What I’m doing to protect myself after the Target data breach

As you’ve probably heard, Target had a bad month. Between the days of 27 November and 15 December, about 40 million credit card numbers were stolen, making it one of the biggest breaches of its kind in history. As far as we know, the card number and security code were stolen, but debit-card PINs and addresses were not.

Target says they have contained the breach and are cooperating with credit card companies and authorities. Cringely has some analysis, but it has more for people like me to think about how we do things at work than it does for consumers.

And, well, as luck would have it, I shopped a lot at Target between the days in question. And I used both my credit and debit card during that time. Here’s what I’m doing, some of which may be counter-intuitive.

Read more

My Zinio adventures

My Classic Toy Trains subscription lapsed. I decided I wanted to subscribe to the digital edition and see if I liked the paper reduction enough to live with the DRM restrictions. I can always switch back to paper next year, right?

So I went to Zinio.com and tried to subscribe, and had nothing but problems getting them to take my money.

Read more

Workable two-factor authentication

I’m several months late to this party, but I just saw Marcel’s post on Google’s two-factor authentication with a smartphone.

He’s right. It works until someone steals your phone. Once someone steals your phone, you’re in a world of hurt. It’s just a compromise, until we find a way to do two-factor authentication the right way.

The right way is with a smartcard, issued by some sort of central authority. Read more

Why I’m not selling anything on Ebay these days

This story is why I’m concerned about selling on Ebay these days. The subject of the story sold a coin for $470 and shipped it via UPS, insured. The buyer claimed he received an empty envelope, filed a claim with Paypal, received a refund, then refused to cooperate with the seller, so the seller couldn’t file an insurance claim.

The seller believes the buyer is refusing to cooperate because he’s lying. But UPS can’t investigate since the buyer won’t even pick up the phone, and Ebay isn’t interested in helping him.
Read more

Time for some unexpected updates

Due to the Dutch certificate authority Diginotar being compromised, Mozilla released Firefox 6.0.2 and Microsoft released security advisory 2607712 in order to prevent those compromised SSL certificates–in layperson terms, a file that permits web servers to use https for security–from being used.

Without this step, someone could use a compromised certificate to set up a fake web site masquerading as some other web site you trust and using it for fraud.
Read more

Was California Republican Tony Krvaric Strider of Fairlight?

A story today about the possibility that a prominent California Republican, Tony Krvaric, was once a co-founder of the Commodore 64 warez group Fairlight caused an uproar on Slashdot today. The claim said Krvaric went by the handle of Strider.

Reading it brought back some memories.

Read more

What to do when you\’ve been ripped off in a buy/sell forum

I’ve spent the last week chasing a scammer, because I’m a sucker for a good story. I have that story, but I’m not happy with it.

In the meantime, there’s definitely a need for a procedure to follow if you make a deal on a forum or bulletin board and never receive the promised merchandise.There are several things that you can and should do. The laws are slippery, and in the case of the scammer I’ve been watching, he seems to be pretty careful to keep his fraud under certain thresholds to stay in operation. So you need all the help you can get.

First, gather information. Find the address where you sent your item or payment. Have descriptions of the item(s) you sent and the item(s) you expected to receive, along with fair market value. If you have Paypal receipts or anything like that, print those out. If you have addresses, phone numbers, or any other information, get that too. Finally, if you have an address or phone number, do a Google search to find your trading partner’s local police department.

If your trading partner has ripped off other people and other people are complaining about it, take evidence of this along.

Take all of that information to your local police department and ask to file a complaint. The procedure varies from department to department. An officer might interview you, or there might be a form you can fill out. Whatever it is, be nice and cooperate with them. These guys are on your side, but the more pleasant you are to work with, the more likely they’re going to be to be willing to go the extra mile for you.

Ask if they’ll contact your trading partner’s local police department, or if you need to do that. If you need to do it, call the other police department and give them all the information they ask for. Most likely, your local police department will make contact because they’ll need to work together.

Next, get the feds involved. Some of these guys get away with what they do because their scams involve small amounts of money. But if you mailed your package or payment through the U.S. Postal Service and the person scammed you, now the person is also guilty of mail fraud, which can make a minor crime more serious.

You can report mail fraud by filling out a USPS form online. The process is simple and only takes a few minutes.

Take the time to do this, because there is one scammer out there who’s been getting away with fraud for at least four years, primarily because he seems to be careful to keep the value each transaction low enough. So you need all the extra help you can get.

I don’t know why five $200 ripoffs don’t equal one $1,000 ripoff. That’s a question for the police.

Finally, contact the FBI Internet Crime Complaint Center. This may or may not help you, but it will help other victims.

Of course you should also contact the administrators of the forum where the deal took place, but all they can do is ban the account. The scammer probably doesn’t care; he’ll be on another forum next week under a different name anyway.

It seems like part of the reason people are able to get away with these schemes is because discussions about them quickly degenerate into flamewars, sometimes with the scammer himself doing everything he can to fan the flames. Then the moderators close the thread or delete it, and then no constructive dialog can take place. Then the scammer just moves on to another forum, where he has no history and is free to do it again.

Talking about it is fine. The problem is, the topic of contacting the authorities usually comes up too late in the discussion, so a lot of people don’t think about it. If they think about it, they might not know where to start.

If you’ve been scammed, please contact law enforcement. The authorities may or may not be able to help you get your stuff back, but if enough people act, they can put a scammer out of business, so other people don’t fall victim to the same scheme you did.

Permission is granted to copy the contents of this post, either in part or in full, to bulletin boards, forums, and personal web sites as long as you provide a link either to https://dfarq.homeip.net/article/20070720124023117 or, if you prefer, to https://dfarq.homeip.net.

Myspace and blogging isn’t inherently bad

I see some schools are blocking access to Myspace and other blogging tools. The blogosphere, some people seem to believe, is just a bunch of people looking to exploit teenaged girls.

Sure, blogs can be dangerous. So can cars and jobs. I think the Myspace phenomenon exposes weaknesses in upbringing more than anything else.Blogs have only been around for about 9 years so there haven’t been a lot of sociological studies of them–especially since blogging has only been hot for the last couple of years. But there are precedents.

I was very active in a lot of online communities as a teenager. Teens like me were a minority, but there were enough of us. I’m still friends with a couple of people I met online back in those days.

And I’ll tell you something straight up: I ran into a lot of women who were older than me. A lot of, um, lonely women who were older than me. A lot of them had the wrong idea about my age. One asked me where I went to college. But you see, I hadn’t gone yet, because I was only 14.

And in case you’re wondering, it didn’t go any further than that. I’d been taught right from wrong, and I carried myself that way, both online and in person, so the topic never came up.

There were other dark sides of this online world. Software piracy was usually the gateway. And yeah, I’ll admit I downloaded some software that I didn’t pay for. Mostly I stuck to things that were no longer commercially available. And without Amazon.com and Ebay, it was difficult to buy out-of-print stuff. So I wouldn’t have been able to buy the majority of it even if I’d wanted to. That didn’t make it legal, but to my teenaged mind, it sounded moral enough.

Of course most people were interested in the new stuff. And that could lead down a slippery slope. St. Louis wasn’t exactly a hotbed for the latest new releases, so to get the zero-day warez, you had to call long distance. But remember, most of us weren’t 16 yet, so we didn’t have jobs and we didn’t have a lot of money. So I knew an awful lot of people who got into phone fraud. And it often got worse from there. Phone fraud led to credit card fraud, and I heard stories of people who got caught, slapped with the huge bills they’d run up, and turned to dealing drugs to make the money to pay it back.

All so they could be the first one in St. Louis to have the Commodore 64 version of Grover’s Magic Numbers. Yes, there were people who risked all of that to have something that lame-sounding. And no, it didn’t sound any cooler then, but people did it.

I talked with a number of people who were caught up in that. There was a guy in Chicago who called me on a pretty regular basis for a little while. No, he didn’t dial 1-314, if you know what I mean. One day he quit calling, and not long after that, I heard the Feds caught up with him. There was a rumor that he ran away to Colorado after he got out of juvenile detention. Whatever the case, I never heard from him again.

But I never made any fraudulent long-distance calls. I had a 3.6 grade-point average, was in National Honors Society, and I was in Who’s Who Among American High School Students all four years. And I sold my first magazine article before I got my driver’s license. I wasn’t going to throw all that away just so I could make long-distance phone calls on someone else’s dime.

So why was I having anything to do with those people? Simple. We talked programming. Nothing I learned from those guys is remotely useful to me today, but it was interesting then. Sure, those guys made a lot of mistakes, and yeah, they sure did break a lot of laws, but they weren’t entirely bad.

I’m sure if my parents had known everything that was going on, they’d have gotten rid of the modem or at least severely limited what I could do with it. But they couldn’t stand over my shoulder all the time.

And besides, there wasn’t any need to worry. They’d taught me right from wrong, and what I had to lose if I stepped too far out of bounds. Sure I pushed the limits, but that’s being a teenager for you. Come to think of it, I still push the limits sometimes now, even at 31.

The primitive online communities that existed in the late 1980s and early 1990s were social communities. The only difference between that and the mall was distance. The computer took away the geographical boundaries. In that regard they’re the same as Myspace and other online communities today.

There’s potential for problems today, just like there was 17 years ago. But looking back now, there’s no question why I went online back then. It helped me deal with being a teenager. I could talk with other teenagers who were like me–there were only one or two others like me at my school, and one of them was a major-league jerk. And I could get advice from adults who were further removed from the situation and could give me advice without conflicts of interest. Whether the struggle of the day involved a soldering iron or a girl, I knew at least one person who knew the answer.

I can think of lots of things I’d change if I could go back, but that isn’t among them. So I don’t believe isolating kids today from online communities solves anything. Kids will be kids. Hopefully they know right from wrong and what they can lose if they choose wrong.

Blocking those who would choose wrong doesn’t solve a lot. They’ll find another way to choose wrong.

Denying an important resource to those who would choose right is a greater loss. It’s much easier to find another way to choose wrong than it is to find another way to get wise counsel.

Bounty-hunting spammers

I missed posting a reference to the FTC bounty on spammers this week.

The FTC says a bounty is about the only thing that will work. In other news, the Pope is still Catholic.You can make spam illegal all you want, but the problem is tracking the people down. They’ve had years to practice concealing their origins. If you and I can’t track them down, then chances are law enforcement can’t track them down all that easily either.

Without inside information, you won’t track them down, at least not without going 1984 on everybody. And if there’s one thing that makes people scream louder than spam, it’s encroaching on their rights, whether those rights are perceived or real.

But the people with inside information don’t have much incentive to turn spammers in.

The question is where the funding comes from. Hopefully the fines levied against the lawbreakers will be enough to pay the whistleblowers. To me, it’s a very legitimate use of the money.

Of course, the direct marketing people are screaming and hollering that too much power is going to anti-spam groups. They would have less problem if they had taken a strong stand against spam in the first place.

I don’t think they’ll get much sympathy. At least I hope not. A few local business owners made headlines when they ignored Missouri’s Don’t-Call list and then were sued out of business. I didn’t have any sympathy for them. They knew the law was coming and what they had to do in order to comply. Besides, if I need my windshield fixed, do you think I’m going to wait for a telemarketer to call me in the middle of dinner?

Additionally, many of these spammers are breaking other laws as well. Since when is it legal to sell me Valium without a prescription? And if bigoea@yahoo.com is a licensed pharmacist, why is he resorting to spamming people at random to get customers? If you know of a pharmacy that’s hurting for business, I’d sure like to know about it because I’ll go there and so will everyone else I know who’s tired of waiting 30 minutes to get a prescription.

More than likely, the person hiding behind theat Yahoo address is either misrepresenting what he’s selling (fraud) or selling prescription drugs without a license (drug trafficking), and he may very well be guilty of breaking numerous other laws and needs to be put away anyway.

Tell me again why direct marketers haven’t done everything they possibly can to distance themselves from these people?

Giving the insider who turns the spammer in enough money to take a year (or five, depending on lifestyle) off work seems the best way to eliminate some of these lowlives who continue to clog our inboxes and our Internet connections.

Dave goes to the doctor

After spending the weekend in bed… wait, that sounds bad. After spending the weekend burning up and feeling like my tonsils were on fire… wait, that’s not much better. After spending the weekend sick, I called my doctor.
Actually, my girlfriend made me do it. From me describing the symptoms, she thought I probably had strep throat. Since she’s had it three times and since I would like to see her again sometime in the near future, I made the call this morning. He had an opening at three o’clock. I said I’d take it. I popped a couple of ibuprofen and crawled back into bed.

At 2:15, I ventured out into the bad, bad world. Let me clarify: Right now, anything that isn’t my bedroom or my bathroom qualifies as the bad, bad world. I went out Sunday for some sickie necessities and that was a big mistake. Not that it’s the worst thing that ever happened to me. I can think of worse things that have happened to me. Getting my wisdom teeth taken out wasn’t one of them, however. I stopped off at the ATM to get some fast cash, which I hoped would cover my copay and my script. Then I headed for the doctor’s office, which thanks to the usual spectacular driving on Telegraph Road, took me the better part of half an hour. The doctor’s office is less than five miles away.

Apparently I hadn’t been there since 1999. Or that was the last time I filled out any paperwork, at least. I was pretty sure I’d been in more recently than that. But I wasn’t in any mood to argue. I wasn’t in much mood to fill out forms either, but that doesn’t have anything to do with being sick. I remember one time, early in college, when I had to fill out a questionaire. One of the entries asked us about our favorite activities. I wrote down, “filling out forms.” (Those who know me well know that I’m never, ever sarcastic. Never. Nunca jamas. I don’t even know the meaning of the word, or I wouldn’t if it hadn’t been a dictionary.com word of the day.)

So I filled out the form, including questions about my insurance coverage I had no way of knowing. Some of it was on my insurance card. I guessed about the rest. The time that passed between me filling it out and handing it in would be ample time for it all to change anyway. For all I knew, Aetna wouldn’t be my insurance provider five minutes later. For all I know, it hasn’t been since 2001 and I’ll be getting a really nice phone call in the morning.

But the form satisfied everyone enough that I got to go in to see my doctor. If I committed fraud in the process, well, hopefully they still allow one phone call after they haul you off to jail. I’ll call Benefits and tell them to make sure the doctor gets paid. And I’ll politely ask someone to let my Pastor know I’m in jail. You know Lutherans. They take an offering every opportunity they get, so they’ll welcome an opportunity to take up a collection to bail me out. I hope. He’ll probably do it if I say I’m supposed to be an usher on Sunday.

They put me in a little room with a padded table, a sink, and a couple of chairs. There were certificates on the wall that said my doctor had been in the Army in the early 1980s and had studied at various military academies. There were a couple of expired AOA and AMA certifications. And nowhere was there any indication of where he’d gone to school. There are only two places for a doctor to go to school, of course: Kansas City and Kirksville.

The doctor came in and asked how I was feeling today. In that usual cheerful voice that people expect a terse “fine.” But I didn’t feel fine. I felt like I had a basketball in my throat and I wanted it out. So I told him my throat hurt. He asked how long my throat had hurt. I said since Saturday. He shined a light into my mouth and told me to say ah. After two minutes of trying to see what he needed to see, he gave up, got a tongue depresser, and shoved whatever had been blocking his view out of the way. I could tell you what he said he saw, but it’s gross. It also was something I could have told him if he’d just asked.

As he got out a long cotton swab, he consulted my records to get some basics on my life so he could ask the kinds of questions that made it sound like he knew me. His acting skills didn’t impress me. Then he took a culture. I didn’t quite cough up a lung while he was doing that, but I tried.

He told me there lots of diseases that can cause a throat to hurt. Then I got an 8th grade Biology lesson. He told me there were two basic types of organisms that can infect your throat. He paused for a really, really long time as he put the culture in its test gizmo and wrote stuff down on my chart. Then he continued: “What I was getting at is that your throat can be infected by bacteria, or it can be infected by viruses.” Then I figured out that he was in the process of explaining to me why he didn’t just automatically write me a prescription for penicillin. So I finished the paragraph for him: “But if it’s a virus there’s no point in giving me an antibiotic because an antibiotic can’t kill a virus.”

I’m pretty sure that 8th grade Biology was the last A that I ever got in a science class. Well, other than Computer Science 103 in college, but that doesn’t count. Even a dumb journalist can get an A in that class.

But yes, I remember my basic biology.

I tested negative for strep. The doctor asked how old I was. I said 28. I hadn’t figured out yet where he was going. He put his hands around my throat–something a lot of people have longed to do for a very long time–and looked for enlarged glands. Then he had me lay back and he felt around my abdomen. Then he checked my breathing.

Then he started telling me about a virus that can make your throat sore: Mononucleosis.

“Mono!?” I interrupted him. I know about mono. I know it’s the bane of college students everywhere. College students tend to get it and it tends to ruin their careers. I remember an uptight health teacher citing mono as a reason why people shouldn’t kiss. Probably the same health teacher who had both of his kids through artificial insemination. With his wife. He was the donor. Yes, he was a bit paranoid. And weird. But I’m getting off topic for about the 47th time today.

“Have you been around anyone lately who has mono?” he asked.

“Not that I know of,” I said. And that’s true. No, I still won’t tell you where I work, but it’s hard to imagine anyone there running around with mono. We’re talking a place where you’re not considered an adult until all of your kids have graduated college. Not to mention that some of those guys’ attitudes about women make me wonder how they ever would have had the opportunity to ever be exposed to mono, let alone the opportunity to have kids who would then grow to college age…

And as far as–ahem–extracurricular opportunities to be exposed to mono, I come up blank there too. I’m not exactly the kind of guy who kisses everything that walks upright and breathes oxygen.

“Well, you’re too old for mono to be very likely,” he said, snapping me back to the present reality. “So I’m going to give you penicillin. But I’m going to order blood work.”

And then I was off for another one of my all-time favorite activities–having blood drawn–but there wasn’t really anything interesting about that. I didn’t look, as usual, it hurt, as usual, and I didn’t know when it was over, as usual, and they put a piece of cotton the size of Texas on it afterward, as usual, held in place by an impossibly tiny band-aid, as usual. The only thing unusual about it was the band-aid had Bugs Bunny on it. Good thing I wasn’t going to work afterward. I’d get teased about that. Good thing only the Internet’s going to know about that.

Then my Bugs Bunny band-aid and I went off to get my penicillin, where I found out that my prescription card is no good. Great, another phone call… The pharmacist said penicillin is really cheap though, so he asked if he should just check the cash price. I said fine. Not having to wait until Tuesday to start my dosage was worth a few bucks to me. The price came up $9.53, Tax Man Carnahan Holden’s cut included. I’m pretty sure my copayment would have been 20 bucks. So not having a working insurance card worked to my advantage, to the tune of 10 bucks.

Then I went home. No light blinking on my answering machine. That’s good, at least if you ascribe to the theory that bad news travels fast, which I do. I popped my first penicillin, and started to wait the 8 hours until my next.

And I checked the usual symptoms of mono. The only ones I have–sore throat, achy joints, diminished appetite–can be symptoms of absolutely anything.

So we’ll see.