Notices by Jonathan Kamens (jik@federate.social), page 7

Pay attention now, because I'm going to tell you the magic bullet for how to prevent your company from ever being forced to pay off a #ransomware attack to survive:
1) Hire good #infosec people.
2) Do what they tell you.
Not doing it for you? Ok, here's another option:
1) immutable backups
2) that you test regularly
Still not vibing? Ok, here's another option that'll reduce your risk by about 99%:
1) #DontUseWindows
2) mandatory strong #2FA
#ThisIsntComplicated

This is an _incredibly_ convincing phishing email from #Microsoft. I have to give the people who sent it credit, this one is really good.
The From line shows a Microsoft logo and microsoft.com domain. The message passes DKIM (HUGE problem!). All of the links in the email are real Microsoft links. The scam is designed to get people to call the "Sales Team Helpline" where the real fraud will take place.
You can spot a few red flags if you look really carefully.
1/4
#phishing #infosec

About that DKIM thing: what the heck has Microsoft done wrong to allow scammers to send email from the microsoft.com domain that passes DKIM? Holy cow, that's a huge problem. They need to figure out what's going on there and put a stop to it ASAP.
Let's talk about the red flags...
The To line doesn't contain the email address of the actual recipient.
A properly formatted email would write "Order ID" rather than "Order Id".
2/4

Fascists winning the Austrian parliamentary election definitely isn't something we need to worry about, right? /s
Gift link: https://wapo.st/4eKths7

P.S. For those of you who did not benefit from the immersion Holocaust education I received as a Jewish child in the U.S. in the 70's and haven't seen The Sound of Music... Austria was a willing, eager participant in the Holocaust, gave refuge to many high-level Nazis after WW2, and has had a stubborn fascism problem for much of its history.

I am really struggling to cope with the barbarity of #Israel knowingly killing, injuring, and displacing thousands of people they unquestionably knew were civilians because they considered that acceptable collateral damage for killing one Hezbollah leader.
I know they've been doing the same thing in #Gaza for the past year but this seems even worse, for reasons I can't quite put my finger on.
It pains me to the depths of my soul that even now the U.S. still hasn't said enough is enough.
#Lebanon

I filed a bug report about incorrect behavior in a #FOSS app which I was able to reproduce immediately after I saw it happen the first time, but then not at all. I mentioned this clearly in my report, followed by, "...so it's intermittent rather than reproducible."
One of the maintainers replied, "I don't see that."
I tried for several minutes to come up with a polite way to say, "Which part of 'intermittent, not reproducible' do you not understand?" then gave up and said nothing.
#smdh

You boost #COVID minimizing crap into my timeline, you're getting unfollowed.
You post COVID minimizing crap, you're getting muted or blocked.
Current COVID strains are not milder, that's bullshit.
COVID is killing more than a thousand people a week in the U.S.
It is an order of magnitude more dangerous than flu or RSV.
You want to accept the significant risk of #LongCOVID for the sake of being able to eat out? Go for it. Call the people who don't "doom and gloomers"? Fuck you.
#CovidIsNotOver

Just gonna leave this here.
https://www.self.com/story/covid-reinfection-health-effects

This essay from @JuliusGoat is worth reading. My favorite quote: "This means that every 2 years or so the main choice we're making is whether or not we ever get to make choices again, which doesn't seem sustainable, probably because it isn't sustainable." That, exactly.
I sometimes find A.R. Moxon's writing a bit too loquatious, but this essay calls out to me from start to finish. Perhaps it will for you as well.
#politics #USPol #democracy #existentialRisk
https://www.the-reframe.com/the-rot-goes-to-the-core/

Leopards eating faces party etc. etc.

Judging from my experience submitting account deletion requests to sites that won't let me change my email address (see my #ChangeOfAddress thread), most companies nowadays are honoring deletion requests even for users in states that don't have laws requiring them to do so.
This is a a very good thing, and it's another example of pro-consumer California law benefiting the entire country.
#privacy
1/2

I have yet to have a company respond to a deletion request with, "We're not required to delete your data so we won't," though for some inexplicable reason Condé Nast felt compelled to say, "We're not required to delete your data, but we're nice so we will anyway."
#privacy
2/2

Over at https://intuit.com/, when I logged in it asked me to let it send me a text to verify my phone number, I clicked "Skip". When I then went to the "Sign in & security" page, it said my phone number was already "Verified". So why did it ask to verify it again?
After I changed my email address, that same page immediately said that my newly set email address was "Verified", even though I hadn't yet clicked the link in the verification email they sent. #smdh 🤡
#ChangeOfAddress 🧵

At https://jetblue.com/, it wouldn't let me log in with the password stored in my password manager. I was able to do a password reset and set my password to the one I already had stored, despite the fact that the password reset screen claimed I wasn't allowed to use my previous three passwords. 🤔
On their profile screen they said to "Use an email address you'll always have access to," but then didn't make me very my address after changing it. 🤔🤔
#ChangeOfAddress 🧵

The TD Bank retail retail card site https://tdfinancing.com/ is disappointing.
Because they moved the site yet again I had to reset my password.
* When I entered the password generated by my password manager, I got this error: "At least 1 uppercase, 1 lowercase and optional special character is required. Minimum length: 8." An "*optional* special character is *required*"? Really?
(continued)
#ChangeOfAddress 🧵

(https://tdfinancing.com/ problems, continued)
* They were rejecting my password because it contained "^", which isn't allowed. Two failures here: prohibiting some special characters, and not telling the user what's allowed.
* When I changed my email address, they only sent the notification to the new email address, with "If you did not perform this action, contact us immediately..." Yo, if I didn't do it, then it's not my email address and I didn't get this email!
Idiots.
#ChangeOfAddress 🧵

Oh, one more thing about https://tdfinancing.com/ which I forgot... After I changed my password, it displayed this message, really large: "Your password has been captured!"
"captured"? Seriously? Was this site built by someone who is not a native English speaker and has so little experience building sites in English that they don't know this is not the term anybody ever uses for this?
"captured"? wtf, man.
#ChangeOfAddress 🧵

At https://ko-fi.com/, they sent email to my old address with a link to confirm the address change, but they didn't send a confirmation link to the new address.
After making the change I am able to log in with the new address and my account page lists the new address, but it says "Your email is *not verified*" but provides no instructions or mechanism for verifying it. 🤡
#ChangeOfAddress 🧵

https://linkedin.com/ is, as usual, a dumpster fire.
It accepts the AnonAddy email address when I add it, and sends the necessary verification email to the new address, but when I click the link in the email I get the error page shown below.
I note with amusement the copyright notice at the bottom of the page dated 2020.
(more LinkedIn fun continued in the next post)
#ChangeOfAddress 🧵