When confronted with an unknown ACH withdrawal on the checking account that my wife and I have held for over a dozen years, I asked the representative on the phone what recourse we'd have if it were discovered to be a fraudulent charge.
Nothing, besides closing the checking account.
That's right, since it would have happened through ACH, the safety net that's there for credit/debit card fraud doesn't apply. We couldn't get the money reimbursed, and we would have to close the account to prevent any future fraud. That would of course require all the direct-deposits and direct-debits we have setup for that account to be re-done, require a completely new set of checks be ordered, and so on.
Wow.
How in the world are you supposed to secure an account like that, when all a would-be attacker would need is an account number and a publicly-available routing number?
Thursday, May 17, 2007
Tuesday, May 08, 2007
I noticed a number of holes today when I voted on a local bonding referendum and had to pick up my mail at the post office. These seem to have a direct bearing on voter fraud and identity theft.
I understand that, when voting, we don't want to institute an effective poll tax by requiring people to have government-issued identification to vote, but there were plenty of problems with the system at my ward's place of voting.
First, there were two lines to check your voter registration, one for A-M in the alphabet and one for N-Z. This was amusing because my name was in the first group, but I ended up in the second group and only noticed the difference afterward. They said nothing about it. If someone pretended to be someone who happened to have gone to the wrong line, they wouldn't notice right away that the person in question had already voted.
Second, they had you sign your name and move to the next station without any token that you had been in the first set of lines. If you waited until there was enough traffic, you could easily slip into the second station without anyone noticing you hadn't been to the first station.
Third, at that next station, they "issued" you a voting number by tearing a sheet off a pad and slapping it onto a nailpunch. That's right, you never touch the piece of paper, and are trusted to walk to the next station, again without a token that you had done the previous steps.
It would be so easy to artificially inflate the vote count at this ward during a busy spell. From my experience in previous votes, traffic is very bursty at this location. If it was organized sufficiently, a non-trivial number of extra votes could be made during the day. I'm not sure if this would be noticed without a recount being triggered.
Shaking my head, I went to the post office to pick up my mail. We had to have our mailbox in our blocks bank of boxes re-keyed and they had temporarily placed our mail on hold. Unfortunately, they had forgotten to un-hold it after they fixed the box last week. I was told to go to the back door on a USPS loading dock by an alley and ring the doorbell.
As an aside, I'd like to point out the doorbell didn't work. I finally had to knock. The woman who came to the door said that I should have read the sign next to the doorbell that said you had to push the top of the button to get it to work. There was indeed a small sign there, faded by rain and sun into complete illegibility. She demonstrated pushing on the top of the button to illustrate my foolishness, but nothing happened. She muttered something about having to contact maintenance.
Anyway, when I asked for my mail, she asked me for my address. No name, no ID, nothing else, just my address. I even offered my ID, but she ran off and came back with a largish bundle of mail, handing it directly to me. She even accepted directions on what to do with the hold on my mailbox without any sort of verification of my identity.
Is it any wonder that voter fraud and identity theft are hot topics anymore?
I understand that, when voting, we don't want to institute an effective poll tax by requiring people to have government-issued identification to vote, but there were plenty of problems with the system at my ward's place of voting.
First, there were two lines to check your voter registration, one for A-M in the alphabet and one for N-Z. This was amusing because my name was in the first group, but I ended up in the second group and only noticed the difference afterward. They said nothing about it. If someone pretended to be someone who happened to have gone to the wrong line, they wouldn't notice right away that the person in question had already voted.
Second, they had you sign your name and move to the next station without any token that you had been in the first set of lines. If you waited until there was enough traffic, you could easily slip into the second station without anyone noticing you hadn't been to the first station.
Third, at that next station, they "issued" you a voting number by tearing a sheet off a pad and slapping it onto a nailpunch. That's right, you never touch the piece of paper, and are trusted to walk to the next station, again without a token that you had done the previous steps.
