scratch-mark

Internet Security: A Lesson in Diminishing Returns

I’ve had my own PC since 1990 (used one since ’87, leading the SEVENTHFLEET to do stuff different—we literally bought a bunch of IBM clones in Hong Kong) and have been on the Internet since 1992. That’s 23 years. My first modem connection was via a CompuServe account that came with a heavy manual and everything was via Command Line. Don’t know what that is? You have an app on your computer even now: be it PC, Mac, Linux, Unix—or whatever OS—where you can use just text commands (DOS guys remember…and I knew a guy who installed Windows 95, but still did everything DOS command line in an open CL window).

…I was actually a Rush Limbaugh fan in 1992, and once exchanged a couple of CompuServe “emails” with him. Prodigy and AOL apps (I had both, too) really brought the Internet to the ignorant mainstream by making it fairly easy with the first GUI apps. CompuServe soon followed with their own GUI for Windows 3.0.

That introduction out of the way, I have never once had a single account hacked, not a single web-based service…be it a bank, trading account, or this blog. Why? Because I’m neither ignorant, nor a moron. Guess what else. I use the same password everywhere. It’s 8 characters. Try to guess it. It used to be only six—four small case letters, two numbers, but too many places began having password minimum requirements, so I had to change it in order to not be constantly annoyed with internet security-paternalism all the time, for the sake of the inept.

A huge percentage of the Internet world is being needlessly scared to death over an ever increasing barrage of new “measures” in order to log into your own shit. It’s reaching diminishing returns for me. I might soon have to go back to a simple checkbook and paper bank statements.

Let’s put this in perspective. We’re talking about people so woefully ignorant in some cases, that they’ll break into a cold sweat over putting a credit card number into fields of a website (I’ve done it thousands of times, no problem ever—because I only do so on trusted sites I haven’t gone to from a link in email); but a dozen times per week or more, they hand their credit card to someone making six bucks per hour in some establishment.

What do you think is more likely for someone getting your credit card number and using it like a thief? Russian or Chinese hackers putting brute force computing worth thousands of dollars to hack your passwords; or, Jenny, that “nice” waitress? Actually, it’s probably neither. And, even those highly publicized hacks of big companies getting millions of CC numbers scraped pale in risk to you handing your CC to someone who takes it out of your sight (most restaurants) where they can not only get the number and expiration, but the code on the back (where billing address is still going to be an issue, so not really that viable, either). …In Europe, they’ve had chips in credit cards since I first went there in, 1989. I felt like a poor stepchild, in 1990—25 years ago—having to always sign, rather than enter a pin in their wireless swipers waiters would bring to your table.

Here’s what you’re not being told: It’s You!

The very vast majority of “hacks” aren’t hacks at all. They’re run of the mill “confidence schemes.” Old as the hills, now on a diet of Red Bull when it comes to the Internet.

To boil it down for you: 99% of the time someone gets into your stuff, it’s because you gave them your login or otherwise opened the door and invited them in. And, because of your utter ignorance, people like me now, increasingly, can’t even count on accessing our shit with username, password, or even a security question of where we first stopped beating our wife.

No, now we also have to be near a phone we’ve previously registered, where we can get a pin either by text or voice, and enter that. Good luck if you’re somewhere without cell service for your carrier.

These annoying measures are all touted as “for your convenience.” You know, “for your shopping convenience, the store is now closed.” In fact, what the companies don’t really want to tell you is that you’re probably too stupid to be on the Internet.

You believe everything you read; and so, you get an email that looks exactly like it’s from your bank, PayPal, or whoever. It contains—deliciously ironic—a dire warning about your account security, and you’re supposed to click this link and go to your account to receive an important message, change your password…or receive a free-gift redundancy. When you do, it will look just like the login page you would expect—assuming you actually have a critical brain cell expecting anything in particular. Adding insult: As soon as your account then gets hacked, you’ll chalk it up to them, not you. It’s beautiful.

…That’s how they get your logins, silly people. It’s called phishing. Thing is, it’s so easy to know every single phish that comes your way. Look at the from address. Look at the link address. This is kindergarten, “don’t talk to strangers” stuff, yet millions of you belly up to the bar every year and ruin it for the smart people.

