The stock spam and pump-n-dump activities; while they do pose a threat to our financial systems, these actually represent the last step(s) in the chain for some very serious and very brilliant criminal activities. There is a much, much bigger story going on here that the public are not being told about.
Permit me to break it down for you: The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
And it should be no big surprise that the criminal organizations behind the whole operations is the Russians.
Welcome to professional bank robbery in the 21st century.
*NOW* this is not to say that the traditional "boiler rooms" don't exist. They most certainly do and they continue to pose a serious problem which the SEC has addressed for many years. What is new is this most recent innovation that targets retirement accounts, day traders and even the average investor. The "tens of millions of dollars in losses" mentioned in TFA are coming from liquidated brokerage accounts. The SEC is in a panic to shore up or stop this exploit by suspending trading on pump/dump stocks. They're hoping to stem the hijacking of retirement funds by stopping the ability to get the money out.
See, when you view it through the proper perspective, within this greater context, now it makes sense as to why the Russian spammers and bot masters have suddenly gotten involved in the game.
I personally have communicated with the scammers & spammers, some of the conversations I have written about on my site, which includes screenshots of bank accounts that have been compromised by phishing, etc.
They can't and they don't. That is why you need to keep control of your bank account number. Still though, you are not held liable for theft/fraud because your money is insured by the FDIC.
The money stolen due to fraud on your consumer account is covered directly by the bank, they rarely turn to their FDIC insurance policy for coverage. Once your bank closes the account due to fraudulent access, the checks get returned to the merchants and the merchants take the loss - banks have 15 days from the date the item is presented to send it back to the merchant. So, banks don't lose from check fraud, merchants do. This is why merchants rarely accept checks any more.
Credit/debit cards are different. Once they authorized the transaction, the merchant is guaranteed payment. If the charge is fraudulent, the card issuer (Visa, Mastercard, American Express or Discover) eats the loss due to fraud, not the issuing bank. If the charge is disputed as non-fraud, it gets pushed back to the merchant. Only in worst case scenarios is the issuing bank held liable.
With our system in the USA, if you have someone's account number, basically all the information on the paper check, you then have ALL the information you need to take money from anyone's account.
These folks cleared out over $4,000,000 before they were caught, using stolen checking account information. It wasn't until the reached the million-dollar mark did they get multi-agency multi-jurisdiction law enforcement cooperation to bring them in. The thieves have now learned to keep the dollar amounts smaller now.
When you use a paper check at most stores now, they take the check, scan it at the cash register, void it and hand it back to you. They simply run the "item" through as an electronic draft.
Make no mistake, for the criminal in the USA, having checking account information is MUCH MORE valuable than having a credit card if the desire is to obtain cash. Credit cards can be canceled. Checking accounts can be closed, but that doesn't stop criminals trying to pass the bad checks...
They print up fake checks, and get this... They go to the post office and buy stamps. Hundreds and often thousands of dollars in stamps... because stamps have a declared face value that can be sold for face value or at most a 5% loss...
I have a presentation and training class that I deliver on ID theft, one I developed to teach Law Enforcement and Magistrates, some info I came across i've written about on http://www.appiant.com/ I think its under the EV SSL subject.
It sounds like you're getting account information to create an Electronic Funds Transfer (EFT) or electronic draft whereby the company authorizes a transaction for $50,000 or whatever and you "take" the money from their account. It is the same thing as having a company 1) write a check, 2) submit it to you, 3) you deposit it, only to 4) have the funds transferred to your account. Your company is simply performing step 1, skipping step 2, 3 happens electronically and 4 happens essentially overnight.
They are giving you the SAME information that you could obtain from a written paper check, no more, no less. Now, obviously these companies have millions of dollars at any given time in their accounts and this alone makes them targets for check fraud; people creating their own checks and trying to pass them. The solution to this problem came about many, many years ago and is what makes the EFT system more secure than any other form of payment.
I am the accounts payable rep for Massive Corp. I'm going to authorize a payment for $5mil to your company: Dark Fiber Telco. I give you the check number (or transaction number or transaction code) and my bank account number and routing code. I enter the details into my Accounts Payable system which every afternoon uploads a delimited text file to our bank providing them with a list of checks written and their dollar amount. This is very similar to how credit card terminals upload their batch at the end of business day.
Meanwhile, DFTelco enters the data into their Accounts Receivable system which initiates the electronic draft, (which along with any paper check, EFT or ACH is all generically referred to as an "item"). When the item clears the Federal Reserve and is presented to Massive Corp's bank, if the dollar amount of the item doesn't exactly match the check number and dollar amount that Massive Corp uploaded, it is rejected and returned non-paid to the sender.
Very simple, very secure, and presenting your biggest customers with an IVR HELL system will only piss them off. They expect, and deserve, to speak to a human being and that is what your company provides. I wouldn't sweat it.
As an aside, I had an insurance agent come out to my property for a claim. The agent wrote a check from his checkbook and handed it to me, and then he had to enter the dollar amount and check number into his computer, over a VPN connection to his corporate office, so that the check would clear the bank.
The US Postal Service also does the same thing for Money Orders. Law Enforcement can actually log in to a LE only site provided by the USPS and check the validity of any US Postal Money Order based upon the $ amt and item number so they can see if someone is trying to "wash" a money order to alter the dollar amount, or creating a downright fraudulent Money Order.
-joel
Re:Slashdot is not the proper forum for speculatio
on
Speed of Light Exceeded?
·
· Score: 2, Funny
You moron! Can't you see that the information contained in the article appeared back in November 2000 yet the test was conducted on March 2007? This is further PROOF that they have exceeded the speed of light as the information contained in the article appeared six years prior to the tests being reported at Slashdot.
