Amazon’s customer service backdoor — Medium

Everything you do to secure your Amazon account Customer Service can undo in a heartbeat. A scary tale of how easily Amazon’s customer service can be socially engineered.

As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.

Because when someone has gone after me, it all goes for nothing. That’s because most systems come with a backdoor, customer support. In this post I’m going to focus on the most grievous offender: Amazon.com

Source: Amazon’s customer service backdoor — Medium

Charles with the Obamacare Open Enrollment Center

Last week I got this scam call in on my mobile number. The Caller ID said 347-215-3027 which, as I know from my years of telemarketing scam sleuthing, is almost certainly faked. Calls also come from 813-365-3765 and possibly others.

Here’s the recorded message that was left, made to sound spontaneous. People all over the country have gotten the very same message:

Yeah, hi. This is Charles, and I’m calling from the Obamacare Open Enrollment Center in your … uh … local neighborhood here … um I have your number here on my desk to give you a call … uh … basically … uh … let me see here … uh, the number … let me see … E477 that’s your registration number for the, uh … Obamacare … uh … insurance, so … just go ahead and give me a call back I want to go over a few things with you to get you set up so you don’t have any tax implications. You can call me DIRECT at 888-575-1448, again my number is 888-575-1448. Thank you!

I’ll have an audio clip to post later today.

Iran’s return of American sailors

Riverine Command Boat (RCB)

Riverine Command Boat (RCB)


Let me start off by saying that last week wasn’t my Navy’s finest hour. When news came in Thursday night that ten U.S. Navy sailors had “drifted into Iran territorial waters” and had been detained, there was a sense of deja-vu. I thought about the collision in 2001 between a reckless Chinese fighter pilot and a Navy EP-3 surveillance plane. Known as the Hainan Island Incident, 24 sailors were detained for eleven days, interrogated at all times of day and night. The incident was George W. Bush’s first international crisis and it wasn’t clear things would be resolved amicably.

The Navy tends to avoid entering unfriendly waters (well … most of the time!). The Persian Gulf (or Arabian Gulf as the USN refers to it) is tiny as far as bodies of water go. Our sailors are well aware of who occupies the eastern shore of the Gulf and know to steer clear of it. That doesn’t mean that encounters between Iranians and Americans don’t still take place. I vividly recall how surreal it was to lock eyes with curious Iranian ferry passengers as they motored slowly by my ship once in the Gulf. It was clear at that moment how ridiculous the bluster of our respective governments was.
Continue reading

How the FBI tracked down a Georgia woman tied to $4M in… | www.ajc.com

It turns out that Abby Kemp, the … um, babe jewelry thief, did some modeling three years ago. I wonder what drove her to a life of crime?

In 2012, a then-22-year-old Abigail Lee Kemp posed for a professional photo shoot. Young, pretty, brunette, she wore short dresses of black and red. Her high heels were steady on the balcony of a Midtown Atlanta high-rise, skyline stalwarts like the AT&T building standing tall in the background.

She bent over to touch the water flowing from a fountain, sat in front of an outdoor fireplace and stared into the distance. She smiled while a tattooed man suggestively touched her hips.

The same woman will be a few miles away Monday, in federal court at the Richard B. Russell building downtown. The FBI believes her responsible for a string of armed jewelry store robberies across five Southeastern states, crimes they say netted watches and diamonds worth millions.

Source: How the FBI tracked down a Georgia woman tied to $4M in… | www.ajc.com

Fact-checking a graphic on gun death statistics

I saw this graphic on Facebook on gun death statistics and decided it needed to be fact-checked. The graphic appears below with the “wrong” label so that others won’t be fooled by its claims.

Ryan_Muller-facebook-6dec29150-Death-rates-in-US-wrong

The argument being made here seems to be that firearms aren’t that big of a cause of death and the author of the image appears to back it up with facts. Let me show you why this is not only an apples-to-oranges comparison but also … well, cherry-picked.

Continue reading

My ridealong with the Raleigh Police Department

Ready to roll with Officer Boyd

Ready to roll with Officer Boyd

In July of 2015, I decided it was time again to take another ridealong with the Raleigh Police Department (RPD). I last did a ridealong in 2007 and learned so much about my community that I never would have learned otherwise. It seemed like a refresher was in order, so I contacted my beat officer, Officer J.D. Boyd, and we set up a Friday night to make it happen.

