• Mike (unregistered) in reply to kobal
    kobal:
    No, its the wars - we take a large portion of the healthiest, best and brightest and kill most of them off, leaving mostly the "less than best" (putting it charitably) to procreate. That's why we have so few GOOD (intelligent, innovative, knowledgeable, etc.) IT types, doctors, engineers, etc. And I don't mean only those who made it through a 4-year, and have a piece of paper (some of them are good, most are not). I mean those who can make it happen in the real world. If you are honest with yourself, you know what I mean. And no, it is not 'politically correct' to express thoughts like these.

    Wow, I'm glad I don't live in whatever Napoleonic-era, warmongering nation you do. Lots of sweeping statements there.

  • fr0g (unregistered)

    Back in the late 90's I registered a domain using fake information for the contacts for privacy reasons (this was before there was any domain privacy stuff).

    After a long time of having the domain hosted at internic, i mean networksolutions, i mean Verisign, i decided i didn't want to support them anymore. I attempted to transfer my domain only to realize i couldn't since i no longer had my NIC handle and all the information (including the email addresses) were fake.

    Through many conversations back and forth telling the person on the phone that the company didn't really exist and the information was all fake i was finally told that all i had to do was fax them with a contact change request on company letter head.

    This company letter head was created in MS word and had the following contact information in it.

    Company 2345 STFU Ln. Bumville Ohio, 55555 555-555-5555

    My change request went through immediately.

  • wklink (unregistered) in reply to jas88
    jas88:
    Hm - I wonder if simultaneously domain-jacking Microsoft, Amazon, Ebay and Google would be enough to make these clowns re-think the letterhead as authentication" policy?
    That is a guaranteed way to get Congress to pass a law making it illegal to generate a false letterhead.
  • Cian (unregistered) in reply to epsalon

    By direct debit, like everyone else I know. I haven't seen a cheque outside of work in some years; and thats because we're getting payments in off doctors - regularly stuck in the past.

  • (cs) in reply to Jamie
    Jamie:
    hmmmmmm...:
    This reminds me of a phone call I once had from my mobile phone provider. I asked them how I could be sure that they were my provider and their answer was:

    "Well, you could set up a password so that next time we call we'll ask you for the password and when you give it we'll tell you if it's correct, that way you'll know it's us"

    sighs (again)

    I actually got a call saying it was from my mobile phone provider and could I please confirm my password so that they knew they were talking to the right person.

    I had to explain to the dumb f*ck why there was not a chance in hell that i'd be providing this information - mainly because I had no way to verify that they were who they said they were.

    With all the phishing scams you'd think large multi-national corporations would have some clue!

    Well, I'm obviously missing the point, because this looks like FILE_NOT_FOUND security to me. That is, about as minimal as you can get without bothering to implement any security policy at all. Consider:

    Mr Phish rings you up, pretending to be MoFoCo, and asks you for your password. You tell him your password. Mr Phish says, "No, that's the wrong password ... oops!" <click/> Mr Phish rings you up again and manages to get step one right. "Hi, we're MoFoCo. Can I have your password please?" You tell him your password. Mr Phish says, "FILE_NOT_FOUND ... oops!" <click/>

    What are the chances that Mr Phish will get it right next time?

  • (cs) in reply to Kinglink
    Kinglink:
    Franz Kafka:
    how much stupid is there in the world?

    Just remember sites like this are biased. Even in America the amount of people who use a real computer on a daily basis is probably around 60 percent.

    Then realize that we're one of the most industrialized nations. Imagine if everyone in Africa had a computer.

    Believe me, there's a lot more stupid out there. A lot! And who knows maybe they'll soon be on our "interwebs"

    ORLY? NOH WAI! ....I think they are already here...

  • me (unregistered) in reply to Cloak
    Ever heard of money transfer or standing orders? Do you still carry money with you? I thought the US is THE country where credit cards are the predominant means for payments.

    I always thought credit cards have become popular just because the US had no proper system for bank transfers, unlike Europe.

  • Cloak (unregistered) in reply to me
    me:
    Ever heard of money transfer or standing orders? Do you still carry money with you? I thought the US is THE country where credit cards are the predominant means for payments.

    I always thought credit cards have become popular just because the US had no proper system for bank transfers, unlike Europe.