I can see the news report now: "NTSB crash investigators have been baffled as to the cause of the private plane crash that killed Steve Jobs and four others last week, but today they made a major breakthrough in their investigation. The crash investigators were initially stymied by the sequence of events leading up to the crash. Apparently, the initial confusion was resolved once they discovered the Crash.Events playback was set to shuffle."
"In a related story, Conspiracy therorists are not buying the explanation. They say that they have proof that the flight data recorder shows the plane was in level flight after having slammed into the Mountain. They insist that this was a plot financed by former Microsoft President Bill Gates to 'send a message' that Microsoft is not to be trifled with."
"Mr Gates was unavailable for comment as he was attending a conference on Aids in Africa."
"To counter these claims, the NTSB has offered to share crash evidence with the general public, just as soon as they can figure out how to bypass the DRM features without running afoul of the DMCA."
Analog phone lines, referred to as POTS lines (Plain Old Telephone Service) get converted to digital lines at the Central Office. The CODEC they use is G.711 which converts the analog to digital bits with *no* compression and each voice channel takes up 56kb/s of bandwidth (64kb w/overhead).
The problem we had in the early 90's in setting up VoIP was with fax machines and modems. For voice calls, we could use the G.729a CODEC (which uses 12kb/s) and the customer wouldn't notice any discernible change in voice quality, however, we found out pretty quick that Fax and Modem communications don't compress. We've all experienced voice calls that have been over-compressed that it sounds very 'tinny' like you're talking to a voice synthesizer rather than a fellow human being; satellite phones are the worst for that.
The easy answer is to have the CODEC or DAC auto-detect the FAX or modem communication and set it to "do not compress" and have it use the g.711 codec instead. Problem solved. However, for consumer VoIP, using the G.711 codec immediately bumps the bandwidth requirements to 3-4x the amount required by a voice call, and the consumer systems start dropping packets. Most packet drops on voice calls will go unnoticed as each packet holds ~10ms of voice. When transmitting fax/modem data, the loss of a single packet requires error correction on the fax or modem, which slows the transmission rate. The loss of too many packets will call the transmission to just drop because of too many transmission errors.
Point is, Fax and modem communications are fundamentally incompatible with VoIP. It is technology that was created to transmit data over analog lines. The solution is to put an Ethernet jack in the fax machine or the alarm system.
I still make use of floppies, booting off the media to flash bios' or whatnot.. or create bootable images to then port over to boot CD's.
But I rememmber the days before the CD-Rom when floppies were pretty much your only option. I carried 50+ floppies in a hard plastic case in my service bag, but they kept on going bad and were just too unreliable.
So I progressed to carrying around with me a Colorado tape backup 250 which had a parallel interface. I would load up a tape with all of my service utilities and take it to customer sites.
I then moved up in the world to get an Adaptec 16bit ISA SCSI card with bios, and I had a 60meg SCSI laptop hard drive. I could plug the card & drive into any computer and it would boot the system as usual fromt the C: drive and then I could access the SCSI drive as drive D:.
Then I was finally able to get access to a single-speed burner at a customer site and burn a service CD with all the OS install floppies on it, oh what a wonderful day that was to have Windows for Workgroups 3.11, DOS 6.22, QEMM386, Windows 95, network drivers, and everything else I needed on just one CD. I came out with revisions on a pretty frequent basis based on the year and rev: Service 95, service 96a, 97a, 97b... then it became a 2 cd set.
Then with the internet age, around the same time as my CD rev's started: Computers had been sold for years with modems in them (usually 14.4 baud) and AOL was mailing floppy disks to everyone. I could then go to a customer site, if I needed a driver I could usually round up an AOL floppy, install it on some computer and then dial out and get the driver I needed. I remember that nobody ever needed to purchase floppies, becaue they would get new AOL floppies in the mail every week and they would just reuse them...
That was the only time I ever had an account on AOL.. JRHelgeson@aol.com.
The citation below is *NOT* my source, as my sources and information are not based upon open source information or intelligence. However, the article listed below does mention a similar scheme that serves to illustrate the involvement of the criminal organizations mentioned in my post.
Monday, 8 January 2007 SEC Freezes Assets of Alleged Stock Pump-and-Dump Hacker
Sophos, a IT security firm, has warned online stock traders to take care over their brokerage accounts following allegations that a man manipulated stock prices by hacking into other peoples' accounts.
The Securities and Exchange Commission (SEC) has convinced a court to freeze the assets of Grand Logistic, a Belize corporation located in Talinn, Estonia, and its owner Russian-born Evgeny Gashichev. Gashichev is accused of making USD 353,609 by manipulating stock prices in at least 21 companies by breaking into online brokerage accounts.
According to the SEC, Grand Logistic and Gashichev unlawfully profited by manipulating the stock market through innocent people's trading accounts between 28 August and 13 October 2006.
"Many people will have encountered 'pump-and-dump' scams because of the large amount of spam e-mail devoted to making illegal profits this way," said Graham Cluley, senior technology consultant for Sophos. "In this case it appears that the SEC is responding not to a spam attack, but to unauthorised entry to online accounts, whose funds are then used to purchase shares in small, thinly-traded companies. These kind of attacks combine the crimes of securities fraud, identity theft and computer hacking. The end result is the same as a spam pump-and-dump campaign - the share prices are illegally pumped up and the criminals make a small fortune."
"This case should act as a timely reminder that online traders must take care to properly secure their accounts, and make sure that their login details do not fall into the wrong hands," continued Cluley.
