Welcome!
If you have an account, please:
Log in

Unscrewed: The Consumer’s Guide to Getting What You Paid For

Unscrewed: The Consumer's Guide to Getting What You Paid For
(See online!)

This book is very similar to another of my favorites: How to Complain for Fun And Profit, but the difference is that the complain book is about getting resolution for being treated badly, bad customer service, or otherwise making a case for why a company should consider giving you a break/a pass/or exception.

Unscrewed is a lot more aggressive, but effective in situations where a company owes you something, but refuses to comply. It's not for the weak of heart, but it does give you techniques to get resolution quickly and effectively as long as you are willing to hold their feet to the fire.

For those who are resolute not to be taken advantage of, this is a must have.

Tags: , , , , ,

What Does Lexis Nexis Know About Me?

Lexis Nexis - The bottomless pit of user data
(Image used under: Creative Commons 3.0 [SRC][Mod])

LexisNexis (which acquired ChoicePoint) is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.

It might be a good idea to find out what's in your report, but it turns out neither simple web searching or LexisNexis themselves do much for listing out all the types of data they know about you. Well here's the list of information they had (or could have had) from my personal LexisNexis dossier:

Auto/Property Insurance Records:

LexisNexis is tied into the "Current Carrier" insurance information system used by insurance companies and agencies when deciding to issue you a policy. Think of it like a "credit report for insurance".

This includes 7 years worth of:

  • Name of insurance company
  • Your policy number
  • Type of policy (auto, boat, fire, quake, tenant, home, etc).
  • Risk type (standard, preferred, facility, etc).
  • Policy start date
  • Policy termination date and reason for termination
  • Names of each subject found on the policy

For auto, this also includes:

  • Insured vehicle (including VIN, year, and make)
  • Type of vehicle
  • Coverage amounts

For property, this also includes:

  • Address of property
  • Eviction records

Personal information that may be included

  • Date of Birth (partially omitted; ex. like 06/##/1970)
  • Sex
  • Social Security Number (Minus the last four digits)
  • Driver's license number (partially omitted)

"C.L.U.E"® insurance loss information reports (apparently reports on whether you're a high risk person or not)

"Esteem" report

This report lists circumstances relating to theft while working at a retail company (admitted or convicted).

In my case, this was of course blank so I don't know specifically what data items would have been included. Most entertaining, there's a line in the report that reads "If you believe we should have information about you in our Esteem Database, let us know"…. Wow.

Background Investigation

If any company ever pays LexisNexis to perform a background check on you, LexisNexis will keep the information for future sales purposes. This may include your full date driving record and your personal credit file.

Screennow ® report

This report shows results of a national criminal records search.

Public Records

  • Professional licences held (Doctor, lawyer, pharmacist, barber, insurance agent, pilot, etc)
  • Address history
  • Deed transfer data
  • Aircraft registration
  • Loan information (where the loan was secured with collateral: i.e. a car)
  • Bankruptcies, liens, and judgements
  • Controlled substance license (in case you want to know who can legally get illegal drugs)
  • Business affiliations – When you're an officer or principal of an incorporated company
  • Significant shareholder records

Employment history

They claim they'll only have history of employers who previously asked LexisNexis to do a background check on you.

Does that make you uncomfortable?

Data brokers are just a business like any other, but as the credit report companies proved, buying and reselling data carelessly leads to disaster. Considering that these reports are FAR more detailed with a much wider variety of information, I can only imagine the consequences of allowing them to proceed as they have been.

Fortunately, you may not have to.

I was able to order my report using this webpage. I believe that doing so would be a good idea, but after that, make sure to also use their opt out procedures if you can.

It turns out that they'll only let your data go if you can prove that you're an identity theft victim or in imminent danger of bodily harm (police officer, public officials, etc). But it's easy to understand why they make it hard. After all, why would you set free one of your prize milk cows for no good reason?

In the end, I hope that strong regulation is introduced before we reach a problem like we did with identity theft.

Tags: , , ,

OnStar To Spy On People

(Image used under: Creative Commons 2.0 [SRC][Mod][Comp])

OnStar was recently admonished by several senators for its plan to spy on people (even non-customers).

OnStar is apparently hoping to create a new revenue stream by collecting data about the movements of OnStar-equipped cars. Obviously, this data set will be more comprehensive—and, therefore, more lucrative—if it includes data from former OnStar subscribers as well as current ones. In an announcement e-mailed to subscribers earlier this month, the company said that, starting December 1, it would continue collecting data from subscribers even after they cancel their service. OnStar also said it reserved the right to sell aggregated and anonymized data to third parties.
Tags: ,

Citibank Unable to Afford Secure Web Design

Really Citibank?

When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak security. This has just become my new go-to example.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.

What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:

http://www.citibank.com/account.asp?were=dumbbell&we=shouldhaveknownbetter

One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Given that this kind of issue is one that security professionals have known about and handled for more than a decade apparently large (and rich) companies can somehow manage to forget the basics.

Source

Tags: , , , ,

TSA Nude Scanners Coming To American Malls

You're kidding, right?

So…

Wait.

What now?