    Funny, when you think about their economic power and then people pay with paper on which they wrote a certain amount and declare that as money. That's a RWTF.

    Not everything is soooooo good in the land of unlimited possibilities.

  • c nothing (unregistered) in reply to Doug#1

    i really htae this web site :)

  • (cs) in reply to Joe

    That's why I always use 'Pat' as my first name when signing up for customer service. :-)

  • (cs) in reply to me
    me:
    Ever heard of money transfer or standing orders? Do you still carry money with you? I thought the US is THE country where credit cards are the predominant means for payments.

    I always thought credit cards have become popular just because the US had no proper system for bank transfers, unlike Europe.

    Well, not all "credit cards" are credit cards; most ATM cards in the US can be scanned at any (Visa / Mastercard) credit card terminal.

  • Podge O'Leprosy (unregistered)

    Given his surname and my own experiences of dealing with them, it sounds as if he was dealing with the IEDR (http://www.domainregistry.ie/), who manage the .ie ccTLD, or possibly one of their resellers.

    The IEDR's registration, transfer, and domain renewal policies are utterly byzantine. Go take a read of the site.

  • (cs) in reply to Kinglink
    Kinglink:
    Franz Kafka:
    how much stupid is there in the world?
    <snip> Believe me, there's a lot more stupid out there. A lot! And who knows maybe they'll soon be on our "interwebs"
    .. and calling it the interwebs, stupid? Everyone knows its technical name is "Series of Tubes"!
  • jayh (unregistered) in reply to Boojum
    Boojum:

    When I tried to do it recently, I was told that I needed to fax the request on letter headed paper. Since I wasn't a company however (yes, they actually bothered to check my details) I was told a signature on the fax would be fine. And it was.

    That makes some sense. As an individual, your signature is your legal authorization, but a company does not have a signature as such; rather it produces documents based on established internal channels of authorization.

  • Anonymous (unregistered) in reply to vt_mruhlin
    vt_mruhlin:
    Ah yes, reminds me of trying to get approved for a car loan after graduating from college. "We need to see a phone bill to prove your address." "Erm, I don't have a landline, and just moved into the apartment this month, so I don't have a cell phone bill yet showing the current address.... But I do have electricity and cable TV bills, as well as a copy of my apartment lease with me." "No, it has to be a phone bill." OK, I go to Verizon's website, print out the latest bill and bring it back to them. "See, it has my current address." "Oh, but this doesn't 'say Verizon' on it. It was printed with your computer's printer. How do we know it's authentic?" "Well, I've signed up for paperless billing, so you're not going to get anything that wasn't printed on my inkjet..." Had to get the phone company people on a three way call with the bank to finally verify that was my correct address.

    Reminds me of when I moved from Pennsylvania to Virginia and I went to apply for a new driver's license. They said that I needed proof of insurance from a company that can do business in VA. I already had that taken care of, so I took my insurance card, which had my Virginia address, the policy number started with "VA" and the carrier's address at the top was in VA. The lady at the DMV made me take a seat while she had to go talk to her manager because it did not explicitly say "Virginia Auto Insurance" anywhere on the card and that was the only way they could prove if the carrier was licensed to do business in VA.

  • Anonymous Cwoard (unregistered) in reply to pitchingchris
    pitchingchris:
    I know this is off topic, but can anybody remember the post that had the link to women with nice asses (It was some middle aged women riding donkeys) ? I told somebody at work about it and they wanted to see
    You know, I can't even think of a work-safe search term to use to try and find that...
  • (cs) in reply to FireJayPa
    FireJayPa:
    Franz Kafka:
    SomeCoder:
    *sigh*

    How many security WTFs are we going to see?

    how much stupid is there in the world?

    More than enough .... I blame public shcools and parents that don't hit their kids

    Made me laugh, in the UK parents send their kids to public school so that they will get hit.

