A CHL Instructor's View

February 7, 2010

Phishing and social engineering

Filed under: Uncategorized — chltx @ 10:39 am

My ‘little’ brother (also a CHL Instructor) has been collecting and investigating phishing and related scam emails lately. Here is one of the ‘better’ ones, employing some fairly sophisticated social engineering:

From: REGIONS [email deleted to protect the clueless]
Date: Sat, Feb 6, 2010 at 4:39 PM
Subject: REGIONS INTERNET BANKING
To:  [deleted: one of my little brother's emails]

REGIONS INTERNET BANKING

Dear Customer

Attention! We have just upgraded our online portal.

Please click the link below and enter your account information.

You have 12 hours to confirm account information or your account will be blocked.

To Get Started, Please Click On Restore Your Regions Account Access.
Please visit [url deleted to protect the clueless]

Regions provides individual investors with sound financial advice  whether from your local branch or our expert investment services.

Thank you for using Regions Online Banking.

Equal Housing Lender (c) 2010 Regions Financial Corp. All rights reserved.

The website is fairly well-designed, too. It looks like a true banking site and uses the premise that your account will be shut down if you do not sign in.

If you examine the links on the page, you will see that they all forward to the page you are already looking at. It points out that,”if you have not checked your account since July14th, your account must be updated”. Then it gives you a place to put your username and password. If you don’t know your password, you can enter you secret answer(s) to your secret question(s) [generally: your place of birth, your mother's maiden name, your father's middle name, or the name of you favorite pet]. If that does not work for you, then it allows you to enter another site that will allow you to use your credit card, SSN, and some other information to re-access your Regions Banking Account.

Most people only have one or two usernames and passwords that they use for all secure sites. Entering them in the first page will send these to the scammer. Next, if you go to the page to answer the secret questions, that gives them the information that most people don’t bother to think about being secure. Then, you are sent to a page that allows you to use your credit card, SSN, and other info to finally get ‘access’ to your account. It doesn’t really even matter if you don’t have a Regions account (I don’t); the scammer now has everything it needs to implement a successful identity theft.

According to Little bro’, this is the sort of scam his ex-wife would definitely fall for. Every. Time. (He didn’t say which ex, but I can guess :) )

BTW, here’s my way of dealing with passwords. I use PWGen (a free, open-source password generator available through SourceForge). I generate the longest, most secure password that a particular website will accept, and then store the result in a spreadsheet, which I have encrypted with a passphrase that I don’t use anywhere else. There is also a free, open-source program called KeePass, which does something very similar, but I’ve found that the spreadsheet approach works a bit better for me, because I add a column to record the last date each password was last changed — and I change them on a regular schedule.

January 28, 2010

Is it time to buy a gun?

Filed under: CHL news, General, Guns — chltx @ 1:48 pm

For me, it’s time to buy a gun pretty much anytime I can afford another one. In fact, I’m shopping for a couple of them right now. I want a .22LR semiauto and a .22LR DA revolver for demonstration use in the NRA Basic Pistol course. Maybe more than one of each. And eventually, I’d like to get a 9mm SA that has an available .22LR conversion kit so that I can afford to practice more with it.

But lately, I’ve been getting news from some unusual sources about the increased interest of the general public in buying guns. Any time the government makes some obvious move to restrict gun ownership, gun sales soar. Clinton’s gun ‘ban’ did more to boost gun sales than just about anything else he could have done. And one of the side-effects of the last presidential election was a run on guns and ammo — starting about a month before election day. At that time, I also experienced a sizable jump in demand for my CHL classes. During the last week of December 2008, I had over 100 students, which caused a temporary crisis when I ran short of official certificates (that problem has been eliminated now). The demand for CHL classes and the shortage of ammo persisted for several months (and ammo is still more expensive than it was in 2008), although by last April, the CHL class demand had returned to a more manageable level, and I even had some classes that did not sell out.