It would be so easy to artificially inflate the vote count at this ward during a busy spell. From my experience in previous votes, traffic is very bursty at this location. If it was organized sufficiently, a non-trivial number of extra votes could be made during the day. I'm not sure if this would be noticed without a recount being triggered.
Shaking my head, I went to the post office to pick up my mail. We had to have our mailbox in our blocks bank of boxes re-keyed and they had temporarily placed our mail on hold. Unfortunately, they had forgotten to un-hold it after they fixed the box last week. I was told to go to the back door on a USPS loading dock by an alley and ring the doorbell.
As an aside, I'd like to point out the doorbell didn't work. I finally had to knock. The woman who came to the door said that I should have read the sign next to the doorbell that said you had to push the top of the button to get it to work. There was indeed a small sign there, faded by rain and sun into complete illegibility. She demonstrated pushing on the top of the button to illustrate my foolishness, but nothing happened. She muttered something about having to contact maintenance.
Anyway, when I asked for my mail, she asked me for my address. No name, no ID, nothing else, just my address. I even offered my ID, but she ran off and came back with a largish bundle of mail, handing it directly to me. She even accepted directions on what to do with the hold on my mailbox without any sort of verification of my identity.
Is it any wonder that voter fraud and identity theft are hot topics anymore?
Monday, April 30, 2007
As I was going online to top up my son's Virgin Mobile account with the required $20 each 90 days (which is a separate grumble), I noticed that some of my son's contact information had been changed. The first name had been changed to "Mary" and the email address had been changed to something7@localnet.com.
At first, I wondered if someone had hacked into his account. However, nothing else appears to have been changed and this had changed almost two months prior without us noticing anything. I think more likely this is some kind of glitch in Virgin Mobile's system where they updated the wrong account information. They were unable to specify where the change came from, though, and (of course) blamed it on us not keeping our vKey secret enough. While I'm changing it, just in case, I still wonder if Virgin Mobile somehow did this without realizing it.
Not that they'd admit it, if they had.
At first, I wondered if someone had hacked into his account. However, nothing else appears to have been changed and this had changed almost two months prior without us noticing anything. I think more likely this is some kind of glitch in Virgin Mobile's system where they updated the wrong account information. They were unable to specify where the change came from, though, and (of course) blamed it on us not keeping our vKey secret enough. While I'm changing it, just in case, I still wonder if Virgin Mobile somehow did this without realizing it.
Not that they'd admit it, if they had.
Monday, January 29, 2007
I wonder if anyone else that subscribes to the Daily Dilbert notices the way the messages have been sent recently:
This is due to an error, presumably produced by the sending application. Here's the email's source, obfuscated and reformatted. Note the red-highlighted parts:
I sent a message January 5th letting them know about this problem:
This is due to an error, presumably produced by the sending application. Here's the email's source, obfuscated and reformatted. Note the red-highlighted parts:
The message body thinks it's a multi-part MIME message, most likely "multipart/alternative". However, the message headers instead say it's "text/html". That's why the text-only bits of the message are getting (very unattractively) displayed at the start of the message. It's possible that some email client might actually display this properly, but it would be violating the standards if it did. The message is essentially being mis-encoded.Received: from xxxxxxxxx ([xxxxxxxxx]) by xxxxxxxxx with
Microsoft SMTPSVC(5.0.2195.6713);
Mon, 29 Jan 2007 ........ -0500
Received: from xxxxxxxxx ([xxxxxxxxx]) by xxxxxxxxx with
Microsoft SMTPSVC(5.0.2195.6713);
Mon, 29 Jan 2007 ........ -0500
Received: from xxxxxxxxx (xxxxxxxxx [xxxxxxxxx])
by localhost (Postfix) with SMTP id 6DF48D0D
for ; Mon, 29 Jan 2007 ........ -0500 (EST)
Received: from xxxxxxxxx (xxxxxxxxx [xxxxxxxxx])
by xxxxxxxxx (Postfix) with SMTP id 12AC3D0B
for ; Mon, 29 Jan 2007 ........ -0500 (EST)
From: comics@comicmembers.com
To: xxxxxxxxx
Subject: Your Daily Dilbert
Date: Mon, 29 Jan 2007 ........ -0500
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
List-Unsubscribe:
Message-Id:
Return-Path: xxxxxxxxx
This is a multi-part message in MIME format.
