Month: March 2020

Using a From Email Address as Validation is Not a Security Measure

by

I have been on a mission as of late to migrate all of my login details for account’s I use email from one domain name I have to another. I decided to stop using the main domain name I have been using for years. One of the main drivers was cost. It’s pretty expensive each year to own it. It is a country specific one and not cheap like a .com. It is also no longer as relevant for me.  I  loved its simplicity. It just didn’t make sense to keep having it long term.  It is paid for through 2021 or something. I have time to confirm I’ve captured every account and moved it.

In the process of doing this I am also closing accounts I don’t need anymore. It’s a great spring cleaning in the autumn. I originally wrote this in the fall of 2019.

When I attempted to change the email address I used with NordVPN I realized they do not have an option to do that in their online portal. I have  come across this issue a bunch of times going through this change process. Eventhough it’s annoying I typically open a case to request a change and its done pretty quickly.

For my own security reasons I use a unique email address for every account that I create online. This allows me to know when my information is being sold or if an email is authentic. It also protects me if one provider is compromised and the account details are sold or published online. There’s lots of times where I recieve a message that looks semi-legitimate. It is only when I look and see it’s going to a completely different email address than I gave them that I know it’s fake.

This setup makes things more secure from fishing or other exploits. The downside is it is not so straight forward to get a message via one of these aliases I setup and reply back easly.  That is because my email provider Protonmail charges for each alias you use.  To get around that I use their catchall feature.  I can have unlimited inbound email addresses. The catch is I can only reply back coming from only 5 of them. Most of the mail I get other than personal mail I don’t really need to reply to. The trade off is worth it for me most of the time.

In this instance with NordVPN I was asked to reply to the support case via email. Ussually in this situation what I typically do is I have an email program that allows me to send outbound mail and I can edit an alias to match the email address I’m using with that vendor. It’s slightly annoying however if I don’t have to do it often it’s not that big of a deal.

There were challenges in validating my account with the NordVPN. That required several emails back and forth. In one instance when I was away from my desk I got lazy and just replied from my generic catchall address. That exposed my default address to the vendor. I wasn’t that concerned about revealing that address to them however it was sloppy for me. What was silly was their reply. After two more rounds of back-and-forth I was told I need to send a response from the original email address since that was the one on file with them.

What seems silly to me is this company was relying on an email “from address” as some sort of security validation? Whenever I do send them mail  I’m literally cutting and pasting the contents to a new message and spoofing the address. Anyone can do that. Yet somehow they feel that if I  recieve their message it isn’t enough. In my case i am spoofing an address of my own so thats not bad.  What is bad is mail spoofing is super easy and this company somehow thinks its a securty function to get mail from a specific address.

If you are going to insist on a security measure why are they not having a secure ticket portal that my login to their service gets me into?  Or a built in chat system within their app amoung other things that are more secure than email.

I found this whole experience dealing with this VPN provider to be very frustrating. I am only writting about it because of the hypocritical things they said.  Do not tell me you are a security company and then rely on a “reply to” as a validation you are speaking to the right person.  Another thing they did was they wanted me to send old credit card details in cleartext email.  Yes the card was 2 years old however still dont say you are a security company and ask for PII in a clear text email.

The situations been sorted. I have updated my email address eventually. I’ve been using NordVPN provider for years. This extremely poor experience has left me looking for a new provider when this one runs out. It’s partly due to just the bad communication back and forth. And part of it is the hypocrisy of claiming that they are a security company and doing some of the most unsecure methods to communicate.

UPDATE: Just as I started to write this post in late 2019 it came out that NordVPN had two seperate public incidents where they were compromised. That along with this story got me to move providers 4 months before my contract term ended with NordVPN.

Enhanced Working From Home Now With Snacks

by

On day one of our Social Distancing (last Thursday) M made popcorn for the girls on their first day of home schooling. I got to get some too. Before social distancing made working from home WFH a common thing for everyone I never got treats. The staying inside most of the time isn’t great but the treats are at least a nice touch. Thanks M!

