Wednesday, January 29, 2014

Trip to the Butcher Shop 2014

Last night the nation once again visited Barack’s Butcher Shop, where the only thing available is baloney.

Lots of baloney. Tons of baloney – enough for everybody in the country to share some of it.

I am not going to discuss a lot of that here as there are other places that will tear apart his annual State of the Union address delivered last night. I am only going to highlight some important points that I feel are important here.

The first point was creating IRAs for all employees. This would work great if places paid employees enough to sock away money into an IRA in the first place. This is an empty promise that will go absolutely nowhere fast.

The idea of raising the federal contractor’s minimum wage to $10.10/hour is absolutely stupid on many fronts. First Obama expects Congress to pass a national minimum wage bill to equal this new standard that he wishes to deploy on the contractors. I highly doubt this will ever happen because to many businesses are back-pocketed in the Congress. I would like to note that after nearly 13 years of working at horrible Staples I managed to get slightly over $10/hour pay after all those years.

On another note, most women I worked for at both Woolworth and Staples were making MORE than I was for the same job and even being employed for a less amount of time. I call it reverse discrimination. However, Obama finally calls it a sense of equality especially given that women still make less than men. Of course, all the congresswomen stood up and applauded this statement. Unfortunately, Obama has no sense of the real world in some instances.

Then we have the praise of the lower unemployment rate. Fewer people apply for jobs because more people are leaving the workforce; therefore the unemployment rate goes down. However, the reason why people are leaving the workforce may also be the same reason I did: without unemployment compensation one cannot afford to go looking for a job because they can’t afford to.

This does NOT mean that I don’t try to get a job. I still make out applications online from home, but because evil Staples has lied about me and has destroyed all my chances, I have been unable to get any interview for a job whatsoever. Given that it is coming up on 5 years of being unemployed, the pain of not being employed gets even worse.

And then finally, there was the cheer given by Obama to the head of General Motors headed by a woman who has turned the company around at taxpayer expense of course. It was only a couple of months ago that the taxpayers were finally off the hook for this company. Seriously, is this the best example of how American business should be run?

Overall, I found enough baloney being tossed around for this 1 ½ hour comedy that I wondered why this is not picked up as a weekly sitcom. It is sad to say that this room of millionaires could care less about the rank and file people of this country, while they are driven in their limousines back and forth from the congressional chambers. If only those people knew how the other 99% lived than they would get out of their fantasy world. If you are like me, you should be angrier about this speech than encouraged.

It should be noted that nothing was mentioned about the NSA or the spying on people, which is something we should all be concerned about. Apparently he didn’t want everybody rolling around in the aisle laughing over this.

We certainly live in a very sad country right now and this no answers were given here.

On a completely different note, the craft store Michaels has now been added to the list of companies attacked with a data breach. Unfortunately, little is known of any details of what happened, but I expect this may be fairly big when all the details get out. I still expect about another half dozen retailers to announce breaches in the next couple of weeks or sooner if they are smart. I guess we will have to wait and see.

Wednesday, January 22, 2014

How to Break Staples

It was announced this last week that a teenager in Russia is the source of the malware that allegedly exposed the information of Target’s customers. It is rumored that several retailers have been hit by this teen’s software.

Of course the real question is how it got there in the first place.

Well, my dear friends, you came to the right place for that information or my thoughts given my time at that horrible company called Staples. I will say that my information was true for when I was employed with the company up to 2009, but I expect nothing has changed since or very little.

First thing to consider is that Staples runs old software on their registers and other equipment in the store. When I worked there, the registers ran Windows 2000, which was already an outdated operating system. It was actually quite easy to access any non-adult website with any of their registers with just a few mouse clicks. No passwords or funky logins needed. Just a few well-placed mouse clicks and you were at the Internet Explorer web browser.

Here we have many problems right off the bat. Obviously, anyone could access some malicious site and download software into any of the registers or computers without hardly any difficulty at all. To make matters worse, I tried once to go to Windows Update and the site said that the machine needed over 100(!) updates. However, when I tried to download these updates, I was stopped cold because I didn’t have the proper credentials. So I could download any malicious software onto the machines, but I can’t secure the machine with the latest Windows updates. Does anyone else see a problem with this? Any machine with an internet connection should always be updated to the latest Windows patches. There is absolutely NO excuse for this EVER!

