You are viewing jaylake

Lakeshore - [personalcancer] In other news...
An author of no particular popularity

Jay Lake
Date: 2013-02-01 07:53
Subject: [personalcancer] In other news...
Security: Public
I got identity scammed twice in the last twenty-four hours.

The first was a suspicious debit card transaction on my checking account which showed up yesterday. A very small, even numbered amount, from a business I patronized regularly, after I had not been in for about two weeks. I called them and they had no idea what it was about. I called my credit union, where we decided the whole was just odd enough to be worth cancelling my debit card under the theory that someone was a running a test transaction. The resulted in a visit to credit union branch yesterday evening, after which Lisa Costello and I had a rather nice dinner at Portofino, as it was just down the block from the branch.

The second was this morning, when I sleepily clicked on a link in a Twitter DM and was asked for my Twitter password. As some Web sites somewhat routinely require me to re-log in, I didn't think about this until the password failed, and I looked at the URL. It was 'iftwitter' etc., but otherwise used Twitter's design scheme, etc. Luckily for me, I was inputting the wrong password. Unluckily for me, that password is valid at certain other places. I've been on the Internet since the early 1990s. I know better. Sigh.

Meanwhile, yesterday I got the staples taken out of my belly. They were starting to hurt more than the incision, and their puncture wounds were becoming inflamed. Having thirty-two staples removed is like being jabbed in the belly with a hypodermic needle thirty-two times, with bonus points for the ones my skin had started to overgrow. Still, I feel a lot better.

Before and after photos under cut, for them what's curious:

IMG_4032
Before: Adagio for surgery wound with staples

IMG_4033
After: Sonata for surgical glue and Steri-Strips

IMG_4034
The cache of staples, brought home as a trophy

Photos © 2013, Joseph E. Lake, Jr.

Creative Commons License

This work by Joseph E. Lake, Jr. is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Post A Comment | 12 Comments | Add to Memories | Share | Link



Bob
User: yourbob
Date: 2013-02-01 16:50 (UTC)
Subject: (no subject)
I got caught by the twitter thing too and input the correct password. And ran right off and changed the password. Fortunately it's not one I use elsewhere.
Reply | Thread | Link



Sean P. Fodera
User: delkytlar
Date: 2013-02-01 17:15 (UTC)
Subject: (no subject)
Sounds to me like someone was preparing to withdraw money from your account. You probably entered their radar by raising a sizable sum from fund-raising, and doing so very publicly. They may have run the test, and then hoped to land a bigger take when/if the fund-raiser monies hit your account. It's sad to think that there are people willing to victimize folks in your situation. I'm glad you we able to get on top of it quickly.
Reply | Thread | Link



Jay Lake
User: jaylake
Date: 2013-02-01 17:16 (UTC)
Subject: (no subject)
Yeah, my net loss is $4.50.

The funny part is that the fundraiser money is in an entirely different account not in any way connected to the one that was being tapped.
Reply | Parent | Thread | Link



Sean P. Fodera
User: delkytlar
Date: 2013-02-01 17:24 (UTC)
Subject: (no subject)
I don't know if that's funny, or lucky. I still suspect that's what caused them to ping you.

With regard to the password attempt, I came up with a mental "algorithm" that allows me to create unique passwords for each website or service I use. It rarely creates duplicates, and I almost never forget my passwords these days. I'd be happy to share it with you privately, if you think it would be of use to you.
Reply | Parent | Thread | Link



Jay Lake
User: jaylake
Date: 2013-02-01 17:26 (UTC)
Subject: (no subject)
Sure, shoot me an email. Let me see if it is 'sticky' for my brain. You have my address?
Reply | Parent | Thread | Link



Sean P. Fodera
User: delkytlar
Date: 2013-02-01 17:31 (UTC)
Subject: (no subject)
I've got it here somewhere. I'll pop you an email shortly.
Reply | Parent | Thread | Link



russ: lyles constant
User: goulo
Date: 2013-02-01 23:22 (UTC)
Subject: (no subject)
Keyword:lyles constant
I used to use such a "manual hash" system for a few years, but it suffers from having to remember maximum lengths at different sites and not letting you use anything besides letters and digits (since so many websites reject other characters), or else using a "lowest common denominator" approach, making all of one's accounts weaker to accommodate stupid websites which enforce maximum lengths and restricted password alphabets. And if you need to change a password at some site (e.g. because you fall for a phishing scam as happened here) then that site becomes an exception to your system which you must remember. And if someone happens to get several of your passwords, they will figure out your system.

So I changed to using truly independent random long strong passwords, stored in a password manager program (KeePassX in my case - I recommend it for Linux users! But there are versions for other platforms too.) and have been very content with that.
Reply | Parent | Thread | Link



TXCWBY
User: txcwby
Date: 2013-02-01 18:33 (UTC)
Subject: (no subject)
Staples look good, no unusual inflamation.

For the post surgical scarring, use silicon strips laid across the surgical field - it will minimize formation of scar tissue.

re: Identity theft. I do this for a living - information security.

Use LASTPASS, make sure you don't reuse a single password *ANYWHERE* on *ANY* service, and when you're doing things like web browsing, make sure you are using VMWARE, with a virtual guess machine that is instantiated from a read-only copy - this prevents any malware or trojan from egressing from the virtual machine environment and addresses concerns about data exfiltration due to malware.

Lastpass also runs on smartphone, so you're covered there as well, and it encrypts all of the credentials.

Kudos to you for catching the leadinng edge indicator - as a public figure, you are a target for sure.
Reply | Thread | Link



martianmooncrab
User: martianmooncrab
Date: 2013-02-01 20:04 (UTC)
Subject: (no subject)
why someone would want to hack your twitter account is beyond me.

Tapping your bank account, that I can see since you are under the influence of meds and you got a nice chunk of change donated to you (nothing like the ghouls taking advantage) so the criminals could get away with looting.

Nice staple bling, you can get that made into some pretty jewelry. Shame you didnt have to go through some security gate so you could show them off before removal.

Hope you feeling better, and healing up.
Reply | Thread | Link



russ: lyles constant
User: goulo
Date: 2013-02-01 23:24 (UTC)
Subject: (no subject)
Keyword:lyles constant
> why someone would want to hack your twitter account is beyond me.

One significant reason is that many people unsafely use the same password for many things. (As Jay himself admitted doing.) Thus getting many people's twitter password = getting their email password = getting their bank password = etc... It is far safer to use a unique password for each website.
Reply | Parent | Thread | Link



martianmooncrab
User: martianmooncrab
Date: 2013-02-02 04:54 (UTC)
Subject: (no subject)
under the for want of a nail, a kingdom is lost deal... yeah, like pulling a thread.
Reply | Parent | Thread | Link



browse
my journal
links
January 2014
2012 appearances