My 17th Blog-aversary

by

If my blog was a person it would be able to drive. I cannot believe I have been keeping this Blog since March 2003. It feels like yesterday and a lifetime ago all at the same time. There were plenty of times I didn’t write much for months. There were other times where i was posting several times a week. I am happy with my queue of ideas and 1-2 posts a week. As it was in 2003 this site and writting has been a great relaxing outlet…

Notable posts, my first post ever. Then my first post I actually wrote anything meaningful.

Another notable detail that is only semi-geeky to talk about today is as of today I have well over 2,500 posts.

It’s Not You Fitbit, it’s Google, So I Guess it is You

by

When I last wrote about my Apple Watch Series 3 I thought I solved the challenge around using the smart watch versus a regular watch. The solution was to use both. Since then I’ve continued to use the Apple Watch as just a data device on my right wrist. I wear the regular one on the other. Surprisingly not many people even notice I am doing it. After a while I got used to it and it second nature now.

When the Apple Watch Series 4 came out the upgrade didn’t seem compelling enough for me to upgrade. I was tempted with the bigger screen but not enouhg to buy a new one for that reason alone. When the series 5 came out I was intrigued. The always on face was the single biggest issue I had previously with Apple Watches. Now that I can look at it and the time is always visible without having to lift it to my wrist and wait for it to light up. The always on plus the bigger screen on the smaller model was enough to make a compelling case for an upgrade. I treated myself to the 40 mm version.

When I bought my Series 5, the plan was to sell my Series 3 on eBay. I always try to make some of my purchase price back. One of my friends at work suggested using the Series III as a sleep tracker. I have been using my Fitbit for that. Until then I was happy with that solution. Then right around the time I was thinking about the new watch Google announced they were buying Fitbit. That immediately got me wanting to find a replacement for my Fitbit. I want to minimize as much Google exposure as possible. The thought of them having my health data was not cool.

The Fitbit sale development got me wanting to try my friends suggestion about using the watch as a sleep tracker. My issue was I did not want to use the same watch I used during the day, then all night. I was afraid I would forget to charge it right before bed and again in the morning. I would need to do both in order to get a full day and night sleep out of it.

I hesistated to waste potential extra money by not selling the Series III. That was until I tried to trade it in. The research I did said if I was lucky I would get hundred pounds out of it. If I wanted the dedicated sleep tracker I probably have to spend around that amount of money anyway. I wasnt sure of a good Fitbit alternative either. I opted to keep the Apple Watch Series 3 and see if it would work as a sleep watch.

I did a bunch of research on apps for tracking sleep like the Fitbit would. It turns out there were several options. I settled on Sleepmatic. Compared to the Fitbit I’m not sure how accurate it is. Its supposed to be pretty close. From what I can tell it’s good enough for my use. I was worried the bigger watch on my wrist at night wound not be comforatable. I was also worried about turning on the screen or pressing other functions while I slept. Neither in the end was a problem. I disabled the raise to turn on function. I do not recall having any issues with pressing anything by mistake after that.

By the time I wrote this post I had been using the Series III as a sleep tracker for several months. Overall I’m generally pretty happy with the switch. I’m extremely happy that I deleted my Fitbit account as well. As a side benefit I can use the watch regularly as a silent alarm. I was able to do the same thing with Fitbit however it required going onto the app on my phone to adjust anytime I needed to. User experience on that was mixed. For that reason I did not always use it. Making changes on the Apple Watch is trivial. Now I use it all the time.

Overall I’m happy with series 5 for everyday use and my new “sleep” tracker. Lastly I will note that I offered my wife the Series 3 before I used it. She declined. I would have liked that also since if we did that we would have had push to talk option!

W Sisters Short on The Kindergarten Lunch

by

Back in the mid 2000’s when my friend Jay and I used to work together we would joke around about going out for “kindergarten lunch”. It was code for going to eat lunch anytime before noon. We did it often enough.