  • (cs) in reply to Anthony
    Anthony:
    vt_mruhlin:
    Ah yes, reminds me of trying to get approved for a car loan after graduating from college. "We need to see a phone bill to prove your address." "Erm, I don't have a landline, and just moved into the apartment this month, so I don't have a cell phone bill yet showing the current address.... But I do have electricity and cable TV bills, as well as a copy of my apartment lease with me." "No, it has to be a phone bill." OK, I go to Verizon's website, print out the latest bill and bring it back to them. "See, it has my current address." "Oh, but this doesn't 'say Verizon' on it. It was printed with your computer's printer. How do we know it's authentic?" "Well, I've signed up for paperless billing, so you're not going to get anything that wasn't printed on my inkjet..." Had to get the phone company people on a three way call with the bank to finally verify that was my correct address.

    Alot of existing systems have problems with the younger generation. I have the problem all the time. Whats your home phone number.... umm I don't have one and I'm damn sure not giving you my cell phone number... The systems are old and it's going to take them a while to catch up. The good news is they want our business so they will adapt after they lose a few sales.

    Had major hassle trying to get a bank account a while back... Bank: You need two forms of ID Me: OK, here is my passport and my drivers licence Bank: This drivers licence is provisional Me: Yeah, I can't drive. Bank: We only accept a full licence. Me: Well what other forms of ID do you accept? Bank: Full UK drivers licence or passport. Me: Goodbye.

    [Note to non-UKians - provisional drivers licence is identical to full licence, issued by same body, only has a large red "L" on it]

  • Richard (unregistered)

    I am British and had the fun of coming to the US and trying to get residency set up over here. The best part is the social security card loop:

    1. In order to obtain a social security card you must provide a permanent address.
    2. In order to rent a permanent address you must have a bank account.
    3. In order to obtain a bank account you must have a social security number.
  • (cs) in reply to hmmmmmm...
    hmmmmmm...:
    Pap:
    TRWTF is that they're using fax machines.

    I may have dreamt this but...

    ...faxes are legally acceptable (binding) documents whereas, for example, e-mails are not.


    This reminds me of a phone call I once had from my mobile phone provider. I asked them how I could be sure that they were my provider and their answer was:

    "Well, you could set up a password so that next time we call we'll ask you for the password and when you give it we'll tell you if it's correct, that way you'll know it's us"

    sighs (again)

    Had a call from a company about a large overdue bill once. They asked me for my security info so that they could verify my identity (they phoned me at home, on my landline). I said "No, this is an incoming call, you could be anybody". They said "Fairy nuff. call us back on 0800 123 456". I said, OK, put the phone down and went about my day. Didn't hear anything more about the overdue bill for some weeks :)

  • Te(hn0b0y (unregistered) in reply to Ken

    As a great man once said: there are two things in this world that are infinite - the universe, and the stupidity of man. Though i'm not certain of the first one.

  • (cs) in reply to $|i(3_x
    $|i(3_x:
    Reminds me of an antivirus vendor I used to deal with...

    Them: Thanks for calling Acme AV. My name is Billy, how may I help you? Me: Hello I'm calling on behalf of my client, Bob Smith, to have his Enterprise AV license transferred to a different server. Them: I'm sorry, only Mr. Smith can authorize that. Me: I just told you I'm calling on his behalf. He's out golfing today. Them: I'm sorry, our polic</click>

    Me: <dials/> Them: Thanks for calling Acme AV. My name is Suzie, how may I help you? Me: Hi, my name is Bob Smith...

    I did something similar with my ISP, but instead of hanging up and calling back, I pretended to put the other person (my father) on the line and just started speaking with an accent.

  • Troy Mclure (unregistered) in reply to Thomas
    Thomas:
    Same for phone companies. You need to submit some personal data of the owner or the one that made that was registered to be able to make changes. If you have the personal data, but are not one of those persons, you can`t request a cancelation of the service. But then, if you call them and tell them you the one in charge, pass the data, you get to cancel it. As if they could check by voice recognition system or see through the phone if you are the one you saying you are. Really silly this kind of stuff....

    I was thinking this exact same thing. My parents needed some help with their DSL and even though my dad had given me the last 4 of his SS#, when I said I was calling on his behalf they said they couldnt help me. I called right back, said I was him and I was good to go.

    I applaud the effort, but seriously if someone has personal information, they are going to get what they need. No point in making them call back twice

  • (cs) in reply to BrownHornet
    $|i(3_x:
    Reminds me of an antivirus vendor I used to deal with...

    Them: Thanks for calling Acme AV. My name is Billy, how may I help you? Me: Hello I'm calling on behalf of my client, Bob Smith, to have his Enterprise AV license transferred to a different server. Them: I'm sorry, only Mr. Smith can authorize that. Me: I just told you I'm calling on his behalf. He's out golfing today. Them: I'm sorry, our polic</click>

    Me: <dials/> Them: Thanks for calling Acme AV. My name is Suzie, how may I help you? Me: Hi, my name is Bob Smith...

    I think I must be too dull-witted to lie convincingly over the phone.

    About ten years ago, working for PlastoCard Inc, I walked past a young lady in the customer service department who was trying to deal with a bank that couldn't use a specific modem to connect to our services. She was trying to test the modem, but (unsurprisingly) couldn't get it to work with Win95 and her crappy ancient computer.

    "No problem," I thought, "I'll just reboot the machine and fiddle the COM port mappings in the BIOS." So I phoned internal tech support.

    Me: "I need to get the modem here working, and I'm rebooting. What key do you press on a McMicky PC to get into BIOS?" IT: "What communications software are you using?" Me: "Um, PlastoFantastix." (Damn, the F2 key doesn't cut it on her computer. Reboot again.) IT: "That's not on our list. We don't support that one." Me: "Who cares? I'm not asking you to support the comms software. I'm asking you how to get into the BIOS." (Blast! The F1 key doesn't do the trick either. Reboot again.) IT: "But if we told you, then you'd be changing the computer so that it supported Plasto... whatever it is. And it's not on the list." Me: "Look, as the name suggests, it's software that PlastoCard produces. We built it. Anyway, the software has been on this machine for three years now. I'm just trying to get it to talk to a new modem." (Poopie! Even the escape key, it does nothing. Reboot again.) IT: "But if you can get the BIOS to talk to the modem, then we'd be supporting FlaxoPlant... er, comms software that isn't on the list. We don't do that." Me: "It's OUR fucking comms package! I build it! Me! Here! PlastoCard supports the fucking thing! All I want is the right key to press so that I can get into the BIOS on this fucking piece of shit!" (What about the first three letters of the company that builds this junk? Hmm. "Del", yes, that gives me the Blue Screen of Life. Hooray!) Me: "Never mind, I've fixed it myself. Now I can support software that isn't on the list, and there's nothing you can do about it, you little prick..."

    And that's internal "admin" inside a tech company.

    Addendum (2007-10-26 19:09): Oh, wait. Domain registration companies are "tech."

    Bwaaahahahahaha...

  • (cs) in reply to pitchingchris
    pitchingchris:
    I know this is off topic, but can anybody remember the post that had the link to women with nice asses (It was some middle aged women riding donkeys) ? I told somebody at work about it and they wanted to see
    Well, this is a prime example of why Alex should provide a full-text and/or Bayesian index to the site. I've tried, and failed. Best I can do is in the singular:

    http://www.antiquebottles.com/rl/tc/PondsWifeDrink.jpg

    Quite sweet, but not what you're looking for.

  • (cs) in reply to kobal
    kobal:
    So don't blame the schools (they are terrible)
    Um, what? No-one even mentioned the war^H^H^H^H^H^H^H schools. They're terrible, but you don't blame them? Is this "terrible" as in Grant's "terrible swift sword?" The world needs to know.
    kobal:
    Blame the raw material they have to work with. The gene pool is getting really shallow now...
    I take it you're past breeding age, then.
  • AlwiNus (unregistered)

    LaserJests aren't crappy! I use one all day and it can even fax :)

  • Anonymous (unregistered)

    MS Word is a hacker tool! Ban it!!!!111!one

    (probably an in-joke for Germans...)

  • Djinn (unregistered)

    Seems that your poster is unfortunate enough to use Demon as an ISP.

  • (cs) in reply to Djinn
    Djinn:
    Seems that your poster is unfortunate enough to use Demon as an ISP.

    I used to rather like Demon, back in the old days of modems that made screechy noises. Turnpike was quite a neat mail client, supported unlimited mailboxes, and you got your own subdomain. Plus, they used SMTP to give you "push email" back when a blackberry was a fruit you got on bramble bushes.

    Dunno what they're like nowadays though.

  • marc (unregistered)

    This isn't a WTF, it's a standard legal practice to avoid being held liable for actions of a third party. By requiring letterhead, they make you either represent yourself correctly (in which case there's no problem) or misreprsent yourself. In the second case, they are not liable for the damages because they are a direct result of criminal behavior (fraud, forgery, etc.). So it's perfectly understandable that they do this sort of thing.

    And it also makes sense from a customer service perspective. The alternative to the identification-by-letterhead method of authentication is necessarily more involved and requires more effort. Customers generally tend to not be too excited about excessive effort. That means if there's a competitor who's offering a less complicated way to authenticate (even if it's less secure), the customer is likely to make the switch.

    Finally: why subject customers to this extra effort (which requires additional time, i.e. money on the site of the company) in 95 cases to avoid the 5 cases of fraudulent transfers. Even at 90/10 and 80/20, most people (outside of the IT and security fields) would probably not accept the extra burden.

  • Clive (unregistered)

    "The transfer was approved. John smiled, having successfully circumvented the ISP's security armed with sophisticated hacking tools like MS Word templates and a crappy LaserJet printer."

    Does the adbox that followed this article count as a WTF?

    HP Multifunction Devices HP Multifunction Devices - Copy, Print, Scan & Fax. Learn More! advertise herewww.hp.com/go/enterprise

  • (cs) in reply to real_aardvark
    real_aardvark:
    pitchingchris:
    I know this is off topic, but can anybody remember the post that had the link to women with nice asses (It was some middle aged women riding donkeys) ? I told somebody at work about it and they wanted to see
    Well, this is a prime example of why Alex should provide a full-text and/or Bayesian index to the site. I've tried, and failed. Best I can do is in the singular:

    http://www.antiquebottles.com/rl/tc/PondsWifeDrink.jpg

    Quite sweet, but not what you're looking for.

    <a rel="nofollow" href="http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"" target="_blank" title="http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"">http://www.google.com/search?q=site:worsethanfailure.com+women+"nice+asses"

    http://forums.worsethanfailure.com/forums/permalink/134295/134295/ShowThread.aspx#134295

    HTH. HAND. :-)

  • david (unregistered) in reply to matt
    matt:
    I don't know about in the US, but in Australia and the UK many places require an official company letter to do a domain transfer. And the law in the UK and in Au defines an offical company letter as one printed with company letterhead, with strict rules as to what constitutes a company letterhead (eg. business registration number, names of directors, etc.).

    So this isn't an issue of security, it's really an issue of legality.

    Maybe a WTF in the US, but almost certainly not in Europe and Australia.

    Not in Australia. For a start, that branch of company law is a state, not federal responsibility, but AFAIK, no state defines 'letterhead'. Company seal is defined, company address is defined, ABN and directors signatures are defined, false representation is defined, but not 'letterhead'.

    Also, although I've had to provide letterhead for phone transfers in Australia ("That doesn't look like a real letterhead! You could have just done that on a laser printer!"), I've never had to provide letterhead for a domain transfer in Australia.

  • david (unregistered) in reply to kobal
    kobal:
    No, its the wars - we take a large portion of the healthiest, best and brightest and kill most of them off, leaving mostly the "less than best" (putting it charitably) to procreate.

    This ignores the fact that most bright people have ordinary children, and had ordinary parents ('regression towards the mean').

    Or to put it another way: your grandparents don't really have much effect on the way you turn out. "From shirtsleeves to shirtsleeves in 3 generations."

    This particular misunderstanding was very popular in the 1940s, because at the time it was possible to be well educated and still hold this belief. Much less so now.

  • Kuba (unregistered) in reply to epsalon
    epsalon:
    FredSaw:
    You guys still write checks? Bet you've got a typewriter, too.
    How do you pay your rent?

    Money order - most common for people with credit so bad the bank won't let them have an account.

    A wire transfer.

    A credit card. Some landlords (Casto, for one), do accept Amex, for example. You can even get your rewards, which can be 2% of rent, back, if your card has rewards. Nifty.

    So where's the problem, exactly?

