2021: Privacy and Computing

A few years ago I was reviewing Trend Micro’s antivirus platform. One of the great features of that platform was a social media privacy sweep. I thought that was great because it looked to see if the general public outside of those we choose as friends could see our personal information of various types. The software did great to reveal which information was visible and it helped to correct privacy issues.

Now with the strange new environment world wide, with emergency orders that were given based upon a pandemic that does not leave bodies in the streets; we have new regulations for masking. Additionally the vaccines for the “disease” must be wavered (you sign a waiver to state you release caregivers of any responsibility if bad things happen because you took the vaccine). There appears to be a push to have an identity card documenting you did take the vaccine. It is a huge loss of liberty.

Social platforms are now filtering our free speech. Elections are suspected for fraud. It is alleged that deep state has been using major tech to push disinformation through bought and paid for news outlets and social media platforms. For years the same big tech has been collecting your data and in the Eula’s you sign, they actually claim ownership over it. This is mainly social media, but consider retail chains that may be involved also. Example – Walmart tracks your purchases made with the same card that is tied to your account. Amazon is harvesting your consumer activity as well. ISPS are controlling your internet access and tracking your activity on their platforms. There is a lot to consider.

Even computing and telephone platforms are less than private. Just as windows 10 came into the picture free upgrades from windows 7 were being offered, even automatically pushed. Windows 10 has been crafted into a social media connected transparent platform that reports your every move to the cloud unless you turn the options off or opt out. That is a huge undertaking. Even with the best cleanup scripts I have found the process takes 45 minutes and still may not provide complete privacy. Android devices have to be tied to a google account and everything you do there can be tracked if you stick with the default load on the phone with no additional changes and use a google email address. I have been able to transfer this to a third party email account that google does not control but it was not easy. They still track every time I log in to google play store and what I look at search for and install. I am concerned that the applications from the various platforms are also sharing information coming from each device. If you are in doubt I can prove all of it. Set up an appointment time and I can show you how they do what they do. Apple phones and computers are also tied to an Apple ID that follows you from computer to phone. Their music platform and ease of use have been their strong suit that keeps you coming back. Fitbit has you even wearing bio-metric sensors in the name of personal improvement, health and fitness. My scans show they store your data on Facebook servers even in the absence of Facebook apps and accounts on the device where Fitbit is installed.

Another frightening example of this is that some or all of the above has even been leveraged to enforce the social standards that are challenging your personal liberties. The airport in Spokane Washington is now using LIDAR monitoring in combination with AI and facial recognition (accurate with a mask) to monitor and enforce social distancing at GATE 6. This is just the beginning. The privately held corporations that are members of this ROGUE technocracy with so much influence today are rolling out 5g to connect AI to all technology IoT and gain more control over your life right now. Facebook, Alexa, Cortana, Google are AI platforms that are already all around us in our phones, computers, smart devices, and cars. These run out of the cloud (internet). They store, access, and leverage your activity for marketing purposes (creepy) and they probably do much more with that information.

Why do we care if someone is looking at your personal information, activity, photos, personal travels, or current GPS location? Some say, its fine I have nothing to hide. I say privacy is a God given right. We have been tricked into becoming so relaxed with that in the name of convenience and ease of use benefits.

What if you have an issue with the knowledge that everything you do is recorded in the cloud? Can we enhance our privacy a little? Well. Yes. I have but I can tell you this is no easy task. If you are using Facebook, twitter, or other social platforms you are most likely addicted to them. There is a need to express yourself that seems healthy. That would be the first thing to get under control. You must decide what information you are willing to allow into the cloud. Set that privacy goal and create tasks that are going to move you towards your goal.

If anyone needs help with any of this please set up a a free consultation. I will help you determine how much and what you have to do to regain some privacy. I will quote you and if you want help I am more than happy to do what I can.

Please use one of 3 contact methods.

1. call 618-985-5455 and leave a message.
2. Use the website appointments page to create an appointment.
3. Use the website contact form to leave your information for a call back.

Thank you for reading.

Patrick.

