tombrennan.org

It has been quite a number of months since I explained the issues with my laptop (see this entry).  For a quick summary the Toshiba A135-S4656 is a nice computer for the price. .  The major reason why I’m not totally happy with it is Vista.  Microsoft’s new operating system is still filled with bugs.  Even after I upgraded to 1.5GB of RAM the computer is still slow.  When I tried to install Ubuntu I was disappointed with that the sound card would not work.  That was a few months ago.

I had heard that Ubuntu has a new version of their Linux distrobution.  I thought, “What do I have to loose?”.  Vista (in my mind) was terrible and the current version of Ubuntu was unused becuase of the the lack of sound.  So I downloaded the lastest version of Ubuntu from their website.  The latest version, as of today is 8.0.4 LTS for desktop computers.  While on the site I noticed their are 6 versions of Ubuntu, which might seem daunting to someone not familiar to Linux.  All you need to be concered with is the desktop version.

After the download I burned the .iso to a CD and proceeded to run the installer.  The CD is a live CD, which enables people to try the operating system out without doing anything permanant to the computer (nothing gets wrtitten to the hard drive).  The menu in the latest CD asks if you want to run in live mode or go directly to the installer.  Since I was already familiar with Ubuntu I went right to the installer.

I also want add that I did this while on my way home from work the other day.  I had to make two stops and entered through the prompts then.  I DID NOT use the keyboard while driving.  I wanted to state this to show how easy it is to install Ubuntu.

By the time I got home the OS was installed onto my computer.  I sat down on my sofa and started the boot for the first time.  Ubuntu will install a GRUB boot menu.  This menu is a non-graphic interface which appears after the computer is powered on and asks what OS you want to load.  So I login and hear the Ubuntu welcome sound.  IT WORKS!

So version 8.04 LTS has the proper drivers to run sound on my Toshiba Satellite A135-S4656.  I will use Ubuntu now over Vista, but still have the Microsoft OS in place when I need to.

It’s been reported from a few sources that a number of areas have been targeted for the “Phone Book Scam”.
As the summer vacation season is coming upon us please be aware of this scam. Men driving around in unmarked vehicles (usually vans) are throwing out free phone books. Usually they are getting tossed outside of a moving vehicle to everyone in a neighborhood.
The van will come around two days after the drop off to see who has not picked up the phone books. People who have not picked up the phone books are then targeted for a robbery that night.
Warning: Be suspicious of any free phone books coming your way, no matter what companies name is on it. If you use VoIP ask yourself, “Should I be getting the ‘Ma Bell’ phone book for free?”.
Be careful this upcoming summer season when you’re on vacation. Ask your neighbors to get anything that gets dropped off on your property

The Oklahoma Department of Corrections has let the private information of nearly 11,000 people be leaked out to the public. The information comes from a federally mandated registry of sex offenders in the state.
A smart hacker was able to use a database exploit in Sexual and Violent Offender Registry to get the name, address, race, social security number, and more personal from the registry. By typing in certain information into a browser URL would pull this data from the database and be available for download.
This hacker did what any good hacker would do.  Before going public he wrote a message to the people who programmed the site.  The person he contacted was appreciative for pointing out the flaw and would then pass this information to the developers.

The day after the phone call was made the site was taken down for “routine maintenance”.  It looked as if the flaw was fixed…except the “printer friendly page” still was not fixed.  After another e-mail to the person in charge of the developers the site again went under “routine maintenance” and the flaws were fixed.
Say what you will about the people on this registery, no one should have there personal information up on a web page that can easily be viewed.  In this case by changing the URL anyone could have viewed this data.  I would also like to add that the “hacker” featured in this article would not be the type of person getting into the IRS database or stealing you identity.  That type of person is called a thief.

Once the only game in town, domain registrar Network Solutions has stooped to a new low.  Many years ago the company started offering hosting packages as well as domain registration.  It seems that if you hosted with them and had a subdomain (like blog.tombrennan.org) that you haven’t updated in a while something interesting will happen.

According to NetSol’s terms of service (TOS) they have every right to use those abandoned subdomain and fill it with pages chuck-full of ads:

You also agree that any domain name directory, sub-directory, file name or path (e.g.) that does not resolve to an active web page on your Web site being hosted by Network Solutions, may be used by Network Solutions to place a “parking” page, “under construction” page, or other temporary page that may include promotions and advertisements for, and links to, Network Solutions’ Web site, Network Solutions product and service offerings, third-party Web sites, third-party product and service offerings, and/or Internet search engines. You agree that Network Solutions may change the content and/or appearance of, or disable any of these temporary pages at any time, in its sole discretion, and without prior notice.

