Dreaming of lime gerbils in a cheese sauce

I picked up 2 tickets for the Friday night show. Would anyone like to join me?

What have you done?

Didn't you learn from our disaster in 2010?

I note with some pride, or is it trepidation, that today marks the 10th anniversary of closing on my house in Seattle. I have never lived at any one address this long.

Please, do not just put my email address into a random web site you think I might like. Email me directly. I use specially-crafted email addresses for the few sites I chose to join. By giving them my main address you just make it harder for me to track things.... and pretty much ensure I won't be doing anything with that site.

In reply to the actual physical postal letter I sent United last month explaining that I'm not flying with them because of the TSA I received the following letter:

January 05, 2011

Dear Mr. Damon:

Thank you for contacting United Airlines.

I understand your concerns regarding security screening.

The Transportation Security Administration (TSA) assumed responsibility for security screening for all major U.S. airports, effective November 19, 2001

I will forward your feedback to our senior management, so they understand how the experience impacted your perception of air travel.

We appreciate your e-mail (sic) and hope to see you on a future United Airlines flight.

Sincerely,
(person name)
Customer Relations

Ok, for now I'm going to ignore the missing . after 2001 and failing to notice that I'd taken the time to actually write and post a letter instead of dashing off email. What I'm not going to ignore is the complete lack of saying anything meaningful. A.k.a a failure to communicate.

Hopefully that senior management will actually say something.

Na, not going to happen.

Yesterday I got a text message from Sprint:

"9569: To finish the PIN process enter the code on sprint.com ONLY. Sprint personnel will not ask you for it. If you shared it by mistake, call *2. ######## Call back #: #######"

Note the part where it says "Sprint personnel will not ask you for it" - their trick was to call as I got the page and say they are trying to track some service problem and ask me to read the 8 digit number. Thus directing my attention to the end of the page and skipping over the improtant security warning. I was distracted by what I was doing so I questioned it briefly but read him the number. I immediately received another message saying my PIN and "secret question" (note the sneer marks) had been accessed.

My suspicions were raised by this second message - Sprint should never need that information. They were confirmed when he called back asking for "just your first name on record, to confirm your identity". At this point I was no longer distracted but was paying attention only to the phone call. I asked him to prove he was with Sprint and he said he'd have his supervisor call me and got off the phone. Of course, no supervisor called.

The call came from 206-567-3943 (located on Vashon Island). The fact it wasn't a 1-800 number was another clue that it wasn't from Sprint.

Within seconds of the second call I was on the phone with Sprint. They confirmed they would never have placed such a call to me and transferred me to the fraud department - which, it turns out, was closed. I went to the web site and changed the PIN and question within a few minutes of the initial contact.

I think the only thing that "saved" me from being burned really badly was the fact that I used a unique PIN and question on that site. They shouldn't be able to use them for any other access. However, they did have access to my Sprint account which means they can find out other information about me (I'm not sure how bad the leak is yet, I haven't spoken with the fraud department yet). So far I don't see any new lines of service or long distance/international calls. I don't know if the sprint site would have required them to re-authenticate once I changed the PIN.

Social engineering is the most pernicious and most difficult form of cracking to fight. If I'd had (or taken) 30 seconds to read the text of the page instead of letting him direct me to just the part he wanted I wouldn't have been had at all. By keeping me distracted and knowing enough about the text of the page he managed to get the information he wanted.

The easiest way to stop this kind of fraud: If someone calls from your credit card company, phone company, or any other company, and asks you to read a number or otherwise interact tell them you'll call them back - and call back the main number, not the number they give you.

The registration page is up and available at http://www.casitconf.org/casitconf11/casitconf11/Registration.html.

United Mileage Plus
P.O. Box 6120
Rapid City, SD 57709-6120
USA

Premier #xxxxxxxxxxxx

Dear Sir or Madam,
As an examination of this year's records will show, I have done very little traveling with you — to the point where I will no longer be a premier customer next year. I have always felt that a regular customer should let a company know why they have reduced or stopped doing business.

In this case the cause can be traced to a simple acronym:
TSA
The TSA has managed to finish changing something I used to look forward to with joy-filled anticipation — travel — and turn it into not only something of a drudgery (the industry changes in the past 10 years did that, though premier status helped mitigate that a bit) but now something to be actively avoided. At this point I look forward to travel with about the same level of joy and anticipation I would a protracted visit to the dentist. With the deployment of the backscatter scanner and seriously invasive pat-downs my desire to go to other places via air has reached an all-time low.

If the supposed security represented by these activities were real I would probably be more willing to tolerate them but it is quite clear from the analysis that not only is it not helping to keep us safe but is instead actually achieving the terrorists’ aims of spreading fear, uncertainty, and doubt.

In conversations with friends who likewise were heavy travelers it has become clear to me that many of us are avoiding airline travel whenever possible. I have been doing most of my long-distance domestic travel by Amtrak. The one flight I took this year would have been booked on the train but time constraints prevented it.

It is my hope that the carriers, realizing the lost revenue unwilling travelers like me represent, will begin pushing back against the TSA and their security theater. You can get me back in the air by making it pleasant (or at least not actively unpleasant) to travel again.


Sincerely yours,
Lee Damon

I took a friend to brunch at The Georgian Room in the Fairmont Olympaian Hotel, one of the swankier places downtown. The price matched the swank but the quality and assortment were closer to Holiday Inn. Disappointing, won't be back. :-(

Reminder: The deadline for submissions is the end of this month. See http://www.casitconf.org/casitconf11/Call_for_Proposals.html for details.