Friday, October 07, 2016

security #fail

warning: long post ahead. summary at the end.

recently, I received a call from HDFC bank, from someone who claimed to be my "personal banker". I was wondering why, because I used to have a personal banker long ago, but he suddenly disappeared off the scene, and I honestly didn't miss him one bit, because there's nothing I need a personal banker for.

in fact, that guy prompted me to once tweet that "a personal banker is a salesman you're forced (or was it obliged? I don't remember) to be nice to 😁"

so this well spoken lady claiming to be my personal banker introduced herself and asked me to save her number and whatnot. and then she said that she could see I was eligible for a credit limit enhancement on my credit card. I have no idea why anyone would offer me that, as I don't even use that card. but apparently your credit limit contributes to your credit score, and it's always good to have a good credit score. or maybe I was simply in a good mood and wasn't too occupied with work that day. either way, I agreed. she said that I would receive a OTP on my mobile, which I would have to key into the IVR. sounded legit.

the IVR switched on, it asked me to enter my card number. when done, it asked me to enter my OTP. since the OTP was on my phone, and I was on the call, it took a few seconds to switch apps and read the number, memorize it, switch back and dial it. and HDFC somehow expected me to be super quick, so the IVR exited before I could dial it in. the lady was back on the line. she said I took too long, so I would have to try again. she launched the IVR again. I entered my card number. it then asked me to enter my OTP. and then I heard my "personal banker"'s voice, asking me to hurry.


I was too shocked to respond.

she was on the line with the IVR, had already heard my card number, and was about to hear my OTP!

I was literally shell shocked. I thought I was this close to being scammed. if she hadn't spoken, I'd have been a goner (metaphorically speaking).

the IVR exited, I regained my composure, and asked her why she was on the line. I told her that I was extremely uncomfortable with this and did not want to go ahead with it. she was polite, but it was clear that she didn't understand my concern. I tried explaining as well, but she was like "I can only hear beeps, not the actual number"

she obviously didn't know how tone dialing (or indeed, IVR systems) work.

I gave up and made an excuse and hung up.

I didn't really need the limit upgrade, but she had set my mind working. is there any way to verify that this is or is not some sort of scam? I thought hard, and the only thing I could come up with was the HDFC official call center. so I dialed in, and of course I had to enter my authentication details on the IVR, something I have done scores of times before, but which got me thinking this time. anyway, I guess the number listed on my card and the website had to be trusted, I hoped.

I finally got someone on the line. I asked her if I was eligible for a credit limit upgrade. she affirmed. I asked her to confirm my current and new limit. it matched what I was told earlier. she told me I would be sent an OTP and would then be put on the IVR. so far, the story matched. I had just one last point to confirm. I asked her if she would be on the line while I entered my details.

she said she would.

this time, I didn't bother arguing. I had called HDFC on their listed number, so unless an extremely well engineered scam was in place, I should be safe.

the transaction went through, I got a message from HDFC confirming that my request was accepted to etc.

I called my "personal banker" to let her know that I had done the upgrade by calling phone banking, as I was not comfortable entering my OTP on an inbound call. she still didn't understand, but I didn't care.

I haven't heard from her ever since. but I did get a call the other day from a guy who also claimed to be my personal banker. I told him I already have one, and he insisted that he was my real personal banker from the head office, while the other person must have called from some branch.

I'm pretty sure he's not from the head office, because he wants to meet me in person now. I'm just bracing myself for more insecure bullshit and another attempt to sell me something I don't need.

anyway, TL;DR:

do not enter personal details on IVR. especially on an inbound call. if it's an inbound call, selling you something you want, find a way to get to the same offer from an outbound call to a verified number. do all due diligence to verify the outbound number. and never accept an outbound number that's given to you by the caller. they are bound to make excuses to avoid this, but be firm.

do not assume any IVR is secure. those "beeps" are the keys of your keypad being transmitted across. anyone listening will know what you have entered. so be wary.

and whenever you come across a bank legitimately forcing or inducing you to do these things, give them feedback that this is not acceptable.

(ps: have you come across any other such suspicious things? let me know in the comments, I'll be happy to vet and write up about them!)

Thursday, September 15, 2016

use your illusion

yesterday, i was having a conversation with a friend, and she was talking about how she feels bound by the illusion that society judges her for everything. and then conversation turned towards how we generally are bound by illusions.

the conversation ended (or rather, we got distracted by other more important things, and just left it hanging there).

but i was left thinking about my illusions. i tried peeling away the illusions layered on my reality.

and then suddenly, there was a flash.

i saw life, without illusion.

i didn't see anything.

if i had to describe it, i would describe what i "sensed" as a flash of pure energy. i felt transcendent.

but then, as soon as i sensed it, i started layering my illusions over it. the energy turned into a flash of light. a flash that quickly glowed and then faded. the light was white. the light had some physical size. it had a physical location. although i don't recall the moment or the process of separation, the light was no longer me. as the light faded, in that fraction of a moment, the illusion that i call my reality started superimposing itself on what i sensed. it was a strange hallucinogenic vision, that just hinted at its presence and faded into what my eyes told me i saw, before leaving me completely.

i turned to google and searched "can a single photon be detected" for some random reason. i don't remember what was the answer google gave me.

i tried to zone back into that moment. i thought it would be quite easy. but i didn't quite get there.

i saw the white light. but now there were weirder illusions superimposed. the light looked more like an ellipsoidal opaque white glow hanging over the road next to JVLR flyover, of all places. but the light was distinct from me. it wasn't me at all. i was simply an observer.

everything just seemed so random and meaningless.

somewhere in the back of my mind, i made a note to myself: these are my illusions. and i have just proven to myself that i need my illusions, because what i saw without illusion was some sort of abstract thing. if it was me, it was a sort of me that didn't feel like i existed. and suddenly, it felt like i was not ready for the transcendence.

a few hours later, it so happened that another friend was talking about him standing by his convictions instead of illusions. i described my vision, and my observation that i seem to be bound to my illusions. his reply got me thinking:

"that abstract and non linear outburst of energy is called self realization. The key is whether you are able to sustain to that feeling!"

and he's right. but i'm not ready to sustain that feeling, because i still have no idea what to do with it. maybe someday...