And you still believe you’re being victimized (your ignorance and willingness to believe—like you were taught to believe in sky fairies—is at root), and that these companies are looking out for you (they’re socializing the burden or your ignorance to reduce costs).

It’s very simple: if nobody ever went to a login page from a link in an email, without exception, Internet security would be as simple as a username and short password and almost no problems would ever happen.

…This post was motivated by a kind of phishing I hadn’t seen before. I got an email from a guy who wants to advertise on the blog, but in the form of a sponsored page with unique URL. $200 per month. I reply: Send me the html (simple text code that’s easy to verify). He emails a PHP file (code that, unless you know PHP—I can rudimentarily futz with it in some contexts—could do a lot of nasty stuff to your site).

The point is, all of this security stuff is bullshit and annoying, and you don’t even need particularly complex passwords, or even different ones for everything: Why you don’t need long, complex passwords. Here’s the super-geek version that goes into maths.

What you need to do is understand that your ignorance and willingness to trust, and believe everything that hits your eyeballs is the root cause of all of this. Stop blaming it on others.

I would want to go back to a simple, absolute username and password. To sign up, you have to agree that the service “is not responsible for items you leave laying around.” Then, let fools and their money be soon parted. Darwinian.

After all, con artists, like lots of predators, serve a vital role in society. Ask any atheist.

Richard Nikoley

I'm Richard Nikoley. Free The Animal began in 2003 and as of 2021, contains 5,000 posts. I blog what I wish...from health, diet, and food to travel and lifestyle; to politics, social antagonism, expat-living location and time independent—while you sleep—income. I celebrate the audacity and hubris to live by your own exclusive authority and take your own chances. Read More

26 Comments

  1. rob on January 22, 2015 at 11:23

    I’ve been buying online since 1998 never had a problem. My receptionist is still scared to buy online, if she wants something she has me buy it then reimburses me.

    Meanwhile when the handle of the toilet in the office broke off I drove to Home Depot to buy a new one. Guess what? Russian hackers got my credit card info, had to get a new card.

    • Richard Nikoley on January 22, 2015 at 15:02

      rob:

      That’s slight on detail. Did you actually have charges on your card from Russians, or did your company just tell you that, cancel you card and reissue, because the law makes them liable?

      Hacking databases is something I began to cover in the post and took out because it wasn’t relevant.

      But here’s the thing: you can’t get a charge to go through anywhere except government (yea, all they need is number and expiration) without number, name on card, expiration, billing address and the 3-digit code on the back. I doubt any database has all this info all in one, and probably, parts are excluded by law.

      However, if a huge company gets a database hacked for CC numbers, then no matter what, that info is getting out, big story, and customers are going to go ballistic, so they cancel and reissue.

      I hope it happens so much that people get their numbers hacked daily, and CCs reissue daily, totally fucking up everyone.

      Perhaps then, they’ll get it right, because this state of ridiculous security is far worse then a kid in the dark being afraid of the monsters chasing him.

  2. Wenchypoo on January 22, 2015 at 13:06

    Internet security = oxymoron. I only buy stuff online at one location, and only use one credit card (the same one) while there. Never had a breach problem, never had a spam problem, never had an identity theft problem.

  3. Richard Nikoley on January 22, 2015 at 14:42

    “Internet security = oxymoron. ”

    Simply not true. You are at far more risk walking your dogs.

    Apparently, you don’t get it. Nor do most.

    Which is why I have to log in now using a cell phone, regularly. It’s because of the too-stupid and the too-fearful.

    You’re the latter. Thanks a lot.

  4. Todd on January 22, 2015 at 17:42

    The good ol’ DOS days. Think it was ’91-92 when we got our first computer. Got online about a year or two later with a lightning fast 14.4k modem. Mostly IRC and what limited games were online at the time.

    I’ve yet to have any information stolen.

    Off-topic a bit, but reminds of something I’ve been going back and forth on since I was broken into a few months ago: do you lock your car doors or not?

