While following some links and websites on the net, I ran across this video clip entitled “Don’t talk to the police”, everyone should watch this video.

Saw this posted by a friend on fb:

FACEBOOK has agreed to let a third party advertisers use your posted pictures WITHOUT your permission. (also known as “opt-out”) Click on SETTINGS up at the top where you see the Log out link. Select Privacy. Then select NEWSFEEDS and WALL. Next select the tab that reads FACEBOOK ADS. There is a drop down box, select NO ONE. Then SAVE your changes. (REPOST to let your friends know!)

When I asked him for a source, he responded with:

Just saw a friend’s face in an ad on facebook for “singles in your area”….she is most definitely married.

Fun stuff.

Update! 2009-08-05

According to http://blog.facebook.com/blog.php?post=110636457130 this was all a non-issue.

But apparently the only thing keeping third party applications from doing this is the AUP. Just another reason I don’t like most of the 3rd party apps on fb.

I normally think of myself as pretty savvy and able to spot a scam from a long way off.

Yesterday, I let my guard down.

A kid showed up at the door, typical just out of high school type, drinking a NoS energy drink and talking at 100 miles per hour. He was going door to door selling magazine subscriptions for US soldiers over seas. It’s tax deductible. He gets points towards a trip to Cancun and paying for part of his tuition next year.

He seemed so sincere. I said, “Sure, we can do two of those.” He continued on with his spiel, including things like “Checks are held for 2 weeks before depositing” and “You’ll receive a letter in the mail thanking you.”

We handed him the check, he handed us a receipt, he left.

Then I started to think about it a bit more. I read the fine print on the receipt. I started to get that, “Oh crap” feeling.

I looked up the name of the company on google.

“Face to Face Technologies, Inc” aka “FTFT, Inc.” aka “Dynasty Technologies, Inc”.

First hits are for scam and fraud reports. Oh crap indeed.

I emailed some friends and family who have worked with the VA before and asked if they had heard of this program. I went to the VA website and used their web form to ask if FTFT, Inc was associated with them.

Then I went to bed for some very troubled sleep, waking a few hours later. In my email were two responses, one from the VA saying that they were not affiliated with FTFT, the other telling me to cancel it as soon as possible since it was a scam.

So I called the bank, put in a stop payment on the check. Then I filled out the cancellation form on the receipt, just in case they honor that. It will be mailed later this morning, with delivery confirmation. According the the terms on the cancellation, it must be postmarked no more than 3 days after the original purchase, including Saturdays. Not much time to try and get out of this.

After doing that I thought about this scam. It’s really quite clever. Since you are buying the subscription for someone else, you don’t expect to get anything from it. It hits the heart strings of many due to it being “for the troops”. That it was a kid trying to “work his way through school” didn’t hurt either.

I think I will be adopting my friend Adam’s response to someone asking for donations, especially going door to door. “Send me some literature through the USPS mail, and I will consider it.” or “Sorry, but our budget for charitable contributions has already been met for the year.”. Which in all honesty, it had been. We have a finite amount of money that we give to several charities, but I thought this would be an ok one to splurge on… it’s not like we were signing up to pay for this every year, it was a one time charge.

We’ll see if it actually gets cancelled or if I get to play games with these people later on.

How to Suck at Information Security
Some of my favorites are:

• Require your users to change passwords too frequently.
• Expect your users to remember passwords without writing them down.
• Don’t cross-train the IT and security staff.
• Expect end-users to forgo convenience in place of security.
• Lock down the infrastructure so tightly, that getting work done becomes very difficult.
• Assume that policies don’t apply to executives.

I have seen all of these from time to time, and they have all made me go slightly bonkers. Not always at the time that I saw them, because, well, we were all young and dumb at least once.