Security

Why I Just Closed my LinkedIn Account

So I just got an email from LinkedIn saying that someone wanted to connect. About half of these are spam from recruiters who I have no connection to, and the other half are actual people I've worked with. This one was an actual person who works on the same open source project as me, so I added him.

And then the LinkedIn site said (roughly) "Add your email password! So we can manage your contacts for you! It's secure (picture of padlock)."

Ahem:

1. This is phishing. You should never give your email password to any site (except your actual email provider, since you need it there to login). Your email password is the key to your entire online identity — if someone has your email password then he can, for example, look for emails from your bank to know which bank you use, then reset your online banking password and loot your bank account. (Of course LinkedIn is not actually planning to do that — but a rogue employee or someone who hacks into their systems might.)

Of course I'm not stupid enough to give them my password, but many people are. It's ridiculously irresponsible for them to ask for it.

2. Secure my ass. LinkedIn leaked 8 million users' passwords less than a year ago, because they were storing them in the database unsalted. Which is seriously negligent. They've probably fixed that particular bug, but there are probably plenty more.

3. They should know better than to put their marketing plans ahead of their users' security. They're not going to learn about security until it costs them users. So, scratch one user.

Rant
Security

Comments (0)

Permalink

Wendy's Drive-Through Scam

I was just scammed at a Wendy's drive-through window. I figured out what the guy was doing while he did it, but let him continue because I was curious and the amount of money was small.

This drive-through has a outside intercom, a money window, and then a food window. One person takes the order via the intercom. A second person takes the money and gives change. A third person hands you the food and your receipt.

So what the guy at the second window does is quote a higher price. (In my case, the order was $5.94 but he said $10.94.) The intercom isn't very great, and most of the people who work there have strong foreign accents, so it's quite possible that many customers don't hear the price correctly over the intercom, and even if they do and they correct him, he can just pretend they heard him wrong. If they don't object, he pockets $5. Assuming this guy is paid about $8 per hour, he only has to pull this scam twice per hour to more than double his income. If he does it often enough, he's probably making more than the store manager.

The critical flaws in Wendy's process that make this scam easy are:
1. The price isn't displayed on a screen for the customer, either near the order intercom or near the money window
2. You get the receipt at the food window, not the money window. So if you check your receipt against your change, you've already moved away from the guy running the scam, and now it's your word against his.

Note that most McDonalds do both of these things correctly. Perhaps this partially explains why McDonalds does a lot better than Wendy's financially, despite having much worse food.

Anyway, I called the store, asked for the manager, and explained what was going on. I'll go back to that Wendy's soon and see if the guy who ripped me off is still working there. If he is, I'm never eating at that Wendy's again.

(Note that if, even if he does get fired, he still wins big. It's not like he can't find another $8 per hour fast food job in about five minutes, and there's no record of how much he's stolen so they'll never get it back. He only loses if someone actually prosecutes him. But Wendy's loses big, from customers who realize they were ripped off and then never eat there again.)

Security

Comments (0)

Permalink