It's Fixed in the Next Release - Mundanity

Malware Injection: More Fun With Skype

nospam@example.com (Alan Langford) — Thu, 29 May 2008 13:43:15 -0500

Skype screen capture

This one probably isn't new, but it's worth noting. An associate recently got this bogus "security warning". Appropriately named "irony", the message warns the user that "Security Center has detected Malware" and directs the user to a site where they can download a patch. Click on the image for a full sized version.

The "patch" will install malware on the user's computer. At least they can't forge the link as belonging to Microsoft, but this could easily fool an unsuspecting user.

The Single Best Way to Bust a Telephone Scam

nospam@example.com (Alan Langford) — Thu, 24 Apr 2008 12:57:06 -0500

This is simple and effective. If you suspect that the company who is calling you is not legitimate, ask the caller for their web site address.

If the call is a fraud attempt, the "agent" probably won't be able to give it to you. One of these things will happen:

They won't "remember" it. For extra bonus fun, ask them if their sales manager knows it.
They'll give you a legitimate site that isn't theirs. Ask them to hold on while you pop it up. If that doesn't make them hang up, ask them where the information relating to their offer is. They might tell you it's an exclusive offer that's not available on the web, but if the site has nothing that seems to be related to the offer, it's a big warning that they're not telling the truth.
They'll give you a fake site that is theirs. This would be pretty stupid on their part, since it would provide the authorities with a path back to them. Do a search on the site to see what the world has to say about them. If they're not in the search index, then the site was probably set up a few days ago. More sophisticated users can do a whois lookup on them... look at the registration date. Also if the site owner is masked for privacy, you can be sure it's not a large established company. Either way, report the site to your local authorities as soon as possible.

These fraud schemes depend on leaving the smallest possible trail back to them. Legitimate businesses want to open as many possible channels of communication with their potential customers as possible.

So it's as easy as this: no web site equals no legitimacy. Protect yourself.

Criminalize False Caller-ID Messages

nospam@example.com (Alan Langford) — Thu, 10 Jan 2008 10:37:45 -0600

Here's a crime for modern times: make the transmission of an intentionally false Caller-ID message a minor criminal offence.

There's an established mechanism for blocking identity through caller ID, namely the "Private Number" message. Therefore the only conceivable use of false information is to mislead the person being called. Most of the fraudulent calls I receive use bogus, rather than private numbers.

But what should the penalty be? How about something proportional to the impact on the victim? In and of itself, direct victim impact is pretty small, so how about three hours in jail per occurrence?

What, you say that's ridiculously low? Well then how about this: mandatory consecutive terms, no concurrent sentences. Fraudsters have to make a large number of calls in order to find victims (see footnote). Three hours in jail works out to about a year for every three thousand calls. These guys need to make tens of thousands of calls a day, so in a month or so they could easily rack up a sentence in excess of their entire lifespan.

A slap on the wrist for people who flirt with the idea, major hard time for the fraudsters. Works for me.

Footnote: One operation I led on started with an automated dialler, transfered to a "qualifier" who made sure I had a credit card, and then transfered to a "closer", who was none too thrilled when I finally admitted that I was deliberately wasting their time, eight minutes in.

About this Blog

nospam@example.com (Alan Langford) — Wed, 09 Jan 2008 20:23:28 -0600

Observations on Everything
Although "It's Fixed in the Next Release" is a mantra from software development (or rather technical support), the intent here is to apply the phrase to a broader context, for example, "It's fixed in my next reincarnation." This broad interpretation means that the entries here cover vastly unrelated subjects.

If you're looking for a tightly focused blog with short, pithy entries, you are in the wrong place (although there are some). Here, blogging is about content.

I have done one thing to make things easier on non-technical readers. All of my comments that deal with specific aspects of software development are in a category that doesn't show up in the main list. you have to select It's a Code, Code World to see these posts.

And now... Nigerian Style Fraud via Skype!

nospam@example.com (Alan Langford) — Mon, 20 Aug 2007 13:17:55 -0500

The great thing about Skype is that people can get in touch with you from just about anywhere, and that can lead to great friendships and business. The not so great thing is that any dork from anywhere on the planet can use this same convenience to rip people off.

Here's a message I received today:
Continue reading "And now... Nigerian Style Fraud via Skype!"

Credit Card Scam of the Day: Interest Rate Reduction

nospam@example.com (Alan Langford) — Tue, 17 Jul 2007 21:52:02 -0500

The fun thing about organized criminal credit card fraudsters is that they always have to stay a step ahead. I guess people were starting to catch on to the "Free" Vacation scam, so they had to come up with a new one.

Today I got to hear it for the first time. It's so simple it's brilliant.
Continue reading "Credit Card Scam of the Day: Interest Rate Reduction"

Credit Card Fraud: It's Time for Banks to Play Offence

nospam@example.com (Alan Langford) — Wed, 23 May 2007 13:00:49 -0500

Every once in a while organized crime gives me a call. It's not that I'm so special, they just happen to know my phone number. The call comes in "Unknown number" which is a warning sign in itself. Then I've won a trip to Florida, Vegas, or wherever. Red flag. Press nine and you get a very happy and enthusiastic person who wants to give you a free trip, all you have to do is be a credit card holder.

Stop right there. These people are offering you great sounding (and nonexistent) stuff for the sole purpose of capturing your name and credit card number so they can rip you off.
Continue reading "Credit Card Fraud: It's Time for Banks to Play Offence"

Missing Payee on Image-Ready Cheques with Quicken XG 2007 (Rev 2)

nospam@example.com (Alan Langford) — Thu, 08 Feb 2007 18:06:14 -0600

I apologize for the title of this post, it should be "another reason to hate proprietary software", but I'm hoping to save some other poor soul a week of trouble.

The answer is: make sure that the first line of the address field is exactly the same as the payee name, and presto.

Now the whole story:
Continue reading "Missing Payee on Image-Ready Cheques with Quicken XG 2007 (Rev 2)"

Bye Bye Blogger!

nospam@example.com (Alan Langford) — Sat, 07 Oct 2006 00:18:35 -0500

Okay so it's been a long time since I've made a post here. There's lots of reasons for that, but one of them has been that I just couldn't tolerate Blogger anymore.

After looking at a variety of solutions, I finally stumbled upon Serendipity (www.s9y.org), and it looks like it's going to do the job very well.

There's still a few things to take care of, a few broken links and style tweaks to get into place, but it was easy to install, fairly easy to extract data from Blogger, and it generates decent HTML.

We're back in business!