Sophos recommends that all computer users ensure that they are running an automatically updated anti-virus product, security patches and firewall software.
Correct: Communist China does not recognize the sovrignity of Tiawan. The Chinese legal system, however, does not have the legal rule sets (Contract law, tort law) in place to support the capitalist infrastructure upon which their economy is currently functioning. As a solution to this problem, international contracts signed by Chinese business' are written according to Tiwanese laws because their legal system is based upon the Brits, who set the whole dern thing up for them.
You and I could sign a contract between each other, and at the contract signing we could mutually agree that we will author the contract according to the laws of Scotland, Tiawan, or (insert random country name here), even though we are both living in the same city in the USA. This just means that if we have a disagreement, we need to resolve it according to the rule sets we defined at the contract signing, which means we need to fly out to that country to file our lawsuits or hire local lawyers in that jurisdiction. Think of it as being business prenuptuals.
This external influence on the Chinese economy is what is causing the Communist Chinese government to adopt rule sets and make changes that would never come internally.
Example: SARS...
People started flying out of China with this illness (SARS). Communist China denied the problem even existed. The World Health Organization stepped in and grounded all flights departing from specific regions of China, causing a panic in the Business world supporting the Chinese economy. This forced China to recognize the problem and adopt new information sharing rules whereby we now know about the Asian Bird Fru YEARS before it becomes a global pandemic (if it ever does). This is an external change that never would have come internally from their own country.
There are hundreds of examples of this type of external forces driving inernal change within China.
Vista DOES NOT apply DRM to your analog video and the ONLY cause of your problems are the drivers Duh freakin duh! Was there some amazing change made to the architecture of the AGP bus, PCI, PCI-x between XP and Vista? Nope! What has changed is that Microsoft has completely re-written the entire kernel OS so that Vista could have DRM integrated at the very core level of the operating system. Then they made a design spec document that they distributed to Video Card manufacturers that gives detailed specifications such as this gem:
"It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content".
With specs like that, how can *ANYONE* fault NVidia for having "buggy drivers". Have you heard anyone complain that the driver model for XP was so piss poor that no video card manufacturer could possibly design a stable driver? Nope.
Starting with windows 2000 we started with unified driver model. That is why you can have drivers for 2000/XP/2003, 3 Operating systems, 1 driver. I love the fact that you can download one driver package for Nvidia that covers 1000 different flavors of video cards.
Not any more.
Vista DRM is a complete re-work of the core os in order to protect "premium content" which, in turn, is requiring every video card manufacturer to write custom drivers for every single video card, period.
This isn't Microsoft bashing, this is the reality that we're dealing with. Walt Disney is now in charge of Kernel Development at Microsoft, and you don't see a problem with this? You want to blame the video card manufacturers?
I can understand why Microsoft had to do a complete re-write of the TCP/IP stack: Integrate IPv4 and IPv6 under 1 stack and to have the MS Stack support higher throughputs. The time had come...
But Microsoft had to rewrite the Video/kernel interface in order to make Windows 2000 stable. Remember the days of Windows 3.1 through Windows 98 where a bad video card driver would crash the OS? Give it a Blue Screen of Death? With windows 2000 on up, a crash of the video subsystem would cause the video card driver to reload and you'd see the screen blank out and then reload and you could move on.
I have a friend who works for one of the big 5 accounting firms as a Financial Securities Auditor. The wife and I had dinner at his house last night. He was telling me that one of the biggest areas of securities fraud that he is seeing right now is the pump-n-dump scams. I thought I understood it all...
The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
The big targets for the brokerage account takeovers are in Tiawan, the targets for the spam are American "day traders". Apparently, the Tiawanese accounts are big targets because all the business deals in China are written according to Tiawanese law, and all securities trading is handled out of there.
And it should be no big suprise that the criminal organizations behind the whole operations is the Russians.
There is no doubt it is a driver issue! I have run everything from the Standard VGA driver to the GeForce drivers from NVidia signed by MS with the same problem or worse; some of the drivers just simply disable the VGA output entirely.
But it is this driver issue that is actually caused by the underlying operating system being designed for DRM.
I have no doubts that millions of other users can run Vista, play video to multiple outputs, play games, presentations, etc etc yada yada, without problems.. I am simply pointing out that with the particular configuration that I just happen to have on our "Vista Ready" laptops, that I am clearly able to see performance issues that are directly related to the DRM *FEATURES* built in to Vista.
The amount of work that video card manufacturers now have to go through to get their devices to work under windows virtually guarantees that average users are going to see problems similar to this.
***One thing that I just remembered is that the video playback issues also exhibited themselves on Office 2007 PowerPoint when playing video back on an XP system.***
I am evaluating Vista for work. Based upon this, I will be holding off on deployment for at least a year.
There is no doubt that I will be moving back to XP as none of the network management utilities that I use on a regular basis yet work on the new Vista TCP/IP network stack. I'll stick with XP and run Vista in a Virtual PC mode for whenever I need it.
Vista is NOTHING but a DRM platform that also happens to run Windows applications. I am currently running Vista Ultimate on my laptop, a closed system with an integrated nvidia video card running Microsoft Certified drivers... I cannot play videos that *I* have created of screen recordings at full screen, I have to play them back in a window. Running full screen in Windows Media Player causes the playback to simply pause. I also cannot play videos that I have created from scratch and integrated into newly created powerpoint 2007 slides. When playing back on my laptop screen, the video plays fine, but when feeding the signal to the projector screen through the analog video output, the video plays for 1 second then pauses for 1/4 second repeatedly.
This is not protected content.
Sure, it isn't *supposed* to be applying DRM "features" to *MY* content, but it is.