You have every option to not use this service, but you’ll first have to dig through the TOC to know about it.

Many years ago NetSol was the only game in town, charging $300 for all three domains (com, org, net).  Times have changed in the domain registration landscape with $3 domains, many registrars, and many more domain suffixes.

In the new world of the web, NetSol needs to figure out how to be the best game in town and still make money.  A fine balance that relies on the customers of the company, who may not be too happy with hijacked subdomains.

I got a message from Redbox this morning saying that there was a skimmer in one of their locations.

To Our Valued Customers:

A few days ago redbox detected and removed an illegal credit card skimming device at one of our 7,400 locations.  At the same time, redbox also discovered evidence of skimming attempts in two other locations.  Skimming involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox.  These devices are used to illegally read or store personal credit card information.

Even if your redbox was not targeted, it never hurts to pay a little extra attention and check for any unusual activities or changes at your local redbox.  If you suspect your redbox has been tampered with (click this link to see pictures of skimmer devices:   http://www.redbox.com/creditcardsecurity/ ) please call 866-REDBOX3, e-mail alerts@redbox.com , or notify the store/restaurant manager of your concerns immediately.

Although there is no evidence currently that these skimming attempts were successful, consumer security is a top priority for redbox.  Reviewing transaction records, there is a possibility that up to 150 customers may have been affected.  Although only a small percentage of the millions of customers who use redbox each month, redbox has notified the major credit card companies so that they can monitor the situation. The redbox team is also working with local authorities to investigate the incidents and ensure your security.

Skimming is not new (click this link for more details: http://www.uboc.com/ ).   It has been attempted numerous times on ATMs, gas station pumps, and now redbox has been targeted.  Redbox has been aware of these industry threats and has spent significant time and resources to prepare for them.  The 7,400 redbox locations are visited frequently by redbox associates to maintain smooth operations and an optimum customer experience.  In this case, a redbox associate found evidence of skimming attempts and initiated the actions in the team’s response plan (including this e-mail message).

Redbox greatly values our customer relationships.  As a result, redbox is open and direct in our communications about this type of situation.  The redbox team also utilizes industry-leading technology to ensure you have a safe shopping experience and aggressively combats attempts by criminals to defraud customers.  Please see the questions and answers below for some additional details on skimming and how redbox ensures the safety of your account information.

Sincerely,

Trina Graham-Hodo
Director, Customer ServiceBill Caputo
Director, Security

Additional Questions / Answers:

Q.     What is credit card skimming?

A.     Skimming is the theft of credit card information used in an otherwise legitimate transaction.  It often involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox.  For more info click these links:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.uboc.com/about/main/0,,2485_703976951,00.html

Q.     What does redbox do to protect consumer credit card information?

A.     Redbox employs state-of-the-art security technology to ensure the privacy and security of our customers’ data before, during, and after their visit to our kiosks.  Customer credit card information is encrypted the moment it’s swiped through our readers.  Redbox uses further layers of encryption to protect all data transfers, too.  Kiosks are also actively monitored and regularly inspected both on-site and remotely.  Redbox never moves or stores unencrypted customer information.  Credit card information can not be accessed by outsiders or even by redbox employees once the card is swiped at a kiosk.

Q.     Where can I get more information on credit card skimmers?

A.     Please use these links to get more information on credit card skimmers:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.usatoday.com/tech/news/computersecurity/infotheft/2007-07-31-gift-cards_N.htm
http://www.uboc.com/about/main/0,,2485_703976951,00.html

Q.     How do I know if a skimmer is on my redbox?

A.     Redbox credit/debit card readers are standardized for all locations.  Click this link for pictures of the two approved readers and some examples of skimmer devices: http://www.redbox.com/creditcardsecurity/

Q.     Who should I call if I have questions?

If you suspect your credit card information was improperly used, contact your financial institution immediately.  If you have specific concerns related to this incident and redbox, please visit http://www.redbox.com/creditcardsecurity/ or call 866-REDBOX3. Please do not reply to this email.