Attorney General Curtis Hill warns of tax fraud 

Picture of criminals handcuffed

Criminals by GatoDesing

In the past, some participants at Adult Life Training, Inc. shared with the group that they had been harmed by tax fraud. Although this is also a lucrative mafia favorite along with credit card scams and unauthorized ATM draws, usually a relative or “friend” gets the victim’s SSN and files a massively lying tax return with the refund check mailed to the criminal, then later IRS comes back on the victim who did not even file that lying tax return and makes them repay what the criminal stole.

The victim did not file that lying return and should not be paying anything at all: the victim had nothing to do with it: IRS was deceived and got robbed: but the IRS will force the victim to prove that they didn’t do it, even though under the US Constitution a citizen is innocent until they are proven guilty beyond any reasonable doubt. These crimes disportionately injure poverty stricken persons of color but anyone can be targeted.

If you have been or think that you have been a victim of identity theft, go to www.irs.gov’s IP PIN page and request that they put an IP PIN on your account (and don’t tell family, “friends”, or anyone else your PIN) so that only you can file your return. And don’t pick a number the relative or “friend” can figure out!

What’s an IP PIN?
The IRS IP PIN is a 6-digit number assigned to eligible taxpayers to help prevent the misuse of their Social Security number on fraudulent federal income tax returns.

What does an IP PIN do?
An IP PIN helps us verify a taxpayer’s identity and accept their electronic or paper tax return. When you have an IP PIN, it prevents someone else from filing a tax return with your SSN.

(https://www.irs.gov/identity-theft-fraud-scams/the-identity-protection-pin-ip-pin)

This just in from GovDelivery Communications Cloud on behalf of: Indiana Attorney General Curtis Hill· Indiana Government Center South, 302 W. Washington St., 5th Floor · Indianapolis, IN 46204 · 317-232-6201. If you would like to receive official information when it is released by the sovereign State of Indiana browse to https://insights.govdelivery.com/ and indicate which topics you want emailed to you.

Indiana Attorney General Curtis Hill is warning Hoosiers to beware of scams in which their identities are stolen and used to file fraudulent tax returns.

Tax identify thieves use other people’s Social Security Numbers (SSN) to file taxes and/or even obtain jobs. Most victims initially will not even be aware that this has happened. Some will be notified upon e-filing that a tax return has already been filed using their SSN.
The federal Trade Commission also has related information on their web site at https://www.idtheftcenter.org/Cybersecurity/tax-identity-theft-awareness-week-2018

The IRS has offered the following warning signs of possible tax-related identity theft: 

  • More than one tax return was filed for you;
  • You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return, or;
  • IRS records indicate you received wages or other income from an employer for whom you did not work.

If you believe you have been the victim of tax-related or any other type of identity theft, the Office of the Indiana Attorney General office can help. Go to indianaconsumer.com or call 1-800-382-5516 to make a complaint.


Cloud Providers compromise Domain Security

This just in via email from newsletter@feistyduck.com. More information is available here: https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811

Cloud provider vulnerability causes Let’s Encrypt to disable SNI domain validation

A major issue with some cloud providers allowed the unauthorized issuance of Let’s Encrypt certificates. Although the issue clearly lies with the cloud providers, Let’s Encrypt nevertheless has decided to disable the corresponding validation method.

Frans Rosén discovered that he could use the SNI validation method from the ACME protocol (https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/) to issue certificates for domains hosted on certain cloud providers. He explicitly mentions Heroku and Amazon CloudFront.

TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say.

The core of the issue is that these providers allow users to upload certificates that the system will serve automatically to TLS requests with the corresponding server name. The ACME SNI validation method uses temporary certificates that end with .acme.invalid.

After the issue was reported, Let’s Encrypt almost immediately disabled the TLS-SNI-01 validation method. Let’s Encrypt subsequently decided that, with a few exceptions, it will stay disabled. The newer TLS-SNI-02 method is vulnerable as well. A new TLS-SNI-03 method that considers this problem is being developed, but for the time being users should switch to either the HTTP or the DNS validation method.


Citizen’s Arrest – Indiana

IC 35-33 ARTICLE 33. PRELIMINARY PROCEEDINGS

IC 35-33-1 Chapter 1. Arrest

  Section Any person
     Sec. 4. (a) Any person may arrest any other person if:

(1) the other person committed a felony in his presence;

(2) a felony has been committed and he has probable cause to believe that the other person has committed that felony; or

(3) a misdemeanor involving a breach of peace is being committed in his presence and the arrest is necessary to prevent the continuance of the breach of peace.

(b) A person making an arrest under this section shall, as soon as practical, notify a law enforcement officer and deliver custody of the person arrested to a law enforcement officer.

(c) The law enforcement officer may process the arrested person as if the officer had arrested him. The officer who receives or processes a person arrested by another under this section is not liable for false arrest or false imprisonment.

As added by Acts 1981, P.L.298, SEC.2. Amended by Acts 1982, P.L.204, SEC.7.

IC 35-33-1-5Definition

     Sec. 5. Arrest is the taking of a person into custody, that he may be held to answer for a crime.

As added by P.L.320-1983, SEC.3.


UI Cause of Hawaii Missile Scare

When salespeople started calling themselves “web designers” web sites became little more than confusing, over packed, repositories for cartoon graphics: lots of color and little clearity. Clean, usable, UI design is one where the human using the interface, hence User Interface, easily knows what to select.

No more than seven (7) actionable items should be on any screen (where the menu counts as one item). No menu should have more than seven (7) choices and there should not be more than three (3) levels to any menu object. Choices should be logically arranged, following international norms and standards (in apps for years we have had File, Edit, View, … Help but sadly there is still not enough cross site predictability on web pages for even menus ending with … About Us, Contact Us, Privacy Policy). “Artistic License” belongs on artistic entertainment web sites, not on business sites employees use to get work done.

From a recent solicitation email from Codecademy.com:

On an otherwise quiet Saturday morning, the State of Hawaii learned the hard way about the consequences of relying on a poorly designed user interface (UI).

An employee at Hawaii’s Emergency Management Agency triggered an emergency alert last Saturday indicating that a ballistic missile was about to hit the islands.

Your first impulse might be to blame the employee for creating this statewide false alarm. But in the discipline of User Interface Design, there is no such thing as user error. Well designed software should anticipate the needs of its users, provide clear warning messages when users are about to take drastic actions, and make errors easy to catch and reverse.

Take a look at the remarkably confusing UI that caused the error:

The employee accidentally clicked “PACOM (CDW) – STATE ONLY” instead of the similarly named option “DRILL-PACOM (DEMO) STATE ONLY”, creating massive panic until a follow up message 40 minutes later revealed it was a mistake.

Codecademy.com offers their web site UI programming course description at https://www.codecademy.com/pro/intensive/build-website-uis for those who might be interested.


Best Buy for Mobile Services

Picture of my TING mobile phone bill for two phones, $18 total

Of course one phone would cost half what my bill is. My mobile bill for two phones has stayed at about $23, including unlimited Internet.

TING.com charges per use, so if I go over my first 100 minutes, it’s $9 for 500 minutes instead of $3 for 100 minutes: you use as much as you decide that you need to use never getting “limited” or cut off.

They do what they say: we’ve had it since August 2016. Coverage is good. No actual problems that I remember.

If this is cheaper than you have now, and you want to change, you can use my link below and you will get a $25 credit (to pay your bill a couple months or to buy a new phone). Here’s my link: https://zaohqc5lpjf.ting.com/