Friday, September 09, 2016

alice in wonderland

(guest post by shruti)

Planning and dreaming about our wedding and the life after it, i can't help thinking about how marriage changes life. Although I am not married yet, I am sensing the future in store for me already. With each passing day, I can absorb the vibes of marriage around me. Increasing number of responsibilities, responsibility for marriage preparations - wedding cards, make up artists, DJ etc. Responsibility with money. I have to get used to the feeling that I can no more splurge on self and that I have to contribute towards home expenses. I have to see to it that the spices and grains and other food items are well stocked and that we do not run out of food when guests arrive. I will be the lady of the house and have to be a good host - friendly, soft spoken, charming and warm. I will have to budget my expenses and most importantly stick to my budget and allocation to each expense. I can no more bank on my parents' free hospitality that I so enjoyed for almost 32 years.

I have suddenly realized that FREEDOM (one thing I desperately wished for so many years) comes at a huge price. This price is being RESPONSIBLE. Responsible for your actions, words and choices. I have realized that every choice I make is setting stone in the path to my future. I am no more protected or cocooned.

Luckily for me, I have found a partner who unlike me doesn't shy away from his responsibilities. He is ready to take on the world with whatever it has to offer. Maturity helps you see. I think I was just a small kid at heart who refused to shun that garb under childish behaviour and is now forced to take on the mantle of multiple roles and enter the world of adulthood. Alice in Wonderland has grown up!

Wednesday, August 17, 2016

1/3rd century

I turned 33 a couple of days ago.

someone said that age is just a number, every year is more of the same. I'm not sure if they meant it as consolation or as a way to induce depression.

to me, age is neither.

every year is different. new joys, new sorrows, new strength, new fears. planned changes, unplanned changes. planned achievements, unplanned achievements (yes, it's actually possible to have unplanned achievements!)

the world changes the mind and the mind changes the world... if you want to.

some things that used to push me forward don't cut it anymore, and i have now found new things to motivate myself with. some more real, some more abstract, some more grounded, some more crazy.

some plans are set in action, others are discarded.

time elapsed increases, and the time left decreases. but not proportionately. every year makes me wish for more. more of more. one lifetime used to seem enough, when my ideas were few and fuzzy enough. not any more. I wonder if it's cyclical, and i will start reducing my appetite for the future at some point, to reach zero at the moment I gracefully slip into oblivion... but i don't see how that could happen. maybe that'll be one of those surprise achievements. or maybe my greed for the future will turn into an all consuming madness that will turn me into some sort of monster. but i would probably burn out well before that. or maybe my mathematical mind doesn't fully grasp that life is a river, and i'm meandering into an ocean that I don't, and possibly never will see... until my final breath.

but either way, one thing is for sure.

it will never be more of the same.

Wednesday, July 27, 2016

logistical issues

ever since I realized that gym isn't gonna work too well for me during the monsoons, i've been looking for alternatives to squeeze a decent amount of activity into my daily schedule. one prime candidate has been the folding cycle I purchased almost two years ago, for this exact purpose.

sadly for me, it's almost never in running condition, as I usually get it oiled and readied, and then forget about it for months. and so, last night, I got home with some time to spare, and decided I had to prepare to start using it regularly, as part of my commute to work: basically, cycle to the point where my office bus starts, pack it into the bus, and then park it in office... and do the reverse on my way home.

the first minor hiccup was that I was unable to find the keys to the bicycle lock. I even tried getting keys made, but the local locksmith wasn't at his shop. that wasn't too big a deal though, as office parking is (i assume) safe enough to park without a lock.

so then, I switched to preliminary testing mode: checking how long it took me to fold and unfold the cycle, and how best to carry it.

that's when i hit the actual problem: I've kept the cycle in the unfolded state for so long that I don't know how to perfectly fold the cycle!

I did fold it somehow (it certainly didn't seem optimal), and then moved to the next problem: how to carry it in the folded state. but before that, I hit another unexpected problem: how to make the folded cycle stand upright. I still haven't solved that one satisfactorily.

anyway, I somehow managed to awkwardly carry it up the two flights of stairs home, and then realized I've gotten grease on my shorts. and my hands.

I decided to give it a shot today anyway, but while getting ready, I realized I won't be able to get the cycle through the door without someone to open or shut it for me. and nobody else is awake at home in the morning.

and finally, while entering the office bus, i realized the doorway is too small and the steps too tight for me to get the cycle in.

and so: the devil is in the details. the plan has to be re-evaluated. folding cycles aren't as convenient as they look. I'm now wondering if I should make some sort of strap holder that I can use to carry as well as attach to a backpack.

ps: my cycle is the btwin hoptown. anyone with any knowledge or ideas that can help me?