Lottery Post Journal

Political blogging at Lottery Post

I stated back in April that people posting streams of politics in their blogs will have those entires deleted.

I guess because the elections are happening now, people are getting geared up and posting more politics.  But the policy here has not changed.  This is not Politics Post, it's Lottery Post, and if the blogs are nothing but politics nobody will enjoy being here.

Because I was not successful in getting people to tone things down when I previously said, "Go ahead and occasionally post something about what you like," I will now set a hard ceiling for political posts.  That way there will be no mistake as to whether something crosses the line or not.

ONE PER WEEK.  You can post one political blog entry per week.

The only person who currently gets a pass on this hard ceiling is truesee.  Unlike other bloggers, truesee has no apparent political axe to grind, and posts many articles per day covering every subject, including politics.  But without agenda.  So truesee, you do your thing.

Everyone else gets one political post per week, which runs Sunday to Saturday.  So if you post something political on Monday and something else on Friday, Friday's post gets deleted.

Of course, I'm only talking about politics here.  You can post as much of whatever else you like in your blog.  It's the politics that are so corrosive.

Politics in the blogs

It's getting out of hand again.  More deletions.

If someone wants to occasionally post political stuff in their blog, that's fine.  But the onslaught of sh*t-posting in the blogs is not going to ever be allowed here.  It's downright hateful.

Again, I could care less if someone wants to support a particular party/candidate/politician.  Go ahead and occasionally post something about what you like.

But if your aim is to post a wall of garbage like you're engaged in a food fight with the other side, you'll get deleted.

I hate that I'm forced to use my own blog to do this.  I wish it could just be for my occasional tips and stuff like that.

Better colors in Chrome and Edge browsers

I'd been meaning to blog this little Chrome & Edge color tip for a while now.

Setting up a new Windows installation this evening I noticed that the colors being displayed in the Edge browser were muted.  It reminded me that not only did I need to fix that in the new installation, but also that I hadn't shared it yet on LP.

I discovered this tip many years ago after noticing that Lottery Post's colors looked much better on Firefox than they did in Chrome and Edge.  Eventually I found a tip online about how to improve the colors in Chrome and Edge to match what I was seeing in Firefox.

If you try this out, just know that it's easy to reverse and set it back the way it was if you don't like the result.

In both Chrome and Edge, you can get to the setting by clicking this link: Force color profile

That link takes you to the "experiments" page of Chrome/Edge, and the "Force color profile" setting should be shown right at the top.

You want to change Force color profile to sRGB.  (As shown below.)

After you change that setting, you should immediately see a button appear at the bottom of the page asking you to restart the browser.  Click that button.

When the browser restarts it will show the hopefully-improved colors in every web page you visit.

If you decide you don't like the change or for any reason want to switch back, just click that same link again, and change the setting back to Default.  Then click the button to restart the browser.

When in Doubt: Hang Up, Look Up, & Call Back

This is a fantastic article that describes how complex scams can work.  It is based on an actual scam that fooled even a security-conscious person.

When in Doubt: Hang Up, Look Up, & Call Back

Many security-conscious people probably think they'd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here's how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Today's lesson in how not to get scammed comes from "Mitch," the pseudonym I picked for a reader in California who shared his harrowing tale on condition of anonymity. Mitch is a veteran of the tech industry — having worked in security for several years at a fairly major cloud-based service — so he's understandably embarrassed that he got taken in by this confidence scheme.

On Friday, April 17, Mitch received a call from what he thought was his financial institution, warning him that fraud had been detected on his account. Mitch said the caller ID for that incoming call displayed the same phone number that was printed on the back of his debit card.

But Mitch knew enough of scams to understand that fraudsters can and often do spoof phone numbers. So while still on the phone with the caller, he quickly logged into his account and saw that there were indeed multiple unauthorized transactions going back several weeks. Most were relatively small charges — under $100 apiece — but there were also two very recent $800 ATM withdrawals from cash machines in Florida.

If the caller had been a fraudster, he reasoned at the time, they would have asked for personal information. But the nice lady on the phone didn't ask Mitch for any personal details. Instead, she calmly assured him the bank would reverse the fraudulent charges and said they'd be sending him a new debit card via express mail. After making sure the representative knew which transactions were not his, Mitch thanked the woman for notifying him, and hung up.

The following day, Mitch received another call about suspected fraud on his bank account. Something about that conversation didn't seem right, and so Mitch decided to use another phone to place a call to his bank's customer service department — while keeping the first caller on hold.

"When the representative finally answered my call, I asked them to confirm that I was on the phone with them on the other line in the call they initiated toward me, and so the rep somehow checked and saw that there was another active call with Mitch," he said. "But as it turned out, that other call was the attackers also talking to my bank pretending to be me."

Mitch said his financial institution has in the past verified his identity over the phone by sending him a one-time code to the cell phone number on file for his account, and then asking him to read back that code. After he hung up with the customer service rep he'd phoned, the person on the original call said the bank would be sending him a one-time code to validate his identity.

Now confident he was speaking with a representative from his bank and not some fraudster, Mitch read back the code that appeared via text message shortly thereafter. After more assurances that any additional phony charges would be credited to his account and that he'd be receiving a new card soon, Mitch was annoyed but otherwise satisfied. He said he checked his account online several times over the weekend, but saw no further signs of unauthorized activity.

