centre{source}

Want to know the perfect formula on how to create a frustrating system, provide terrible customer service, and manage to drive a loyal customer to hate? Just take lessons from PayPal - they are doing a great Job at really screwing up.

Here's the magic combo:

First, PayPal created some security restrictions that 'automatically' triggered on my account. While they won't say, I'm guessing its because I accepted 20-30 payments before I attempted to make a full-withdrawal. Regardless, this sparked their security system and it asked that I certify my account (this is different than verify). To do this, I have to ADD MY PERSONAL CREDIT CARD to the account ?@?#$@#$# I also have to verify my SS#. The first step takes 1 week for the transaction to show on my personal CC#... The second step fails because they say that I've used my SS# at some point in the past.

I just found a great backup app (utility) for my USB drive. The app that comes with PortableApps isn't very flexible and it drove me to finding something better. Luckily, I found Freebyte Backup through PortableFreeware.com. They even told me how to 'make it more portable' by avoiding the installation and simply running the .EXE & creating my own profiles. Hope this helps others looking for a stable, feature-rich USB backup utility.

If you thought that anti-spam protection for your incoming mail would alleviate your e-mail problems forever, think again – another issue that can cause more than a few headaches are DNS BlackLists (DNSBLs), sometimes also called RBLs (Realtime Black List). DNSBLs are not a new idea, but their usage is increasing rapidly. In short, a DNSBL is an innovative use of DNS to provide access to lists of IP addresses (or other info). These lists are created on varying criteria -- for example, the IP address was caught sending spam, or it's owned by a company known for supporting/sending spam. Or perhaps the IP address hosts a mailserver not following the rules, or a web/proxy server that has been compromised in such a way that it could be used to send spam. In this way, common sources of spam can be compiled into these lists and checked by a mailserver before accepting mail. If you show up in the blacklist, your mail is rejected.

As the spam-war has escalated, DNSBLs have become a double-edged sword. They have probably saved SMTP from being utterly inundated with spam to the point that it's useless. However, blacklists have also been forced to get increasingly aggressive. It's not uncommon for an organization to find itself blacklisted, even if it didn't overtly send spam (that it knows of). If your organization becomes the unlucky member of a DNSBL, you'll find that most (if not all) of your email is rejected by the outside world because you're now considered a spammer. The worst part is that you may have no idea why you were blacklisted and no idea how to get de-listed!

Starting tomorrow the BlackMal virus will start deleting files from infected computers. Usually when I am in need of security related information I check Security Focus first. Here is what they have to say about BlackMal:

The virus is programmed to start deleting eleven different types of files on the third of each month, starting with Friday, February 3. The files will be deleted from a computer's local hard drive as well as network-attached storage, a strategy that worried security experts enough to warn about the virus.

This is pretty cool. Check out this new feature in OpenSSH 4.3:

* Add support for tunneling arbitrary network packets over a
connection between an OpenSSH client and server via tun(4) virtual
network interfaces. This allows the use of OpenSSH (4.3+) to create
a true VPN between the client and server providing real network
connectivity at layer 2 or 3. This feature is experimental and is
currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
FreeBSD.

There has been a growing grumbling on the internet about big sites like Google storing information about individuals' usage. Jr Colin posted a well reasoned ballast to those concerns today.

It is worth a read if you are concerned about your privacy online but don't feel a need to wear a tin foil hat just yet.

Chris told everyone that the flaw in the MS Windows XP operating system was serious. In fact, he was amazed at the seriousness of the flaw and how little Microsoft was doing to fix it. According to this AP article, Microsoft has finally released a patch (much later than other security entities).

Check out this article. It's pretty hilarious but also a little scary. It tells the story of three guys hired to assess the security of a Fortune 500 company. The ease with which these guys penetrated this company to its very core is truly frightening, and they didn't require any 'l33t 0-day exploits to do it. They used simple social engineering to blow by what meager security was in place. Read the whole thing -- it's worth it.

ISC has posted a convenient WMF vulnerability FAQ.

This is an interesting security product. It relies on the fact that every person has a unique typing style as a signature for authentication purposes.

Via Bruce Schneier.