This is horseshit, horseshit, horseshit! And for any of those who don't know what I'm talking about, its the shit that comes from a horse.
You cannot build restrictions into every device, every driver and expect it not to have unintended consequences in everyday usage.
My father has done design work on the type of laser used on this project, and possibly even this particular project (I'd never know, he's got top secret clearances and only speaks about such technologies in the abstract). However, he was telling me that when they were designing the laser optic systems "like the one's they'd use in the 747...we were having problems with focusing the beam..."
Turns out that when the beam is fired from the nose of the 747, the beam is not focused, it is a 1m (3ft) diameter beam. It is designed to focus all its energy once the beam reaches its target. If the beam were focused when leaving the nose of the plane, within milliseconds it would burn out the laser optics (mirrors) used to aim the beam at the target, that and the beam itself would simply superheat the air along the beam path and turn it into a plasma!
So, by scattering the beam at the source (747 nose cone), they can account for atmospheric distortions and have the beam's energy focus precisely on target, from a 1m diameter down to 5mm or smaller diameter at the target.
I thought that was pretty darn cool!
With all the military posturing that Iran is doing, their nuclear missle ambitions are useless as we can destroy the missle while its still ascending over their own landmass, without any physical object of ours even entering into Iranian airspace. To them, it would appear that the booster just exploded just after liftoff and they'd be left wondering why all their beloved missles are now suddenly defective.
Instead of trying to build newer and bigger weapons of destruction, we should be thinking about getting more use out of the ones we already have. - Jack Handey Also attributed to Commedian Emo Phillips
I'm willing to accept every item listed here prima facie while others may desire to dispute the finer points of "so and so thousands of miles away came up with the idea 5 minutes/years before the muslims did". So What!
Muslims were a great influence on math and science, thousands of years ago, but name for me ONE SINGLE INVENTION OF ANY SIGNIFICANCE to come out of a muslim country in the past 200 years. There isn't one.
These 1001 inventions are ALL from the glory days of Islam, and therein lies the problem. The Muslim religion has KILLED all crativity. They got left behind at the industrial age and THIS IS THE VERY REASON THEY ARE BITTER TODAY.
They got so full of their success that they became complacent, and the world passed them by. When they woke up to this fact, in the early 20th century, it was too late. People whom they used to "rule" over had surpassed them in every fashion because they chose to live in such a closed society within their Ottoman Empire.
When they realized that they were falling behind, they decided to force anyone (male) with any potential into one of two fields - medicine and engineering. They would send them abroad to attend the finest schools and then bring them back to try and bring any knowledge back into their folds. Think about it: Osama Bin Laden is an Engineer; Ayman al-Zawahiri is a doctor. Neither chose their profession, they were just recognized as having a few brains in their head and given one of two choices.
However, none of this changed the fact that the religion of Islam rejects modernity in every form, so this new influx of knowledge did nothing to stem the tide, the downward spiral of their entire culture. So they did a little introspection to try and figure out why they were failing as a culture. They decided that they needed to return to their 7th century roots, which is exactly the wrong approach.
Muslims are embarassed by the fact that they are so pathetic, and for good reason. The only answer for them is to embrace modernity. Until then, they can drive on the roads we've designed, sell the oil that we pumped for them, live in the buildings that we showed them how to build, using tractors and construction equipment purhcased from us. They'll continue to drive around in thieir German/European/Italian/American cars. They can continue treating their patients in their hospitals using medical textbooks written by the hated Christians and Jews, using techniques learned in Medical colleges that they attended outside their countries. And they can continue to resent us for this until they decide to wake up to modernity.
Hard work, imagination and business practices also matter.
Not to mention a patent system that allows people to innovate without getting their @$$ sued off for the innovations they come up with. These patent holding companies are killing our innovativeness. All they do is come up with an idea, patent it, then wait for someone else to come up with the idea, do all the hard work of design and implementation, then they sue because "it was my idea first!".
It has been said that "Americans invent as the French paint, or the Italians sculpt." If we are to stay ahead in our technical prowess, we need to remove the chains of thought that hold our top engineers back.
There's a quote that I particularly like from Jane Jacobs in Death and Life of Great American Cities which reads: "Old ideas can sometimes use new buildings. New ideas must come from old buildings."
This holds true for nearly all innovations. We take steps advancing ourselves from the progressions made from our forefathers. We had to invent the airplane before we could invent the jet engine. The automobile begat airbags. If some SciFi writer of the 1930's had invented a fanciful (yet at that time impossible) design for some type of internally jet propelled engine, then sued the first person(s) to come actually come up with a working plan of that idea; we may be living in a different era today.
With announcements like this, it looks like DVD's are here to stay - and the general public will ever move to the HiDef world. They're gripping the reigns so tightly that the horses will never leave the gate.
The general public never adopted LaserDisc, but DVD worked out great because of the lax content restrictions. Hollywood wants to control the home theater the same way they controll the movie theater and IT WILL NEVER WORK!
As a security auditor, I've audited College and High School networks.
Simply put: Wherein most organizations are trying to protect themselves from the internet - at a school district, they try to protect the internet from their organization.
Sounds just like the incident wherein the college student said that he was visited by some FBI and DHS for getting a book from his college library... which turned out to be a lie.
No names are named, nobody is quoted. This whole thing stinks from the start.
Slashdot Mirror
The stock spam and pump-n-dump activities; while they do pose a threat to our financial systems, these actually represent the last step(s) in the chain for some very serious and very brilliant criminal activities. There is a much, much bigger story going on here that the public are not being told about.
Permit me to break it down for you:
The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
And it should be no big surprise that the criminal organizations behind the whole operations is the Russians.
