Categories
Rants

Offline Car Googling

Due to the untimely demise of my Polo Playa, I have now unexpectedly found myself in the market for a new vehicle. As far as my research goes, the following are options at the top end of my price range (in no particular order):

Volkswagen Polo 1.6 Comfortline – R136 350


Problem here is that a new Polo is being launched in July


Citroen C2 VTS – R145 000


Renault Clio 1.4 Expression A/T 5-dr – R137 995
or Renault Clio 1.6 Dynamique 3-dr – R 139 995


Toyota RunX 140 RT – R137 879


Honda Jazz 1.4 i-DSI Manual – R132 500

As for Opel Corsa, well their website is useless. Minus one point for them.

So here’s my question: which one? Or should a aim for something cheaper and quicker to pay off? The comments section awaits your input…

I needed a stolen car like I need Windows on my PC.

Categories
Rants

NGB 776 GP, Charcoal VW Polo Playa 1.4

My car was stolen in Rynfield, Benoni, Gauteng, South Africa on Saturday at around 13:30. Strictly speaking the colour is “Anthracite Blue”, but it looks more like Charcoal (dark grey to black).

If you do happen to see it, phone the cops, please.

Let’s hope the inevitable insurance chronicle is not a pain in the ass. I’m lost without my wheels – I feel compelled to return to varsity and do the lift scheme/lazing on the grass/partying thing.

Alternatively I could go and drive around the townships and informal settlements in the slim hope of some success.

Categories
Hacking Rants

Unofficial Standard Bank Credit Vetting

I have a problem with Standard Bank and the way they handle their Credit Card Division. Apart from their bumbling incompetence, I discovered a way to obtain all the balance details on a particular credit card. What’s more scary, the level of security is minimal.

Here’s how:
1) Dial +27 11 241 1000
2) Press ‘2’ for Balance and Payment details.
3) Key in the credit card number.
4) Press ‘1’ to confirm
5) Enter the first six digits of the cardholder’s ID number
(i.e. their date of birth – very lame security)
6) Enter the expiry date of the credit card.

All of the above information is extremely easy to socially engineer or otherwise obtain. And what is the benefit of doing this you ask? Well, You get access to the following details:

Balance outstanding for straight purchases.
Balance outstanding for budget purchases.
Available credit for straight and budget purchases.
Last payment date and amount.

Whatever made you think your credit record was private?

Categories
Rants

Computicket.co.za Provides Insecure Credit Card Transactions

Computicket, “South Africa’s leading ticket booking site” (?? say what?) has changed their online transactions system so that credit card payments are no longer secure when purchasing a ticket online. (And its not a “secure frame inside an insecure window” thing either.)

Furthermore, according to their “Terms and Conditions”
‘1.1 By purchasing tickets via this website, you expressly aggree :
3.4 You further indemnify Computicket and/or the promoters or clients for which it is acting as agent, against any claims in respect of any loss or damage resulting from or related to :
3.4.6 any breach of privacy or security by any person or entity;’

I think this is bullshit. Computicket should at the very least take responsibility for the security of your credit card transaction. They have just created a cheap cop-out here to indemnify themselves for their own poor business, web development and testing processes.

And here’s a nice image of the insecure page asking for your payment details.

An interesting thought is that most Computicket outlets are using a similar web-based interface when you do over-the-counter bookings. I wonder if those transactions are also being thrown around the net at random. Time to go fetch my crocodile- clip-to-ethernet connector.

Pity their support hours are pretty much 9am to 6pm from the looks of it. Frankly I couldn’t be bothered to warn them. I’ve done that too often and received a lot of flak. I’m not a frikkin babysitter. Or maybe I should – Why, you ask? For the benefit of all who want e-commerce to be successful in this country.

Categories
Freedom Hacking Rants Security

Reinhardt Buys engages me on my public comments

Dear Shaun,

YOUR COMMENTS ABOUT MYSELF AND BUYS INC. ATTORNEYS

First of all I would like to congratulate you… your guts to take on big companies and your blog / hacklist have stirred much needed public debate and will stand out as the high water mark for free speech rights in SA for a long time.