The demand for CHL classes is once again growing dramatically. All of a sudden, I’m scrambling to make arrangements for larger classes, and having to turn away potential students because of schedule and range limitations. I’ve started bringing in another instructor to handle the renewal students, which means that I don’t have to turn away so many initial applicants. Yet, there hasn’t been any specific governmental action that I can readily identify as being a cause for this.

Tuesday, I got a financial newsletter with the title “It’s Time to Buy a Gun.” Interestingly, the author also could not point to a particular triggering event. Here is what he had to say:

“But good times for gunmakers are almost always temporary. The boost in sales caused by political uncertainty never lasts more than a few months. That’s a big reason why gunmaker stocks – despite achieving high double-digit sales growth – haven’t really participated in the market rally over the past year. Stocks in the sector trade, on average, for only seven times earnings and 0.7 times sales.

“However, there’s something different happening this time. In the 22 years I’ve known my wife, not once, ever, has she even considered owning a gun… until now.”

He went on to advise a covered-call strategy for a gunmaker stock. Since I didn’t pay any money, I don’t know which gunmaker he is recommending.

Since there doesn’t appear to be an overt gun-grab in progress, I’m guessing that this is a general reaction to the economy, and a suspicion that our government is lying to us about the health of the banking system. Idle chat with other CHL instructors has included phrases like “stocking up on water and canned goods — and ammo, so I can keep the water and canned goods.” I don’t really think that rioting in the streets is going to happen in the very near future, but I can certainly see that having an emergency stash of distilled water and canned food is relatively cheap insurance in any case, and it’s better to have and not need than to need and not have. So, yes, I have several weeks’ worth of distilled water and canned/dry foods in the pantry. I use distilled water on a regular basis for my heated humidifier on my CPAP, and I remember clearly back when some idiot government bureaucrat said that everybody needed to stock up on distilled water, plastic sheeting, and duct tape right away — and I was unable to buy distilled water for nearly a month after that.

That’s my guess, anyway.

If you think you have a better explanation, please enlighten me in the comments.

Related post: What Kind of Gun Should I Buy?

January 25, 2010

It seems strange to have to wear earplugs at a symphony concert…

Filed under: I remember when — chltx @ 12:02 pm

As a CHL instructor, I have gotten into the habit of always having a set of those memory-foam earplugs in a little case in my pocket. I use them in addition to over-the-ear muffs, since I’m also a musician, and things that hurt my ears are a Big Deal. They also come in handy for several other occasions. In the past year, I have used them several times at work (twice so that the fire drill alarm wouldn’t deafen me).

Three times this year, I’ve had occasion to use them at symphony concerts, twice at the Plano Symphony, and once at the Dallas Symphony. It really strikes me as odd to have to use earplugs at a symphony concert. One concert was the Moody Blues (with the DSO), and I noticed that not only was the band wearing earplugs, but the DSO members were also wearing hearing protection (some of them wearing electronic over-the-ear muffs). The concerts with the Plano Symphony that required earplugs were the Christmas concert, and the concert last Saturday evening featuring the 5th Dimension.

Why is it that I seem to be the only person who considers it really weird that the majority of the people present at a concert, including all of the performers, have to wear hearing protection just to keep the experience from being painful? Why couldn’t the folks putting on the show just turn the volume down a bit?

But then, I didn’t like loud music when I was a teenager either.

January 17, 2010

It’s a small world after all…

Filed under: I remember when — chltx @ 5:50 pm

The name Bob Taylor isn’t particularly rare, so I didn’t really think much about my cruise dining companion for the first couple of days. I was on a Western Caribbean cruise with a group of Texas Lions as a fund-raiser for the Lions Sight and Tissue Foundation.

On the third night, however, we got to talking about home towns. My wife and I discovered that the Taylors had grown up near Longview (where my wife is from), and then they had moved to El Paso where Bob was a high school coach for a few years. Well, I’m from El Paso, and we started comparing notes on the old home town. About 2 minutes into that line of conversation, we discovered that he was the assistant principal of Irvin High School, for most of the time I was a student there, including my senior year. Yup, that Bob Taylor.

