[QUOTE=Nick;531170]Could you have paid by letting him photograph a banknote instead?[/QUOTE]
Bwaa, haha, it reminds me of a story I read long ago (maybe it was on this forum too?) about a guy getting a radar photo for speeding up, then he made a photo of a $x banknote (was it 20? 50? no idea, the smallest covering the fee to pay) and sent it as payment. After a week or so he got a photo with a pair of handcuffs, then he went and paid the bill... :smile:

[QUOTE=Dr Sardonicus;531207]If someone offered [I]you[/I] a picture of a banknote in payment, would [I]you[/I] accept it?[/QUOTE]
Yes, the joke was weak but the underlying point was serious: who bears the additional risks introduced by this protocol change?

Here in the Netherlands, checks/cheques have never been widely used.
You fill in a bank form a bit like a check but then send it to your own bank instead.
They transfer the money along with a reference number you agreed with the recipient, identifying the transaction.
This keeps the risk of fraud lower.

[QUOTE=Nick;531242]Yes, the joke was weak but the underlying point was serious: who bears the additional risks introduced by this protocol change?
<snip>[/QUOTE]
If there's a problem with payment, I (and my bank) will make darned sure it's the payee's or their bank's problem -- not mine.

I have only ever had two problems with a payment by check.

One apparently involved theft, and was resolved by sending the payee (a company) images of the canceled check. It turned out that an employee had (somehow) negotiated the check and pocketed the money. How that had happened and what to do about it weren't my problem. I had documentary proof that I had tendered payment to the company and someone else had taken the money, and I was in the clear.

The other involved a clerical error. I got a demand letter claiming I had made only part payment in an amount not matching the amount of my check. I called my bank to verify the payee, the amount of my check, and when it had cleared (my bank statement hadn't come yet), and then called the payee to straighten things out.

I always put something in the "Memo" section of my checks specifying the nature of the transaction.

I am actually more bemused by the process by which a check is turned into a "E-check" at a store. I get my check back, along with a paper receipt, which is nice. But it seems that all the payee really needs is the check number, the account information, and the customer's signature entered electronically on a pad. A grocery store clerk informed me of this, when, as I was busily filling out my check, he said I didn't need to fill in the payee, the amount, or sign the check. It probably didn't occur to him that he was literally asking me to offer a [i][b]blank check[/b][/i] to pay for my groceries...

[url=https://www.washingtonpost.com/nation/2019/12/12/she-installed-ring-camera-her-childrens-room-peace-mind-hacker-accessed-it-harassed-her-year-old-daughter/]She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter[/url] | WaPo
[quote]Several Ring users nationwide have reported that their security systems were also infiltrated by hackers who harassed them through the camera’s two-way talk function. (Ring is an Amazon product. Amazon chief executive Jeff Bezos owns The Washington Post.) A spokesperson for Ring told The Post in a statement early Thursday that what happened to the LeMays ‘is in no way related to a breach or compromise of Ring’s security.’ The ‘bad actors’ behind the attacks ‘often re-use credentials stolen or leaked from one service on other services,’ the spokesperson said. Ring has addressed the other reports of hacking with similar statements.[/quote]
LOL, love the "no breach" denial by the paid liar, erm, spokeperson.

[url=https://arstechnica.com/information-technology/2020/01/smart-scale-goes-dumb-as-under-armour-pulls-the-plug-on-connected-tech/]Smart scale goes dumb as Under Armour pulls the plug on connected tech[/url]

Actually the title is misleading. The "smart" scale doesn't just go dumb, it goes dead.[quote]Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights.[/quote][url=https://www.inputmag.com/tech/using-legacy-sonos-devices-with-modern-ones-will-nix-all-updates]Using 'legacy' Sonos devices with modern ones will prevent any future software updates[/url][quote]The reason this is the case is that a multi-speaker Sonos system requires all devices to operate on the same software and older products “do not have enough memory or processing power to sustain future innovation.” Thus, as Sonos explains in an email to customers, “If modern products remain connected to legacy products after May, they also will not receive software updates and new features.”[/quote]It's just a speaker FFS. What sort of mega processing does it need? Oh, yeah, I forgot, it probably also has a microphone and camera and reports back to the maker to spy on you or something. I don't know of course, but I can't imagine what else it could be.

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
 

[URL]https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/[/URL]
[QUOTE]A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.
The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the [URL="https://en.wikipedia.org/wiki/Telnet"]Telnet service[/URL], a remote access protocol that can be used to control devices over the internet.
According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.
These types of lists -- called "bot lists" -- are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.
These lists are usually kept private, although some have leaked online in the past, such as [URL="https://www.bleepingcomputer.com/news/security/someone-published-a-list-of-telnet-credentials-for-thousands-of-iot-devices/"]a list of 33,000 home router Telnet credentials[/URL] that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date.

[B]Data leaked by a DDoS service operator[/B]

As ZDNet understands, the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.
When asked why he published such a massive list of "bots," the leaker said he upgraded his DDoS service from working on top of IoT botnets to [U][B]a new model that relies on renting high-output servers from cloud service providers.[/B][/U]
[/QUOTE]

[QUOTE=kladner;535799][URL]https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/[/URL][/QUOTE]
From the article (my underline)[QUOTE][I]ZDNet[/I] did not use any of the username and password combos to access any of the devices, as this would be illegal -- hence we are unable to tell [B][U]home many[/U][/B] of these credentials are still valid.[/QUOTE]For some reason, this looks very funny to me... Did they use a dictaphone, or what? (I guess, due to the similarity of the sound)

More on the silver lining - for the spy agencies - in the cloud:

[url=https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT]Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources[/url] - Reuters
[quote]The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.[/quote]

Luckily, nature - or in this case, hackery and spycraft - has a sense of irony:

[url=https://www.bloomberg.com/news/articles/2020-01-21/saudi-crown-prince-hacked-bezos-s-phone-the-guardian-reports]Saudi Crown Prince Hacked Jeff Bezos’s Phone, Analysis Suggests[/url] | Bloomberg

Light Commands
 

Control your Internet of :poop: with light.

Or better yet, let someone stranger control your Internet of :poop: with their light.

[url]https://lightcommands.com/[/url] [quote]Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.[/quote]

Install ALL the apps
 

[url]https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers[/url] [quote]Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system. In the past, we’ve illuminated the mismanagement of user information which has led to data breaches, and the attempt to place the blame for such blunders at the customers’ feet.

This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship. As we’ve mentioned, this includes information about your device and carrier, unique identifiers that allow these companies to track you across apps, real-time interaction data with the app, and information about your home network. In the case of MixPanel, it even includes your name and email address. This data is given to parties either only mentioned briefly, buried on an internal page users are unlikely to ever see, or not listed at all.[/quote]

We don't care what you think. We WILL collect your data so FU
 

[url]https://www.theregister.co.uk/2020/01/29/ubiquiti_data_collection_policy/[/url] [quote]The page states that while users can continue to eschew having their "personal data" collected, their "other data" – anonymous performance and crash information – will be "automatically reported".[/quote]Is there no respect left in the IT industry?