Welcome to professional bank robbery in the 21st century.
*NOW* this is not to say that the traditional "boiler rooms" don't exist. They most certainly do and they continue to pose a serious problem which the SEC has addressed for many years. What is new is this most recent innovation that targets retirement accounts, day traders and even the average investor. The "tens of millions of dollars in losses" mentioned in TFA are coming from liquidated brokerage accounts. The SEC is in a panic to shore up or stop this exploit by suspending trading on pump/dump stocks. They're hoping to stem the hijacking of retirement funds by stopping the ability to get the money out.
See, when you view it through the proper perspective, within this greater context, now it makes sense as to why the Russian spammers and bot masters have suddenly gotten involved in the game.
I personally have communicated with the scammers & spammers, some of the conversations I have written about on my site, which includes screenshots of bank accounts that have been compromised by phishing, etc.
They can't and they don't. That is why you need to keep control of your bank account number. Still though, you are not held liable for theft/fraud because your money is insured by the FDIC.
The money stolen due to fraud on your consumer account is covered directly by the bank, they rarely turn to their FDIC insurance policy for coverage. Once your bank closes the account due to fraudulent access, the checks get returned to the merchants and the merchants take the loss - banks have 15 days from the date the item is presented to send it back to the merchant. So, banks don't lose from check fraud, merchants do. This is why merchants rarely accept checks any more.
Credit/debit cards are different. Once they authorized the transaction, the merchant is guaranteed payment. If the charge is fraudulent, the card issuer (Visa, Mastercard, American Express or Discover) eats the loss due to fraud, not the issuing bank. If the charge is disputed as non-fraud, it gets pushed back to the merchant. Only in worst case scenarios is the issuing bank held liable.
-Joel
With our system in the USA, if you have someone's account number, basically all the information on the paper check, you then have ALL the information you need to take money from anyone's account.
6 -01.html
s sl_certific.html
Right now, check fraud is more rampant than credit card fraud in the USA, at least among serious ID theft rings:
Example: http://www.usdoj.gov/usao/fls/PressReleases/05100
These folks cleared out over $4,000,000 before they were caught, using stolen checking account information. It wasn't until the reached the million-dollar mark did they get multi-agency multi-jurisdiction law enforcement cooperation to bring them in. The thieves have now learned to keep the dollar amounts smaller now.
When you use a paper check at most stores now, they take the check, scan it at the cash register, void it and hand it back to you. They simply run the "item" through as an electronic draft.
Make no mistake, for the criminal in the USA, having checking account information is MUCH MORE valuable than having a credit card if the desire is to obtain cash. Credit cards can be canceled. Checking accounts can be closed, but that doesn't stop criminals trying to pass the bad checks...
They print up fake checks, and get this... They go to the post office and buy stamps. Hundreds and often thousands of dollars in stamps... because stamps have a declared face value that can be sold for face value or at most a 5% loss...
I have a presentation and training class that I deliver on ID theft, one I developed to teach Law Enforcement and Magistrates, some info I came across i've written about on http://www.appiant.com/ I think its under the EV SSL subject.
link: http://www.appiant.com/security_today/2007/01/ev_
-joel
It sounds like you're getting account information to create an Electronic Funds Transfer (EFT) or electronic draft whereby the company authorizes a transaction for $50,000 or whatever and you "take" the money from their account. It is the same thing as having a company 1) write a check, 2) submit it to you, 3) you deposit it, only to 4) have the funds transferred to your account. Your company is simply performing step 1, skipping step 2, 3 happens electronically and 4 happens essentially overnight.
They are giving you the SAME information that you could obtain from a written paper check, no more, no less. Now, obviously these companies have millions of dollars at any given time in their accounts and this alone makes them targets for check fraud; people creating their own checks and trying to pass them. The solution to this problem came about many, many years ago and is what makes the EFT system more secure than any other form of payment.
I am the accounts payable rep for Massive Corp. I'm going to authorize a payment for $5mil to your company: Dark Fiber Telco. I give you the check number (or transaction number or transaction code) and my bank account number and routing code. I enter the details into my Accounts Payable system which every afternoon uploads a delimited text file to our bank providing them with a list of checks written and their dollar amount. This is very similar to how credit card terminals upload their batch at the end of business day.
Meanwhile, DFTelco enters the data into their Accounts Receivable system which initiates the electronic draft, (which along with any paper check, EFT or ACH is all generically referred to as an "item"). When the item clears the Federal Reserve and is presented to Massive Corp's bank, if the dollar amount of the item doesn't exactly match the check number and dollar amount that Massive Corp uploaded, it is rejected and returned non-paid to the sender.
Very simple, very secure, and presenting your biggest customers with an IVR HELL system will only piss them off. They expect, and deserve, to speak to a human being and that is what your company provides. I wouldn't sweat it.
As an aside, I had an insurance agent come out to my property for a claim. The agent wrote a check from his checkbook and handed it to me, and then he had to enter the dollar amount and check number into his computer, over a VPN connection to his corporate office, so that the check would clear the bank.
The US Postal Service also does the same thing for Money Orders. Law Enforcement can actually log in to a LE only site provided by the USPS and check the validity of any US Postal Money Order based upon the $ amt and item number so they can see if someone is trying to "wash" a money order to alter the dollar amount, or creating a downright fraudulent Money Order.
-joel
You moron! Can't you see that the information contained in the article appeared back in November 2000 yet the test was conducted on March 2007? This is further PROOF that they have exceeded the speed of light as the information contained in the article appeared six years prior to the tests being reported at Slashdot.
:)
So: kdawson's integrity remains intact.
