Stand by...

March 4, 2010

How to report Internet Fraud

Internet Fraud is on a rise. As more and more people get online, more viruses are created to steal information, and more people see the anonymity of the Internet as a good way to steal, fraud rates will continue to rise.

Common fraudulent acts range from using stolen Paypal accounts to pay for eBay or Craigslist products. Sending people fake checks for significant amounts of money over the selling price and asking for the extra back, or the common “Nigerian 419  Scam,” where you’re contacted (usually via email) for help moving large amounts of money from another country. But they quickly ask you to send a couple of thousand dollars as a “transfer fee” and none of the money is ever seen again.

The first step in reporting fraud is to gather your evidence. Good portions of such reports go unanswered and forgotten because of the lack of evidence. Providing ample and accurate proof will greatly increase the chances of action being taken by Law Enforcement. When reporting fraud and scams, use this template to provide your evidence. Keep in mind that some online forms may not have room for all this info, but it’s good to compile it before submitting.

Name: Address:

Phone Number:

Email:

Other Contact info: (IM ID, Forum Name)

Scammer’s Name:

Address:

Phone Number:

Email:

Other Contact info: (AIM or Yahoo IM ID, Forum Names, AKA names. Also include any other email addresses, phone numbers or physical addresses known. Essentially any way used to contact you should be cataloged here.

Nature of Fraud/Scam:  Give a brief description, i.e. Was contacted by person to

Estimated Value Lost: Use a range for actual goods, or the sell price of the goods. Otherwise use the actual cash value.

Timeline Description: This is the important section. Provide a day-by-day, hour-by-hour account of the transaction and what went wrong. Cut and Paste Chat Logs, Screenshots (if possible,) and all emails. Be sure to present everything in chronological order as it happened.

Links to evidence: Provide links to forum posts, screenshots of emails and IM logs, etc.

There are several places you can report fraud to depending on where in the world you are.

Online Fraud Complaint Forms:

In the United States:

The Internet Crime Complaint Center: <a href=”http://www.ic3.gov”>http://www.ic3.gov</a>

National Fraud Information Center <a href=”http://www.fraud.org/info/contactnfic.htm”>http://www.fraud.org/info/contactnfic.htm</a>

In Canada:

Royal Canadian Mounted Police:

<a href=”https://www.recol.ca/intro.aspx?lang=en”>https://www.recol.ca/intro.aspx?lang=en</a>

Other Countries: Please look in comments below, or post if you know your countries web page.

Once you’ve filled out the online forms, it’s a good idea to directly contact any of the below Law Enforcement Agencies. All of these agencies (except maybe City and County Police Departments) have an electronic crime agency who will take your information. In some cases you may be referred to another person, or group. Expect to get a bit of run around but do not take it personally. Remember to be polite and patient when explaining the nature of the fraud.

Local FBI Office: http://www.fbi.gov/contact/fo/fo.htm

Local Attorney General: http://www.naag.org/

Local U.S. Secret Service Electronics Crime Division: http://www.treas.gov/usss/field_offices.shtml

Local State Police: http://www.statetroopersdirectory.com/

Local County Police Department: Varies, search Google for your County Name, Police Department and Electronic Crimes Division

Local City Police Department: Use the same search term above

If someone scammed you out side of your country, the Federal Trade Commission has a special site for these complaints. https://www.econsumer.gov/pls/econsumer/wimsnery2$com.main?p_lang_seq=1

A lot of scams involve Paypal due to the ease of setting up accounts or stealing the information from others. Their claims page is located at: https://www.paypal.com/us/cgi-bin/webscr?cmd=_comres_flow&trans_id=

Phone: 1-888-221-1161×8232 ; or 402-935-2050

If a company or business scammed you there are a couple of good places to report them to.

Better Business Bureau

FTC Complaint Center

Also be sure to report them to your and their Attorney General’s Office.

The United Postal Service is especially tough on scammers and fraud via Mail. If you sent a Money Order via mail, or goods and didn’t get anything in return they want to hear from you. Their online form is located at: http://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx

The Postal Service is very tough on fraud and scamming. To help them out it’s always a good idea to use Delivery Confirmation when sending large amounts of money, checks, or even expensive goods.

