Here’s the magic combo:

First, PayPal created some security restrictions that ‘automatically’ triggered on my account. While they won’t say, I’m guessing its because I accepted 20-30 payments before I attempted to make a full-withdrawal. Regardless, this sparked their security system and it asked that I certify my account (this is different than verify). To do this, I have to ADD MY PERSONAL CREDIT CARD to the account ?@?#$@#$# I also have to verify my SS#. The first step takes 1 week for the transaction to show on my personal CC#… The second step fails because they say that I’ve used my SS# at some point in the past.

If anyone is like me, I’ve been using the Internet and PayPal since 2000. As a tribute to PayPal, I actually have two accounts. One is for CentreSource, the other was for my campaign. But because of that, I’m now kicked to the next level- RESOLUTION CENTER! This place in the PayPal Nightmare is a series of steps I have to accomplish before they will give me my money. Note: We’re at over 2 weeks now to get through all of this.

As I attempt to solve the mysteries of the RESOLUTION CENTER, I learn from my off-shore customer service rep that they’ll have to cancel my CentreSource account so they can transfer my SS# to the Campaign account. I say “you’re joking… In all your years, you’ve never had someone that wants to separate PayPal accounts for legitimate business reasons?”. He lets me know that many people have had this problem, but offers no logical reason why. Uber-secret security measures I’m guessing.

So, on to trying to work via their system.

The RESOLUTION CENTER (bad interface, obscure directions) asks for various pieces of info including: Copy of my SS Card, copy of a utility bill, a SUPER SECURE Fax Cover Sheet (courtesy of PayPal), and my explanation. I fax this info and get a confirmation.

A little over 12 hours later, I get another email saying “They’re very sorry…” but they need more info. To my shock and amazement, they are asking for the EXACT SAME INFO I JUST FAXED. It seems my off-shore buddy didn’t put in a good word for me and now they’re just being mean. I reply to the email, letting them know my frustration, and am quickly greeted by an AUTOMATED RESPONSE reminding me that they don’t read any replies - only communications filed through the ULTRA-SECURE RESOLUTION CENTER (scary music queue).

When I go back to the RESOLUTION CENTER, I go to their messaging section and surprise, surprise… their ultra-death-dealing security measures also provide a messaging system that DOES NOT KEEP TRACK of any communications back and forth. How are my off-shore buddies supposed to keep up with my case?

Alas, I still don’t have my money (3 weeks later) and PayPal’s RESOLUTION CENTER AKA: MONEY HOSTAGE NEGOTIATOR still won’t give me my funds. They are still asking for the same info I’ve faxed. Their response to my last DOUBLE-DECODER-RING-SECRET-MESSAGE was that they couldn’t help me until I followed the steps in their GOD FORSAKEN @#$@#$@ RESOLUTION CENTER.

I hope SEO picks this up: PayPal Sucks, PayPal is Bad, PayPal delivers bad Customer Service, PayPal deserves a KGB Assassination (if anyone finds this article through the keywords PayPal KGB Assassination, I’ll fall out of my chair).

As the spam-war has escalated, DNSBLs have become a double-edged sword. They have probably saved SMTP from being utterly inundated with spam to the point that it’s useless. However, blacklists have also been forced to get increasingly aggressive. It’s not uncommon for an organization to find itself blacklisted, even if it didn’t overtly send spam (that it knows of). If your organization becomes the unlucky member of a DNSBL, you’ll find that most (if not all) of your email is rejected by the outside world because you’re now considered a spammer. The worst part is that you may have no idea why you were blacklisted and no idea how to get de-listed!

DNSBLs play a central role in most email protection software. There are many popular blacklists and each has its own personality and aggressiveness factor. One well-known, aggressive DNSBL is SpamCop. This service is considered very aggressive since they make it so easy to report someone as a spammer. While it’s easy to get on the list, SpamCop also makes it easy to get off the list on their website. Other blacklists require substantial proof to add you to their list – but they also require substantial proof to remove you.

