That's good enough for me!

Tuesday, October 21, 2008

Cooper Vision Rebate

As one of many who wear tiny transparent bits of gel in front of my cornea, I don't like paying more than I have to. Contact lenses are relatively expensive as it is, and my optometrist recommended that I switch to a new brand that would keep my eyes a little more comfortable.

New brand of contacts? Better for my eyes? Whats the catch?

We'll, its more expensive. And you have to change them more frequently - every two weeks instead of once a month. But the manufacturer, Cooper Vision, wanted people to give them a chance, and so they offered a rebate as an incentive - $30 for the contacts, and $20 for the fact that this is the first Cooper Vision product I tried.

Packed up the form, the box tops, and mailed it -- the check will arrive within 6 to 8 weeks, right?

Fast forward about 6 weeks - I just received a postcard indicating that "Unfortunately, [they] could not honor [my] request due to the following reason: Invalid Box Top". Calling the number yielded the same result - something was apparently wrong with with the box tops I sent in.

I counted them a dozen times before I sealed the envelope to eliminate this exact problem. I called several more times, trying different buttons until I talked to a real person...

...And it turns out there was nothing wrong with my rebate form. The guy on the phone said he just needed to validate the form, and I was done. I'll receive the check in about 4 weeks.

That's nice. My question: if they got my form, and punched it in 2 weeks ago, why did they tell me it was invalid, and then fix it so easily? Was it fine, and they just throw up an extra barrier to see who they can get to ignore it? Or did I screw up, and the decided to just be nice to me?

Rebates are a great way to make people think that they are getting a better deal than they are. And by making people put together the forms, and collect the lids, they hope that people will forget, or get lazy. It seems likely that this was another attempt to make life trickier for those after their rebate has already been sent in.

Fifty bucks is great, but it almost doesn't seem worth it for the effort. Or maybe that's the point. Me, I live like a college student. Gimme.

Sunday, October 12, 2008

Time to start scaring wireless users again...

For those who don't pay attention to the IT/Security news, WPA-PSK has taken another hit.

For those who don't know me, I have spent too much time working with wireless technology, and tend to indicate that the sky is falling, or that evil monkeys are going to steal our kidneys.

I tell people to make sure they have encryption (and WEP doesn't count) on their wireless routers, or people can find a way to nab their personal information from a distance. I've been told that I seem to enjoy scaring people. It might be true.

But with the new advances in using graphics cards to speed up the cracking process make it possible for someone with too much time on their hands to take down a home network. Products have even been released using this technology that help you, uh, recover your forgotten WPA password. Doing a bit of number crunching reveals that about 50% of the home networks out there can be cracked with about 3k USD of gear in about a week. While this doesn't quite make it as bad as the WEP situation, where a hacker could casually watch everything you type with about a minute of effort, it does mean that a geek with an expensive gaming rig can take apart a small business network and listen in on, well, anything they feel like.

There are still ways to protect yourself, or at least minimize your risk of being vulnerable to this, listed here from simple to safest:
  • Change your SSID (network name) to something non-standard - Using a simple SSID puts you in that 50% up easily hackable networks.
  • Use long, high entropy passwords - anything in English has very low entropy, so if you want it to be secure but memorable, make it an entire sentence. Or two. And change it once a month.
  • Use WPA-enterprise - either create a bunch of certificates and pass them out, or make everyone use their own password to log on (PEAP or TTLS).
  • Use a VPN, and live with the network performance hit.
For my own part, my wireless network has a nonstandard name and a long (but plain English) password. I would imagine that in the near future I will take some time to start tightening things up a bit - more on that later if I find a neat and tidy way to pull it off.