Personal security is a lot like the “you just need to run faster than your friends” …
My personal take is:
if someone targets me specifically to steal my identity or listen to everything I say, and they are professionals, there is very very little I can do to prevent that.
…
but there are also a ton of scammers out there hoping to catch something in the dragnet and that is what I want to prevent
So I try to weigh effort vs security to stay somewhere in the upper end of the security bell curve… aka running faster than the majority.
The thing I complained about with the number above came about because of how stupid our ADFS is for reasons and how it always logs us out and then back in and people would just press “OK” on the Two-Factor app because they were so used to having it pop up randomly when a tab on the browser reloads. That way at least 1 time someone obtained a 2 Factor token for an account they had obtained credentials for and got into one of the subsidiaries’ networks.
Also there was a weakness in MS Teams at the the time I think that helped with the “obtaining credentials” part.
I work for a big tech company, and I will assure you that our people get a lot of targeted, sophisticated attacks. (That includes me, I got some spear phishing texts, allegedly from a cow orker, which were pretty legitimate looking. Except for the “no one texts my work phone “ and “I just was in a vc with the purported sender”. )
My credentials to log in to work systems are worth a lot more than a random gmail or someone’s credit card. The people who deal with this tell me there are a lot of them, and thousands and thousands of routine ones.
Oh, I do that a lot. They do such a terrible job of being specific, using internal URLs rather than random third-party services that they thought looked shiny, etc.
I reported a mail purporting to be from a security training firm. The training manager was most annoyed with me, but my management agreed that mail from “mytraining@learningprofessor.com” did not look like a professional training company.
Oh, this is fun: the process to “disagree” with Facebook’s decision to boot me begins with them requiring that I give them my phone number, which I am not going to do. But every day, they still send me an “A lot has happened on Facebook since you last logged in” email. Clicking on unsubscribe leads me to… the page requiring that I give them my phone number to proceed.
There’s a special place in hell for people who deploy WiFi that requires using a captive portal.
There’s an extra hot spot for the designer of this hotel’s system.
In this case it’s morons who think MAC addresses are constant, and pisspoor network design, with a bunch of networks with the same ssid. It was made worse by an ap that was crashing every few minutes.
Actually… this time it does. (well after first it made my life harder)
I have had to move my blog to another tool and the export function sucked. In addition to sucking, wordpress exports terribly formatted html and the new tool can read the much cleaner markdown syntax which is preferable for me.
I had chatGPT write me a python script that converts the generated files to a much cleaner format, also ditching a bunch of frontmatter data I don’t need anymore. I only speak very basic python… and the script works really nicely.
Obviously, in my day to day work I write java faster than chatGPT could and the code I write is often easier to write than to specify for the chatbot what I want to do. But for a simple task like this in python it is faster for me to tell it what I want, correct the mistakes it makes (libraries oO) and use it for the basic knowledge that I am lacking.
I’ve just spent several hours and learned basic phantomjs in order to scrape a very JavaScript-heavy web site…
…it’s the local council’s dustbin collection calendar. Even if you already know your UPRN (UK property identifier) you have to step through the post code lookup and house selection.
But now I get up-to-date bin collection reminders in the house calendar server.
Technology sure is making my life easier today. We just got a new borescope at work and it paid for itself within 10 minutes of the console being charged up. We have a US Model 1817 “Common Rifle” in for evaluation. It looks good, but many of these were converted to percussion and bored out to .58 caliber smoothbore from the original .54 caliber when both sides were scrambling for weapons at the start of the Civil War. This one was reconverted back to flintlock at some point, probably in the 1950s or ‘60s, but seemed to have an original rifled bore, although the breech-end was difficult to see with the usual reflector dropped down the barrel. I decided to try the new scope on it and discovered…chicanery! This barrel was bored out in the 1860s, but then partially sleeved with a rifled insert that was incompletely threaded into place. Pretty devious. If this was in original flint and had the original rifled barrel, it would sell for $5000 - $7000. As it is now, I’d guess around $1800 - $2200 (the latter figure is so high only because it still looks very nice).
This is looking straight down the bore. The gap with the exposed counter-bored threads is plainly visible as a space before the abrupt transition to the bored out original barrel walls:
