It seems that every time Troy interacts with a company on Twitter, they never seem to click on to who he is, until it's probably too late and they look like fools.
It's just so amusing to see companies trying to condescend to Troy, when he's one of the most visible authorities on web security on the planet (not necessarily the most authoritative, but the most well known).
I occasionally get this when people try talking to me about computer science topics, when they don't realise that it's what I do for a living. I've probably done the same myself when talking to Doctors and other domain experts, I'm sure.
This being NatWest the penny probably still hasn’t dropped, and they’re probably trying to get him arrested for “hacking our internet”. I doubt they’ll actually implement a change. The general approach in the UK has been to not blame banks at all for poor security, and to punish anyone who finds a security issue severely.
NatWest are particularly terrible. Last time I checked, in-branch they were still using Internet Explorer to visit an http (not https) site on their intranet to launch via Java Web Start a thin client to log in to their (I assume) mainframe to actually do things.
There's a number of places in that chain of events that something could go nastily wrong, despite them owning every part of that chain.
I was in branch the other week and they were doing exactly that... from Windows XP. Staff member told me they were upgrading to Windows 10 soon and they couldn’t wait.
Authority is a bad thing here, since the person who spoke to him is in a shadow of his own tech team authority. Don’t get me wrong, but if there is an objective security/xyz problem, then it doesn’t matter who’s reporting it and what does he make for a living.
It seems that every time Troy interacts with a company on Twitter, they never seem to click on to who he is, until it's probably too late and they look like fools.
It's just so amusing to see companies trying to condescend to Troy, when he's one of the most visible authorities on web security on the planet (not necessarily the most authoritative, but the most well known).
I occasionally get this when people try talking to me about computer science topics, when they don't realise that it's what I do for a living. I've probably done the same myself when talking to Doctors and other domain experts, I'm sure.