Rentpayment.com allows you to pay rent, for somebody else

Ever since I moved into this apartment complex I have received monthly emails from rentpayment.com (a service from YapStone) as a reminder to pay my rent with a handy “click here to pay” type of link included.  Whenever I would click that link I would be immediately logged into the website.  No prompt whatsoever for my username and password.  I thought immediately of a persistent cookie or something on my machine.  I deleted all cookies and would still be immediately logged in after clicking on that link.  I then wondered if it was somehow just using my IP address.  I clicked the same link on my mobile phone using my 3G service which I knew would be a different IP address than my home network and that I knew I had no previously stored login credentials of any kind on the device.  Same thing…immediately logged in.  I sent them an email last month to ask about the details of this link and how this identifier at the end of the URL is tied to my account and I never heard back from anybody.  The format of this URL is:

https://www.rentpayment.com/pay/quickPayment.html?ta=pay&p=<seemingly random string>

To top this off, this month I get this same email reminder but when I click the link I am logged into somebody else’s account:

I entered a random amount just to verify:

Two previously saved credit cards to choose from.  I chose one:

Luckily for Lei Zhang, I am an ethical guy and this is where I stopped.  But I was one click away from charging their credit card.

YapStone/Rentpayment.com, it’s time for an internal audit of your processes and procedures.

Posted in Internet, Privacy, Security | 1 Comment

65 Open Source Replacements for Security Software

This is a great list of 65 open source projects to replace various security applications that you are probably running right now.  I personally use most of them and it’s great to see such a thorough list like this posted all in one place. 

Source:
http://www.datamation.com/security/65-open-source-replacements-for-security-software-1.html

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Install the old version of Tweetdeck (0.38.2)

Image via CrunchBase

I have tried the newer versions of Tweetdeck (now owned by Twitter themselves) and I just do not like the look and feel of it.  I would much rather have the old look back but unfortunately there’s no “Revert to Classic Tweetdeck” option.  I also tried Seesmic Desktop 2 and could not find myself liking that one either.  I mean, come on, what good is a Twitter client without a “Reply” option?

I found the original version of Tweetdeck before Twitter ruined it (version 0.38.2) and am making it available to anyone else who may feel the same way as I do.

Download:
http://www.pcsympathy.com/TweetDeck_0_38.2.air

You will also need Adobe Air if you do not have it installed:
https://www.adobe.com/products/air.html

Enjoy.

Posted in Internet, Software | 2 Comments

HTTPS Everywhere is now available for Google Chrome

HTTPS Everywhere is a produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Source:
https://www.eff.org/https-everywhere

Posted in Internet, Privacy, Security, Software | No Comments

Find the phone number for any AT&T customer just by using their email address

This is pretty bad.  All you need to know is the person’s email address to find out their phone number.  Thank you, AT&T.  

https://www.att.com/olam/enterEmailForgotId.myworld 

Posted in Internet, Privacy | No Comments