There has been a bit of exposure in the news recently, of Automatic Teller Machine fraud.  Aka Card Skimming and PIN capturing.  Up to 1,000,000 dollars has been obtained by the crooks in Melbourne.  Card Skimming is where criminals copy the magnetic stripe off your card, and make a duplicate card.

Now I know a bit about ATM’s, having worked with them for a couple of years, but the sheer cleverness of some of the devices amaze me.

Here are some photo’s of ATM fraud methods I was sent.

Card skimmer, which sits over the exist card slot of the ATM:

Normal ATM vs Skimmer fitted ATM

A PIN Capturing device.  Yes it’ is a mobile phone being used as a camera.

Spot the camera:

And the other way the bad guys can capture your PIN number?
Place a keyboard over the existing ATM keyboard:

So what can you do as a customer?

Very little.  If you regularly use a particular ATM, and notice something has changed.  It may be a card skimmer.  Or may not.  Contact your bank and ask.

Update: Snopes: ATM Camera

Good luck, old lad.  Don’t listen to anyone who tells you that you can’t do this or that.  That’s nonsense.  Make up your mind, you’ll never use crutches or a stick, then have a go at everything.  Go to school, join in all the games you can.  Go anywhere you want to.  But never, never let them persuade you that things are too difficult or impossible.
- Douglas Bader, November 1954

It was an article from Jesper Johansson* which finally got me using LastPass as a password manager.

I use LastPass* for most of my web logons.

This is why:

• each website has a complex, unique password.
• I only need to remember one long password.
• I can access the password list at work.
• it’s secure.

And LastPass does web form filling for free!  Useful if you enter lots of web contests, or just need to enter the same details often.

Free.

* – Jasper recommends password management, but do read the whole article.  It’s worth it.
* – I’ve written about LastPass, briefly, in Nine Password Managers….

Straying from the path is straying into unknown lands.

So true in many things, but in this particular case, Zeke Odins-Lucas was talking about how to call shlwapi, in his Free Associations MSDN blog.

One reader said, “Week of Motorcycling.  How long is that post series going to last …”

These were the one’s I didn’t use as none of the things in the picture have happened to me.

Welllll, except for Chrome (but not on a Harley) and ZOMFG (not on a race track though).

At my last employer, there was a focus on “Performance Management”.  I always felt, even as a team leader, that we paid lip service to the whole process.
eg.  we were going though the motions.

Performance Management has many goals.  The primarily one is to ensure that the team is working towards/contributing to the objectives of the business.  The credibility of such objectives would be shot by the employer producing the objectives 6 months into the business year.

It was also shot like a lame duck, when one of our Human Relations people, was giving us a update on the Performance Management programme.  A couple of chaps were discussing a point which was raised by the HR person.

SHUT UP, I’m giving a presentation

bellows the HR person.

I can’t remember the substance of the programme update, but all the attendees remember “Freida Nurk” as the HR person who told people to shut up.

… the formation in his mind of an inappropriate mental model of the situation he was encountering.

- Casual factors associated with signal SB2209 being passed at danger.

The British have such a wonderful turn of phrase …

If you’re a business customer, thinking about making the upgrade from Windows NT4/2000/XP, I’d be waiting for Windows 7.

By all means, plan and test with Windows Vista, and then take the lessons that you learn, to apply for your Windows 7 rollout.

Here are 2 and a bit reasons why:

Reason 1 – Offline Domain Join.
“Offline domain join is a new process that computers that run Windows 7 or Windows Server 2008 R2 can use to join a domain without contacting a domain controller.  This makes it possible to join a domain in locations where there is no connectivity to a corporate network”
- Offline Domain Join Step-by-Step Guide

… locations where there is no connectivity to a corporate network

Such as PC build centres, or virtual machines (Windows 2008 R2 based servers for example)

Microsoft also make the point:

“… If there are any problems with the (normal – online domain join process) domain join, such as network connectivity problems or problems associated with necessary servers that are offline, the problems have to be diagnosed and resolved at that time.”

In other words, your PC deployment process STOPS until you fix the problem.  With Offline Domain Join, it removes one less failure point.
Additional italics’ words are mine.

Reason 2 – Bitlocker To Go.
USB memory sticks are a data security nightmare.  You put data on them, then lose them, or leave them where people can read them.  So what’s the solution at the moment?

1. Deploy the same encryption/decryption software, such as Truecrypt, to all computers in your organisation.
   (what do you do if you have a Sales Exec who wants to share their presentation with a customer, at the customer site?
   how do you recover the data, if an employee gets hit by a tram?)
2. Use the “”security”” software which comes with the USB memory stick.
   (not standard across your organisation.  requires Administrative Rights to install)
3. Use a Secure USB memory stick.
   (expensive to buy.  cheaper than data loss, granted, but how many non-IT managers consider that?)

Windows 7 has Bitlocker To Go (BTG).  This Microsoft blog post has more details.
Long story short: Bitlocker encrypts the USB memory stick, places a BTG access program on the drive, and away you go.  You can read BTG files on any Windows Vista (or later) computer.

Reason 3 (the bit reason) – Group Policy Preferences.
Group Policy Preferences are just that, preferences.  And it’s a useful feature.  In a corporate environment, preferences are used every day.  Such as mapping drives as part of a logon script.

Now you can, and should, read the Microsoft whitepaper to see what they think are the benefits, but here are 2:

1. Mapping drives.
   Don’t need to program this in a scripting language anymore.  No more discussion around “Should we continue to use DOS Batch/Kixtart, or go to VBscript/Powershell”.
2. INI file updating.
   Based on the user’s location even.  I spent time in previous years writing and maintaining “Localisation” scripting.  Localisation is the process of changing how the computer behaves when you change location.  Simply put, if I travel from Melbourne to Perth for the day, I want to download my updates from the Perth office, not the Melbourne office.
   You can update registry keys as well.

Group Policy Preferences Overview

The difference between genius and stupidity is that genius has its limits.

Had a customer IT Security Team, let’s call them FREDNET, ask me for some advice on graphical desktop sharing and control system.
Think VNC, Dameware, PC Anywhere.

Here is what I wrote up for them:

The Remote Desktop Control product (RDCP) must adhere to the following policies:

• RDCP must not be able to connect to a PC which is not logged on.
• RDCP can only connect when the end user of the PC positively authorises the connection.
• End user is able to terminate the RDCP session.
• End user has the ability to “see” what the RDCP session is doing.
• RDCP connections must use logging for auditibility.
• The RDCP must be able to coexist with the <support organisation> Desktop Management  Toolset.
• Session data traffic between the RDCP server & client is encrypted.

The Desktop Support Team has not evaluated the following Remote Desktop Control products, but do provide the following comments on these products:

VNC

• VNC traffic is not encrypted.
• Is able to connect without end user providing authorisation.

Therefore not suitable for use in the FREDNET network

Dameware

• Is able to connect without end user providing authorisation.

Therefore not suitable for use in the FREDNET network.

Microsoft Remote Desktop with WIndows 2000/XP

• Can connect to a PC if the client is not logged on
• Does not prompt the client to allow connection, it just remotely connects and locks the client workstation while the remote desktop session is active.
• Therefore clients are unable to “see” what the Remote Desktop session is doing.

Therefore not suitable for use in the FREDNET network.