CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
TFW you’re paving roads and installing sidewalks, and the vendors are pitching 40-story high rises, then when you defer, they ask to connect again in a month.
3
I added a comment to an existing bug on the same issue: bugs.chromium.org/p/chromium…
Agents can be misinformed or get it wrong, like in your case. @AskPayPal should pull the recording and train that agent. First names have to be changeable because people can legally change their first name. I hope @PayPal makes this right for you and fixes the process for all.
1
I spent seven years at PayPal, internally they are very committed to D&I. Hopefully the @AskPayPal folks will ensure Dan gets this in his Monday morning inbox, because I know he’ll make this right if he knows about it.
1
1
Keep in mind that there are a LOT of scammers, so it could be this policy is to prevent someone from calling up and asking to be now called “I.P. Freely” etc. Every policy change has to achieve its objective while simultaneously not expand the threat surface.
1
I agree, they need to revisit their procedures. My guess is the agent is directed to always use the account holder’s name. Could be a financial regulation or just a decision made long ago. The agent isn’t individually deciding what to do, there’s a process they’re following.
1
PayPal needs a better process for this - they’re adhering to legal reqs and preventing attackers from putting their name on your account. PayPal pulled out of NC because of bathroom law, it offers employee partner benefits, and supports employee diversity:
paypal.com/stories/us/buildi…
1
Awesome AppSec job at pre-IPO Pinterest, tell them I sent you!
careers.pinterest.com/career…
That sock makes me think that somewhere there is a shrine to @ebellis that is plastered in his photos and has a collection of hair clippings from his last hair cut. Abduction is imminent.
2
(I’m responding to the quoted text)
This is why @jeremiahg has been calling on vendors to offer (and customers to demand) cyber-warranties.
alienvault.com/blogs/securit…
2
2
The story is actually more interesting than what @k8em0 suggests, the flaw was found on Jan 19 (Sat), they tried to report it on Sun, wrote a postal letter on Tue, wrote an email with exploit vid on Fri, story broke Mon from another source. nbcnews.com/tech/security/ho…
1
My kids rarely look at email, they use Snapchat, Discord, etc to communicate. And 95% of their email is ads from merchants and online services, too much noise to be useful...
2
DNS Flag Day is February 1! Ensure your DNS servers do not rely on outdated features that go dark on Feb 1, borking your domains.
dnsflagday.net/