We spent that dinner trading war stories and trying to remember names of students and teachers from the late 60’s. Fortunately, I was a pretty good student in high school, and never encountered the business end of Mr. Taylor’s paddle.

Bob Taylor is currently retired, and volunteering as the Secretary-Treasurer of the Ennis Noon Lions Club, in district 2x-1. I will probably be the Secretary of the Plano Early Lions Club (also in 2x-1) next year.

And now I can’t get that funky song from Disney World out of my head.

January 7, 2010

Icy streets in Dallas, Snow in London

Filed under: I remember when — chltx @ 8:08 am

It’s cold this morning in Dallas, but the streets appear to be passible, and I don’t anticipate any problems getting to work. Unlike some folks in other parts of the world, who (apparently due to something Liberals call “global warming”) are have some genuine difficulty with unusually cold weather.

I got an email from a fellow in the UK (interesting guy named Martin Avis who writes an internet marketing newsletter) who was complaining about the weather in London today, and it’s effect on the trains. When the locals complain about the train service in London, it must be REALLY bad.

Having been in London three time in the last three decades, I was consistently underwhelmed by the dependability, reliability, and timeliness of their trains. In stark contrast to the trains in Germany and Belgium, which *always* arrived and departed within one minute of the scheduled times.

Which reminds me of my 1st trip to London, about 30 years ago. We arrived at the train station early (about 5am for a 6am scheduled train to the airport), and we were looking for a place to eat some breakfast. I came across a middle-aged man pushing a broom, and asked him if there was an open restaurant nearby.

His answer consisted of at least 50 syllables, not one of which I understood, although I’m certain it was all in English. Probably laid on the accent extra thick after noting that I was a Yank.

At 7am, we went to a ticket window to inquire about the 6am train and we were told that the train was never going to arrive, since it had derailed about 10km outside of London. The lady who told us that did not seem to think that sort of problem was at all unusual, or even remarkable enough to bother notifying anyone waiting for the 6am train. We had to take a taxicab to the airport, but we did manage to arrive (barely) in time to catch our flight. Interestingly, the taxicab fare was about the same as the train fare would have been. Since we were leaving the country, we tipped the driver with all of our remaining English currency, about 30 pounds. He did a heroic job of getting us there in time.

The 2nd and 3rd trips (2nd for business, 3rd as a stopover for a North Sea cruise) were not an improvement. The trains were consistently so late that I had to plan to be at my destination at least one hour early in order to make it no more than an hour late. At least I was able to take a chartered bus to the cruise departure. But by the 3rd trip to London, I knew better than to rely on train transport.

The trains were not the only problem, of course. The prices for everything were so far out of reason that I don’t understand why anybody would want to live in, work in, or even visit London. The only bright spot was that taxicab travel was inexpensive and an order of magnitude more dependable and comfortable than the trains.

I have no particular desire to visit London again.

November 22, 2009

Video is the new ‘net cancer

Filed under: Uncategorized — chltx @ 1:31 pm

I have had some semi-serious interest in internet marketing for some time now, although I have been thoroughly turned off by MLM and other obvious scams targeted to the innumerati. I subscribe to a number of IM newsletters, and I have observed a disturbing trend that has popped up and spread like a metastasizing cancer all over the web. That cancer is Video. More and more email newsletters consist solely of a link to a site that has little other than an embedded video. I’m guessing this is the logical response to the desires of the short-attention-span generation.

