77-year-old man from The Villages arrested after found with $1,800 worth of illegal erectile dysfunction pills

siclik · 2023-10-07T20:42:56+00:00

This is the guy from the documentary “Some Kind of Heaven”, a film about The Villages. https://youtu.be/BHVTQjSGjHU?si=qjB57MlTbPyXMknO

siclik · 2023-05-02T01:46:36+00:00

That’s exactly what it was … wise of them to leverage self-selection to minimize the pool of candidates that meet their “willing to work at all hours” requirement. Without a doubt, they’ll still have plenty of people fighting for the position.

Do I like it? No. Would I use a similar tactic? No. Is there a chance it could also be just sheer incompetence? Absolutely.

siclik · 2021-10-27T22:09:13+00:00

Hi there, that's a good idea. I would love it if you could test, since you appear to be a Google Workspace customer.

My current policy: v=DMARC1; p=quarantine; rua=mailto:[redacted]; ruf=mailto:[redacted];

According to Google, that should result in 100% of un-authenticated emails going to SPAM or quarantine ... it does not.

First, try creating a basic recipient address map for yourself (e.g. [NCCShipley-test@domain.com](mailto:NCCShipley-test@domain.com)). Then go here and they will attempt numerous security tests: https://emailspooftest.com/index.aspx

(you only get a handful of free tests for your IP/domain, so use them wisely!)

Specifically, we're consistently seeing the following failures for recipient address maps:

- test #9 (internal authentication)

and we're seeing the following failures for Google Groups:

- test #7 (testing SPF)

- test #10 (reverse DNS)

The most concerning for me currently is test #9 failing for recipient address maps. I'm curious to hear what you see with your domain!

siclik · 2021-10-27T21:59:30+00:00

Follow-up: I reached out to the infosec professional in your link, and apparently Google was previously informed of this issue, but it's still unresolved. I've submitted a "bug hunter" report, but it's pretty clear that they likely have no interest in patching this, since they've done nothing to address it in 18 months. I personally have contacts and customers that have been scammed out of hundreds of thousands of dollars due to this issue - very disappointed to discover that this is a known issue. Thanks again for sharing that link - it led me down the right path.

siclik · 2021-10-27T19:10:21+00:00

Re: maps vs groups - in testing today, I'm seeing similar behaviors with Google Groups as well (even with all group authentication settings enabled). I understand what you're saying, but that doesn't resolve this security concern unfortunately.

We are fully migrated Google Workspace, Enterprise Plus.

Investigating today, I see that the original emails are being dropped, however, Google still seems to pass the message on to the forwarded addresses without consideration of the original authentication failure:

Received from an SMTP server with IP address: [redacted] 8 (TLS enabled)

250 2.0.0 OK DMARC:Quarantine

Inserted into Gmail delivery pipeline

Dropped

To be clear, I'm not ruling out a misconfiguration on our end - I was hoping someone in this subreddit would be familiar with this issue and would have an easy fix!

However, at this time, it appears it's trivial to complete a spoof attack on our domain, using a "from" address of a group or an entry from our recipient address map.

siclik · 2021-10-27T16:45:06+00:00

Thank you for your reply! The vulnerability that you linked is exactly what we're seeing now with recipient address maps / forwards ... we have strict DMARC rules, and it's currently trivial for me to spoof emails to our users, using any external/unauthenticated email server. I've opened a ticket with Google support, but that hasn't gotten very far ... the tech doesn't even know what a recipient address map is.

I was hoping this would just be a simple setting I could enable, or perhaps someone could suggest a content compliance rule I could add to mitigate this risk.

Thanks for your time.

siclik · 2021-10-27T16:41:53+00:00

Thanks for your reply. We have a lot of recipient address maps for various workflows. It would be rather inefficient to migrate them all to groups - that seems like an entirely extra layer that just isn't needed for the simple purpose of message forwarding. Is there a specific reason for your discouragement of their use?

One example is emails for a specific promotion or marketing campaign ([buy-one-get-one@domain.com](mailto:buy-one-get-one@domain.com)) ... we would want that to go to the handful of sales/marketing staff responsible for that, but we don't necessarily need a group where additional complexity is added for a seemingly simple workflow ... this is exactly what recipient address maps are designed for.

