I just discovered a disturbing real-world vulnerability by accident.
A couple hours after checking in to my hotel, I went back to the front desk and said "I need to add someone to my room because her flight gets in late this evening." The clerk asked my room number, and I told her and also said my name. A few seconds later, after asking me to spell the name to add, there's a new name on my room reservation. Nowhere in this process did she check my ID.
Did I accidentally socially engineer my way into adding an unrelated name onto a room reservation?
Minor moment of panic at the ticket counter trying to get a boarding pass when they said I need a visa before I can check in to the flight to Australia.
Turns out the visa "application" process was just filling out a web form on my phone, and it was "approved" immediately. I was worried I was gonna have to wait a full business day or something but guess not!
Also kind of weird is the ticket agent just had to check a box that said I have the visa, and that person would be fined $5000 if they were wrong. Seems like not the most ideal way to enforce that but okay.
This @jack situation is making me rethink my phone number strategy. I've been treating my SIM number as disposable and easily replaceable, where the number I use for 2FA is a google voice number. But now I'm thinking treating my SIM number as a password is a better plan.
Having one of those moments where I feel like I need to tear up my entire office and living room and reorganize things and get rid of clutter, but that is not a project I should start at 5pm on a Sunday
19 likes8 replies1 mention
the home automation experiments continue tonight...
now attempting to disable the on-board bluetooth of the raspberry pi and replace it with a USB dongle to see if that improves things
So far out of all the home automation devices I've connected to this Raspberry Pi, the most reliable ones have been 433mhz transmitters and ESP32s on wifi. I've been getting spotty performance of Bluetooth and Z-wave devices. Could be that the Pi isn't powerful enough, or could be because simpler is just better.
Over the past few weekends I've been overhauling my home automation systems. At the core, as I decide what to buy and how to configure it, there are three primary principles:
• Manual override: Everything automated has to still have the ability to be controlled manually • Keep it at home: No "cloud" services unless absolutely necessary (e.g. push notifications to a phone) • Open: Avoid vendor lock-in, use open source and open protocols where possible
So far, I've removed my Dropcam (acquired by Google/Nest), removed SmartThings (acquired by Samsung), and replaced everything with the best alternatives I can find, and making a few sensors myself as well.
It's been a fun experience for sure! Not something I would recommend as an "out of the box" solution, but I've learned a lot, and have a lot more ideas still! I'm planning on doing a full writeup once I get a few more things hooked up.