One of the things that internet marketers try to do is arrange things so that whatever they are offering takes up so much of your time that you don’t have any left to spend with the competition. Video accomplishes this very effectively. With video, you basically have to take the time to watch/listen at the speed of the spoken word (generally less than 100 words/minute). Worse, I have started seeing video posted using technology that prevents you from being able to download for later watching. Such a time commitment also appears to make customers more loyal (“I have all this time invested in this program, I have to continue to get my money’s worth”). With only a few exceptions, the videos that I have seen lately have an order or magnitude or less information per unit time than the written word, and the pictures are usually worth much less than a thousand words each (they are usually powerpoint slides or something equally banal). It seems that video has become an information sink instead of a source.

I can read the written word at about 10-20 times  the rate that information is presented in a video. And I’m finding that ‘information’ presented via an internet video invariably consists of vapid ‘testimonials’ and so-called “social proof”, and I’m frustrated that I can’t just skim through and read the conclusion (which boosts the effective reading rate to well over 10,000 words/minute). But no matter, the ‘conclusion’ is always “sign up and send money”. And the ‘product’ is more and more geared towards ‘duplicating’ the process of selling ‘information’ about how to make money on the internet.

I have been unsubscribing from newsletters (and RSS feeds) with links to videos, with a few exceptions. For instance, USCCA generally does a good job of producing short videos that illustrate techniques that would be difficult to describe using just the written word. But then, I pay for the USCCA newsletter, and I decided to do so after seeing that they used video in a manner that enhances the presentation instead of just lengthening it.

I’ve pretty much made up my mind that the “pay me $ to learn how I make $ on the internet” is 100% scam, and I have been very careful to avoid that ‘business’ model. I really want to sell something that will add value to my customers’ lives. BTW, I do not have an affiliate relationship with USCCA (hence no link in this post; you will have to look them up on your own), although I may consider one in the future. I’m just a satisfied (for now) customer, and a bit jealous that I didn’t come up with something like that first.

October 28, 2009

Contesting: The Name it and Claim it Game (Book Review)

Filed under: Book Reviews — chltx @ 6:44 am

Contesting: The Name It and Claim It Game : Wineuvers for Wishcraft by Helen Hadsell, published by Top of the Mountain Publishing. I saw this book super-hyped in a couple of different places on the internet, and then I went to the Amazon link given here, and nearly fell out of my chair when I saw that it was selling used (it appears to be out of print) for around $100. That piqued my interest, so I put in a request to my library for an interlibrary loan to see if I could find out what the hype was all about. About 3 weeks later, I got a notice that it was in, so I spent the next two nights reading it.

What a disappointment! The whole thesis of the book is that if you wish hard enough, you’ll win contests. There are a few practical suggestions, such as “don’t spend more on postage than the value of the least prize”, and “always follow all of the instructions exactly”.  The meat of the  book can be summed up in two sentences. Which I just did. The rest of the book is a classic study in logical fallacies. When I looked up the publisher (link above), I saw that they specialize in rubbish such as Astrology and Psychokinesis, which is fitting, I guess.

I would recommend that if you really want to read this book, use interlibrary loan through your local public library. That way you’ll save about $100, and only waste the hour or so it takes to wade through this trash.

You’re welcome.

October 21, 2009

Funny thing happened on the way to El Paso…

Filed under: General, I remember when — chltx @ 6:53 am

I got on the plane, put my stuff in the overhead bin, and sat down & fastened my seat belt. After a few minutes, a female voice started droning on about the various safety features, yada, yada, yada. I was well on my way to zoning out (in a mild funk about having to fly anyway) when … “our flight time today will be one hour, twenty-one minutes, and fifteen seconds.”

“Huh?” I wasn’t sure I’d actually heard that right. Must’ve imagined it. I started to drift off again.

“yada, yada, yada… our cruising altitude will be thirty-six thousand and three feet, five and one-half inches.”

“Huh?“ Looked around, but nobody else appeared to be reacting. But this time, I’m pretty sure I heard it right.  Stewardess gotta be bored out of her ever-lovin’… “place your own mask on first, then assist any children, or other adults acting like children.”

All right, I get it. I opened up the safety information sheet, read through it, and located the nearest exits like a good boy. Guess it worked, eh?