  • Kuba (unregistered) in reply to Richard
    Richard:
    I am British and had the fun of coming to the US and trying to get residency set up over here. The best part is the social security card loop:
    1. In order to obtain a social security card you must provide a permanent address.
    2. In order to rent a permanent address you must have a bank account.
    3. In order to obtain a bank account you must have a social security number.

    Re.3: you don't. If you think you do, you didn't try the right bank.

  • (cs) in reply to Kuba
    Kuba:
    Richard:
    I am British and had the fun of coming to the US and trying to get residency set up over here. The best part is the social security card loop:
    1. In order to obtain a social security card you must provide a permanent address.
    2. In order to rent a permanent address you must have a bank account.
    3. In order to obtain a bank account you must have a social security number.

    Re.3: you don't. If you think you do, you didn't try the right bank.

    Well, go on then, explain with examples.

    This wasn't a problem twenty years ago (at least not in Georgia), but the IRS seems to have imposed some sort of stupid rule since then that requires an SSN on an account so that the interest is taxable.

    I tried to open an account with the BofA and hit precisely this problem. Never mind that the interest on a current account is a risible 1% (and this was before the Greenspan Put.) Never mind that I was prepared to forego the interest and just have a plain vanilla account with no SSN attached. Apparently, it just isn't possible.

    I've got an SSN, so I don't personally care, but I'm sure there a few out there who could do with a tip on this one.

  • Sean (unregistered)

    There seems to be some misunderstanding about what security means. Security does not mean "unwavering assurance." All security is beatable. The goal is (generally) to minimize fraud.

    Sometimes, typing in your ZIP code at the gas pump reduces credit card fraud to a tolerable, manageable level. It doesn't beat all cases of credit card, but it beats enough of it that the rest can be managed.

    Requiring company letterhead reduces fraud enough that the remaining cases of fraud can be managed in other ways. Letterhead is not a guarantee. It's just a bar raised up a little so that the number of people who figure out how to get past it has been lowered to a count that they can manage.

    That policy is not stupid, people who don't understand how security really works are stupid.

  • david (unregistered) in reply to real_aardvark
    real_aardvark:
    Kuba:
    I am British and had the fun of coming to the US and trying to get residency set up over here. The best part is the social security card loop:
    1. In order to obtain a social security card you must provide a permanent address.
    2. In order to rent a permanent address you must have a bank account.
    3. In order to obtain a bank account you must have a social security number.

    This wasn't a problem twenty years ago (at least not in Georgia), but the IRS seems to have imposed some sort of stupid rule since then that requires an SSN on an account so that the interest is taxable.

    Not the IRS: It's the international war on terror. Banks are required to tie accounts back to people so that terrorist cash flows can be traced. These rules are being applied internationaly, are a pain in the butt internationaly, and were major software projects for the banks.

    Although I'm sure the IRS is loving it.

  • (cs) in reply to kobal
    kobal:
    FireJayPa:
    Franz Kafka:
    SomeCoder:
    *sigh*

    How many security WTFs are we going to see?

    how much stupid is there in the world?

    More than enough .... I blame public shcools and parents that don't hit their kids

    No, its the wars - we take a large portion of the healthiest, best and brightest and kill most of them off, leaving mostly the "less than best" (putting it charitably) to procreate. That's why we have so few GOOD (intelligent, innovative, knowledgeable, etc.) IT types, doctors, engineers, etc. And I don't mean only those who made it through a 4-year, and have a piece of paper (some of them are good, most are not). I mean those who can make it happen in the real world. If you are honest with yourself, you know what I mean. And no, it is not 'politically correct' to express thoughts like these.
    Certainly those who watch The Weather Channel will remember the family who was caught by a tornado, and the husband who told the reporter "we was told that a tornado sounded like a freight train, but we didn't hear no 'whoo whoo' or nuthin". Frightening, isn't it? I often wonder how people like that survive. Or a recent job interview I went on (I'm a programmer / technician - contractor) - I was asked to draw a diagram of a latching motor control circuit for my possible new supervisor. I drew a fully functional schematic of one possible circuit, only to have the 'supervisor' point at the ground symbol on my diagram and ask, "What is that?" He really didn't know! He then told me, being deadly serious, that it was obvious (because my schematic diagram didn't match his) that I didn't have much 'hands on' experience - amazing, as I have been making my living as an electronics engineering tech for over 30 years! I left that interview at a run - why would anyone want to work for an idiot?! How, in the name of God, does that company stay in business? So don't blame the schools (they are terrible) - blame the raw material they have to work with. The gene pool is getting really shallow now...

    In other words, you are advocating eugenics.

  • Mr Oli (unregistered) in reply to Doug#1

    E for effort, shorly? ;-)

  • Stupidumb (unregistered) in reply to Franz Kafka
    Franz Kafka:
    SomeCoder:
    *sigh*

    How many security WTFs are we going to see?

    how much stupid is there in the world?

    8

  • Jeremy (unregistered)

    Some years ago I was closing a bank account owned by my parents. I had a power of attorney (PoA) to allow me to do this legally.

    So I mailed a copy of the PoA to the bank but they rejected it, since it wasn't an original with a raised notary seal. Their suggestion: that I FAX them the original complete with the seal.

    Maybe they've got a fancier FAX than I do, but mine doesn't have the ability to generate a raised seal on paper...

  • dubya (unregistered) in reply to Franz Kafka

    6

  • HiltonT (unregistered)

    This sounds like he was dealing with MelbourneIT - they take "letterhead" as a proof of right to transfer. Pathetic, really.

  • Letterhead Man (unregistered)

    :-) Darn, now people are going to figure it out.

    Back in my teens I was heavy into chemistry. It started with being a science nerd all my life. Then I got a chemistry set. Then the books - first "kiddy" chemistry books from which I quickly graduated to high school chemistry text books and by the 8th grade undergrad college textbooks and by high school graduate textbooks.

    Very quickly my "hobby" was being starved by the fact I couldn't get a decent breadth of chemicals. I had sources. My 8th grade science teacher had one of everything in the VWR catalog (literally) and was very progressive about youth education - pass the special safety and knowledge tests to get "Access: All Areas". Also I had a buddy down the street with similar proclivities plus a father who worked for a local TV station which had a photolab which required chemicals from a VWR catalog. His father lovingly piggybacked anything we said we needed.

    But this wasn't enough once I was in high school and once my friend wasn't around. So first I discovered the educational value of trade magazines and figured out a little bit about the marketing involved in them - namely how to fill out the free subscription card to always get the $100+ trade rag for free. Primary was to put a company name - even made up. Once I was on those mailing lists I started getting onto various company mailing lists and even started getting chemical supply catalogs. I soon wanted to order some of the delicacies I found. But how to do it? I reviewed the Ts&Cs listed and discovered I needed an account first but I could pay for stuff COD. All I needed was... wait for it... an introduction and request on corporate letterhead. Even before the days of desktop publishing this was pretty trivial to do (the 1970s).

    So I quickly made up some letterhead, got my "corporate" accounts and product ordering conduit up and running. The rest is history - and sadly crucible that formed this serial entrepeneur is now probably broken for future generations as we regiment the next generations to stay within the lines and never get out of the box. Anywhere but America next time I fear.

  • GrouchyAdmin (unregistered)

    I did this, myself, back in the days of INTERNIC; they required letterhead to prove ownership, but didn't even verify the fax number.

  • zzo38 (unregistered) in reply to Thomas
    Thomas:
    Same for phone companies. You need to submit some personal data of the owner or the one that made that was registered to be able to make changes. If you have the personal data, but are not one of those persons, you can`t request a cancelation of the service. But then, if you call them and tell them you the one in charge, pass the data, you get to cancel it. As if they could check by voice recognition system or see through the phone if you are the one you saying you are. Really silly this kind of stuff....

    What happened to someone I know once, he called to make a change to the cellular phone service but he wasn't the person who signed up, so the person who worked for the phone company told him to call back and tell them he is the person who signed up. So, the guy even tells you how to circumvent their own weak security, but you still have to call back anyways

  • Jon M (unregistered)

    I bought 3 items on a portal website that would be supplied by 3 different suppliers.

    I got an email from one of them asking to confirm my delivery address, so I printed off the original order, scanned it and emailed the image back, telling them exactly how I produced the proof of address and complaining that there was no Start Of Authority.

    I received their delivery the next day.

Leave a comment on “Security by Letterhead”

Log In or post as a guest

Replying to comment #158949:

« Return to Article