Is Symantec failing hard at being Google?
-
So this just turned up in my inbox:
From: "Verisign Labs" symantec@email.symantec.com
To: flabdablet@example.com
Reply-To: "Symantec Website Security"
noreply@response.website-security.symantec.com
Date: 6 May 2016 17:13:07 -0400
Subject: Personal Identity PortalPIP User,
This is to inform you that effective Monday 12 September 2016, Symantec will be discontinuing the service currently located at:
https://pip.verisignlabs.com/
All content from the service will be discarded and there will be no backups made. It is the user's responsibility to remove any content as after the date above it will not be recoverable.
This will be the only notification provided. Due to the nature of the service, there is no migration plan available.
If you have any questions you can send an email to:
support@verisignlabs.com
Thank you.
Normally something like this would get filed straight in the trash under "yawn... phishing", but verisignlabs.com does appear to belong to Verisign so it pinged my curiosity.I do not recall ever having set up an account with this crowd. It's not something I would do; hell, I won't even use Lastpass or 1password because I distrust "cloud" "services" in general, let alone anything with Symantec's name on it. My identity management requirements are dealt with using a KeePass database that *I* hold copies of, TYVM. So of course I get that warm glow of justified policy choice to see a cloud identity provider apparently about to go tits-up.
But if this really is from Symantec, could they possibly have gone at the thing in a stupider way? One email notification, never to be repeated? Really? For a web based service that still appears to be set up to accept new signups? No migration plan? Really? That would be fupped uck, even by Symantec's standards.
What's the game here?
-
Google would never discontinue a service that collects passwords.
-
@flabdablet said in Is Symantec failing hard at being Google?:
Normally something like this would get filed straight in the trash under "yawn... phishing", but verisignlabs.com does appear to belong to Verisign so it pinged my curiosity.
Did you check the
Received:
header chain for authenticity? The biggest tell is where the message transferred to a server that you can vouch for; legit senders pass an obvious sniff test at that point whereas bad senders don't (e.g., “why is my bank sending me personal communications via a small business in Myanmar?”). It's pretty difficult for any spammer to work around the received-custody-chain, as it isn't something they control; the key part is generated after the message leaves their control. However, I suspect that this is the sort of thing that will require an AI (or a person) to analyse…
-
@dkf said in Is Symantec failing hard at being Google?:
The biggest tell is where the message transferred to a server that you can vouch for
Received: from mail01.response.website-security.symantec.com (mail01.response.website-security.symantec.com. [142.0.167.188]) by mx.google.com with ESMTP id m7si8837540uam.13.2016.05.06.14.13.58
passes my sniff test.stephen@kitchen:~$ dig -x 142.0.167.188 ... ;; ANSWER SECTION: 188.167.0.142.in-addr.arpa. 51760 IN PTR mail01.response.website-security.symantec.com.
passes too.
-
@flabdablet said in Is Symantec failing hard at being Google?:
the service currently located at:
Beta? Is this like one of those TV shows that gets cancelled after only 2 episodes?
-
@flabdablet Symantec fails hard at everything except for being called Symantec. Their products and services are universally bad and overpriced piles of software shit.
-
@flabdablet I got one of these, too.The pip bit reminded me that I'd set up an account with them (Verisign) ages ago when StackOverflow would only accept those universal account thingies for signups, and verisign was on the list of places you could get one. Fuck you, Jeff.
Of course, I lost the password for this ages ago and StackOverflow doesn't use that garbage any more. I assume no one does, which is why they're shutting it down.
-
@boomzilla said in Is Symantec failing hard at being Google?:
I'd set up an account with them (Verisign) ages ago when StackOverflow would only accept those universal account thingies for signups, and verisign was on the list of places you could get one
Well shit, maybe I did the same thing. Lemme exercise their account recovery option and log on to check...
How about that. There are a couple of browser certificates registered in there, one for my ancient laptop and one for my dear departed mother's jellybean iMac. No clue at all what could ever have persuaded me that this thing was worth using.
Edit: it was indeed StackOverflow.
So that's what happened to the account that had all my reputation points in it.
-
@boomzilla said in Is Symantec failing hard at being Google?:
StackOverflow doesn't use that garbage any more
Seems it does. I just logged in with it.