Another frightening example of this is that some or all of the above has even been leveraged to enforce the social standards that are challenging your personal liberties. The airport in Spokane Washington is now using LIDAR monitoring in combination with AI and facial recognition (accurate with a mask) to monitor and enforce social distancing at GATE 6. This is just the beginning. The privately held corporations that are members of this ROGUE technocracy with so much influence today are rolling out 5g to connect AI to all technology IOT and gain more control over your life right now. Facebook, Alexa, Cortana, Google are AI platforms that are already all around us in our phones, computers, smart devices, and cars. These run out of the cloud (internet). They store, access, and leverage your activity for marketing purposes (creepy) and they probably do much more with that information.

Why do we care if someone is looking at your personal information, activity, photos, personal travels, or current GPS location? Some say, its fine I have nothing to hide. I say privacy is a God given right. We have been tricked into becoming so relaxed with that in the name of convenience and ease of use benefits.

What if you have an issue with the knowledge that everything you do is recorded in the cloud? Can we enhance our privacy a little? Well. Yes. I have but I can tell you this is no easy task. If you are using Facebook, twitter, or other social platforms you are most likely addicted to them. There is a need to express yourself that seems healthy. That would be the first thing to get under control. You must decide what information you are willing to allow into the cloud. Set that privacy goal and create tasks that are going to move you towards your goal.

If anyone needs help with any of this please set up a a free consultation. I will help you determine how much and what you have to do to regain some privacy. I will quote you and if you want help I am more than happy to do what I can.

Please use one of 3 contact methods.

1. call 618-985-5455 and leave a message.
2. Use the website appointments page to create an appointment.
3. Use the website contact form to leave your information for a call back.

Thank you for reading.

Patrick.

Windows 10 Build 2004 – My Take – Not good!

Windows 10 a great platform that is designed to push marketing to the user of the operating system. If you are into cloud applications for your files, email, calendar, contacts and other things you will find it is built in. These options are nearly impossible to avoid. EG. I can use automated tools to clean a traditional installation turning off privacy features and removing bloat that just records everything you do to the cloud. The process start to finish takes me about 40 minutes per system.

Privacy is mentioned all throughout your experience in the form of legal EULA’s. They are long and hefty written in legal form which is very hard to sit and read. Cloud providers seem to want to own or have rights to everything that you would put on their servers. There is a line that should not be crossed. I am bothered by the possibility that they do look at everything we post. Recently with YouTube for instance, people are having their posts moderated and their channels removed. Doesn’t that re-classify YouTube as a publicist. As such how is their legal standing now?? Is Face Book or Twitter in any better shape? I do not think so.

I have decided not to be so trusting. I performed a test recently to see how to backup cloud content and recover it from Google, Microsoft, Amazon, and Facebook. In all cases the backup archives I received from each source were selectively encrypt-able. As an administrator I am aware that privacy controls may not actually be in place to prevent Social Platform Administrators and their workers from accessing the data. The select-ability of encryption is a small but clear indication. Most systems are designed for users by designers and they enable administration of all things for administrators. I believe that If I can have the option to encrypt or not to encrypt an archive of my data so does a system administrator.

Technical issues still abound. The upgrade of window 10 to build 2004 has caused problems with ESENT (Jet Blue), a database that supports many of the internal components of Windows. Things like updates, file indexing, and some of the GUI controls. When it fails event ID 64, among others, appears in the system logs. The system will run slower and oddly all sounds will be choppy and of bad quality. Microsoft has not provided a patch. The only answer is to use the onboard repair options to see if any of them work. System File Checker, Deployment Image Servicing and Management, System Restore, previous OS rollback, and System Reset. A final option is using a third party software to backup your files, email, programs and windows settings for easy recovery later onto a clean installation. Ease US Todo was first presented to us when we were all moving from windows 7 to windows 10. It actually does a great job migrating the programs that you installed long ago. Sometimes it is hard to come up with the software and or its licensing after such a long period of time.

Conclusion: What I like about Windows 10 build 2004 is the convenience and usability that windows 10 brings. It is a masterful work. I do not like the forced marketing (it takes time to turn that all off), privacy issues (related to cloud hosted applications and data stores), and the buggy nature that is and always will be at the top of my mind every-time I see or hear the word “MICROSOFT”.