I adjusted the neck support as best I could, and tried to settle in for a one-hour, twenty-one minute, and fifteen second nap.

October 18, 2009

40-year High School Reunion

Filed under: I remember when — chltx @ 6:31 pm

I’m about 5 book reviews behind (yes, I read a lot), but life just happens while you are busy making other plans. I’ve been really busy the last couple of weeks, and the next few weeks will be even busier, but I just have to write about this weekend while the memories are relatively fresh.

I just got back from my 40-year reunion of my high school, and I have a number of mixed emotions from that. I was disappointed that there were a number of people I had hoped to see who did not come this time. I was a bit depressed to see how everyone had aged — with a few notable exceptions.

And I was really glad to see a few folks that I hadn’t seen in 40 years. Melissa, especially. She was one of the few classmates to age quite gracefully. I think that, if anything, she is even more beautiful now than she was when I had that awful crush on her back in my senior year. And still scary-smart. And still one of the most pleasant people I have ever had the pleasure to know. She was one of the three girls that I had a crush on (not at the same time), and the only one of the three that I actually worked up enough nerve to tell about how I felt. She was relatively gentle in disabusing me of any notion that I had any chance at all, but I was still devastated. For about 15 minutes, anyway; I had a pretty clear idea even at that time that it was a really long shot, and looking back now, I can see that she called that one about right. She had been voted the girl Most Likely to Succeed, and I asked her if she thought she had lived up to that. She replied that she had succeeded past her wildest expectations. She’s working as a programmer in linguistics applications, married to a fine artist, and has two daughters who are now grown and pursuing their own careers. She still has that wonderfully infectious smile. I can’t help but be happy for her.

Patty the cheerleader didn’t look like she had aged much, either. I never had a crush on Patty, but I did consider her very attractive back in the day. She still is. Married, widowed, and remarried, she is now doing very well as a Realtor.

Lea and Rosemary (my other two teen-age crushes) could not be there, but I did get to visit with them both at the 30-year reunion, and I’ve heard from others that they are still doing well. Rosemary is a busy family-law attorney, and Lea is making quite a name for herself as an artist. I recall that they were both surprised (and amused) when I told them what a crush I had on them back in high school.

I was really disappointed by the absence of my best friend Roy. We have pretty much drifted apart, but I really expected him to be there, since he still lives only a couple of miles from the old high school.

Zoomer was there. He now has a neurological disorder that has made it difficult for him to walk and use his hands, but he was in good spirits, and appeared to be thoroughly enjoying himself. Funny how time alters perceptions. He greeted me with great enthusiasm and a hug as a long-lost friend when I got there, but I recall that he was basically the class clown, and he seemed to take special delight in tormenting me my senior year. As a joke, he nominated me as a candidate for “Most Handsome”, which got quite a laugh (I had one of the most severe cases of acne of anybody in my graduating class). If there had been a category for “Nerdiest”, I might have won that one.

Then there was Andy. Andy just barely remembered me, but I remembered him quite well. Back in 7th grade, we got into a fist-fight. I won, which is probably why he doesn’t remember. He signed my yearbook anyway.

It was a time of melancholy mixed with celebration. It’s sobering that about 5% of my graduating class (of 438) is now deceased, and more so to realize that in ten years, that will be closer to 20%. It was interesting to drive around the old home town, but I haven’t forgotten why I left, and I have no desire to ever live in the desert again. It’s good to be back home.

Now, back to real life…

September 27, 2009

How to Get the Best Deal on Health Care

Filed under: General, I remember when — chltx @ 11:11 am

Healthcare has been in the news a lot lately, and that has caused me to reflect on some of my own experiences with healthcare.

I had a brief and largely unsuccessful ‘career’ as an insurance agent. (I allowed my licenses to expire long ago, so you don’t have to run shrieking for the door.)

