Thursday, November 29, 2012

Now Hexaicosa-Certified with McAfee Technical Professional -- Mobile Security Technical Requirements Goodness. . .

From the McAfee Partner Learning Center on November 29th, 2012:

Christopher J. Marcinko -- McAfee Mobile Security Technical Requirements (1.3)
"This certificates acknowledges that Christopher Marcinko has successfully completed the Mobile Security Technical Requirements (1.3)."

Date of Certification:
November 29th, 2012

Now Pentaicosa-Certified with McAfee Technical Professional -- Web and Email Security Goodness. . .

From the McAfee Partner Learning Center on November 29th, 2012:

Christopher J. Marcinko -- 2012 Technical Professional: McAfee Web and Email Security Certification (1.4)
"This certificates acknowledges that Christopher Marcinko has successfully completed the 2012 Technical Professional Web and Email Security Certification (1.4)."

Date of Certification:
November 29th, 2012

Wednesday, November 28, 2012

Now Tetraicosa-Certified with McAfee Technical Professional -- System Security Goodness. . .

From the McAfee Partner Learning Center on November 28th, 2012:

Christopher J. Marcinko -- McAfee Technical Professional: System Security Certification
"This certificates acknowledges that Christopher Marcinko has successfully completed the Technical Professional System Security Certification."

Date of Certification:
November 28th, 2012

@christoperj:

Wondering why Facebook just burped and re-added me without my permission to all the groups I had left in the last 18+/- months. . .

Tuesday, November 27, 2012

Now Triicosa-Certified with McAfee Technical Professional -- Risk and Compliance Goodness. . .

From the McAfee Partner Learning Center on November 27th, 2012:

Christopher J. Marcinko -- McAfee Technical Professional: Risk and Compliance
"This certificates acknowledges that Christopher Marcinko has successfully completed the 2012 Technical Professional Risk and Compliance Certification (1.6)."

Date of Certification:
November 27th, 2012

Monday, November 26, 2012

@christoperj:

Of all the door to door 'sales associates' who come by, wondering why ADT security representatives always seem to be the most defensive when I ask to see their city required 'solicitors permit'

(And for that matter, why the crap they think I would ever trust them with my security if they won't spend the time + 10 bucks to get one and be 'legal' when they knock on my door.)

@christoperj:

Anybody who doesn't think people will believe something just because it's what they want to hear, want to be scared of, or want to be angry about -- clearly has never ever spent five minutes looking through their Facebook wall on a Monday morning. . .

Thursday, November 15, 2012

Sorry -- It Wasn't Me

Based on all the NDR's received in the last hour, it's apparently my turn to have an email address spoofed and used to send out crap spam.

Sorry -- it was neither me nor my machine.

Looks like the one example below came through:

1) An open MTA relay in Barcelona, Spain (84.77.221.194)

2) Via a what was claimed to be a Saudi Arabian registered domain (odcqcngjocqxmidqclbfogqwi [DOT] twarn [DOT] com/sendmail [DOT] php)

3) Which may or may not be hosted out of Haarlem, Netherlands via 94.75.242.21

But the subdomain does not resolve, so the parent domain was probably spoofed as well. Not that it matters anyway as whoever is sending out this crap is probably using some automated script and long list of open email relays all over the world.

Good times. . .


Delivery to the following recipient failed permanently:

no@[MASKED]

Technical details of permanent failure:
[MASKED] tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 : invalid address (state 13).

----- Original message -----

Received: by 10.14.223.4 with SMTP id u4mr6449274eep.19.1353005631303;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Received: by 10.14.223.4 with SMTP id u4mr6449270eep.19.1353005631268;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Return-Path: <[MASKED]>
Received: from [MASKED] ([MASKED] [[MASKED]])
by [MASKED] with SMTP id f7si31086453eeo.10.2012.11.15.10.53.35;
Thu, 15 Nov 2012 10:53:51 -0800 (PST)
Received-SPF: neutral ([MASKED]: 84.77.221.194 is neither permitted nor denied by domain of [MASKED]) client-ip=84.77.221.194;
Authentication-Results: [MASKED]; spf=neutral ([MASKED]: 84.77.221.194 is neither permitted nor denied by domain of [MASKED]) smtp.mail=[MASKED]
Received: from [84.77.221.194] ([84.77.221.194]) by [MASKED] ([[MASKED]]) with SMTP;
Thu, 15 Nov 2012 18:53:51 GMT
Received: from apache by odcqcngjocqxmidqclbfogqwi.momix.org with local (Exim 4.67)
(envelope-from <<[MASKED]>,
>)
id C6W6Y5-I31H64-NL
for <[MASKED]>,
; Thu, 15 Nov 2012 20:02:18 +0100
To: <[MASKED]>,

Subject: Company founded in Gibraltar is currently looking for European sector based labor force.
X-PHP-Script: odcqcngjocqxmidqclbfogqwi [DOT] twarn [DOT] com/sendmail [DOT] php for 84.77.221.194
From: <[MASKED]>,

X-Sender: <[MASKED]>,

X-Mailer: PHP
X-Priority: 1
Content-Type: text/plain; charset="us-ascii"
Message-Id:
Date: Thu, 15 Nov 2012 20:02:18 +0100
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.05735/99.21816 CV:99.9000 FC:95.5390 LC: 0.1839 R:95.9108 P:95.9108 M:94.5035 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-status: off
X-pstn-nxpr: disp=neutral, envrcpt=no@[MASKED]
X-pstn-nxp: bodyHash=f531f188e1f1c756d317b3245f7d51df0f393c9f, headerHash=37f1102fb2cfa2015526df5b21447c478d39434e, keyName=4, rcptHash=59b9110a6577d0310ea9cb90ad957b516216f26a, sourceip=84.77.221.194, version=1
X-pstn-nxpr: disp=neutral, envrcpt=no@[MASKED]
X-pstn-nxp: bodyHash=f531f188e1f1c756d317b3245f7d51df0f393c9f, headerHash=37f1102fb2cfa2015526df5b21447c478d39434e, keyName=4, rcptHash=59b9110a6577d0310ea9cb90ad957b516216f26a, sourceip=84.77.221.194, version=1
X-Gm-Message-State: ALoCoQmIQYS68JJUosWRXDptmnZEI6/Xr6CwYpj31j0Moj9XWIHUnEmDT9cNvqr76MIkq5TtKjLgMVPJj1uxVLfSacsO0bqgIFEmAgkQTYvbkIjQBHE7ss+iohLEWnAdGN1/S2TDH8re

Business providing product offerings in the E-Commerce and Information Technology market sectors presently
recruiting employment personnel from Europe.

5,000 Euros per month compensation in exchange for simply a few working hours put forth each day, plus a 5.0% bonus.

What we require from applicant:
- POA (Power of Attorney) or Proprietorship of a business or similar
- Replying to e-mails originating from us, each day
- Stay consistently current with every assigned task
If this interests you, please submit the following information to our business e-mail:

- Full Name
- Telephone # in the International Syntax Format
- E-mail address
- Current age

Please respond to:Jeanette@europs-consulting [DOT] com.

Don't utilize the reply option.
Sincerely,
Department of Human Resources

Now Doicosa-Certified with Check Point CCSA Goodness. . .

From Check Point Software Technologies LTD. on November 15th, 2012:

Christopher J. Marcinko -- Check Point Certified Security Administrator Certification R75
"This is to certify that Christopher J. Marcinko has demonstrated the knowledge to be a: Check Point Certified Security Administrator."

Date of Certification:
November 15th, 2012

Upgraded to R77
From Check Point Software Technologies LTD. on April 27th, 2015:

Christopher J. Marcinko -- Check Point Certified Security Administrator Certification R77
"This is to certify that Christopher J. Marcinko has demonstrated the knowledge to be a: Check Point Certified Security Administrator."

Date of Certification:
April 27th, 2015

Sunday, November 11, 2012

@christoperj:

Taking a moment to think about the reason for this day

Tuesday, November 6, 2012

@christoperj:

Now that it's all be settled, can we now finally focus on the work that needs to be done? The benefit of the two party system is that the best ideas from both sides can be brought to the table of any conversation to solve the deep challenges we face.

Enough with the partisan rhetoric. It's time for everybody to stop worrying about keeping their jobs, and start doing them.

(And seriously, if you were one of the majority of the US population who didn't bother to cast your vote -- you willingly gave up your rights to complain about anything political for the next four years.)

@christoperj:

Ah Texas. Sure we have a vocal community who still deeply question if President Obama was born in the US, but we seem to have no problem electing a confirmed Canadian to the US Congress. Very intriguing. . .

@christoperj:

No matter what direction your political beliefs happen to lean -- If you choose not to vote today, you absolutely give up your right to complain about whatever happens on your Facebook page for next four years. . .

Sunday, November 4, 2012

@christoperj:

Huh. Was just called an a$$hole and further told to "piss off then" by somebody with a wide variety of Christian statements in their Facebook profile -- all because I posted my generic complaint when they spammed me to their Facebook group without asking.

While I don't consider myself a religious person, that just doesn't seem right to me.

What I posted:
[NAME] -- I did not request to be added to your "[FACEBOOK GROUP NAME]" group and you did not give me common courtesy of first asking me if I wanted to join. While this might be 'officially' legal under Facebook rules (and you're certainly not the first one to do it) -- the real world calls this 'Spamming'.

Much like if I were to sign your email address up to 100 bulk email services. It would be spam because you didn't authorize it. Not to mention, it would damned rude for me to do so. Your actions are no different.

Please do not add people to groups unless you ask them. Particularly if you want them to ever care about whatever message/business you are advertising.

Friday, November 2, 2012

Visa "Lost/Stolen" Response Team Fully Admits I'm Not the Owner of the Credit Card I Found, Then Refuses to Cancel It Because I'm Not the Owner of the Credit Card I Found

Found somebody else's credit card left on a ping pong table at Walmart today.  Called the "emergency" Visa number (1-800-VISA-911) on the back to give them a heads up that the card was clearly lost.

Only to be told that they cannot cancel the card because I couldn't verify account information.  Sure I could confirm the 16 digit number, the name on the card, the secret security number on the back -- and I specificly said 4 times that I was NOT the card holder.

But that apparently is not enough to convince the Visa "Emergency" Team that the card is lost and should be immediately canceled.

Not the response I was expecting to hear.

This was the fourth call I made to report finding this card. Being issued by a local Credit Union, they didn't seem to have any real after hours support. All their other numbers on the back of the card all said "Our offices are closed, heres when we're open again".

But when I eventually found their after hours 'lost stolen' card phone number info -- the person on the other end of that number quickly killed the card and thanked me for my honesty. Took all of 5 minutes once I found a contact number for somebody who gave a damn.

Still not sure why Visa Worldwide couldn't wouldn't do the same. Of the many prompts at the end of their Visa "Emergency" number (again, printed on the back of the card), was "If you would like to report a Lost/Stolen Credit Card, press" whatever number. It was, so I did.

Fifteen minutes of back and forth -- all I got was the same answer. "You can't validate personal information on the account, so we can not cancel the card you found "

I get why they couldnt just kill a random card number without validating the authenticity of the call. But if I have all the security information on the card -- numbers, names, security codes -- and I'm clearly not the authorized card holder. . .

. . .Well, hell, shouldn't that be a sign that the card meets the criteria of 'lost and/or stolen'?

I asked the question four times total to make sure I was understanding that they were unwilling to cancel the card even though I obviously had the card and was not the card holder -- and the Visa operator stood by her "No" answer each time.

All the Visa operator was willing to do was to give me the contact information of the issuing bank and told me I could contact them directly (which was already on the back of the card, and was currently closed). And that I was free to cut the card up tonight.

Good advice and I was planning to do both. But if the card is already reported to be lost (and possibly stolen), waiting an extra 12 hours to officially kill the card seems like a pointless risk to take for everybody who has skin in the game. I know I'm not going to go on a spending spree with somebody else's account. They don't though. And who the crap knows if somebody stole the card, tried to use it, and then dumped/dropped it.

Still trying to wrap my mind that the Visa team chose such a cavalier approach to this. Really felt like they didnt give a crap that their customer's card was in the wild -- nor did they want to want to protect their customer from possible fraud.

And I got no answer for that unfortunate reality at all.

@christoperj:

My vote has already been cast. You no longer need to feel the urge to bombard me with the daily rhetoric, rumors, and retorts. . .