UPS has an online claim section too, https://www.ups.com/myups/login?returnto=https%3a//wwwapps.ups.com/webClaims/create%3floc%3den_US%26report_type%3d1&reasonCode=-1&appid=CLAIMS

Reporting fraud and scams is time consuming, but every bit helps. If you’re short on time at least submit reports to the first two links. Remember, the scammers aren’t going to stop if they get away with it. All it’s going to take is one or two to get caught as warnings to the rest.

Uncategorized /  No Comments Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

January 6, 2010

Poking a hole in that pesky firewall.

There are more than a few ways to access a firewall.  I will be giving a brief tutorial for one of the more common methods. Called “poking a hole”, or professionally called an SSH back door.  Please, please be careful with this, any script kiddy with 30 lines of code can exploit an SSH server.

This is a great post by IBM detailing it pretty well. If you have any question feel free to leave a comment and I will assist you.

  1. SSH from ginger to blackbox.example.com with the -R flag. I’ll assume that you’re the root user on ginger and that tech will need the root user ID to help you with the system. With the -R flag, you’ll forward instructions of port 2222 on blackbox to port 22 on ginger. This is how you set up an SSH tunnel. Note that only SSH traffic can come into ginger: You’re not putting ginger out on the Internet naked.You can do this with the following syntax: ~# ssh -R 2222:localhost:22 thedude@blackbox.example.com

    Once you are into blackbox, you just need to stay logged in. I usually enter a command like:

    thedude@blackbox:~$ while [ 1 ]; do date; sleep 300; done

    to keep the machine busy. And minimize the window.

  2. Now instruct your friends at tech to SSH as thedude into blackbox without using any special SSH flags. You’ll have to give them your password: root@tech:~# ssh thedude@blackbox.example.com .
  3. Once tech is on the blackbox, they can SSH to ginger using the following command: thedude@blackbox:~$: ssh -p 2222 root@localhost
  4. Tech will then be prompted for a password. They should enter the root password of ginger.

Thanks IBM.

Hacking, How To, Linux, Unix /  No Comments Tags: , , , , , , , , , , ,

November 19, 2009

How To: Check Apple Warranty Status via ARD

Here is an awesome little script by Scott Russell of the University of Notre Dame. Using the “send Unix command” in Apple Remote Desktop, it can pull the system’s serial number, send the information to Apple’s Warranty Website and then tell you if the machine is under warranty.

#!/bin/bash

# warranty.sh
# Description: looks up Apple warranty info for this computer, or one
specified by serial number on the command-line

# Written by: Scott Russell, IT Support Engineer, University of Notre
Dame
# Created on: Sat Jan 5 16:20:54 EST 2008
# Last Modified: Thu Sep 25 09:29:11 EDT 2008

###############
## GLOBALS ##
###############

WarrantyTempFile="/tmp/warranty.txt"
PlistFile="/Library/Preferences/edu.ND.DSSBranding"

if [[ $# == 0 ]] ; then
SerialNumber=`system_profiler SPHardwareDataType | grep "Serial Number"
| awk -F': ' {'print $2'} 2>/dev/null`
else
SerialNumber="${1}"
fi

[[ -n "${SerialNumber}" ]] && WarrantyInfo=`curl -k -s
"https://selfsolve.apple.com/Warranty.do?serialNumber=${SerialNumber}&countr
y=USA&fullCountryName=United%20States" | awk '{gsub(/\",\"/,"\n");print}' |
awk '{gsub(/\":\"/,":");print}' > ${WarrantyTempFile}`

#################
## FUNCTIONS ##
#################

GetWarrantyValue()
{
grep -w "${1}" ${WarrantyTempFile} | awk -F ':' {'print $2'}
}

###################
## APPLICATION ##
###################

echo "$(date) ... Checking warranty status"
InvalidSerial=`grep "serial number provided is invalid"
"${WarrantyTempFile}"`
#echo "InvalidSerial == ${InvalidSerial}"

if [[ -e "${WarrantyTempFile}" && -z "${InvalidSerial}" ]] ; then
echo " Serial Number == ${SerialNumber}"

PurchaseDate=`GetWarrantyValue PURCHASE_DATE`
echo " PurchaseDate == ${PurchaseDate}"

WarrantyExpires=`GetWarrantyValue COVERAGE_DATE`
echo " WarrantyExpires == ${WarrantyExpires}"

ProductDescription=`GetWarrantyValue PROD_DESCR`
echo " ProductDescription == ${ProductDescription}"
else
[[ -z "${SerialNumber}" ]] && echo " No serial number was found."
[[ -n "${InvalidSerial}" ]] && echo " Warranty information was
not found for ${SerialNumber}."
fi

exit 0

Apple, How To /  2 Comments Tags: , , , , , , , ,

November 9, 2009

OS X 10.6.2 update released

For those eagerly awaiting the latest security patches from Apple on Snow Leopard, they’re here!