Why insurance sales? Well, I had worked as a contract programmer for a larger life insurance company for about a year and a half, and during that time, I had completed most of the LOMA courses, and would have qualified for the LOMA Life Master designation if they hadn’t discontinued it a couple of months before I would have been eligible. So I knew a lot about insurance, including the math and actuarial science behind it, the laws governing insurance companies, the principles of operation, and owing to my work on a quoting system that agent could use to help maximize their commissions from a given mix of insurance products, I knew a lot about how agents work. Or so I thought. Any rate, when the contract programming market went soft in 2002, I got my insurance licenses (both P&C and L&H), and tried for a while to make a living that way.

Turns out that knowing how insurance works, and being able to sell it effectively are unrelated skills. In fact, one of my observations during my stint as an agent is that the best-performing agents didn’t really know much about insurance at all; what they knew was sales.

Having actually run some numbers, it was obvious to me that the very best deal available (to a non-politician) in the health insurance business is a combination of a High-Deductable Health Plan (HDHP) and a Health Savings Account (HSA). Very few companies actually offer this combination, probably because it is inexplicably unpopular. I tried many times to explain this to potential clients, and it’s like it was talking to a brick wall. With very few exceptions, everyone wanted health insurance that covered EVERYTHING, including such items as yearly checkups, immunizations, and routine office visits.

I was appalled. This is like trying to buy car insurance that covers oil changes, wiper blades, and tires! It is a guaranteed recipe for paying about four times as much as you really need to for healthcare. You will get a MUCH LOWER overall medical care expense if you get insurance that doesn’t cover anything at all except catastrophic injury or illness that costs more than $5000, and set aside (preferably in an HSA) that $5000 in an emergency expenses account. The insurance premiums will be about 20% to 30% of what full-coverage runs, which will probably save you well over $5000/year. The basic principle at work is that if any time you “insure” against something that is predictable, you aren’t really getting insurance. You are pre-paying for routine care, and your money will be skimmed at least 3 or 4 times before it actually pays for that care. The purpose of insurance is to shield you from the unpredictable — the insurance companies are much better at predicting things than you are, and will gladly charge you for that.

There is yet another really important principle at work here — the fact that insurance companies stand between you and your doctor drives up the cost of all medical care dramatically. Part of this is due to the fact that there are 2 or 3 extra fingers in the pie, and part of this is due to the Faustian bargain that the medical industry has made with the insurance industry. The doctor now receives some arbitrary fee for his/her services, and gets that money from 90 to 120 days later. Meanwhile, the doctor has a business to run and employees to pay, and often ends up doing so on borrowed money. If the arbitrary fee happens to be arbitrarily denied, then the doctor has to either eat it, or go after the patient. So they end up playing the “insurance game”.

Let me illustrate this with a personal anecdote. About 20 years ago, I was shopping around for the best deal on an overnight stay in a sleep clinic. I called ten different sleep clinics (back then they were relatively challenging to find), and got quotes that varied from $4500 to $6500 for what amounts to a stay in a high-tech hotel with a couple of full-time attendants (one for each 4-5 patients), strapped to monitoring equipment that costs maybe $25,000. I was getting really discouraged. But the last one I called gave me a shocking clue: The girl that gave me the the quote asked me why I cared about the expense. “After all, your insurance will pay for it, less a small deductible.”

I replied with the explanation that I did not have health insurance (actually, technically, I did, but it had a $5000 deductible), and that I would be paying cash. To my utter astonishment, she came back with, “Oh, the cash-in-advance price is $1750.” Less than half of the first figure she mentioned.

After I hung up, and gave that a few minutes to sink in, I went back and called all of the other sleep clinics again, this time asking for the cash-in-advance (“I’m paying for this out of my own pocket”) price. The prices quoted were in the range $1100 to $1750, down from $4500 to $6500.

Quite a revelation. That’s the cost of insurance that covers “everything”.

Older Posts »

Powered by WordPress