83°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Aaron Parecki
    I just discovered a disturbing real-world vulnerability by accident.

    A couple hours after checking in to my hotel, I went back to the front desk and said "I need to add someone to my room because her flight gets in late this evening." The clerk asked my room number, and I told her and also said my name. A few seconds later, after asking me to spell the name to add, there's a new name on my room reservation. Nowhere in this process did she check my ID.

    Did I accidentally socially engineer my way into adding an unrelated name onto a room reservation?
    Melbourne, Victoria, AUS • 53°F
    Wed, Sep 18, 2019 9:00pm +10:00 #travel #hotel
    3 likes 1 repost 4 replies
    • Katherine M. Moss
    • booklord 。
    • testingwithfire
    • testingwithfire
    • Amit Gawande www.amitgawande.com

      I think people in customer service are a lot more wary of not displeasing their customers — even more so in hotels with their guests. This fear does expose them to being prone to social engineering. I believe they are trained to quickly move on from the problem to the solution they can provide — makes them trust others easily. I hope they are also trained to not be careless doing that.

      Fri, Sep 20, 2019 2:39pm +10:00
    • Katherine M. Moss cambridgeport90.net
      That’s a hard one; I can think of many places where they don’t check IDs and they definitely ought to. My friend goes to our datacenter to do server work most of the time, and we had to switch centers for the very same reason. I feel you.
      Wed, Sep 18, 2019 7:41am -05:00
    • dominik mastodon.xyz/@dominik

      @aaronpk this and the airport story from yesterday mostly tells me that Australians aren't as paranoid as Americans.

      Wed, Sep 18, 2019 12:25pm +00:00
    • Vika fireburn.ru
      Maybe the clerk has remembered your face?
      Wed, Sep 18, 2019 11:44am +00:00
Posted in /notes using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv