Ransomware

locked-computer-cartoonIn an ideal world, all people would be informed, intelligent, and there would be no sociopaths. But in reality computer users are not normally technically adept: to them their computer is just a thing they use to get work done or for entertainment, and they treat it like a radio, television, or coffee maker. In a real work environment, until something really bad happens, people use Windows XP ten years after Microsoft stopped supporting it, never apply updates as ‘they are too annoying’ and ‘people are busy’, and they click on everything just to see what happens. Readmore..


Anyone see a way to improve this?

// inputs are form $_POST[] variables login and password

// relevant table columns are id,login,password,and sometimes key_chain
 // id is integer, the rest char with password being a hash 
 // the output success/fail flag is $id is set upon success, unset if failed

 //Check Keys Table for this Login
 if(isset($staff)) $sql = "SELECT `id`,`password`,`key_chain`"; else $sql = "SELECT `id`,`password`";
 $x = mysqli_real_escape_string($my_db_link,strtolower(trim($_POST['login'])));
 $sql .= " FROM `keys` WHERE `login`='$x';"; 
 $result = mysqli_query($my_db_link,$sql) or die(mysqli_error($my_db_link));
 unset($x);
 unset($id);

 // is there a matching login in the table?
 if (mysqli_num_rows($result)>=1) {
 
 //matching login found
 $row = mysqli_fetch_array($result);
 $id = $row['id'];
 $password = $row['password'];
 if(isset($staff)) $key_chain = $row['key_chain']; //text string to determine user's privilege
 mysqli_free_result($result);

 //if password is null, then it is not set yet, so set it
 if( (!isset($password)) OR (strlen(trim($password))<60) ){ //min hash length is 60

 // set the password
 $x = password_hash(mysqli_real_escape_string($my_db_link,strtolower(trim($_POST['password']))), PASSWORD_DEFAULT);
 $sql = "UPDATE `keys` SET `password`='$x' WHERE `id`='$id' LIMIT 1;";
 mysqli_query($my_db_link,$sql) or die(mysqli_error($my_db_link));
 unset($x);

 //if password not null, then test it
 } elseif (!password_verify( mysqli_real_escape_string($my_db_link,strtolower(trim($_POST['password']))),$password)) {
 // bad login -- wrong password
 unset($id);
 unset($key_chain);

 }//if(isset($id) AND

 }//if (mysqli_num_rows($result)>=1) {
 unset($password);
 unset($row);
 unset($sql);

Tax-Free: settlements for wrongful incarceration

WASHINGTON — The Internal Revenue Service today released guidelines on how wrongfully-incarcerated taxpayers can take advantage of the new retroactive exclusion from income for any civil damages, restitution or other monetary award received in connection with their incarceration.

The guidelines are contained in a set of frequently-asked questions, posted today on IRS.gov. According to the FAQs, taxpayers who in the past received payments related to their wrongful incarceration and included those payments in taxable income can now file a refund claim for any income tax paid. To do this, eligible taxpayers must file Form 1040X for each year these payments were reported and write “Incarceration Exclusion PATH Act” at the top of each Form 1040X they submit.

https://www.irs.gov/individuals/wrongful-incarceration-faqs


Kill It Already

01 Jan 1966, Houston, Texas, USA --- Sandy McGee at the Laboratory Universal Control computerized lab controls using IBM equipment --- Image by © Pete Vazquez/Science Faction/Corbis

01 Jan 1966, Houston, Texas, USA — Sandy McGee at the Laboratory Universal Control computerized lab controls using IBM equipment — Image by © Pete Vazquez/Science Faction/Corbis

“Agencies reported using several systems that have components that are, in some cases, at least 50 years old. For example, the Department of Defense uses 8-inch floppy disks in a legacy system that coordinates the operational functions of the nation’s nuclear forces. …”

For more information, read the Network World article Not dead yet or see the General Accounting Office document http://www.gao.gov/assets/680/677436.pdf

Department of Veterans Affairs
System: Personnel and Accounting Integrated Data
Age: 53
Function: Automates time and attendance for employees, timekeepers, payroll, and supervisors.
It is written in Common Business Oriented Language (COBOL)—a programming language developed in the 1950s and 1960s—and runs on IBM mainframes.
Replacement coming?: Yes -The agency plans to replace it with a project called Human Resources Information System Shared Service Center in 2017.

Department of Veterans Affairs
System: Benefits Delivery Network
Age: 51
Function: Tracks claims filed by veterans for benefits, eligibility, and dates of death. This system is a suite of COBOL mainframe applications.
Replacement coming?: No -The agency has general plans to roll capabilities into another system, but there is no firm time frame associated with this transition.