"Lloyds is Pants" no good enough PWD

This made me laugh, apparently abusing a service provider via your password is not appropriate: http://news.bbc.co.uk/1/hi/england/hereford/worcs/7585098.stm

However, what is more disconcerting is the apparent ability in some cases, for business users only, Employees of Lloyds can read your complete password. This seems somewhat ridiculous as businesses surely would have more money flowing through their accounts than an individual, so would become a richer target! IT MAKES NO SENSE (as Tim Westwood would say).

dD

P.S. Thanks to Schneier

social engineering

trawling through a back log of RSS feeds, this interesting little nuget was found on gnucitizen about a side attack for social engineering. Using a pki database you can query for email addresses tied to certain keys. the author, pdp, has some demo code up but it appears to not be working. However it is a really neat idea.

http://www.gnucitizen.org/projects/pki-book/