emailed the image back, telling them exactly how I produced the proof of address and complaining that there was no Start Of Authority.
I received their delivery the next day.