Upgraded

Well. Not a lot looks different here. But on the back end of things we have a new operating system, and current versions of IIS 10, sql, mysql, perl, and PHP.

Chip Technology, Cellphone Payment Tech and not getting Hacked.

Chip technology is a passive circuit in a card. It waits to be energized by a signal generated by the pinpad or payment device. Similarly this technology applies with the tap and pay. When the circuit is energized it transmits a response with all of your payment information. Criminal hackers will roam around carrying equipment that energizes and retrieves the payment responses into their databases or record files. Then they can duplicate your chip. So get a wallet or purse or pouch that provides radio frequency and electromagnetic shielding to prevent both the energizing of the chip and the transmission of your information.

Keep in mind, these attacks must take place in very closes proximity.

Also it may be a good idea to put your phone in a similar container. While its in there you may not receive data, texts, however you also will not be susceptible to any sort of attack or reconnoitering.

GPS is also affected. A simple lining of tinfoil does the trick if you do not feel like spending a lot of money. But its not ideal. I recommend looking for an affordable option.

Changes in 2020

I moved my private office to Marion. I am enjoying the new space. Marion appears to have more reliable internet, water, power, roads and is right by the interstate.

Already it has been a busy year with a HP aio, wiring job at a school, and a few smaller calls for printers and of upgrades.

We are here to help whenever you need it.

Foreign Ransomware Attacks

This year has been big. The attackers are gaining access email accounts and collecting information on what you prefer to look at, purchase, and do. They are not stealing credit card information. Instead, they get a very good idea about who you are, who you email, and what about. Then they deliver a message that is very realistic to trick you into installing their cryptography software. They also send mail out to all of your contacts to begin the process with them.

Way back in 2012 I mentioned this behavior and it falls into a category called social engineering. If you watch the news you will hear mention of several cyber attacks that originate from outside the us.

These attacks are being waged against corporations that have the money to pay the ransom. It is big. Companies end up paying in bitcoin. Normally decryption software is delivered if the demands are met. Would it not be easier however to educate yourself and your employees to prevent such an attack?

Technology is Beautiful

 

Albert Einstein: “Computers are incredibly fast, accurate, and stupid. Human beings are incredibly slow, inaccurate, and brilliant. Together they are powerful beyond imagination. ”

See it from my point of view.  Who can’t love something like this?  Love what you do, never work a day in your life.

Mobile Vs. Reactive

I decided to go ahead and change the website template again. Recently I mentioned that I added a mobile interface. That was not a lot of work and it was just an adjustment to keep the site functioning.  People are doing way more on their phones these days. I wanted the main website to work without having to send mobile users to a special page of their own. Reactive is the property of a web page that allows it to re-organize itself on the fly to fit a different screen size. I purchased a template that I liked which had this property and several other features that I found intriguing. I have been busy converting the site into this new template for the last few weeks.

This may seem simple. Copy and paste. I assure you that it is not since my website is tied to a database I designed in 2003. At that time I had the entire site coded in ASP and was running a simple access database. Currently it has been re-coded for the Microsoft .NET Razor engine. It is still backward compatible with ASP. One of my goals is to allow my customer base to be able to log in and manage their accounts. I have the framework all set for that. I just have not enabled them to access their records yet.

The other interesting thing about my website is this blog. Built upon WordPress it is using PHP and a MYSQL database. The challenge here was to display both CSHTML and PHP content using the same template. I started Friday evening and completed the conversion Saturday morning.  I had to develop my own WordPress template.  It was my first.  It is a little rough.  But I am happy to say it appears to be doing fine.

I still have have small amounts of tidying up to do before I make the landing pages display the new template.  Some of the “Copy” is needing TLC.  I am not sure I am entirely happy with the new index page either. When it goes to a mobile phone view the content under the headings simply dissapears.  I have considered creating child pages from the headers but then I am opening a can of worms because I have to then build content pages for each heading. Again, for whatever reason, simple clear writing is not my strong suit. I get to wordy and technical for the average person. So I need a translator to make it easier to read basically. Reading all of this you probably understand now.

I do plan on selling products on line and soon. However, I think I will sell to people who are willing to pay with pay-pal or in person with cash or check. My issue is that Payment Card Industry requires an annual audit of pci compliancy.  I remember getting fined because I simply was late. I realize the importance of PCI complaince but it seemed out of my price range then and now. The audit has a fee of $150 or more depending on your situation. Additionally, processing cards from the site directly requires a payment gateway.  They cost roughly $50 / month plus a percentage of sales.

Secure your technology.

Staying on top of security is not good enough these days. Phishing, deceptive online marketing, and social engineering attacks are on the rise. Protect yourselves. Keep all of your devices patched and current, make sure you have antivirus and verify that it is updating. Get a backup routine in place. Review your social network account(s) privacy settings. Run your systems from limited permission accounts. If you would like help please call 618 985-5455 or visit our contact page. We can work remotely and we work all around Southern Illinois. Midnight Tech is here for you. We are helping improve things for our customers every day. Let us help you too.

Website Modification Made – Is your site mobile ready?

I spent about 2 hours and easily made my site mobile compliant. A little tweaking is still needed on the menu for the mobile site. I want to spend some time and make that more reactive. This is another big win. I learned that google is now basing some of its search rankings based upon your websites mobile readiness and optimization. If you are unsure about your site give me a call. I would love to help you with your websites if you need it.

Is your Mail Server Still Getting Spam?

[SMTP Error] 554 5.7.1 Blocked IP-Country XX (YYYYY UNICOM ZZZZZZZ) .

Previously I picked on one area of the world and decided to retract this because in all reality, spam comes from everywhere including inside the US. It’s like mold or cancer. It moves around and spreads. But now there is a cure.

I am not receiving any more spam, thank goodness! “They” are still trying to send it. Everyone has an Idea about what spam is. I had a look at the items being blocked and found that 95% of mail that is sent toward our mail server was an attempt to deliver malicious content intended to compromise our systems. Each peice of spam is an attempts to plant malware. Despite all of this it appears that the only mail I receive now is valid mail originating from inside the U.S.

This is one of those moments when you have accomplished something huge that no one else really knows or wants to know about. It also means that if I can prevent 95% of truly malicious spam from reaching the servers here, I can accomplish it for your business as well. That is a huge win because I like helping out!

I have been running mail servers since 2003 when we opened this business. I have administered mail servers for several organizations along the way but I always come back to my own server with a sense of pride. I have the cost way down on the spam filtration. It costs nothing to maintain once it is in place as it does not use any third party service that charges. No office365 or google office accounts. No spamassasin or other spam filtration services. To clarify, there are a huge groups of individuals that actually donate their efforts to identify catalog and block spam from servers that should not have sent it. I do hope I can use my knowledge at some point to lower your mail service costs, reduce your spam intake, and further secure your Information Technology Infrastructure. Businesses are busy enough. Information overload is a common problem for people running businesses everywhere.  Why not isolate all of that to non spam items. Having a clearer view of your inbox is a great way to start.

 

God Bless You – Happy Holidays

I am wishing everyone a happy healthy holiday season from my family to yours. God bless you, Buh ti žehnej, Gud velsign dig, God zegen u, Jumala siunaa, Dieu vous bénit, Gott segnen sie, Allah ya sa muku albarka, Isten áldjon, Dio la benedice, Gud velsign deg, Bóg blogoslawil pan, O deus abençoa, Dumnezeu sa va binecuvinteze, Dios le, bendice, Neka vas bog blagoslovi, Gud välsigna dig, Berhudar.

Happy Holidays! Below is a nice picture of a manger construction that I really like and music to match.  Enjoy!

Patirick

Joy To The World (link)

Vintage manger from TJ’s youth

Save money at the office and at home on technology expenses

I believe everyone would prefer to save their money if at all possible. Rent based services and products are not smart investments. Examples I can think of are Office 365, web hosting, password vaults, antivirus, virtual fax systems, accounting systems… The list goes on. Over time your expense continues to increase.  If at all possible steer clear of rent.  

  1. Buy office or convert over to open office. It is free and very similar.  Most of your existing documents still work.  With small touches your doc is the way you had it before.  

  2. Talk to your ISP and get a static ip. Then self host your website.

  3. Trend, Comodo and panda all have free antivirus products.  Also keep in mind windows 10 is already protected with windows defender out of the box.

  4. Fax is necessary?  If not get rid of it.

  5. Lots of accounting cloud services are out there these days.  That is a business decision.  For the home buy the software and run it on a computer that has backups.

These seem like common sense ideas.  Those $30/month fees add up over time and multiply per user. Are you really running efficiently?  I hope this helped.


I save people money with the technical service I provide.

  1. I stand behind every hour of labor charged.  If there was an issue because of a mistake or your original issue was not addressed completely the labor warranty goes into effect.  It provides you the labor to work on the problem free up to the hours you have paid for during the last month.  

  2. I do not charge for failure to deliver.

  3. I charge less and will do on site repairs, pickups and deliveries. If you are located over 30 miles from my starting location there is a small $0.55 / mile fee.

  4. No bench fee.  I do not charge to look at your system.  I will evaluate it for free and try to convince you to allow me to help. There is no charge if you just take it back.


I want to be the one to help you next time you have a technology question.  Please set up an appointment with me.


1. Leave a message at: 618 985-5455
2. Send an email to patrick_barnes@midnighttech.com
3. Use the contact form at http://www.midnighttech.com.


Please suggest times after 5pm during the week or anytime during weekends and specify your meeting location.  I will add you to my calendar. Then confirm with you that the appointment is good.


I hope this post finds you in a good place.  I look forward to helping and hope to hear from you soon.

Patrick

Screen Repairs on all mobile devices, laptops, tablets, and touch screens.

Did you drop your device and break the screen? We will fix that for you charging only the cost for components and 1 hour of labor. Most phones cost over $400 when you buy them new. Some used are easily close to that figure. The repairs can be done for between $100 – $250 depending on your device because. The price is affected only by the screen components. If you don’t have a warranty please contact us, even if you are not local to southern Illinois. Email us: sales@midnighttech.com. Tell us what device you have, send a picture, and we will get you a firm repair price. If you will be mailing it please include the city and state where you are sending it from so we may estimate the return shipping charges.

Upgrades

We have successfully moved to server 2016 and migrated our website and blog. There are more posts to come.  The mass of silence was due to a busy year and lots of changes. We look forward to a very active 2016. Your questions and comments are requested.

A year in review

I have maintained a lot of business this year all in the face of new and abounding opportunities for growth. It has been busy and exciting. For those of you I did help maybe I will hear back in a few years? It seems odd to say that. I have noticed that I don’t hear from people I help for quite a while. I used to worry about it. Later someone told me not to. They said, “The work held up and that’s all that matters.”

I believe that hard work will pay off. I feel that if I work smart, work hard, and put the customer first someone is going to notice. Things here are done right every time. I absolutely want people to post to the customer reviews section. If you are a previous customer and you do leave a customer review I will take $25 off your next purchase of $65 or more. Happy holidays in advance. Have a good year to come!

Patrick

Permanent Mail Rejection List for 5/12

All spam comes from some where.  If you have access to the servers logs you can identify exactly where. If you do not I can set you up so that you do.  The phrase, “Knowing is half the battle”, rings true here.

Of the many subnets below 3 are from the US.  I can get more into US business spam – which isn’t “opposed” by the spam-can act.  Regardless – it is unsolicited and I feel no shame in sharing the information with the public.

The below networks are very broad. But I can assure you blocking mail from them will only help your situation. If you would like details on each network and why let me know.

75.102.0.0/255.255.192.0
72.30.0.0/255.255.0.0
111.93.0.0/255.255.0.0
114.200.0.0/255.248.0.0
117.192.0.0/255.192.0.0
122.136.0.0/255.248.0.0
189.192.0.0/255.248.0.0
58.148.0.0/255.252.0.0
59.0.0.0/255.224.0.0
64.12.0.0/255.255.0.0
77.54.0.0/255.255.0.0

Administrators View of Spam

The actual definition of spam (electronic) by wikipedia:

“Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam. It is named for Spam, a luncheon meat, by way of a Monty Python sketch in which Spam is included in almost every dish.

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. In the year 2011, the estimated figure for spam messages is around seven trillion. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming has been the subject of legislation in many jurisdictions.[1]

My definition is:

Email messages sent as marketing from a company (real or not) that you did not authorize to market to you. The personal messages from people you don’t know are also spam. Most of these are attempts at Phishing. Phishing is any approach used to trick or coerce a person into giving up information they normally would not.  Most times it is personal in nature – a password, ssn, address or something similar.

Required for outgoing mail service:

1. Mail server is domain registered to a static IP address.
2. There is a valid reverse dns record (at the isp) for the mail server.
3. MX records point to your mail server.
4. SPF record you create athorizes your mail server to send mail.
5. Your server is configured to dissallow open relay attacks.
6. Server is not listed on any Block List Provider Services.

Email Marketing Rules.

1. Mail should include a method for users to remove themselves from your mail list and it needs to work.

Does your orgainzation still get a ton of spam?

Mail administrators should consider using SPF in addition to reverse dns lookups and other ip validations. Also employ mail delaying for new “conversations” into your organization. Configure the server to reference block list providers such as cbl.abuseat.org or dnsbl.njabl.org. spammonkey.com has very fast turn around and can identify the type of internet service for the originating IP address.  If it is not a true static set up properly then the mail will be rejected if you use their RBL list.  There are many others. Purchase mail server enabled anti-spam software such as trend micro messaging security. It directs otherwise un-blocked Greyware to the users junk folders cutting down on your work trying to find blocked mail that should have come in. Greyware is spam originates from a mail server that appears to meet all of the requirements for a valid outgoing mail server. However, the messages you recieve are unsolicited. Which ever solution you choose make sure of the following.

  • There is temporary storage of blocked mail.
  • It is possible to create reports on blocked messages.
  • It provides message recovery options for blocked mail.
  • White Lists for keywords, domains, email addresses and IP locations to guarantee delivery from known locations (with badly configured mail services!).
  • Black Lists for keywords, domains, email addresses and IP locations to filter out previously seen examples of spam.

So you ask – how the heck did they get my email address.  I never shared it…  Some hackers actually poll the mail server via telnet with hidden commands to the mail sevice. If you have a lot of unsecured mail traffic going to your server they could packet sniff you without too much effort.

Have a look at the image below.  This is grey ware.  The sending server of this spam passes spf, and appears to be valid.  My user tried to unsubscribe but it still keeps coming in.  So I have looked up the ip and found it inside the US.

My options are to block the IP (prefereably at my servers firewall), filter the keywords in the subject, and add the domain to a black list.

I like to go one step further. If I see that the mail originated outside the country I use subnet blocking which blocks that entire network. I prefer to do this using the CIDR notation. Subnet blocking covers millions of addresses all in one shot. This network is stateside so I did not block it.

What about webmail (gmail or hotmail)?

From a  personal standpoint, say with gmail or windows live, use strict mail filtering allowing only mail from your contact list to email you. Then monitor the junk folder for everything else. Skim the junk folder for important items. If you find something move it to the inbox and add the sender to your contact list. When your done empty the junk folder.

If you are tech savvy use an anti-spam proxy to go between your mail client and your mail provider. You configure your mail provider to allow pop and smtp mail access.  Then you configure the proxy to check the mail for you. Finally set your mail client to check the proxy. Let it do the work. If a bad peice comes through you send it back to the proxy “spam” address to report the situation. It takes care of that problem. If a good email gets blocked you might look at the reports and recover it. Then reclassify the message to the white list.

With spam there is no magic cure. You can spend thousands on spam prevention. But dont.  Be smart and vigillant.

Midnightech.

Spoof from USPS

Spam is a huge issue these days and is fully intended to either plant a virus on your computer to get information (personal and financial) or to get you to click a link (known as phishing) to get your information. Here is a text example of such an email that was just reported to me.  I removed the links for your safety.  In the body of the message the spammer was asking the recipient to log in. That was the trap. It actually lead to a different website that looks a lot like the usps. The website had a malicious script that loaded spyware into the browser and it had a form for the user to log in with their current paypal credentials. That form was designed to fail and redirect to a reset password page.  There the user would be asked for more information to “verify their identity”.

I see these attacks all the time. Just letting you know its not a great idea to believe everything you get in your email.  Today I received a similar one from Paypal.com.  Instead I opened a browser – and logged directly into paypal.com.  I got them on the phone to verify the security of my account and review recent transactions.  Then I sent them the mail server logs and message for the spoof email I received by forwarding that message to spoof@paypal.com where they will research the attack further.

Have a great day!

Midnightech

————————— Body of Spoof mail with phishing links —————-

Subject: USPS postage invoice.

Acct #: 9641389

Dear client:

This is an email confirmation for your order of 5 online shipping label(s) with postage. Your credit card will be charged the following amount:

Transaction Number: #1225992
Print Date/Time: 03/11/2012 02:30 PM CST Postage Amount: $20.06 Credit Card Number: XXXX XXXX XXXX XXXX

Priority Mail Regional Rate Box B # 6256 7825 6297 3496 7698 (Sequence Number 1 of 1)

For further information, please log on to www.usps.com/clicknshipand go to your Shipping Historyor visit our Frequently Asked Questions.

You can refund your unused postage labels up to 10 days after the issue date by logging on to your Click-N-Ship Account.

Thank you for choosing the United States Postal Service

Click-N-Ship: The Online Shipping Solution

Click-N-Ship has just made on line shipping with the USPS even better.

New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

* * * * * * * *

This is an automatically generated message. Please do not respond

 

The Human Threat? Social Engineering

Kevin Mitnick  wrote the book, Ghost In the Wires. I purchased it in audio format and recently finished listening to it. He was very good at Social Engineering but ended up in prison for it. In his book he tells about how he used social engineering to hack telephone companies switchboards  and other systems to get what he was after. Social engineering is a tool used by hackers and others to get something from you that you would not normally give. It is a really dangerous tool when someone very skilled uses it. Even scarier, a majority of people would never suspect it. They just roll over and give up whatever information or thing is asked of them. This article explains the concept of social engineering and how it is being used to steal identities – and so much more. To be able to protect yourself or your business from the social engineering approach you first need to understand it. This article does a really great job.

Spiceworks on Social Engineering

Hacks

So I found a few comment entries on the blog being posted over the last few days that were spam. Go Figure. It appears that someone with international leverage of resources had found a way to get past the CAPTCHA and decided to pick on my server. So I have blocked those country subnets from the web services security control panel and updated the CAPTCHA plugin. That should do the trick. Unfortunately my action has limited some international users from being able to view this site.

My story, SELF DEFENSE!

A couple new features

I was looking around and decided to add a share link and a voting link.  I am trying to get more traffic so please comment on everything.  Don’t be forgiving.  Just put it out there.  If it creates an issue I will “adjust” the comment …  like this … but, I will be sure to leave just enough so you can get an idea what was edited.

Midnight Tech

Slow Credit Card Processing Problem Back!

Wednesday at 6PM the store owner called me to to report that credit cards were taking 2 minutes to process again.  I went over to verify that and look things over for an easy solution.  Just as before nothing on site is to blame.

This time around I am going to get the store a new merchant account with a different company – who uses a different network.  The new network is compatible with the POS being employed at the store and does not require a 3rd party solution for the interface.  This puts me in that proprietary situation I mentioned in the last post I did regarding POS Credit Cards. However, after speaking with the sales staff I was re-assured that the deal would be geared toward matching a rate we currently have.

I have already informed all parties having a relationship with the current credit card system what the plan is.

The store owner said that he fears a year from now that they will just raise the rates. He also wants to correct the problem quickly and wondered if we could try something else with the current provider. I explained that I have exhausted all possibilities with the current credit card processor.  I have asked them for a different solution.  They have informed me there are no other solutions that they have.  I said the wise thing is to move to a different credit card processor.  He agreed but, he wanted me to verify that the sales for the last two days settled.  I checked and they had.  So today I will be negotiating with another credit card processing company to get the same deal or something better.  That will be hard to do because the current rates they have are very very good.

Midnight Tech