I can see the news report now:
"NTSB crash investigators have been baffled as to the cause of the private plane crash that killed Steve Jobs and four others last week, but today they made a major breakthrough in their investigation. The crash investigators were initially stymied by the sequence of events leading up to the crash. Apparently, the initial confusion was resolved once they discovered the Crash.Events playback was set to shuffle."
"In a related story, Conspiracy therorists are not buying the explanation. They say that they have proof that the flight data recorder shows the plane was in level flight after having slammed into the Mountain. They insist that this was a plot financed by former Microsoft President Bill Gates to 'send a message' that Microsoft is not to be trifled with."
"Mr Gates was unavailable for comment as he was attending a conference on Aids in Africa."
"To counter these claims, the NTSB has offered to share crash evidence with the general public, just as soon as they can figure out how to bypass the DRM features without running afoul of the DMCA."
Analog phone lines, referred to as POTS lines (Plain Old Telephone Service) get converted to digital lines at the Central Office. The CODEC they use is G.711 which converts the analog to digital bits with *no* compression and each voice channel takes up 56kb/s of bandwidth (64kb w/overhead).
The problem we had in the early 90's in setting up VoIP was with fax machines and modems. For voice calls, we could use the G.729a CODEC (which uses 12kb/s) and the customer wouldn't notice any discernible change in voice quality, however, we found out pretty quick that Fax and Modem communications don't compress. We've all experienced voice calls that have been over-compressed that it sounds very 'tinny' like you're talking to a voice synthesizer rather than a fellow human being; satellite phones are the worst for that.
The easy answer is to have the CODEC or DAC auto-detect the FAX or modem communication and set it to "do not compress" and have it use the g.711 codec instead. Problem solved. However, for consumer VoIP, using the G.711 codec immediately bumps the bandwidth requirements to 3-4x the amount required by a voice call, and the consumer systems start dropping packets. Most packet drops on voice calls will go unnoticed as each packet holds ~10ms of voice. When transmitting fax/modem data, the loss of a single packet requires error correction on the fax or modem, which slows the transmission rate. The loss of too many packets will call the transmission to just drop because of too many transmission errors.
Point is, Fax and modem communications are fundamentally incompatible with VoIP. It is technology that was created to transmit data over analog lines. The solution is to put an Ethernet jack in the fax machine or the alarm system.
Corporations with a sense of humor, and lawyers with common sense? Wow: Second Life really is a fantasy world.
I still make use of floppies, booting off the media to flash bios' or whatnot.. or create bootable images to then port over to boot CD's.
But I rememmber the days before the CD-Rom when floppies were pretty much your only option. I carried 50+ floppies in a hard plastic case in my service bag, but they kept on going bad and were just too unreliable.
So I progressed to carrying around with me a Colorado tape backup 250 which had a parallel interface. I would load up a tape with all of my service utilities and take it to customer sites.
I then moved up in the world to get an Adaptec 16bit ISA SCSI card with bios, and I had a 60meg SCSI laptop hard drive. I could plug the card & drive into any computer and it would boot the system as usual fromt the C: drive and then I could access the SCSI drive as drive D:.
Then I was finally able to get access to a single-speed burner at a customer site and burn a service CD with all the OS install floppies on it, oh what a wonderful day that was to have Windows for Workgroups 3.11, DOS 6.22, QEMM386, Windows 95, network drivers, and everything else I needed on just one CD. I came out with revisions on a pretty frequent basis based on the year and rev: Service 95, service 96a, 97a, 97b... then it became a 2 cd set.
Then with the internet age, around the same time as my CD rev's started: Computers had been sold for years with modems in them (usually 14.4 baud) and AOL was mailing floppy disks to everyone. I could then go to a customer site, if I needed a driver I could usually round up an AOL floppy, install it on some computer and then dial out and get the driver I needed. I remember that nobody ever needed to purchase floppies, becaue they would get new AOL floppies in the mail every week and they would just reuse them...
That was the only time I ever had an account on AOL.. JRHelgeson@aol.com.
Ah, the good old days...
Joel
The citation below is *NOT* my source, as my sources and information are not based upon open source information or intelligence. However, the article listed below does mention a similar scheme that serves to illustrate the involvement of the criminal organizations mentioned in my post.
s rn,4,nodeid,4,_language,Singapore.html
http://www.sda-asia.com/sda/news/psecom,id,12983,
Monday, 8 January 2007
SEC Freezes Assets of Alleged Stock Pump-and-Dump Hacker
Sophos, a IT security firm, has warned online stock traders to take care over their brokerage accounts following allegations that a man manipulated stock prices by hacking into other peoples' accounts.
The Securities and Exchange Commission (SEC) has convinced a court to freeze the assets of Grand Logistic, a Belize corporation located in Talinn, Estonia, and its owner Russian-born Evgeny Gashichev. Gashichev is accused of making USD 353,609 by manipulating stock prices in at least 21 companies by breaking into online brokerage accounts.
According to the SEC, Grand Logistic and Gashichev unlawfully profited by manipulating the stock market through innocent people's trading accounts between 28 August and 13 October 2006.
"Many people will have encountered 'pump-and-dump' scams because of the large amount of spam e-mail devoted to making illegal profits this way," said Graham Cluley, senior technology consultant for Sophos. "In this case it appears that the SEC is responding not to a spam attack, but to unauthorised entry to online accounts, whose funds are then used to purchase shares in small, thinly-traded companies. These kind of attacks combine the crimes of securities fraud, identity theft and computer hacking. The end result is the same as a spam pump-and-dump campaign - the share prices are illegally pumped up and the criminals make a small fortune."