    • Richard Nikoley on January 22, 2015 at 19:03

      Gabs:

      I can hear you lafing now:

    • John on January 23, 2015 at 07:18

      And now, for my Jeep, I have this

      If someone can get in that, or take it, they win.

      Installs by removing the bolts holding the seat in, placing its attachment points between the seat and the floor, and reinstalling the bolts.

    • Richard Nikoley on January 22, 2015 at 18:06

      I do, and it’s probably a silly habit. Best to remove anything of value for your can and leave it unlocked so windows don’t get broken.

      When I lived in Japan, ’84-89, I never locked house or car. I’d go to sea for two, three, six weeks at a time–once for three months–and never locked either.

      Truly, locks are a kinda scam to keep honest people out.

    • gabkad on January 22, 2015 at 18:45

      ‘Truly, locks are a kinda scam to keep honest people out.’ Yup.

      The superintendent here told me the same thing after I complained that they took the rock away from being able to prop the back door open while I take the recycling (another scam) to the dumpster. Pain in the butt having to unlock the damn door on my way back into the building especially when there’s gale force winds…something to do with ambient wind and how the building is located…..

      He’s gone now and not one but two rocks are back. Rock on!

    • John on January 23, 2015 at 07:12

      I take the doors off my jeep all the time. Still hit the lock button on my key when I get out! There’s a compartment that can only be accessed by opening the tailgate – there are certainly people that might pull the handle and decide to look around, but wouldn’t otherwise break in. I’ve noticed old people like walking up to my Jeep and feeling around inside when the doors are off and I’m not standing next to it – I guess their eyes aren’t giving them enough information.

      A few years ago from a different car I had sunglasses and an iPod stolen right outside of my home, center console. Every now and then my key would hit something in my pocket and unlock the car without my knowing. I envisioned kids walking through the parking lot pulling door handles, then looking around.

      My grandmother left her car unlocked; it was kind of weird when one night someone was sitting in it eating her bag of popcorn. She was visiting our house, and my sister pulled up assuming the person in the car is our grandfather (very dark out). “Hey, where’s grandma?” “Oh, grandma’s inside!”

    • gabkad on January 23, 2015 at 16:40

      How do you find this shit?

    • Richard Nikoley on January 23, 2015 at 16:54

      Gabs:

      Step one, get a cell phone.

      you can’t find shit until you have a cell phone.

      BTW, my bro had a lockbox in his CJ as well.

  5. Douglas on January 22, 2015 at 18:29

    I hear you, except for reusing passwords. We have no control over whether site programmers are competent and store passwords properly (salted & hashed). A breach or fuckup on their end and someone else has your email/username and password pair in hand and can give it a whirl on every top1000 site on the offchance. All your streetwise computers could be switched off the whole time since you don’t get a chance to be involved.

    • Richard Nikoley on January 22, 2015 at 18:40

      Good point Douglass. I think you might mean not ever changing. I try to swap out my password every 6 months to a year.

    • gabkad on January 22, 2015 at 18:51

      i don’t pay bills on line and don’t bank on line. My paypal account is expired. It always amuses me how the ‘telephone company’ sends me emails that my credit card was no good and please contact them ‘click here’….. Or Revenue Canada sends me a notice that they owe me $300…. Ya gotta have an IQ of 3 below plant life to fall for any of this crap.

      The management here installed an ETM for people to pay their rent through that. My response: fuck you. I spoke with an employee of the company who told me ‘it’s not secure. Don’t use it.’ I mail a paper cheque to head office. Lo and behold some big shit happened. No more ETM. hmm. And I’m not going to have automatic withdrawal from my chequing account either. Screw them all.

    • gabkad on January 22, 2015 at 18:55

      i don’t pay bills on line and don’t bank on line. My paypal account is expired. It always amuses me how the ‘telephone company’ sends me emails that my credit card was no good and please contact them ‘click here’….. Or Revenue Canada sends me a notice that they owe me $300…. Ya gotta have an IQ of 3 below plant life to fall for any of this crap.