While on the subject of software, if you were looking for antivirus or security software, forget about it. You won’t find any anywhere. In the same vein as the Windows updates, the antivirus or security software would also be needed to be updated quite frequently, therefore it would be too much for the company to maintain. Or at least that is the excuse that I will use for them.

So far I have punched to very large holes in any security that Staples would have in their system. Let’s punch another one.

The Staples stores had Wi-Fi access both inside the building and several feet outside the building as well. The bad thing about this access was that it was unsecured. What this means is that data could flow freely and that anybody could pick the bits of information out of the air if they could get into the right flow channel. As far as I knew, this was for all transactions that were handled by the registers, the main server in the main office, and any access to the staples.com website. What really is bothersome is that at times I saw some vehicles in our parking lot night after night for hours at a time with someone in the vehicle while on their mobile device. Did these people attack our system without us even know it? It is unknown because chances are that given the above mentioned lack of antivirus or security software would allow anybody to easily slip under the radar without ever being spotted.

Are you getting paranoid yet?

You should be.

Now I will punch the remaining wall off of Staples entire system

Are you ready?

Here it is.

Here is the story:

One night while I happened to be on the staples.com website, I managed to get into the file system of the server or even possibly the home office server. It didn’t require any special logins or any special passwords. All it took was about a dozen or so mouse clicks. When I got to the file system, I noticed some odd named files and decided just for the heck of it to delete a couple of them.

Let me say that at no point should system files be able to be deleted especially at a remote terminal at a remote location. This certainly adds to even more problems to the security of the entire system and can destroy the integrity of the entire system.

And it did.

Just minutes later, our entire credit card processing system stopped working. Not slow, just dead. Apparently the files deleted were part of the credit card system.

Let me point out that this was not meant to be in anyway malicious, but is proof of the flaws of Staples’ file system. At no point should this ever be allowed as anybody who could access these files could easily replace them with their own therefore redirecting or reading credit card information before it is sent to the credit card companies for processing. Of course, I never told anybody what I did as I probably would have been fired despite it being their problem not mine.

Whether or not this is how Target and Neiman Marcus was attacked is to be seen. However given how easy it was for me to hack Staples system with just a few mouse clicks, this is proof that something needs to change. I don’t know if in the nearly 5 years since I left if this has changed, but I highly doubt it.

So overall, how could all of this be avoided in the future? Here are my suggestions:

· Get antivirus or security software. It is just one solution to the big problem but it would have possibly recognized a file change in the system.

· Update Windows or better yet scrap it all together. As far as I concerned, no register system (POS) should ever use Windows, MacOS, or Linux. Software should be written at the core foundation as a POS system with no underlying operating system. Sure, it will cost money, but isn’t that better than having over 100 million people pissed off at your company.

· Finally, secure the Wi-Fi connection. Nothing is worse than somebody in the parking lot with their mobile device hacking into a store’s system. It is extremely easy for them to do their damage and then drive off into the night without ever being noticed.

Overall, companies should be more aggressive in protecting their systems. It should never be as easy as a few mouse clicks to bring down an entire store. It was a lesson that I secretly learned the hard way.

Do I regret it?

Looking back at it, not on your life, I don’t regret especially now that I no longer work for the company.

And on that note: Happy Hacking Everybody!

By the way, did you really think I was going to say what steps I took to get into the file system? Consider the answer to be never.

Wednesday, January 15, 2014

Hack, Hack, Cough, Cough

Another week, another week of retail hacking reported.

This week it was reported that Neiman Marcus was also the victim of a breach. While I have never visited this upscale retailer, it is obvious that the hacker wanted to attract the upper class people that shop with this company. There have been reports that these are related, but I honestly doubt that.

A couple of days ago, Reuters reported that at least 3 other unnamed retailers have also been hit as well. Who these companies are is a mystery, but I think these companies should man up and admit they too were victims.

Oh excuse me, WE ARE THE VICTIMS, NOT THE STORES!

There is absolutely NO excuse that any retailer should have that they should not come forward and admit when something has gone awry in regards to customer information. Nowadays, companies should do the responsible thing and admit their faults.

Let’s not forget that both grocery store chain Hannaford and TJX Companies have both been hit in recent years and neither of these companies have gone out of business or seem to have taken a significant hit in their sales in recent years.

