Special Characters
I could talk about health care, I suppose, but that is way too close to navel-gazing and I refuse to wallow in the might-have-beens. Forward!
I heard that somewhere, recently, though not as much as I had expected. The Supreme Court will have something to say about how this is all going to work- or not- in the next three weeks, so let’s set that aside until the next Constitutional crisis sweeps over us.
I count at least two more of those on the horizon as the circus continues across the country. I was drawn to something else with some real and manifest implications for the both of us this weekend. One was amplified by a pal, who encountered something very queer with his airline reservation, and a series of notes and actions prompted by those pin-heads at the social network site “LinkedIn.”
I try to avoid writing detailed technical pieces, since I can barely log on to my own company’s system as a matter of personal expertise. We take security seriously. Others less so, of course, but this is appears to have some implications much deeper than where you sit on an airplane, how much your frequent flyer miles are worth, and who has all your passwords, with the cheerful implication that with a little human engineering, they are into your bank account, too.
Here is the deal: my buddy Marlow is preparing to return to base after a stint with his folks, who are in The Process that mine were about two years ago. It is tough stuff, as you know, and he is wracked by the same feelings we all have- the guilt about leaving, and the perverse joy in going back to a life that is mostly all your own.
Anyway, Marlow was up early and had a very strange hour between 0500-0600. Delta had sent him the normal email advisory yesterday right on time about online check-in. Last night, at just after 0200, or nine hours to go before scheduled wheels-in-the-well, the Delta messenger service said the flight had shifted two hours to the right. He dutifully checked the flight’s online status (administered outside the reservation system) and curiously, it showed the original scheduled flight time as unchanged.
Marlow is a career Spook and esteemed critical thinker, so he called Delta’s crack staff at the call center in Bangalore, who confirmed that everything was the ‘same as it ever was,’ to quote Talking Heads (again).
So, concerned and more than a little agitated, he wrote me with this suspicion: “Either Delta’s system has been hacked,” he opined, “or it is being spoofed in a very sophisticated way.” He did a trace-back on IP addresses to find why someone would want people to show up two hours late for their reservations.
That was where the trail ended in an anonymous IP address. The doomed but chipper Progressives at the NY Times still occasionally commit journalism, and one of the better examples was over the weekend, when they analyzed how the Frequent Flyer loyalty programs actually work.
I know a little bit about that. Once, I was a high-flying bureaucrat for whom a monthly jaunt to Delhi or Beijing was no great event. I was awash in miles on all the airlines, to the extent that I could reliably upgrade just about any flight I wished.
As I retired, and began laboring in the vineyards of bottom-line business concerns, my travel wings were clipped. I watched in horror as my Premier Executive Status diminished step by step, month by inactive month, until I reached rock bottom: “member.”
I have never been so mortified.
With fewer seats and fewer flights, the George Cluny days of Million Mile Superstars has become more congested. The elite Global Service Players have been further parsed into “Diamond,” “Gold” and “Silver.” And the article in the Times went on to intimate that Silver Status doesn’t cut crap.
The games people play to secure an upgrade- and precious inches of leg room- are quite extraordinary. It makes every bit of sense to me that someone hacked the Delta Reservation system for something as simple as a guaranteed no-show for the First Class seats, and a certain upgrade.
I wrote Marlow back that I thought his hypothesis was completely accurate, and that it was a leg-room and complementary champagne issue completely.
Still, it seems like a lot of trouble to go to, until I remembered something curious that happened in parallel last week. One of my geek pals had retired as the Chief Technical Officer for one of the three-letter agencies around town. He has parlayed that into a nice little consulting firm, and he was one of the first to recommend that we all join the social network game.
I have always been on the same page as Groucho Marx about clubs and networks, which is to say that I wouldn’t want to be a member of a club that would have me, but I was new to the world of business, and my pal’s recommendation was enough to put my resume on-line on LinkedIn and routinely add people I have never heard of into my professional network.
He tweeted me last week and said that LinkedIn had been subject to a massive compromise of passwords- maybe six million of them- last week, and he strongly recommended all his pals immediately change their access codes. I did, marveling at the number of passwords I had to remember, and mostly didn’t.
Like you, I have a sort of default value- one simple, easy to remember password for things that are not involved with money, and another, more intricate series for on-line banking and crap that means something.
I was excited to think of something new, and then I saw something in the paper this morning that brought me to a complete stop. LinkedIn was lazy and cheap. The six million passwords that were posted to a Russian hacker site have a much more sinister aspect than the inadvertent compromise of my resume- which, when you get down to it, makes me pretty queasy.
You can read the whole thing at this link, if you want.
This is what our brave new world is coming to. I think there is some grimy asshole out there who thinks nothing of inconveniencing the traveling public to get a coveted upgrade.
But there is much more. Associating passwords with resumes enables social engineering. It is not a great leap to associate a place of employment to a credit union, for example, or a location to convenient bank branches.
These son of a bitches can try a million possible combinations of passwords a minute, and if they have one valid password, stolen from some cheap-ass networking site like LinkedIn, all the special characters and number won’t save your butt for more than a couple nano-seconds.
This is scary shit. In the great scheme of things, I am so low on the totem pole of travel now that I actually have to pay to upgrade my seat at full price. I don’t mind showing up at the airport early. But I do have some significant concerns about where this is all going.
I have to wrap this up. I need to visit some sites and change my password.
Can you spare a special character, Buddy?
Copyright 2012 Vic Socotra
www.vicsocotra.com