Tag Archives: security

ADP Payroll Invoice Scam

Posted on by
3

Sloppy work, but I’m sure some people will fall for it.

Have you gotten an email message supposedly from payroll@adp.com (but really from someone else)? A brief email with the ADP logo and an invoice.zip file attachment?

Don’t open it.

Although I don’t think opening the message will cause any harm, the attachment is likely some sort of virus — or contains one when opened — and that can’t be a good thing.

Here’s what the message I got looks like. Note the From field and the typo in the bold, underlined text.

ADP Scam

I’ve said it before and I’ll say it again: Don’t open attachments you aren’t expecting, especially from organizations you don’t have some sort of email relationship with. Doing so is just plain stupid.

Coincidentally, I worked for ADP at their corporate headquarters back in the 1980s.

Dear TSA

Posted on by
4

I’m really tired of the TSA going through my luggage — and repacking it.

TSA Inspection NoteTo say I’ve been doing a lot of traveling this past year would be to make a huge understatement. I’ve been on more than 20 airline legs since September and expect to be on at least a few more before I finally settle down in my new Washington home.

Because I travel with Penny the Tiny Dog and she counts as one of my carryon pieces of luggage, I usually have to check a bag. And what I’ve discovered is that the TSA doesn’t just look in random pieces of checked luggage. It looks in all checked luggage.

How do I know this? Well, the inspectors put a note like the one you see here in each piece of luggage they open. I have found one of these in every single bag I’ve checked.

And yes, I do sometimes lock my bag. Fortunately, my lock is TSA-friendly, so it isn’t broken and can be used again and again.

In all honesty, I wouldn’t mind the TSA going through my luggage if they’d just leave it packed the way I packed it. In many instances, my luggage includes breakable items, such as a laptop, portable hard disk, and/or bottles of wine. I pack very carefully to ensure that breakables are surrounded by soft items like clothing. This protects it from shocks and hard surfaces the bag might encounter during handling by the airlines — and the TSA.

Unfortunately, the TSA doesn’t seem to care how carefully I packed. It appears that they sometimes unpack my bag and then repack it. I haven’t noticed anything missing, but I have noticed shock-sensitive items packed right up against the edge of my soft luggage, where it could be damaged if the bag is thrown or dropped.

And I don’t like that.

What can I do? Nothing — except to not put breakables in my luggage. Or not check luggage. Or not travel by air.

I can’t help thinking that the TSA’s baggage inspections are just another dog and pony show — as intrusive and ineffective as its backscatter scanners. The Notice of Baggage Inspection cards I find after every flight are just a reminder that big brother is watching. Whether their inspections are actually necessary or effective remains to be seen.

Taking a Stand Against the Full Body Backscatter X-Ray

Posted on by
2

Stand up for our rights. You can make a difference.

Yesterday, when I went through security at Seattle-Tacoma Airport (SEA) for a flight to Wenatchee Pangborn Airport (EAT), I was one of four people in a five-minute period who opted for a pat-down rather than subject my body to the highly controversial full body scanner or backscatter x-ray machine.

BackscatterWikipedia image. (No, it’s not me. Sheesh.)

Because we had to wait while the TSA called screeners for each of us, we discussed why we’d made the decision. The four of us agreed that the use of backscatter x-ray technology for security screening was a violation of our privacy and constitutional rights. This “virtual strip search” is not only ineffective for revealing hazardous materials carried by determined terrorists, but it raises additional health concerns. Two of us were certain that the machine was hazardous — more on that in a moment — I’m not convinced either way.

All four of us had decided to make a stand against the use of the equipment by forcing the TSA to conduct a pat-down each time we were asked to go through the machine. This inconveniences the TSA far more than it inconveniences us. It only adds about 10 minutes to your screening time, but it forces the TSA to shuffle around staff, thus slowing down the whole security line. If enough people do this on a regular basis, the TSA will be forced to increase its staff to handle screening needs during busy times — or simply cease using the machines. After all, the normal metal detectors are still there and are used when the backscatter x-ray machines are down for maintenance. Why is it that they’re good enough at, say 5:10 to 5:30 PM one day but not good enough five minutes before or after that? It’s all bullshit, if you ask me.

One by one we were taken away for our pat-downs. Soon, it was just me and a man left chatting. He said he always gets the pat-down and is convinced that the machine is dangerous. I told him that I always ask for a private screening. This doubly inconveniences the TSA because it requires not only a private space, but two TSA screeners of the same gender: one to conduct the pat-down and another to observe — so you can’t cry foul, I suppose.

In addition, because they can’t separate you from your luggage, they must carry all your luggage and bins into the screening room with them. If you have a lot of stuff — think laptop, coat, belt, purse, briefcase, carryon bag, etc. — that could take more than one trip. You’re not allowed to touch it once you opt out so they’re forced to carry it for you to the screening room. One time, I had three of them tied up carrying my stuff around.

The man I was speaking to obviously liked the idea as much as I did and he opted for a private screening, too.

While a lot has been said about the obtrusiveness of pat-downs, having gone through it three times now, I can assure women that it isn’t a big deal. I didn’t feel violated or uncomfortable at any time. It’s just another woman wearing gloves patting you down. I’ve had seamstresses get more friendly when fitting me for a gown.

I try to make the situation more tolerable by chatting up the TSA women, teasing them gently, making sure they understand that I’m just opting for the pat-down to “get my money’s worth” out of the screening process. Occasionally, I’ll get one that admits the process isn’t effective or doesn’t make sense, but most times they’ll stop short of actually saying so. Yesterday, one of the women actually admitted that she thinks the backscatter x-ray machine is dangerous. Not only will she avoid it, but she’s told her mother not to go through it. Good to know that the TSA can’t even convince it’s own people about the safety and security of the system.