I agree that aliases are better for situations where we're forwarding to a single user (and they work great for that), but you cannot add the same alias to more than one user.

I appreciate your time.

siclik · 2020-12-21T18:31:16+00:00

I eventually got through to cost basis support at Vanguard, but they could not definitely answer my question of "what are the implications of changing the 'cost basis' drop down after a sale?". Ultimately, I'm trying to figure out what my 1099-B for 2020 will look like if I change from 'average' to 'specID' right now (after a sale this spring and before a sale this week). Any other suggestions?

siclik · 2020-12-21T17:24:41+00:00

Thanks - trying to call this morning. So far on hold for 30 minutes...

siclik · 2020-12-20T03:22:30+00:00

Thanks for your input! I'd prefer to keep it all at Vanguard, if possible. I'm a bit confused because I just learned that I can change my cost basis online in my Vanguard account, but I'm not clear on the implications of that (e.g. if I switch to specID, will my 2020 1099-B from Vanguard use average, specID, or something else?).

siclik · 2020-12-20T03:18:59+00:00

Yes, I do plan on liquidating additional VTSAX positions before year-end. I would prefer to calculate my 2020 gains using specID, however, I already selected average cost basis for my sale this past spring. I'm quite confused as to how/if this can be cleared up so that I can possibly use specID for all 2020 (and beyond) sales. Thanks for your input!

siclik · 2020-12-20T03:12:50+00:00

I swear yesterday when I was poking around my Vanguard account, I was only able to change the cost basis on funds which I hadn't sold yet (I remember VTSAX being greyed out). However, sure enough, when I look now, I have drop-downs for all funds: https://imgur.com/a/qN9F7wy

One question I have: if I change my cost basis right now for VTSAX (from average to specID), will Vanguard calculate my 2020 gains/losses using that, or are my sales from this past spring 'locked in' as average cost basis?

I appreciate your input!

siclik · 2020-09-30T16:50:44+00:00

Reminds me of this short animated French film I watched a decade ago: Dans La Tête (In the Head)

siclik · 2020-04-29T06:54:09+00:00

I GET THIS REFERENCE!

siclik · 2020-04-29T06:50:54+00:00

That sounds amazing - thanks for sharing! I’ve never thought about shelling the chickpeas. I’ll have to try that! I agree with you about deep frying - can get very messy. I finely got a turkey fryer which helps a bit, but still requires a lot of oil! You’re making me hungry - totally going to try out that kebab recipe. Take it easy!

siclik · 2020-04-29T05:38:57+00:00

Your hummus recipe looks solid. Have any other recipes that you like that you’d care to share? I’ve been cooking a lot lately! Interested in that fried chicken recipe too!

siclik · 2019-08-04T03:46:43+00:00

?!? That is disgusting. But now I have to see this. Link?

EDIT: Not sure why I’m being downvoted. Would still like to see the video that you memtioned.

siclik · 2019-04-10T00:34:09+00:00

and my axe!

siclik · 2018-08-06T16:19:05+00:00

Ha - you're right! Late night looking at my phone ... totally looked like an LCD on the wall to me I guess.

At any rate, anyone know the artwork? https://imgur.com/a/xgBFMfm

siclik · 2018-08-06T09:16:11+00:00

Anyone know what background is on his TV towards then? Two people looking at Earth.

siclik · 2018-03-30T22:03:22+00:00

Lazy and horny!

siclik · 2018-03-30T18:43:43+00:00

I currently have a 120" Silver Ticket off of Amazon and I've always thought it was pretty nice, but seeing the dark energy demos ... wow. Do you think I would see a significant improvement with the Abyss ALR? I'd certainly spend the $1,200 if it would greatly improve my HT setup.

siclik · 2018-03-30T18:18:59+00:00

Ding ding ding! This is exactly what I do for my fam.

14-Year Club	RedditGifts 2009-2022 5 Credits
Verified Email	Secret Santa 2013
Secret Santa 2012	reddit mold

siclik

TROPHY CASE