--MIMEBoundaryxxxxxxxxx
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
The Daily Dilbert is best viewed as HTML e-mail. If you are reading this
then your mail client does not support HTML e-mail. For more information
on how to view HTML e-mail, please read our FAQ:
<http://www.comics.com/uminfo/faq.html#8>
Check out today's Dilbert strip at Dilbert.com!
<http://www.comics.com/comics/dilbert/archive/>
[...]
I sent a message January 5th letting them know about this problem:
Recent "Daily Dilbert" messages would appear to be sent incorrectly. Notice the block of garbage at the top of the message. Looking at the message source, it looks like the body thinks the message has a content-type of "multipart/alternative", but the actual content-type in the message header is "text/html". As such, the source of the multipart message is displayed as HTML text.I just got a response with the typical clueless customer service response:
Comics by e-mail are now sent in HTML format only. We are unable to send e-mails as text versions. If you do not want to receive your e-mail in HTML or your e-mail platform is not compatible with HTML, we suggest unsubscribing and book marking the index page of your favorite comic strip for quick and easy access.Honestly, is it really that hard to have someone try to comprehend customer complaints? I can't think of a single time in the past few years that I've contacted customer service and gotten more than an uncomprehending brush-off.
To book mark a page, all you have to do is go to the index page of your favorite strip. (You can get to the index page by selecting the strip from the drop down menu on our homepage.) If you are using Internet Explorer just click Favorites then “Add to Favorites”. From then on you will be able to log straight into your favorite comic strip daily with one click of the mouse. This will actually save you the time of having to first log into your email and then link into the site through the URL in your email.
If you would like us to manually unsubscribe you, please let us know. We apologize for any inconvenience this change has caused and thank you for logging onto Comics.com.
Wednesday, November 15, 2006
This suggestion from last year was logged as feedback on Microsoft's website within days of the blog post. Sadly, it was just closed, apparently discarded.
Guess Microsoft was more concerned about getting the Vista startup sound just right and determining whether or not the user should be allowed to disable it.
Guess Microsoft was more concerned about getting the Vista startup sound just right and determining whether or not the user should be allowed to disable it.
Wednesday, November 08, 2006
The most swapped English word tuples on the Internet, in no particular order:
- cue / queue
- lose / loose
- to / too / two
- cite / site / sight
- there / their / they're
Wednesday, May 24, 2006
So much for the Bill of Rights:
Speaking of disruptive, the newly extended Patriot Act creates a new class of federal felon: the disruptor.
This chilling provision, tucked into the bill in January without a hearing or debate, authorizes the Secret Service "to charge suspects with breaching security or disruptive behavior at National Special Security Events." What is NSSE? An event where the president or other protected official "will be temporarily visiting," such as a public speech, a political rally, an inauguration ball, the Olympics, the Super Bowl or any other event designated by the Secret Service as being of "national significance."
We've seen that simply wearing an anti-Bush T-shirt or having a pro-Democrat bumper sticker is enough to get you branded a disruptor, bounced from a Bush event and thrown in jail. But this provision broadens the reach of Bush's exclusion zones, sanctions the lockdown on free speech and assembly rights, and turns what was a trespassing misdemeanor into a felony. Also, you can be considered a disruptor even if the VIP has not arrived at the NSSE or has already left. Under this provision, not only is the public official protected from "disruptors," but also the NSSE itself becomes the protectee, criminalizing free speech at public events.
- Jim Hightower, "Inside Donnie Rumsfeld's Orwellian Pentagon"
Subscribe to:
Posts (Atom)