"This case should act as a timely reminder that online traders must take care to properly secure their accounts, and make sure that their login details do not fall into the wrong hands," continued Cluley.
Sophos recommends that all computer users ensure that they are running an automatically updated anti-virus product, security patches and firewall software.
Well, given this information, he still works for one of the top two that are still worth something...
Correct: Communist China does not recognize the sovrignity of Tiawan. The Chinese legal system, however, does not have the legal rule sets (Contract law, tort law) in place to support the capitalist infrastructure upon which their economy is currently functioning. As a solution to this problem, international contracts signed by Chinese business' are written according to Tiwanese laws because their legal system is based upon the Brits, who set the whole dern thing up for them.
You and I could sign a contract between each other, and at the contract signing we could mutually agree that we will author the contract according to the laws of Scotland, Tiawan, or (insert random country name here), even though we are both living in the same city in the USA. This just means that if we have a disagreement, we need to resolve it according to the rule sets we defined at the contract signing, which means we need to fly out to that country to file our lawsuits or hire local lawyers in that jurisdiction. Think of it as being business prenuptuals.
This external influence on the Chinese economy is what is causing the Communist Chinese government to adopt rule sets and make changes that would never come internally.
Example: SARS...
People started flying out of China with this illness (SARS). Communist China denied the problem even existed. The World Health Organization stepped in and grounded all flights departing from specific regions of China, causing a panic in the Business world supporting the Chinese economy. This forced China to recognize the problem and adopt new information sharing rules whereby we now know about the Asian Bird Fru YEARS before it becomes a global pandemic (if it ever does). This is an external change that never would have come internally from their own country.
There are hundreds of examples of this type of external forces driving inernal change within China.
Joel
Vista DOES NOT apply DRM to your analog video and the ONLY cause of your problems are the drivers
Duh freakin duh!
Was there some amazing change made to the architecture of the AGP bus, PCI, PCI-x between XP and Vista?
Nope!
What has changed is that Microsoft has completely re-written the entire kernel OS so that Vista could have DRM integrated at the very core level of the operating system. Then they made a design spec document that they distributed to Video Card manufacturers that gives detailed specifications such as this gem:
"It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content".
With specs like that, how can *ANYONE* fault NVidia for having "buggy drivers". Have you heard anyone complain that the driver model for XP was so piss poor that no video card manufacturer could possibly design a stable driver? Nope.
Starting with windows 2000 we started with unified driver model. That is why you can have drivers for 2000/XP/2003, 3 Operating systems, 1 driver. I love the fact that you can download one driver package for Nvidia that covers 1000 different flavors of video cards.
Not any more.
Vista DRM is a complete re-work of the core os in order to protect "premium content" which, in turn, is requiring every video card manufacturer to write custom drivers for every single video card, period.
This isn't Microsoft bashing, this is the reality that we're dealing with. Walt Disney is now in charge of Kernel Development at Microsoft, and you don't see a problem with this? You want to blame the video card manufacturers?
I can understand why Microsoft had to do a complete re-write of the TCP/IP stack: Integrate IPv4 and IPv6 under 1 stack and to have the MS Stack support higher throughputs. The time had come...
But Microsoft had to rewrite the Video/kernel interface in order to make Windows 2000 stable. Remember the days of Windows 3.1 through Windows 98 where a bad video card driver would crash the OS? Give it a Blue Screen of Death? With windows 2000 on up, a crash of the video subsystem would cause the video card driver to reload and you'd see the screen blank out and then reload and you could move on.
With Vista, they re-wrote it all over again.
I have a friend who works for one of the big 5 accounting firms as a Financial Securities Auditor. The wife and I had dinner at his house last night. He was telling me that one of the biggest areas of securities fraud that he is seeing right now is the pump-n-dump scams. I thought I understood it all...
The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
The big targets for the brokerage account takeovers are in Tiawan, the targets for the spam are American "day traders". Apparently, the Tiawanese accounts are big targets because all the business deals in China are written according to Tiawanese law, and all securities trading is handled out of there.
And it should be no big suprise that the criminal organizations behind the whole operations is the Russians.
There is no doubt it is a driver issue!
I have run everything from the Standard VGA driver to the GeForce drivers from NVidia signed by MS with the same problem or worse; some of the drivers just simply disable the VGA output entirely.
But it is this driver issue that is actually caused by the underlying operating system being designed for DRM.
I have no doubts that millions of other users can run Vista, play video to multiple outputs, play games, presentations, etc etc yada yada, without problems.. I am simply pointing out that with the particular configuration that I just happen to have on our "Vista Ready" laptops, that I am clearly able to see performance issues that are directly related to the DRM *FEATURES* built in to Vista.
The amount of work that video card manufacturers now have to go through to get their devices to work under windows virtually guarantees that average users are going to see problems similar to this.
***One thing that I just remembered is that the video playback issues also exhibited themselves on Office 2007 PowerPoint when playing video back on an XP system.***
I am evaluating Vista for work. Based upon this, I will be holding off on deployment for at least a year.
There is no doubt that I will be moving back to XP as none of the network management utilities that I use on a regular basis yet work on the new Vista TCP/IP network stack. I'll stick with XP and run Vista in a Virtual PC mode for whenever I need it.
Vista is NOTHING but a DRM platform that also happens to run Windows applications.
I am currently running Vista Ultimate on my laptop, a closed system with an integrated nvidia video card running Microsoft Certified drivers... I cannot play videos that *I* have created of screen recordings at full screen, I have to play them back in a window. Running full screen in Windows Media Player causes the playback to simply pause. I also cannot play videos that I have created from scratch and integrated into newly created powerpoint 2007 slides. When playing back on my laptop screen, the video plays fine, but when feeding the signal to the projector screen through the analog video output, the video plays for 1 second then pauses for 1/4 second repeatedly.
