Announcement

Collapse
No announcement yet.

Credit Card warning for the AP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • kallahar
    replied
    Locksmiths have this problem when opening someone's car or house when they say that their ID is inside. Generally we will open it and then wait for the id. If they can't produce it then we ask them to leave and we have to relock it, or call the police. AP security should at least do the same, escort you to your room and wait for valid ID, if you can't produce it then they kick you out.

    Leave a comment:


  • tprophet
    replied
    Of course, you'd doubtless have been annoyed if you were left to stand dripping in the lobby, and locked out of your room! There is always a trade-off between security and convenience. Overall, I think the AP does at least an equally good job to other hotels; e.g. a poor job, but one that is appropriate for the type of business they run.

    Remember, you're at a hacker con--it's a high-crime neighborhood. Take appropriate precautions, and you'll be fine. I've survived every Defcon so far, and my only major mishap was at Defcon 1 (and solely related to me being a dick to hotel security). The next-worse mishap was last year, when Broker put Bacardi 151 in the blender without telling me, and I woke up drunk the next day. :)

    *TP

    Leave a comment:


  • Voltage Spike
    replied
    Originally posted by Deviant Ollam
    without asking for ID or any other real info, the guy beind the counter took our three room keys and just re-coded them. "there, they all should now work for your room, number blah blah, sirs."
    This is turning into a bitch-fest, but I had a similar issue.

    I was locked out of my room last year since my friends had all the keys. Wearing only my swimsuit (i.e., no ID), I walked up the counter and asked if security would let me in. They asked if it was my name on the room (it was) and if I could prove who I was (I couldn't). Security let me in anyway.

    The lesson isn't really that stunning: don't trust your security to others; they have little to no stake in your personal well-being.

    Leave a comment:


  • Deviant Ollam
    replied
    i know that due to a strange check-in issue with renderman, panthera, and myself we faced a problem of certain room keys not working...

    the three of us went to the front desk and basically just said "hi, we're staying here at the Alexis Park but we checked in separately... now only the key of the last guy to check in works. can you fix this? we're in room blah blah."

    without asking for ID or any other real info, the guy beind the counter took our three room keys and just re-coded them. "there, they all should now work for your room, number blah blah, sirs."

    kinda spooky, i thought.

    Leave a comment:


  • gzzah
    replied
    Think of going to DC (or any "hacker" convention) as raising your personal threat level from Orange to Red. You're always at orange, aren't you??? Especially when it comes to SE threats.

    If you get a nebulous call like "Hey Mr. YourLastName, this is Joe from the front desk. We have a problem with your credit card. Maybe a number got dropped, can you read it off to me?"

    Well, duh.. that's an obvious one for someone who is even at PTL Fucia. If the front desk calls and wants any info you don't feel comfortable giving out over the phone, head down there yourself. I'm more worried that somebody (like Hackajar!) would be sniffing on their terminal network and capturing the #s as they go across the network.

    As it goes, I felt pretty calm during the con having a room at the AP.. but then again, i'm relatively safe in being an unknown person... although some people did look at me funny... maybe it's just my paranoia.

    Leave a comment:


  • skroo
    replied
    Originally posted by 0versight
    Im just trying to say that since lots of people have enemies, there are people that are out to specifically target them and their information just so they can go home and say " I owned you".
    Then that's a personal problem, not the AP's. If you piss someone off to the point that they're trying to pull your info, then you probably shouldn't've done whatever it was that pissed them off to that degree in the first place. Besides, if someone really wanted to pull someone else's info that badly, there are a lot of other ways that are a lot more effective than either hanging around the front desk or making truly lame attempts at social engineering over the phone.

    Of course it would be better for them to change that permanently but we all know they wouldn't, so we can at least have concern for our personal privacy and compromise them to do it for just 3 days.
    How do we know they won't? Has anyone asked, and asked in a manner that makes them want to actually do something about the issue?

    Leave a comment:


  • skroo
    replied
    Originally posted by 0versight
    I wouldnt think so because it IS a hacker convention, so you have all kinds of phreaks, geeks, SEs and hackers with enemies in the same vicinity as you are.
    How does this change the threat? If it were a shoe convention and it'd been targeted by someone pulling exactly the same sort of scam, the end result would be the same. There's no difference between the two. Yeah, you've probably got more people at Defcon who would be aware of this sort of thing, but not necessarily more people who would attempt to actually exploit it.

    I got 2 threats and one promise of physical harm toward myself at the Con, was I scared? No, did I keep an eye out? yes.
    Um, okay. But I'm not seeing what this has to do with someone attempting to social-engineer credit card info either at the front desk or over the phone.

    Im just saying there should be *slightly* more security just for those 3 days at the Alexis Park, Security as in a slightly more secure pipeline in all its transactions of business.
    Fair enough, but wouldn't it be better for them to make that change permanent? Also, WRT the phone phishing expedition: if you're dumb enough to start giving out your CC and personal info to someone over the phone - be it at home or away - you pretty much deserve what you get, but short of unplugging the phone in your room for the weekend there's not a lot that can really be done about it.

    Leave a comment:


  • kree
    replied
    not to mention with a house phone availible almost anywhere in any said hotel makes it just that much easier to fuck with anybody.

    Leave a comment:


  • skroo
    replied
    Originally posted by hackajar
    I agree, and would want to be a part of said panel (I'm the credit card guy from this year)
    One thing that'll need to be done is to differentiate between physical and operational security. This is an operational issue with a bit of phishing (the, "Hi, this is Joe at the front desk..." call) mixed in for good measure. Granted, it is definitely an issue, but this also affects most other hotels in the known world. Singling the AP out is unfair to them.

    Leave a comment:


  • hackajar
    replied
    Originally posted by kree
    Hotel security sucks, and I think a bunch of us could get to gether and create a panel to speak on it next year.
    I agree, and would want to be a part of said panel (I'm the credit card guy from this year)

    It could also be "dumb luck" with this situation you have seen with someone trying to get your card number. They also give you check-in recipts, if you lost/drop/missplaced your recipt, it's on you NOT the hotel regardless of where your staying.

    Leave a comment:


  • kree
    replied
    Hotel security sucks, and I think a bunch of us could get to gether and create a panel to speak on it next year. I know at the hotel I stayed at when you get off the elevator you could see the screens of the hotel check in with a set of good eyes, if not I stood just behind the desk of course on the outside acting as if I was on a phone call and had plain veiw of all transactions, and no questions were ever asked why I was there. So yeah Hotel security does suck, big time.

    Leave a comment:


  • Tacitus
    replied
    I would like to know if anyone else got a call like this: perhaps it is a isolated incident from someone you know. It was interestingthat the caller had the full name of the room holder. If name could be obtained, other information given to the AP is probably not that much harder to obtain.

    Leave a comment:


  • kallahar
    started a topic Credit Card warning for the AP

    Credit Card warning for the AP

    Anyone who paid for their AP room with a credit card should double check for fraudulent charges. Someone during con tried to SE my CC # by saying they were from the front desk. Fortunately (hopefully) most of us won't fall for that, but just in case you should probably check your CC bill closely...
Working...
X