More from: General

Attorney General Curtis Hill warns of tax fraud 

Picture of criminals handcuffed

Criminals by GatoDesing

In the past, some participants at Adult Life Training, Inc. shared with the group that they had been harmed by tax fraud. Although this is also a lucrative mafia favorite along with credit card scams and unauthorized ATM draws, usually a relative or “friend” gets the victim’s SSN and files a massively lying tax return with the refund check mailed to the criminal, then later IRS comes back on the victim who did not even file that lying tax return and makes them repay what the criminal stole.

The victim did not file that lying return and should not be paying anything at all: the victim had nothing to do with it: IRS was deceived and got robbed: but the IRS will force the victim to prove that they didn’t do it, even though under the US Constitution a citizen is innocent until they are proven guilty beyond any reasonable doubt. These crimes disportionately injure poverty stricken persons of color but anyone can be targeted.

If you have been or think that you have been a victim of identity theft, go to www.irs.gov’s IP PIN page and request that they put an IP PIN on your account (and don’t tell family, “friends”, or anyone else your PIN) so that only you can file your return. And don’t pick a number the relative or “friend” can figure out!

What’s an IP PIN?
The IRS IP PIN is a 6-digit number assigned to eligible taxpayers to help prevent the misuse of their Social Security number on fraudulent federal income tax returns.

What does an IP PIN do?
An IP PIN helps us verify a taxpayer’s identity and accept their electronic or paper tax return. When you have an IP PIN, it prevents someone else from filing a tax return with your SSN.

(https://www.irs.gov/identity-theft-fraud-scams/the-identity-protection-pin-ip-pin)

This just in from GovDelivery Communications Cloud on behalf of: Indiana Attorney General Curtis Hill· Indiana Government Center South, 302 W. Washington St., 5th Floor · Indianapolis, IN 46204 · 317-232-6201. If you would like to receive official information when it is released by the sovereign State of Indiana browse to https://insights.govdelivery.com/ and indicate which topics you want emailed to you.

Indiana Attorney General Curtis Hill is warning Hoosiers to beware of scams in which their identities are stolen and used to file fraudulent tax returns.

Tax identify thieves use other people’s Social Security Numbers (SSN) to file taxes and/or even obtain jobs. Most victims initially will not even be aware that this has happened. Some will be notified upon e-filing that a tax return has already been filed using their SSN.
The federal Trade Commission also has related information on their web site at https://www.idtheftcenter.org/Cybersecurity/tax-identity-theft-awareness-week-2018

The IRS has offered the following warning signs of possible tax-related identity theft: 

  • More than one tax return was filed for you;
  • You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return, or;
  • IRS records indicate you received wages or other income from an employer for whom you did not work.

If you believe you have been the victim of tax-related or any other type of identity theft, the Office of the Indiana Attorney General office can help. Go to indianaconsumer.com or call 1-800-382-5516 to make a complaint.


Cloud Providers compromise Domain Security

This just in via email from newsletter@feistyduck.com. More information is available here: https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811

Cloud provider vulnerability causes Let’s Encrypt to disable SNI domain validation

A major issue with some cloud providers allowed the unauthorized issuance of Let’s Encrypt certificates. Although the issue clearly lies with the cloud providers, Let’s Encrypt nevertheless has decided to disable the corresponding validation method.

Frans Rosén discovered that he could use the SNI validation method from the ACME protocol (https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/) to issue certificates for domains hosted on certain cloud providers. He explicitly mentions Heroku and Amazon CloudFront.

TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say.

The core of the issue is that these providers allow users to upload certificates that the system will serve automatically to TLS requests with the corresponding server name. The ACME SNI validation method uses temporary certificates that end with .acme.invalid.

After the issue was reported, Let’s Encrypt almost immediately disabled the TLS-SNI-01 validation method. Let’s Encrypt subsequently decided that, with a few exceptions, it will stay disabled. The newer TLS-SNI-02 method is vulnerable as well. A new TLS-SNI-03 method that considers this problem is being developed, but for the time being users should switch to either the HTTP or the DNS validation method.


Citizen’s Arrest – Indiana

IC 35-33 ARTICLE 33. PRELIMINARY PROCEEDINGS

IC 35-33-1 Chapter 1. Arrest

  Section Any person
     Sec. 4. (a) Any person may arrest any other person if:

(1) the other person committed a felony in his presence;

(2) a felony has been committed and he has probable cause to believe that the other person has committed that felony; or

(3) a misdemeanor involving a breach of peace is being committed in his presence and the arrest is necessary to prevent the continuance of the breach of peace.

(b) A person making an arrest under this section shall, as soon as practical, notify a law enforcement officer and deliver custody of the person arrested to a law enforcement officer.

(c) The law enforcement officer may process the arrested person as if the officer had arrested him. The officer who receives or processes a person arrested by another under this section is not liable for false arrest or false imprisonment.

As added by Acts 1981, P.L.298, SEC.2. Amended by Acts 1982, P.L.204, SEC.7.

IC 35-33-1-5Definition

     Sec. 5. Arrest is the taking of a person into custody, that he may be held to answer for a crime.

As added by P.L.320-1983, SEC.3.