I still can't find a way to make SO log me in with an ordinary username and password; no, instead we have to go through all this OpenID crap. Fuck you indeed, and your complicator's gloves bullshit.
-
Did you visit the login page?
-
@boomzilla said in Is Symantec failing hard at being Google?:
when StackOverflow would only accept those universal account thingies for signups, and verisign was on the list of places you could get one. Fuck you, Jeff.
OpenID is among the shittiest technologies ever. It took StackOverflow like 3 years to finally stop requiring it. (I never signed up for an account as long as it required OpenID because fuck that noise.)
-
@anotherusername I have now officially had enough of fartarsing about with StackExchange and its stupid login systems.
Edit: oh, you're talking about the PIP login page. Yes I did, and I have to say I didn't actually notice the discontinuation warning. It's either very new or Symantec's horrible colour scheme has done its usual job of searing my eyeballs to uselessness.
-
@blakeyrat said in Is Symantec failing hard at being Google?:
It took StackOverflow like 3 years to finally stop requiring it.
Does this mean there is now some way I can take my StackOverflow account and alter it so that I can just supply it with a username and password, rather than jumping through (possibly StackExchange) OpenID hoops? Because if so, I am completely unable to find it.
-
@flabdablet I don't fucking know. Do I look like their support page?
-
@blakeyrat said in Is Symantec failing hard at being Google?:
Do I look like their support page?
There is a slight resemblance. I think it's the eyes.
-
@flabdablet said in Is Symantec failing hard at being Google?:
Seems it does. I just logged in with it.
I should say, they don't require it.
-
@flabdablet said in Is Symantec failing hard at being Google?:
Does this mean there is now some way I can take my StackOverflow account and alter it so that I can just supply it with a username and password, rather than jumping through (possibly StackExchange) OpenID hoops?
I did recently. I just gave up and created a new account. Then, probably because I used the same name and email address, they automatically merged my accounts at some point soon after that.
-
@boomzilla Yeah, well. I have the old account attached to my old email address, and a new one attached to my new email address (all via StackExchange OpenID) and I cannot for the life of me find a way to kill the new account (which I don't want) and attach my new email address to the old one. And StackExchange is just not worth the effort.
Anyway. To all thread spectators: move along please. Nothing to see here.
-
@flabdablet said in Is Symantec failing hard at being Google?:
I cannot for the life of me find a way to kill the new account and attach my new email address to the old one
Ask the right admins nicely?
-
@dkf What? Visit a social networking site and have to deal with a PERSON? Are you MAD?
-
@blakeyrat said in Is Symantec failing hard at being Google?:
OpenID is among the shittiest technologies ever. It took StackOverflow like 3 years to finally stop requiring it. (I never signed up for an account as long as it required OpenID because fuck that noise.)
It worked for 3 years then
-
@flabdablet said in Is Symantec failing hard at being Google?:
I still can't find a way to make SO log me in with an ordinary username and password
So, this doesn't work for you? (display name, email, password). That's how I signed up.
-
@dse said in Is Symantec failing hard at being Google?:
It worked for 3 years then
Too bad this site doesn't require OpenID, it might have saved me calling you the world's biggest dickhole.
-
@boomzilla said in Is Symantec failing hard at being Google?:
Fuck you, Jeff.
I love that literally any thread can spiral back to an asanine design decision by
-
-
@FrostCat That's how I got my second account. That second account is linked to my new email address, that doesn't have the reputation points that belong to my actual account, which is linked to an old email address I try not to use now.
I can't find a way to destroy that second account, which I have come to understand is the only way I am ever going to be able to link my new email address to my actual account.
And I'm completely beyond caring. Stack Overflow has been of almost no use to me and I see no reason why I should expend effort to continue to be of use to it.
-
@flabdablet
So you tried the FAQ: "I accidentally created two accounts; how do I merge them?"Either way it might not be worth it if you have less than 2k Internet pointzzz *.
* Credit goes to Blakey on that one.
-
@flabdablet said in Is Symantec failing hard at being Google?:
And I'm completely beyond caring.
If you didn't not care, this might have helped.
-
@FrostCat Found that. Trying to add the Stack Exchange OpenID for my new email address (the one currently attached to the spurious new account I don't want) to my old account is how I got here.
I dropped a link to this post into this form. So either my accounts will now get merged, or I'll get banned. Don't much care which.