Here’s the problem: If everyone is using spam protection with DNSBLs and your organization is reported as a spammer… everyone blocks your email. DNSBLs have become so powerful that they can literally stop all email communications from your organization.

Take heart! There are things you can do to protect yourself from finding yourself on a blacklist. Here are some basic rules that should minimize your chances:

• Do not spam – While this seems obvious, it is the most important advice. Don’t add people to your mailing list just because you picked up their business card… this is spamming. Don’t email blast everyone in your address book with something they don’t necessarily want… this is also spamming.
• Educate your employees – While an organizational policy not to spam is a given, it is equally important that you convey this to your employees. They must understand what spam is and how to interact on the Internet properly. It only takes one person on a mailserver or a domain to get your entire organization blacklisted.
• Use Virus and Spyware protection – Today’s worst viruses no longer destroy your computer. Instead, they operate in the background and send spam on behalf of their creator. This can make your network or server into a participant in a spam/virus botnet. This is probably the number one reason that otherwise innocent parties wind up on a DNSBL. If you wind up on a blacklist, make this the first thing you check.
• Check your mail server – One of the fastest ways to get on an RBL is to have a misconfigured mail server. If your server is not properly configured to only allow your users to send mail, it could be used by a spammer (Such servers are called an open relay, and will be blacklisted instantly).
• Check miscellaneous webservers and/or proxies. Believe it or not, even a misconfigured webserver or web proxy — something unrelated to e-mail itself — can be used to send spam! You can find a list of services that will check your server for open proxies here.
• Use a 3rd party email marketing service – If you’re going to send e-mail to a large amount of recipients at a time, you should outsource your email marketing. Not all e-mail marketing firms are created equally (some are a thin veil for spammers or actually are spammers) — but the good ones take great pains to follow the rules and ensure that the recipients have all opted-in and are voluntary recipients of your mail. They will bear the onus of ensuring your mail gets to its recipients. In addition, because the service is hosted separately, your actual business-operations e-mail will be isolated and protected from being blacklisted as a result of the bulk e-mail.
• Have an expert on call – If you get on a blacklist, talk to your IT professional. Most will know the necessary steps for getting off the list. You can also check OpenRBL to see which blacklist(s) your IP may be on, along with links to information about the listing. Once you identify them, you’ll need to go through their steps to get off.

In summary, finding yourself on a RBL can be devastating for your organization. By following the steps outlined above, you greatly decrease your chances of inadvertently getting blacklisted.

They are rather amusing questions. My favorite one is “How do you intend to use this product?” The first time I was asked this, I was so taken aback that I just busted out laughing. “What do you mean how do I intend to use it? It’s a laptop.” These days my standard answer is “Computing.” — unless, of course, it’s a printer I’m ordering, in which case I answer “Printing.” I sometimes wonder what would happen if I answered “Violent overthrow of the government.” I think it might involve a long vacation in gitmo.

This is the ultimate example of an attempt to maintain the illusion of security via worthless posturing — I’m sure it makes Bruce Schneier proud. What good does this mandate actually do besides annoy other people and amuse me?

The virus is programmed to start deleting eleven different types of files on the third of each month, starting with Friday, February 3. The files will be deleted from a computer’s local hard drive as well as network-attached storage, a strategy that worried security experts enough to warn about the virus.

[snip]

“We have two people who have contacted us and we have double-checked files from their systems,” F-Secure’s Hyppönen said. “One (victim’s machine) had write access to most to his company’s network and the virus had deleted most of the company’s data.”

It is a good idea to read the whole article. They have also provided a BlackMal removal tool for those that are infected. If this virus starts deleting files there will be no getting them back.

* Add support for tunneling arbitrary network packets over a
connection between an OpenSSH client and server via tun(4) virtual
network interfaces. This allows the use of OpenSSH (4.3+) to create
a true VPN between the client and server providing real network
connectivity at layer 2 or 3. This feature is experimental and is
currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
FreeBSD.

It is worth a read if you are concerned about your privacy online but don’t feel a need to wear a tin foil hat just yet.