      The management here installed an ETM for people to pay their rent through that. My response: fuck you. I spoke with an employee of the company who told me ‘it’s not secure. Don’t use it.’ I mail a paper cheque to head office. Lo and behold some big shit happened. No more ETM. hmm. And I’m not going to have automatic withdrawal from my chequing account either. Screw them all. Don’t give a shit. I pay most bills the old fashioned way. Don’t like it? I’m not your customer.

      But I’m a freak. No cellphone. “OMG You don’t have a cellphone? What about if you have an emergency?” “I use someone else’s cellphone.” Holy shit, I’ve managed to travel alone all over the damn world (almost) without a cellphone. Why do I need one now? People have gone stupid.

    • Douglas on January 22, 2015 at 19:13

      In this respect it’s absolutely uniqueness per site that’s key. (Mass-) changing a password periodically is like checking under the bed for a ghost – a calming but unfounded action!

    • Richard Nikoley on January 22, 2015 at 20:03

      Ok, Doiglass.

      20+ years and counting using the same pword for everything. Yep, there’s a risk there.

      I don’t get phished, so otherwise, I’ll take the chances I can’t comtrol.

      …Gabs, you’re so lovably hopeless. 🙂

    • rob on January 23, 2015 at 06:08

      I do everything online, I can move funds from the brokerage account to the checking account with a single click, it’s great.

    • Richard Nikoley on January 23, 2015 at 07:50

      I haven’t written a check in decades. Early adopter of Checkfree as part of Quicken back in ’92, but now just use my bank’s bill pay directly, and PayTrust, a company that receives all your bills, pay with a click.

      I also use PayPal a lot.

    • gabkad on January 23, 2015 at 16:42

      A big fat juicy raspberry is going your way…. by regular post, of course. 😉

  6. Bret on January 22, 2015 at 19:52

    I would want to go back to a simple, absolute username and password. To sign up, you have to agree that the service “is not responsible for items you leave laying around.” Then, let fools and their money be soon parted. Darwinian.

    No chance. Your only hope of not getting your house, vehicles, and bank accounts confiscated by law enforcement for your failure to “protect” your customers would be for the federal, state, and county officials to butt heads and get into fights with each other over who had jurisdiction to take credit for ruining your business (and life) for not following the 4,500 pages of consumer assisted ass wiping regulation that “apply” to your outfit.

    • Bret on January 22, 2015 at 19:53

      I just got done watching a Stossel on a similar topic. Pessimism overflowing.

    • Richard Nikoley on January 22, 2015 at 20:30

      Of course you’re generally right, Bret.

      Let’s just hope that when the cats fight, doGs are around to break it up.

      http://youtu.be/hstLdzCg6l8

  7. Passerby on January 25, 2015 at 04:26

    Something tells me you’d appreciate this: http://xkcd.com/936/

  8. pzo on January 27, 2015 at 16:06

    First computer experiences, a Toshiba laptop and selling a few computers to offices, 1988. A lot between then and now, obviously. In the early days of going online, “paulvzo” and a simple, unique six letter password was good enough for everything. It was good enough for Hostgator and GoDaddy way back when they were small unknowns.

    Nowadays, the short words are taken for usernames. The beginning of the end of simple passwords started with my credit union started insisting that I had numerals to my password. From that time, maybe ten or twelve years ago, I’m now forced on some sites to use both upper and lower case letters, numerals, and “special characters.” Usually these are sites no one would hack into or care about, of course. Worse than the banks, which at least have a justification for that.

    In all these years, and fifteen with my own domain, the latter got hacked and became a conduit for spam. Hostgator shut me off, I got back in with their great CS, and now run a very hard to crack password.

    Other than that, despite even more years of eBay and PayPal and Amazon and everyone else, not a bit of a problem.

    I am a moderator on a 630 person neighborhood newsgroup. Someone will post something, and second person just hits Reply, as if it goes back to the OP. Despite asking our neighbors to PLEASE don’t hit Reply unless you want it to go to the whole group, some people just can’t be trained. And some of them are very, very smart.

    Revoke their Internet Licenses!

Leave a Comment

You must be logged in to post a comment.

YouTube1k
YouTube
Pinterest118k
Pinterest
fb-share-icon
40
45
Follow by Email8k
RSS780