Client version can be downloaded here.

Server version can be downloaded here.

From Apple’s KB Article about the Client version, here are the fixes.

General operating system fixes provided for:

  • an issue that caused data to be deleted when using a guest account
  • an issue that might cause your system to logout unexpectedly
  • Spotlight search results not showing Exchange contacts
  • the reliability of menu extras
  • an issue in Dictionary when using Hebrew as the primary language
  • shutter-click sound effect when taking a screenshot
  • an issue with the four-finger swipe gesture
  • an issue adding images to contacts in Address Book
  • an issue in Front Row that could cause sluggish or slow frame rates while watching videos
  • creation of mobile accounts for Active Directory users
  • reliability and duration of VPN connections
  • general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
  • overall improvements to VoiceOver performance
  • this update addresses video playback and performance issues for iMac (21.5-inch, Late 2009) and iMac (27-inch, Late 2009) computers that may occur in some situations while AirPort is turned on

    • Fonts fixes provided for:

  • an issue with font spacing
  • an issue in which some Fonts are missing
  • font duplication issues
  • an issue with some PostScript Type 1 fonts not working properly

    • Graphics fixes provided for:

  • an issue when connecting monitors to DVI and Mini DisplayPort adapters
  • an issue in which the brightness setting may not be remembered on restart
  • addresses functionality with specific display models
  • general reliability and performance improvements when using some applications

    • Mail fixes provided for:

  • a situation in which Mail’s unread count may not update properly as messages are read on another computer
  • an issue in which deleted RSS feeds may return
  • an issue in which Mail cannot preview or Quick Look attachments when composing a new message
  • an issue that can cause Address Book and/or Mail to stop responding when opened
  • an issue in which email messages received from an Exchange Server are not formatted correctly
  • an issue in which Mail reports “Account exceeded bandwidth limits” for some Gmail accounts

    • MobileMe fixes provided for:

  • performance when accessing files from iDisk via the Finder and syncing iDisk files
  • an issue in which syncing iDisk files does not proceed beyond “checking items”
  • reliability and performance when syncing contacts, calendars, and bookmarks with MobileMe (syncing with iTunes and iSync are also improved)
  • an issue that prevents some users from logging into MobileMe via the MobileMe System Preference pane

    • Network file systems fixes provided for:

  • compatibility with third-party AFP servers
  • file synchronization for portable home directories

    • Printing and faxing fixes provided for:

  • automatic printer updates improvements
  • Print dialog allowing you to enter and send to more than one fax recipient

    • Safari fixes provided for:

  • a graphics distortion issue in Safari Top Sites
  • Safari plug-in reliability

    • ————

    This last one has been affecting me heavily (Adobe Flash crashes) lately so I’m glad to see it fixed.

    Apple, news, os x /  No Comments Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

    November 8, 2009

    Latest Macheist bundle – Totally Free!

    Macheist is running another contest, but this time it is totally free.

    Yes, no money down, nothing to buy, ever (if you don’t want too.) The apps that they have are ShoveBox, WriteRoom, Twitterrific, TinyGrab, Hordes of Orcs, and if enough people register, Mariner Write which I am personally looking forward too.

    I’ve used Twitterrific and enjoyed it quite a bit. At this point in time I can’t comment on any of the other Apps, although Hordes of Orcs looks like a good way to waste a few hours, and ShoveBox might be a great way to keep myself a bit more organized.

    Head over to Macheist, signup and check out these apps yourself.


    Apple, news /  No Comments Tags: , , , , , , , , , ,
    « Previous Entries

    Tags

    Categories

    RSS Feeds

    Entries RSS
    Comments RSS