That is, until the following Monday, when Mitch once again logged in and saw that a $9,800 outgoing wire transfer had been posted to his account. At that point, it dawned on Mitch that both the Friday and Saturday calls he received had likely been from scammers — not from his bank.

Another call to his financial institution and some escalation to its fraud department confirmed that suspicion: The investigator said another man had called in on Saturday posing as Mitch, had provided a one-time code the bank texted to the phone number on file for Mitch's account — the same code the real Mitch had been tricked into giving up — and then initiated an outgoing wire transfer.

It appears the initial call on Friday was to make him think his bank was aware of and responding to active fraud against his account, when in actuality the bank was not at that time. Also, the Friday call helped to set up the bigger heist the following day.

Mitch said he and his bank now believe that at some point his debit card and PIN were stolen, most likely by a skimming device planted at a compromised point-of-sale terminal, gas pump or ATM he'd used in the past few weeks. Armed with a counterfeit copy of his debit card and PIN, the fraudsters could pull money out of his account at ATMs and go shopping in big box stores for various items. But to move lots of money out of his account all at once, they needed Mitch's help.

To make matters worse, the fraud investigator said the $9,800 wire transfer had been sent to an account at an online-only bank that also was in Mitch's name. Mitch said he didn't open that account, but that this may have helped the fraudsters sidestep any fraud flags for the unauthorized wire transfer, since from the bank's perspective Mitch was merely wiring money to another one of his accounts. Now, he's facing the arduous task of getting identity theft (new account fraud) cleaned up at the online-only bank.

Mitch said that in retrospect, there were several oddities that should have been additional red flags. For one thing, on his outbound call to the bank on Saturday while he had the fraudsters on hold, the customer service rep asked if he was visiting family in Florida.

Mitch replied that no, he didn't have any family members living there. But when he spoke with the bank's fraud department the following Monday, the investigator said the fraudsters posing as Mitch had succeeded in adding a phony "travel notice" to his account — essentially notifying the bank that he was traveling to Florida and that it should disregard any geographic-based fraud alerts created by card-present transactions in that region. That would explain why his bank didn't see anything strange about their California customer suddenly using his card in Florida.

Also, when the fake customer support rep called him, she stumbled a bit when Mitch turned the tables on her. As part of her phony customer verification script, she asked Mitch to state his physical address.

"I told her, 'You tell me,' and she read me the address of the house I grew up in," Mitch recalled. "So she was going through some public records she'd found, apparently, because they knew my previous employers and addresses. And she said, 'Sir, I'm in a call center and there's cameras over my head. I'm just doing my job.' I just figured she was just new or shitty at her job, but who knows maybe she was telling the truth. Anyway, the whole time my girlfriend is sitting next to me listening to this conversation and she's like, 'This sounds like bullshit.'"

Mitch's bank managed to reverse the unauthorized wire transfer before it could complete, and they've since put all the stolen funds back into his account and issued a new card. But he said he still feels like a chump for not observing the golden rule: If someone calls saying they're from your bank, just hang up and call them back — ideally using a phone number that came from the bank's Web site or from the back of your payment card. As it happened, Mitch only followed half of that advice.

What else could have made it more difficult for fraudsters to get one over on Mitch? He could have enabled mobile alerts to receive text messages anytime a new transaction posts to his account. Barring that, he could have kept a closer eye on his bank account balance.

If Mitch had previously placed a security freeze on his credit file with the three major consumer credit bureaus, the fraudsters likely would not have been able to open a new online checking account in his name with which to receive the $9,800 wire transfer (although they might have still been able to wire the money to another account they controlled).

As Mitch's experience shows, many security-conscious people tend to focus on protecting their online selves, while perhaps discounting the threat from less technically sophisticated phone-based scams. In this case, Mitch and his bank determined that his assailants never once tried to log in to his account online.

"What's interesting here is the entirety of the fraud was completed over the phone, and at no time did the scammers compromise my account online," Mitch said. "I absolutely should have hung up and initiated the call myself. And as a security professional, that's part of the shame that I will bear for a long time."

Source

Interesting look at how good Google Maps have become

 https://www.justinobeirne.com/google-maps-moat

Best SB ever

I'd say that ranked as the best Super Bowl game ever.  Amazing!  Congrats to the Patriots, especially Tom Brady.  I think he settled who is the best QB of all time.

Browser makers say decry the use of antivirus -- except Microsoft Defender

Anyone who has visited my blog in the past probably knows that I have been advocating for years that Windows users should completely remove all anti-virus software — except for Microsoft's built-in Defender software (which used to be called Microsoft Security Essentials).

Now it seems that major technology companies — the companies that build the web browser that you are using right now to look at this post — are saying the same thing.  Using McAfee, Semantec, Kasperski, etc., actually erodes the security of your web browser, rather than making it more secure.  The article I have linked below describes why this is.  Basically it boils down to the fact that the browser makers build in all kinds of advanced threat prevention and then when you install anti-virus software it basically disables all that built-in security and replaces it with their own rather insecure and outdated program code.

If you're using Windows 8, 8.1, or 10, all the protection you need is built into the operating system, and installing additional security software is not only pointless, but makes your computer less secure, in the opinion of the biggest technology companies.  Windows 7 and Windows Vista did not come with the software built-in, but it can be installed for free.  Whether it is built-in or installed by you, any additional anti-virus software can be safely uninstalled using the Programs and Features applet in the Windows Control Panel.

Here's a link to the article in question:

https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/