For some reason it always seems like little kids in kindergarten (Reception/ Year One for my British friends) always havr lunchtime scheduled so early. Whenever we thought of an early lunch we would think of that. Almost 15 years later I still use the term constantly.

On the first day we had swim class after Winter break the girls insisted on lunch out after the class was over. ibsuggested McDonalds since i didnt want tobdo shake shack, the other option they line at the mall.

I knew I was getting the full experience when even after spending 15 minutes at the lego storw we still had to wait five minutes for them to start making lunch. Breakfast was still being served. We stood there watching them flip the signs from breakfast to lunch at 10:55 AM. i was proud of myself for not ordering a bacon sandwitch in the advert i was staring at while waiting. it looked really good.

The girls were happy with the final result.

Things I Miss From America

by

Before moving I read a lot about people complaining about you cannot get XYZ in London.  Many others noted (I believe correctly) that you will adjust better if you do not get held up by something not being available.  You should flip things around and think of it as an adventure and try new stuff.  That is the attitude I am taking in the 6 months living here so far as of this writing.

When we first moved here and i had go shopping for household stuff i was overwhelmed.  I had no clue about more than half the brands I saw.  I used that as an opportunity to try to save money and went with the brands that were relatively cheap.  For most food and household items that worked fine.  Instead of

Feedback from others was that the two main things people miss out on are certain consumer products and foods. As products go there were a few things here and there that I prefer an American version of. Mainly some clothing brands. I don’t buy that many clothes and what I do by last a while. When I need something I either wait till we’re back in the states or order it online to pay the shipping. When people visit I sometimes send them stuff to. It’s generally been few and far between.

The same goes for some over-the-counter medicines. Most of the stuff we get is local however there are a few things that we simply prefer from the US. Apparently we are nowhere near as picky as many other people we read about. As time moves on we rely on less and less from the states and simply have been adapting to what’s available.

As for food goes there is definitely plenty of things that I like that is not quite the same with what you get in the United Kingdom. For example New York style pizza is pretty unique. A good bagel and locks is possible to get here however not everywhere. The bagals are ok just not the same as New York. Before we moved I was worried that both of those examples would be things I missed dearly. In practice I do not. Don’t get me wrong when we were visiting New York I went for a good slice of pizza. My mom took us to my favorite pizza place growing up. We also made it a point to go to our favorite bagel place when we were in Forest Hills as well. It was just as good as we remember it. We enjoyed both experiences a lot. The experiences in New York are definitely not the same as those in London however we can still get decent pizza and halfway decent bagels and smoke salmon. I don’t even eat bagels as much as I use to. We have different morning rituals now. If we go out I like a good full English breakfast.

All the things I mentioned having a different version of them or not having them at all has been relatively easy to adapt to in London. For me there was one thing that I missed that I did not realize how much I missed until I was back in the United States. I realized early on that most places in the United Kingdom did not prepare burgers the way I like them. I think it’s around the fact that they have to cook them a little bit more well done then I like here. I’m not really sure though. I just know that in most cases hamburgers aren’t as juicy and delicious as I am used to in the States. In fact my favorite hamburger in Europe actually was in Copenhagen. I still eat burgers all the time when we are out. It’s my go to food. Although depending on the place Fish & Chips is catching up as a good backup option. I have not been sorely missing a good burger.

When we were in Florida in February to go on our cruise we went to lunch with my in-laws. It wasn’t anything fancy. We just went to Chili’s. The juiciness of the hamburger reminded me how a really good burger should taste. It wasn’t until then I realized I missed that. Shake Shack and Gourmet Burger Kitchen are really good however I just don’t think any of those places got my burger as juicy as the one I had in Florida.

Some people would be upset by this. They may even stop ordering them when they go out. Not me. I’m on a mission to find good burgers in the UK. That means if I go somewhere and it looks good on the menu I’m still going to order it. If it turns out to be so so then I know what to expect. The turns out to be really good although where to go back to. That will hold me over until we’re back in New York and I can go to outback or chilis or any other mediocre chain restaurant that will grill me a juicy burger.