If companies are afraid that they will lose sales as Target has during the latter Christmas holiday season, then they don’t belong in business. Period. Retail is no longer for the weak at heart as competition from online retailers have stolen a lot of brick and mortar’s thunder.

On an unrelated note, JCPenney announced that it was closing 33 stores and eliminating 2000 jobs. It seems odd for this move as they wish to lower their debt on underperforming stores especially this close after the first of the year. Could they be one of the three retailers cloaked in mystery? I would not be surprised if they were not one of them.

It seems to me that retailers have got to stop collecting data on their customers. They have no choice in this anymore especially given the additional 70 million people affected by a second Target breach not related to shoppers in November and December of last year.

Companies also have to update their privacy policies to say what data is collected and how it is used and stored. Yes, it is exhaustive and will make them angry, but nowadays we as customers have no choice anymore.

Certainly as I have mentioned previously, Staples stores customer information regarding credit cards to find email addresses even if the credit card name doesn’t match the in-between rewards card that was never used in the transaction. The bad thing is that they deny any wrongdoing in typical Staples manner.

So is Staples one of the mystery 3? I would not be the least bit surprised. Only time will tell.

Wednesday, January 8, 2014

The Bad Holiday Season

A lot has happened in the couple of weeks that I was off.

Apparently, the Christmas season wasn’t as good as many retailers had hoped for. What is worse is that nobody seemed to be spared.

The big story seemed to be the credit breach that happened at Target. How could they not have known about the problem for nearly 3 weeks, which has affected about 40 million customers? I have the feeling that this was an inside job and not something that some person in some foreign company did. Yet, our lovely government wants to waste taxpayer money to do an investigation on this issue. My thought is let the FBI and other agencies handle this and leave Congress out of this.

Once again this year, purchasers of iPads at Walmart were greeted with boxes that did not have the actual items in the box. This problem happened to them a couple of years ago as well. Didn’t they learn anything then to repeat the problem?

Also apparently Walmart had issues regarding their doorbusters not being in-stock in some stores. To make matters worse, the prices were wrong as well. Add to this the long lines and this store was a nightmare.

Online retailers such as Amazon fared no better as the shipping companies could not deliver their packages in a timely manner before the holidays. Those that paid for express or 2 day shipping found their packages taking as long as 2 weeks for delivery. Isn’t it time that the shipping companies had more than one distribution hub?

So besides theses major burps, what else did I notice at the stores?

There was a complete lack of customer service at all the retail stores I visited over the holidays. Everybody knows you can never get help at Walmart, but I expected that places like Target would do better at trying to satisfy the customer. Every time I had help at Target, the person was incompetent to find what I was looking for, but ironically the product wound up on the shelf a couple hours later. Do they employees even bother looking in the backroom for merchandise or do they just fake it. I know during my time at Staples more often than not, the employee just faked the search by just hanging out in the backroom for about 5 minutes and coming back to the customer saying they could not find the product. Hardly a way to do business but it happens way too frequently.

Many of the products were sold out before Thanksgiving and were not restocked during the holiday season. Empty shelves dominated as products disappeared especially in the toy section. I have not seen this type of emptiness since my days at Woolworth where the old joke after the holidays was “what toy department? We have a toy department?”

There was also no strong must have item this holiday season. No toy or electronic item really was in high demand and those people who bought one of the new gaming systems didn’t have money to buy much of anything else.

This year there also seemed to be a lack of new Christmas CDs. I counted only about 4 or 5 new discs this year which seemed to be the lowest in years.

It also seemed that Christmas ornaments were just mundane as well as nothing really stood out as a must-have item. It all seemed like more of the same that we have seen year after year.

Overall, it seemed that this holiday season was a complete bust. There was absolutely nothing to be jolly about this past season. It seemed that Santa’s naughty list will be much longer next year. Let’s hope that retailers do better next Christmas.

Update: a few ago I discussed the bad things that can happen with email receipts. Well, over the last couple of weeks, I received 2 email receipts that didn’t belong to me. One was from a self-storage company, which I thought I had taken care of months ago, and the other was from a Best Buy store in Louisiana. I didn’t even know that Best Buy was even doing this type of receipts. Unfortunately I couldn’t get in contact with them through email to tell them of their problem. It should be noted that both of these emails came through my Gmail account which has been a problem for a very long time. I guess this is the old case of ask and you shall receive even if it isn’t yours.