Comments on your blog and more recent comments by yourself on 2600.co.za made no secret of your dislike for me and Buys Inc. Attorneys in general. Your public criticism on some of our hack related press statements in the past was in many aspects correct and valid… we try and explain these issues to the general public in a manner that Joe Soap will understand. Your knowledge of these matters are way above our heads! (See https://dewberry.co.za/index.php?cat=14).

However, your recent public comments about our involvement with the Telkom matter are plainly untrue, vindictive and unreasonable. (See http://lists.2600.co.za/pipermail/hacklist/2004-August/005850.html).

Following similar comments on the myadsl.co.za website, the website operator gave us an opportunity to state our side of the story. I copy our reply and some of the follow up comment hereunder.

As a keen free speech supported I trust that you will give us the same opportunity to respond to the 2600 subscriber list and on your blog…?

I have never met you and you never made any effort to approach us when you publicly disagreed with us. I truly cannot think of anything we have done to harm you or those you care for.

Maybe you should pop into our offices for coffee?

I await your response.

Regards,

Reinhardt Buys

BLC LLB (Pret) LLM (Cape)

Buys Incorporated
www.buys.co.za
Internet, Media and IPR Law
Tel: (021) 461-7387
Fax: (021) 462 -7117
http://www.buys.co.za/Buys_E-mail_Legal_notice.PDF

My reply:

Hi Reinhardt,

First of all, thanks for not just slamming me with a defamation lawsuit or something.. 😉 Just kidding!

In thinking about it, my opinion of you and your firm has been dictated purely by the media perception created in press releases and comments made on various news articles. This is wrong, and I should have taken more opportunity to engage you directly on issues instead of flaring out with a comment in a publicly accessible space.

Obviously, as you point out, coming from a more technical background, and having an extreme passion for freedoms and liberties, it is easy for me to poke holes in some of those comments. However I am the first to admit that perhaps I do step too far and I should be careful not to make the attacks personal or unreasonable. I will endeavour to uphold that standard in future.

I noticed in re-reading of my comments I called your firm ‘Buys Media Whore Inc’. This is really a case of the pot calling the kettle black. I am just as guilty of ‘parading’ in the media, although I try to ensure that my motives in being outspoken and trying to ‘be the media’ are not for profit, but for freedoms (and probably for my fifteen minutes of fame), which may be where we differ. However, I do believe there is no reason why you should not use your media influence and expertees to promote your company wherever possible.

Untrue, vindictive and unreasonable against yourself and your firm my comments on the Telkom issue probably are. In that respect I am simply a frustrated end-user who cannot believe the arrogance of Telkom in their actions. Of course, the previous law firm they used proved they are not experts at trademark law (neither am I). Perhaps then I should have taken refuge in the hope that your firm was able to provide a more reasonable, more constitutionally correct opinion of the matter to Telkom. I will not remove the offending comments from wherever they are located, unless you specifically request me to do so, but I will be posting this email and other responses to correct my vitriolic outbursts on those forums.

Fear is probably the real force behind my actions and statements. I have a deep-seated fear that our technically illiterate judicial system will destroy Internet and other civil liberties without knowing it. As a law firm publicly involved in IT law, and expresssing your legal opinions quite widely, and having read some of Cyberlaw@SA (first edition) myself and seeing the lack of direction in IT law I got scared that your firm would be the one to help destroy those liberties by setting legal precedents. I realise now that even Adams & Adams can beat you at that, at least on trademark issues! 🙂

I apologise for having prematurely placed you and your firm in the enemy camp with my crosshair looming large. I look forward to engaging you and members of your firm in interesting discussion and debate on legal matters in future. And if I’m in Cape Town (I’m a simple Benoni boy) at any stage in the future, I will be sure to come and sponge some coffee off you fancy lawyers. Alternatively if you are ever at your Jozi office I would be eager to catch up with you there.

Thank you for extending the olive branch – you definitely have at least as much guts as myself, if not a lot more.

Best wishes,

Shaun Dewberry
www.dewberry.co.za