A Yahoo article says that because women's cloths sizing is hard, they're going to nude scan them to figure out what they can wear. Seriously!?

Ms. Shaw, the entrepreneur, is chief executive of a company called MyBestFit that addresses the problem. It is setting up kiosks in malls to offer a free 20-second full-body scan — a lot like the airport, minus the pat-down alternative that T.S.A. agents offer.

Lauren VanBrackle, 20, a student in Philadelphia, tried MyBestFit when she was shopping last weekend.

“I can be anywhere from a 0 at Ann Taylor to a 6 at American Eagle,” she said. “It obviously makes it difficult to shop.” This time, the scanner suggested that at American Eagle, she should try a 4 in one style and a 6 in another. Ms. VanBrackle said she tried the jeans on and was impressed: “That machine, in a 30-second scan, it tells you what to do.”

That's cute. A strip search in the name of getting something to wear? So instead of wasting millions on this disrobing plan, why not standardize women's clothing and use inch measurements like men's clothes? How's that for an idea?

How long until someone hacks these poorly protected machines to record copies of all women scanned and the photos show up on the Internet? Will you put your teenage daughters in them?

This is so, so stupid, I can't believe it's actually true. I really hope this doesn't catch on because if it does, my faith in humanity will suffer yet again.

Tags: , , , , , ,

RFID Chips in Hotel Towels

As anyone who reads much of my site knows, I'm not a fan of how RFID is being implemented. However, I'm not against the technology itself as it has many practical uses. For example, some hotels have begun putting washable RFID in the towels and bathrobes to keep people from stealing them.

Since the RFID towels have no privacy invading purpose at all and serve deter self-entitled punks who think it's ok to take hotel items, I will offer my tentative support for this. The main concern is feature creep meaning that depending how they implement this, they may also know which towels you used and when. I can't really see the hotels bothering to do so, but if they did, that would be crossing the line big time.

Source: http://intransit.blogs.nytimes.com/2011/04/11/gee-how-did-that-towel-end-up-in-my-suitcase/ (H/T to The Consumerist for the link)

Tags: , , ,

PS3 Versus the World

Sony has been going crazy trying to keep clever users from unlocking the PS3 to run homebrew (like the Wii hack which I love!).

First of all, companies are trying everything they can, but in the end it won't amount to much. Consider that all it takes is one person anywhere in the world to figure out the encryption codes (not the real name, but it's simpler) who then shares it online (like in this hilarious example where a user tricked a Sony spokesperson into sharing a PS3 related code to his audience of thousands on Twitter!).

And yet companies get increasingly difficult and stupid about trying to protect their games which only makes things harder for the legitimate users (obligatory comic referencing this concept). All I can say is good luck Sony.

Tags: , , , ,

WellPoint Data Breach Due to Carelessness

Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

Tags: , , ,

Kellogg’s Cereals Ordered to Stop Lying… Again

Liar, liar...

Would it surprise you to know that sugary cereals really aren't healthy? Sure! They have a vitamin or two and probably some kind of grain buried under all the fat and sugar and chemicals, but why pay attention to that?

Instead, Kellogg's corporation has been busy touting the healthy benefits of their kid's breakfast "foods":

Kellogg has agreed to expand a settlement order that was reached last year after the FTC alleged that the company made false claims that its Frosted Mini-Wheats cereal was “clinically shown to improve kids’ attentiveness by nearly 20%.”

At about the same time that Kellogg agreed to stop making these kinds of false claims in its cereal ads, the company began a new advertising campaign promoting the purported health benefits of Rice Krispies, according to the FTC. On product packaging, Kellogg claimed that Rice Krispies cereal “now helps support your child’s immunity,” with “25 percent Daily Value of Antioxidants and Nutrients – Vitamins A, B, C, and E.” The back of the cereal box stated that “Kellogg’s Rice Krispies has been improved to include antioxidants and nutrients that your family needs to help them stay healthy.”

What did they get for such a misleading and blatantly manipulative campaign? An order from the FTC to stop making claims without proper scientific backing. Ooooh! Burn!

Tags: , , , , ,

ACLU and EFF to Cripple RIAA Lawsuits

(Image used under: Fair Use doctrine)

While I don't support downloading music and movies instead of buying them, I also don't support abusing the legal system to bully people and make money. The RIAA has been doing just that for a long time according to several consumer groups.

In this case, the The American Civil Liberties Union - ACLU and the The Electronic Frontier Foundation (EFF) are arguing that when the The RIAA - Who They Are In a Nutshell sues thousands of "infringers", they have to file thousands of separate lawsuits and not just one.

Filing one is cheaper and easier, but makes it harder and is unfair for the victims… er, I mean defendants.

If the court adopts the approach suggested here, the costs of the current anti-P2P litigation strategy could become untenable. If each anonymous defendant requires several hundred dollars in filing fees, individual paperwork, individual subpoenas, and detailed information on their alleged distribution, settling for a mere $1,500 doesn't sound so hot.

Let's hope for the best. Leave people alone and worry about pirating organizations and criminal groups instead.

Source: Ars Technica

Tags: , , , , , ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog