amauk's comments | WingNews

amauk | 6 years ago | on: I'm 17 years old and I created a website to help you find necessities

Missing an alcohol section. Suggest, seeing how necessary it is, a subdomain alcohol.coronafinds.com

Also, "Organic Bamboo Toilet Paper" Is that as horrific as it sounds...

amauk | 8 years ago | on: Ask HN: What's a good response to “It's fine, I've got nothing to hide online”?

I've often found that people don't fully understand the staged process. The fact that, most of the time, it's not what you directly supply to a 3rd party (as that's often innocuous) But the fact that this can be used as a stepping stone to gaining other, more private details.

The example I often use (as it's actually happened to people) is the different usage of the last 4 digits of a bank card.

Some companies will freely throw this info around, as a convenience to the user. In emailed order confirmations, etc.

Other companies, however, use the last 4 digits of a card as a security measure To confirm you are the account holder, please supply the last 4 digits of the card used, or whatever.

Using social engineering, you can play these 2 companies off of each other, and possible gain some extra information A name, a billing address, or whatever.

I try to emphasis that you, the user, are not involved in this at all This is a person going back and forth between various company's call-centres using the info to gain more It's a to-and-fro, initially with only the innocuous information, but by the end you possibly have the authority to order something using the legit card and billing address but delivery to a PO box (sorry, UK terminology here, unsure what the US equiv. of a PO box would be, but delivery to a post office for collection)

I try to steer away from the more outlandish stuff (while true, and in use, people seem to dismiss them - like the recent psychological manipulation used on Facebook) I try to keep it simple, someone ordering some jewellery on your card and collecting it from a PO box, all completely without your knowledge

I also try to emphasis the importance of securing your email account. As someone with access to your email can run through the "I forgot my password" things on various popular sites.

I like the "last 4 digits of a card" thing, as most people have come across this difference User convenience vs. security measure But it's never registered as a potential problem