There were a few key differences for this ridealong compared to the last time. First, I got door-to-door service from RPD whereas last time I had to start and end at the Southeast District station. I also was afforded the use of a bulletproof vest which was not offered last time. Finally, I am a greenway volunteer with RPD and so I am not your typical citizen. I’m sort of part of the department. This means I got to do more during this ridealong than my last ridealong, but more on that in a minute.

The ridealong experience started with some prep on my part. Knowing that I would likely be up most of the night, I took a two-hour nap after work. This got me rested and alert for the ridealong. Without the nap I would’ve been toast!

Officer Boyd rolled up to my home about 9 PM and handed me my bulletproof vest to put on. I took a cue from my last ridealong and dressed nicely with a blue button-down shirt and slacks. If I was going to be meeting the public and potentially be in their homes I wanted to look professional. The vest wasn’t all that bulky but I was aware how it might get heavy if I had to wear it all the time. Once suited up, I returned outside.

Getting the lowdown on the gear

Getting the lowdown on the gear

Boyd then gave me a quick rundown of safety stuff. He handed me a waiver to sign and then described where I could find his weapons and safety equipment, should I have to help him out. This was sobering! With a pic or two taken in front of his car, I waved goodbye to the family and we departed for our first call. It was a little disturbing how happy my son was to see his dad get whisked away in a police car!
Continue reading

What really attracts business to North Carolina?

Flag-map_of_North_CarolinaThe front page of the News and Observer trumpeted that North Carolina’s population has finally exceeded 10 million. The story, written by Charlotte Observer reporter Ames Alexander and News and Observer reporter David Raynor, quotes a number of experts for their opinions about what brings them here.

Gov. McCrory says it’s the economy and quality of life (and he even works in a cheesy mention of the new state marketing motto):

“With our growing economy, great colleges and universities and quality of life, from the mountains to the coast, nothing compares to North Carolina,” Gov. Pat McCrory said.

Chuck McShane works for the Charlotte Chamber and should know what attracts people here:

“People are flocking for jobs, opportunities, mainly to our urban areas,” said Chuck McShane, the director of research at the Charlotte Chamber.

These two probably hear a lot from the companies that move here, so it’s understandable they were quoted. But then the reporters slipped this in (emphasis mine): Continue reading

Gag Order Gone, Secrets of a National Security Letter are Revealed | FRONTLINE

An interview with Nicholas Merrill who, after 11 years of court battles, can now discuss the National Security Letter that the FBI gagged him with.

There are ways to legally compel information, they’re called warrants. Instead we have a security state that’s run amok. Funny how we don’t have much safety to show for the trillions of dollars we taxpayers have poured into the national security apparatus.

For the first time in 11 years, Nicholas Merrill is allowed to fully reveal the contents of a letter that came hand-delivered to him from the FBI.

In 2004, Merrill, then the CEO of a New York-based web-hosting firm called Calyx, received a so-called national security letter. The letter asked for what Merrill described as a significant array of information from the company, but because of a gag order, he was legally barred from even speaking about it.

“It was not a warrant. It was not stamped or signed by a court or a judge,” Merrill told FRONTLINE in the 2014 film United States of Secrets. “It was this letter demanding this information from me. And it also told me that I could never tell anyone that I had gotten the letter. It said that I could tell ‘no person.’”

Source: Gag Order Gone, Secrets of a National Security Letter are Revealed | FRONTLINE

Shady charity calling from 980-242-3241

I just got a mystery phone call from 980-242-3241, a number allegedly located in Charlotte, NC. A quick Google search shows that it is apparently a fake charity scam, asking for donations for breast cancer research. Comments on the 800Notes.com website indicate that the caller is rude and unprofessional.

If you get a call from these folks simply hang up. Don’t get scammed by an unsolicited phone call.

Dependent Verification Services are still a bad idea

If there’s one thing the handful of longtime MT.Net readers know it’s that there’s never been a dead horse that I didn’t love to beat! In this case, I’m returning again to the topic of dependent verification services such as those offered by AON Hewitt. My employer is changing health plans and as a part of the transition employees are being asked to go through the dependent verification process.

This is my second go-round with this process and it makes as little sense the second time around as it did the first. The verification firms tout fraud rates of up to 15% as justification for employers to hire the firm. Some research I’ve found online suggests that verification process costs the employer about $21 per employee.

Employers take note: the cost to your employees should also taken to account. The verification process is an anxiety-ridden exercise that does not engender trust in one’s employer. Under threat of terminating their health benefits, you are asking your employees to gather their sensitive and confidential personal documents and scan, fax, or mail them to a third party: the verification service.
Continue reading