BrainFuel

They use brick.

Well ok, so it wasn’t exactly social engineering. But what happened should be cause for concern for any major company.

The phone call went something like this…

Me: “Hi there, I’m Chris and I’m working with persons name on the project name and I don’t have a username and password to login. Can you help?”

Them: “Oh, ok, well what are you trying to do?”

Me: “Well, I’m just preparing a specifications document for the project name so we can accurately quote this and it would be helpful to see what the administration system looks like.”

Them: “Oh ok, I can give you the password…”

BAM! Within 2 minutes I had total administrative access to over 20,000 records and 10 – 20% of them have credit cards associated (in plain text! no encryption!). That’s scary! We’re going to recommend they create a standard operating procedure (SOP) that they use to verify information like this.

I was calling a major company I’ve worked with a lot (but under a separate company for most deals) and talking with someone I had never met and she wouldn’t have known my name. The person I spoke with was an assistant to an executive.

No wonder identity theft is such a problem. Anyone have a story like this?

For some background on this topic, read this great overview with some interesting stories.

What do you think of the new Dole web site? It’s a little over the top if you want my opinion. No, I take that back. It’s WAY over the top. I call it ugly and unusable.

Simply put: There’s too much going on: animations on the homepage, bright colors everywhere, and all of this ensures that nothing stands out.

PunBB looks like a nice alternative to all of the other bulletin board systems on the market today. It has less code, (supposedly) outputs valid XHTML, and driven by PHP. It even exports an RSS feed (since I know someone will ask).

“Our bombs are smarter than the average high school student. At least they can find Afghanistan.” — A. Whitney Brown (via Gary)

Just the other day White House Custom Colour redesigned its web site. I’ve ordered prints from them in the past and the quality is superb. One of the finest digital output companies anywhere. They gear their services towards pro photographers. The new site was quite nice and so thought I’d throw it in the mix.

Drudge today has a little headline with link to an article about how a women’s lacrosse team player wore flip flops to the Whitehouse to meet the President.

Here’s a picture (she’s on the left):

She didn’t think twice about the footwear until she got an e-mail – in all capital letters -from her brother.

“YOU WORE FLIP-FLOPS TO THE WHITE HOUSE????!!!!” he wrote after checking out the picture on the team’s website.

What do you think? Was it inappropriate? I think it’s funny how the President looks like he’s holding crutches.

When I read this article about how some new produce distributors are starting to laser burn info on fruit instead of using stickers I thought it was a pretty cool idea. What do you think? Do you think it will, um, stick?

From the NY Times (article):

A new technology being used by produce distributors employs lasers to tattoo fruits and vegetables with their names, identifying numbers, countries of origin and other information that helps speed distribution. The marks are burned onto the outer layer of the skin and are visible to discerning consumers and befuddled cashiers alike.

The process, government approved and called safe by the industry, may sound sinister. But it was designed with the consumer in mind: laser coding could mean the end of those tiny stubborn stickers that have to be picked, scraped or yanked off produce.