I usually mention the Israeli airport security system as an alternative method of screening. Often, they are familiar with it. Yesterday, one of the women said that they couldn’t use that system “because we’re not allowed to profile.” We both agreed that profiling should be allowed — at least to a certain extent. But rather than the kind of racial profiling Sheriff Joe uses to harass Hispanic people in the Phoenix area, airport profiling should look for signs of nervousness or other indicators that might suggest a person has something to hide. This is psychological profiling that requires extensive training and dedicated screeners. Unfortunately, members of the U.S. government would rather spend our tax dollars on sophisticated machines manufactured by their friends than useful training for TSA and other security agents.

As usual, yesterday’s pat-down was a non-event. I made my statement and was very pleased to see that I wasn’t the only one doing so. My only question is this: Why are most people acting like sheep, walking through a machine that displays nude images of them to strangers while dosing them with radiation?

The GOP and its propaganda arms (think Fox News and Rush Limbaugh) are constantly talking about government intrusion in our lives and violations of our constitutional rights, yet I don’t see any of them complaining about this complete disregard for privacy and Fourth Amendment rights. Why not?

Don’t they see that every time they introduce a measure like this, they’re subjecting us to more government intrusion and violating more of our rights?

I’m an American and I value my rights. Because of this, I arrive at the airport an extra 15 minutes early and do my part to protest the use of this ineffective, unnecessary, and possibly harmful intrusion of my privacy and violation of my rights.

If you care about your rights, you’ll do the same.

Random Thoughts, 9/11/11

Posted on by
Comment

A few random thoughts that I don’t have the time — or perhaps desire — to blog more fully about.

It’s shameful the way the media has turned 9/11 into a day that requires viewers/listeners to relive every moment of 9/11/01. What’s even more shameful is the way advertisers are selling during this media circus. I’m not the only one who feels this way. There must be a better way to honor the people who died that day.

Not everyone who died on 9/11/01 was a “hero.” Some were victims. Think about it.

I’ve said it before and I’ll say it again: The terrorists have won. They have changed our lifestyle, forced our government to take away many of our civil liberties (i.e., freedoms), and caused us to start costly wars that we simply cannot win. The only way we can defeat them is to restore our freedoms, abandon efforts in the Middle East, and protect our country from within, using smart intelligence tactics. Sadly, I don’t think we’re capable, as a people, of doing any of that.

Outraged about Apple Tracking Your Every Move? Read This.

Posted on by
3

Once again, mainstream media, fed by tech journalists who should know better, get half the facts wrong and blow the other half out of proportion.

The big tech news these days is the story about Apple’s iDevices, including iPhone and iPad, “secretly” logging location information as you go about your daily business. The information is stored on your iDevice and then backed up to your computer when you sync — just like all the other information on your iDevice. (That’s what a backup does: it makes a copy so you have in case data is lost.) The media grabbed this one and ran with it, making a big deal about privacy concerns and even going so far as to suggest that this data is somehow getting back to Apple, which might be using it for some dark, secret purpose. The “discoverers” of this plot even worked up a program that can extract this data from your backup and plot it on a map. Just to show how thorough this information is, tech journalists were quick to seize it and plot their own movements.

Makes you angry, huh? To think that some big corporation is tracking your every move?

To hear interviewees on the radio, read blog posts and news stories, and read the comments left on blog posts, you’d think the government should be knocking down Apple’s doors and grabbing every storage device in sight to snatch this oh-so-valuable information from them. The media is outraged and they’ve made the public outraged, too.

Don’t Let the Truth Get in the Way of a Good Story

There’s just one problem: The story, as reported by most media outlets and bloggers, isn’t entirely true.

Sure, iOS does log location information in a “hidden” file that’s synced to your computer when you back up your device. And sure, that hidden file isn’t encrypted (although it is hidden). But it doesn’t go anywhere else — certainly not to Apple. As was pointed out by someone actually knowledgeable about the situation in an NPR interview I heard yesterday (sorry; can’t find link), the state of California has laws governing the gathering and use of this information. It would be very stupid for Apple to violate this law.

(And do you honestly think that Apple devices are the only ones logging this kind of information?)

You Said they Could!

Guess what? In the iPhone Software License Agreement users agree to give Apple permission to gather this information:

(b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party’s terms and privacy policy on use of location data by such third party applications or services.

Credit Where Credit is Due

So what’s the real deal? You could probably learn more about the facts by reading a blog post written by someone who discovered this back in 2010. Yes, this isn’t a new discovery. It was uncovered not long after the release of iOS 4. It was presented at the Paraben Forensics Innovation Conference in Salt Lake City in November 2010. It was covered in an Apress book called iOS Forensic Analysis that was released in December 2010. It was published in a paper in January 2011; the same month it was presented at the 2011 44th Hawaii International Conference on System Sciences.

In other words, this isn’t news. Evidently, the “discoverer” who has the most media connections and can shout the loudest gets all the credit.

What’s the Big Deal?

And how can so many people be so outraged about this? It’s absurd in a time when many well-connected iPhone users — and others — are publicly broadcasting their location day in and day out by check-ins on Foursquare, Twitter, Facebook, and countless other sites.

The irony of the outrage was best summed up in a tweet that came down my Twitter stream from Mike_FTW yesterday:

7:04: Check-in from bathroom. 7:38: Check-in from café. 8:15: Check-in from bus stop. (Mayor!) 8:35: Bitch about Apple tracking my location.

So what’s the big deal? There’s a log of your locations on your phone and in a hidden file on your backup computer. I’m sure as I type this there’s already an app under development that’ll wipe it clean for anyone who’s really concerned.