Security: March 2006 Archives

There is no "undo" button. When a fast-food cashier at Burger King accidentally entered $4,300 for couple of hamburgers onto a debit card, the money was gone from the account for three days. Despite Burger King's immediate action to refund the money, Bank America sat on the money for three days.



This kind of mistake could happen anywhere, anytime, and the three days
involved could cause a missed mortgage payment, a bank penalty fee, and
a permanent black mark in a credit history, but there's still nothing
the Bank will do about it. In fact, they made more money from the
mistake in two ways: charging Burger King to process the refund, and
the 3 days interest on $4,300.



When you signed that debit card agreement, you gave all your rights
away, and it can cost you real money. When it comes to online banking
and debit transactions, the banks are watching their money, not yours.



The Bank is not your friend, part one.

The recent un-diplomatic complaints from London’s Mayor concerning the U.S. Embassy in London’s refusal to pay taxes from which diplomats are exempt gave me an idea. The United States should exempt foreign diplomats in the United States from tolls. We should give them all free EZ Passes attached to their license plates. It would make them a lot easier to track. The State Department should probably start embedding an RFID tag in their tax-exempt cards, too.

Of course, they may already be embedding RFID tags in the license plates. The automated toll gates could easily be connected to a shadow tracking system. You could find out for yourself with an RFID reader, but you'd probably have more fun with an RFID reader/writer after you figure out who uses field-programmable RFID chips.

Since I detailed the script attacks on my Apache box looking for unpatched open-source software like phpmyadmin and Mambo , I get interesting search traffic from people looking for the hacking tools and scripts involved. They search for “pmafind” and “r3v3ng4ns,” and I think they’re actually looking to try and use the scripts rather than defend themselves.

I notified the netblock owner of every U.S.-based server I’ve identified trying to log onto my Linux box using SSH, and everybody I’ve notified said, yes, they had an issue and were taking the box offline. Some script-based attempts used over 1,000 usernames and passwords. Too bad the vast majority of them were overseas.

I have still had no luck in identifying the “mystery
location” listed in my Google
Maps tour. I was going to post pictures of it from the ground, but the
signs surrounding the area prohibit that, so you won’t be seeing them here.



Declan Butler
is doing cool things with tracking the Avian flu on Google Earth, and has
another Google Earth/GIS story coming out soon. 

I hope that when I return from Spring Break (undisclosed location), the world isn’t all 28 Days Later.