This is not protected content.
Sure, it isn't *supposed* to be applying DRM "features" to *MY* content, but it is.
This is horseshit, horseshit, horseshit! And for any of those who don't know what I'm talking about, its the shit that comes from a horse.
You cannot build restrictions into every device, every driver and expect it not to have unintended consequences in everyday usage.
Vista is completely defective by design.
Group 415 translates to:
:)
"All your base are belong to us!"
The second message,
Group 617 translates to:
"Moving every zig for great justice!"
Just thought you'd want to know...
Notice: This is not reactive armor, check out the video here.
My father has done design work on the type of laser used on this project, and possibly even this particular project (I'd never know, he's got top secret clearances and only speaks about such technologies in the abstract). However, he was telling me that when they were designing the laser optic systems "like the one's they'd use in the 747...we were having problems with focusing the beam..."
Turns out that when the beam is fired from the nose of the 747, the beam is not focused, it is a 1m (3ft) diameter beam. It is designed to focus all its energy once the beam reaches its target. If the beam were focused when leaving the nose of the plane, within milliseconds it would burn out the laser optics (mirrors) used to aim the beam at the target, that and the beam itself would simply superheat the air along the beam path and turn it into a plasma!
So, by scattering the beam at the source (747 nose cone), they can account for atmospheric distortions and have the beam's energy focus precisely on target, from a 1m diameter down to 5mm or smaller diameter at the target.
I thought that was pretty darn cool!
With all the military posturing that Iran is doing, their nuclear missle ambitions are useless as we can destroy the missle while its still ascending over their own landmass, without any physical object of ours even entering into Iranian airspace. To them, it would appear that the booster just exploded just after liftoff and they'd be left wondering why all their beloved missles are now suddenly defective.
Instead of trying to build newer and bigger weapons of destruction, we should be thinking about getting more use out of the ones we already have. - Jack Handey
Also attributed to Commedian Emo Phillips
Muslims were a great influence on math and science, thousands of years ago, but name for me ONE SINGLE INVENTION OF ANY SIGNIFICANCE to come out of a muslim country in the past 200 years. There isn't one.
These 1001 inventions are ALL from the glory days of Islam, and therein lies the problem. The Muslim religion has KILLED all crativity. They got left behind at the industrial age and THIS IS THE VERY REASON THEY ARE BITTER TODAY.
They got so full of their success that they became complacent, and the world passed them by. When they woke up to this fact, in the early 20th century, it was too late. People whom they used to "rule" over had surpassed them in every fashion because they chose to live in such a closed society within their Ottoman Empire.
When they realized that they were falling behind, they decided to force anyone (male) with any potential into one of two fields - medicine and engineering. They would send them abroad to attend the finest schools and then bring them back to try and bring any knowledge back into their folds. Think about it: Osama Bin Laden is an Engineer; Ayman al-Zawahiri is a doctor. Neither chose their profession, they were just recognized as having a few brains in their head and given one of two choices.
However, none of this changed the fact that the religion of Islam rejects modernity in every form, so this new influx of knowledge did nothing to stem the tide, the downward spiral of their entire culture. So they did a little introspection to try and figure out why they were failing as a culture. They decided that they needed to return to their 7th century roots, which is exactly the wrong approach.
Muslims are embarassed by the fact that they are so pathetic, and for good reason. The only answer for them is to embrace modernity. Until then, they can drive on the roads we've designed, sell the oil that we pumped for them, live in the buildings that we showed them how to build, using tractors and construction equipment purhcased from us. They'll continue to drive around in thieir German/European/Italian/American cars. They can continue treating their patients in their hospitals using medical textbooks written by the hated Christians and Jews, using techniques learned in Medical colleges that they attended outside their countries. And they can continue to resent us for this until they decide to wake up to modernity.
Not to mention a patent system that allows people to innovate without getting their @$$ sued off for the innovations they come up with. These patent holding companies are killing our innovativeness. All they do is come up with an idea, patent it, then wait for someone else to come up with the idea, do all the hard work of design and implementation, then they sue because "it was my idea first!".
It has been said that "Americans invent as the French paint, or the Italians sculpt." If we are to stay ahead in our technical prowess, we need to remove the chains of thought that hold our top engineers back.
There's a quote that I particularly like from Jane Jacobs in Death and Life of Great American Cities which reads: "Old ideas can sometimes use new buildings. New ideas must come from old buildings."
This holds true for nearly all innovations. We take steps advancing ourselves from the progressions made from our forefathers. We had to invent the airplane before we could invent the jet engine. The automobile begat airbags. If some SciFi writer of the 1930's had invented a fanciful (yet at that time impossible) design for some type of internally jet propelled engine, then sued the first person(s) to come actually come up with a working plan of that idea; we may be living in a different era today.
With announcements like this, it looks like DVD's are here to stay - and the general public will ever move to the HiDef world. They're gripping the reigns so tightly that the horses will never leave the gate.
The general public never adopted LaserDisc, but DVD worked out great because of the lax content restrictions. Hollywood wants to control the home theater the same way they controll the movie theater and IT WILL NEVER WORK!
As a security auditor, I've audited College and High School networks.
Simply put: Wherein most organizations are trying to protect themselves from the internet - at a school district, they try to protect the internet from their organization.
Sounds just like the incident wherein the college student said that he was visited by some FBI and DHS for getting a book from his college library... which turned out to be a lie.
No names are named, nobody is quoted. This whole thing stinks from the start.