Common Paradox Tech Blog

mario.m7 writes “Poste Italiane, the Italian postal service, suffered yesterday from an abnormal computation in ATM and credit card operations, since the decimal comma was not taken into account. The whole sum was therefore multiplied by 100, resulting in a 115,00 Euro transaction being debited as 11.500 Euro! Thousands of accounts are deep in the red and locked (link pumped through translator), so that no more operations are possible. Poste Italiane is gradually recovering the problem, fixing the error and re-crediting the sum debited in excess. Consumer associations have offered support to clients in case this lasts longer and causes damage.”

Read more of this story at Slashdot.

Wired writer Evan Ratliff spent 27 days in constant fear of getting caught as a small army of amateur and professional investigators hunted him. He had a bounty on his head and the Internet nipping at his heels.

Vanish, a combination of a manhunt and an experiment, began at 5:38 pm on August 14, 2009 as a bold headline on Wired proclaimed “Author Evan Ratliff Is on the Lam. Locate Him and Win $5,000.” We would discover if someone could disappear in today’s world, or whether the electronic trails from ATM, email, and cell phone usage would give him away.

Of course, in Evan’s case it wasn’t just a few concerned family members or police officers looking. It was any person on the Internet whose curiosity was aroused, either by the sheer challenge or by the bounty. Any and all traceable information would be shared over the next few weeks. Soon Evan’s phone records, credit card statements, IP dumps, interviews with friends, and anything that his hunters could dig up would be posted on Twitter, Facebook, and Wired’s own site.

The end goal for the hunters was to locate Evan, photograph him after giving the codeword “fluke,” and then submitting that photo along with a codeword Evan would provide to Wired. And after 27 long days, someone did just that. Evan was caught.

You can read the entire tale here. As you do, consider whether Evan made any genuine mistakes or whether his capture was simply inevitable. Is there a way to disappear, without giving up travel and technology? How would you do it? [Wired]

Ian Lamont writes “Remember the report last year that the FBI was concerned about a ‘vishing’ exploit relating to the Asterisk IP PBX software? Digium played down the report, noting that it was based on a bug that had already been patched, but now the company’s open-source community director says that attacks on Asterisk installations are ‘endemic.’ There have been dozens of reported vishing attacks in recent weeks, says the article: ‘The victims typically bank with smaller regional institutions, which typically have fewer resources to detect scams. Scammers hack into phone systems and then call victims, playing prerecorded messages that say there has been a billing error or warn them that the bank account has been suspended because of suspicious activity. If the worried customer enters his account number and ATM password, the bad guys use that information to make fake debit cards and empty their victim’s bank accounts.’”

Read more of this story at Slashdot.

Cellphone recycling services are ubiquitous today, but this is the first time I’ve seen the process automated and presented in a convenient ATM-like package. Updated.

Supposedly, the ecoATM went live on Friday, in an Omaha furniture store, of all places. Update: It’s not a store, it’s a mart! Nebraska Furniture Mart. And it’s huge!

The process is pretty simple. The cellphone is placed in the ecoATM, scanners judge how terrible you were to your phone over the years, and then you are presented with a quote that can be used as store credit or cash. Cellphone beat up beyond repair? That’s OK too: ecoATM cheerfully informs you that the phone will be recycled and that a tree will be planted in your name.

More ecoATMs are slated to appear in other stores over the next few months. Might we suggest a Best Buy or any store that happens to specialize in electronics? Update: Nebraska Furniture Mart, which is apparently huge, specializes in furniture and electronics. The world makes sense again. [CrunchGear]

Cellphone recycling services are ubiquitous today, but this is the first time I’ve seen the process automated and presented in a convenient ATM-like package.

Supposedly, the ecoATM went live on Friday, in an Omaha furniture store, of all places.

The process is pretty simple. The cellphone is placed in the ecoATM, scanners judge how terrible you were to your phone over the years, and then you are presented with a quote that can be used as store credit or cash. Cellphone beat up beyond repair? That’s OK too: ecoATM cheerfully informs you that the phone will be recycled and that a tree will be planted in your name.

More ecoATMs are slated to appear in other stores over the next few months. Might we suggest a Best Buy or any store that happens to specialize in electronics? [CrunchGear]

Coreplayer has been a longtime favourite of the PalmOS community (not to mention Windows Mobile and Symbian).  Its vast collection of codecs, expansive options, and quick speed have made it arguably one of the best video players for the PalmOS, and now it looks like we may be seeing Coreplayer, in some form, on the WebOS.

Not too long ago, on the CoreCodec Community Forums, while talking about a future 2.0 release, BetaBoy happened to mention:

If we do release it for Palm… it might be released as a ‘last time thank you’ for their support… but note that we are already migrating to the Pre’s WebOS. The other thing that why some Palm ppl might still want it on their older devices is the new touch UI.

Very welcome news given how limited the existing player is.  That one statement leaves lots of questions out there.  Thankfully, not to long ago, BetaBoy also paid our forums a visit and gave us a view at some of their plans for the WebOS:

You’ll likely see CorePlayer on the Pre before Android….. we all have Pre’s here now(if that gives you and indication of what we are doing). [...]

We are doing the same thing that we have always done… but mostly for our OEM customers with CorePlayer API for Linux…. utilize the CORE of CP in API form to fully integrate it into the WebOS UI. In other words we are playing nice and will not being using our CoreUI interface we use for all the other platforms we support.

On the hardware side of things… this is where I don’t want to say much atm, but we do plan to support the native codecs when ever possible, no diff then we do now for all our other platforms.

On the SDK… we are hopeful that with each release it matures and that Palm (like Android) has a nice roadmap for native apps…. and when its ready, so are we.

Hopefully we’ll see Coreplayer for the WebOS before the next generation Pre gets announced. Perhaps CoreCodec could consider homebrew for the early basic releases, similar to TCPMP before going fully retail.

A video has been posted to YouTube by a group called “DarkForum” in which plans for a card skimmer are demonstrated and a contact email for sales of said illegal device is listed. Screw these guys.

Let me reiterate: Card skimmers are not cute hacks or experiments. They’re illegal devices used to steal money from innocent people, and anyone who makes, uses, buys or encourages the use of them belongs in jail. Tellingly, the first related video on YouTube is called “Pin Pad Thief Sentencing.” I realize that by writing about these dorks I’m giving them publicity, but I’m hoping that publicity only results in something very, very bad happening to them. [YouTube]

James-NSC writes “My employer is changing its policy towards employee use of social networks. I’ve been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking. While I was putting it together, I ended up with some miscellaneous information that pertains to security/privacy in general, for example: the emerging ATM skimming (mainly for our European employees), a reminder that email is not private, malware/drive-by in popular search results, etc. Since these topics don’t directly relate to the subject I’ve been asked to address, I’ve ended up with a section titled ‘While I have you…’ I’m going to have the mandatory attention of every employee and I thought it would be a great opportunity to give advice on security/privacy issues across the board. As it’s an opportunity that one seldom gets, I certainly want to utilize it fullly. If you had the attention of an entire company with employees in the US, UK, Asia, and Australia, what security / privacy advice would you give?”

Read more of this story at Slashdot.