Tag Archives: Security

Lightsail Network Isolation

Amazon Lightsail started offering a managed database service a few months ago.

I took a look at it … and tried it out … a while back and wasn’t really happy with it.

Although it had some nice features, I wasn’t given a ‘root’ (or super user) account and (as I sometimes do) was able to completely trash the instance within a few hours of creating it (I tried to manipulate the permissions on the master database user and ended up revoking all of them).

So I was considering creating my own database server using MySQL on a stand alone Amazon Linux instance.

This would give me a stand alone database with the flexibility to do anything I wanted.

My big concern was network security. I wanted to make sure that only my Lightsail instances would be able to communicate with the database server.

Continue reading

Mailbait Threats

Back in October of 2012 I devised a way of blocking abuse of my mailing list server by detecting mailbait abusers (mailbait.info offers a ‘service’ to fill your, or someone else, mailbox with unwanted mailing list subscriptions). In June of 2013 I refined the technique.

Basically I detected if someone was visiting the mailing list subscribe page from mailbait.info and sent them to a special page that also annoyed them by popping up hundreds of javascript alerts about not spamming people.

Regardless of the popups, people still try to use mailbait to involuntarily subscribe people to my lists (well, try at least, my lists require a closed loop confirmation system).

Today I received the following threat from a mailbait.info user ..

threat.

I’m inclined to ignore the ‘warning’ … but I find it somewhat satisfying that my approach has annoyed someone sufficiently.

As an added measure, I’ve updated my system security mechanism to block any IP that attempts to use the mailbait service more than once.

Spontaneous Security

Over the holiday weekend, I experienced the ultimate computer security mechanism:

“Spontaneous Security”

I was using my new Dell Latitude E6420 to do some network reconfiguration when the machine started acting weird with regard to the network.

Since this machine runs Windows 7, I decided to just reboot it to clear the network configuration.

After I restarted the machine I was asked for a password by the BIOS.

The odd thing was … I never set a BIOS password.

Continue reading

Epsilon

By now everyone’s probably heard about the data breach at Epsilon … which resulted in a lot of major eCommerce vendors customers mailing list getting stolen.

Personally, I’ve gotten notifications from Chase, Walgreen, Tivo, Best Buy, 1-800-Flowers, and a few others … informing me of the breach and assuring me that no critical information was stolen … just my email address.

What do you do now?

Nothing, really.

Continue reading

New Credit Card Number

What a pain … Discover card has issued Ginny and I new cards with new account numbers.

A few weeks ago I got an email from Discover indicating that we were getting a new account number …

As part of a recent systems upgrade, you will be issued a new Discover Card with a new account number.

At first I thought it was just another phishing scam … but they had all the relevant information correct (last 4 digits of the card number and my full name).

For the past two weeks my daily Quicken download was failing on the Discover account … so I guess it’s legit.

Well, today the new cards came and, as promised, a new account number.   Now I get to go through the hassles of changing credit card number with those vendors I have recurring charges with.   What a pain.

This begs the question … why would they need to issue a new account number?   According to another website I found Discover is doing this to “millions” of their customers.   This smells very very fishy.   Another site I found mentioned a “security update”.   Bill Roper ran into the same thing … except he found someone doing fraudulent charges on his old account.

Methinks that Discover had a security breach recently … and aren’t owning up to it.

ADT Finally

Well, ADT finally came and installed the new wireless backup unit.

Of course the upgrade wasn’t without it’s hitches …

  1. The guy who came wasn’t exactly the picture of professionalism. I assume he was a contractor and not a regular ADT field service engineer.
  2. The analog wireless unit was originally mounted in the basement … where we got a lousy signal (digital or analog) … so, after a number of false signal loss indications, ADT moved the unit to the kitchen pantry. The guy wanted to install the new digital unit back in the basement. I convinced him to install it in the same spot as the old one so we could get a good signal.
  3. He didn’t bring a staple gun … he had to use mine.
  4. He couldn’t figure out how to snake a wire behind a wall … I had to tell him to try fish a stiff wire (that I provided) up from the control panel up the wall and then attach the wire he was trying to bring down to the control panel so he could pull it down.
  5. He had a wimpy little pocket flashlight … so he couldn’t see in the closet that the wireless unit was mounted in … which caused him to wasted at least 20 minutes because he had secured two wires to the same contact point. I had to let him use my big maglight flashlight so he could see enough to get the unit wired correctly.
  6. He spent about 2 1/2 hours doing the install … I suspect that I could have had it done in 45 minutes.

All that said … the new unit is kind of interesting. It’s uses a GSM network … so it has SIM card. Not sure what the advantage of that is … probably just cheaper to manufacture.

Of course all this costs me $199 (less a $20 credit because they blew off the first appointment). I’m sure I’ll have much better service (picture sarcasm dripping off this sentence).

ADT Once More

Yep, ADT missed another appointment.   At least they called before hand.   That doesn’t mitigate the fact that I took off early from work again.

I don’t know why I expect anything better from ADT … they’ve established a clear pattern.

I’ve rescheduled once again … I’m seriously thinking of calling ADT tomorrow, speaking to a supervisor, and informing them that … if they miss this next appointment … I’ll be invoicing THEM for my time (which, I suspect, is worth a lot more than their’s is).

It absolutely boggles my mind that service providers have no compunction about telling customers to be be home for a 4 hour span of time … and then not showing up.

ADT Does it Again

I blew the entire morning waiting for an ADT contractor to come out and replace the wireless backup for our alarm system.

Seems that the cellular provider that ADT uses for the wireless backup is dropping support for analog devices. As a result, anyone who has an analog wireless backup for their alarm system needs to get the system upgraded to digital.

About 3 weeks ago I scheduled the upgrade for today between 8am and 12 noon. I made sure not to schedule anything for that day.

This morning I wake up early (earlier than my normal saturday roust, anyways) and get ready (emptied out the pantry where the transmitter is) and waited … and waited … and waited some more.

About 20 minutes after noon I called ADT to see what the problem was. I got transfered to a supervisor who was trying to get a hold of the contractor. She said she would call me back as soon as she found out what was going on.

About 15 minutes later she did call back (which was kind of shocking in itself) and informed me that the contractor had been overbooked for the upgrades … and wouldn’t be able to get to our house that day. We would have to reschedule. Problem is, the next available appointment wasn’t until mid-September.

She did offer a $20 discount on the upgrade cost … which I took. I also explained that this is the 2nd time that ADT had missed an appointment. She countered that the last time it was indeed ADT that had missed the appointment but this time it was a contractor. Obviously, from my perspective, there’s no difference.

Due to scheduling problems, the wireless transmitter won’t get upgraded until early October.

I’m getting a little annoyed at ADT.