<div dir="ltr"><div><div><div><div>My apologies for this thread skipping back from the Move Your Money Out Of Banks thread back to this thread, but I can't find any trace of the other thread in my gmail inbox. Anyway, to continue the discussion between Drew and myself about Meriwest, I went there again this AM to try to iron out some remaining issues. First, I asked them about overdraft protection/no protection options and the fees involved. They told me that yes I could select the option where ALL overdrafts (er well they literally said ACH overdrafts) would be declined. But they also said that if a non PIN required transaction was declined due to insufficient funds, there would be no debit to my account for the attempted draft, but there would still be a $35 fee charged to my account. I selected the "decline ACH overdrafts too" option and crossed my fingers and hoped that no one would attempt multiple unauthorized ACH overdrafts to my account.<br>
<br></div>Later after I went home I called Direct Express to order a new card to protect myself from the Heartbleed bug possibly compromising my debit card numbers and I asked them about their policies on overdrafts. They said that most of the time an overdraft is not possible since they will decline all attempted overdrafts except in the rare case where a merchant had a credit charge go through after the maximum 5-10 day waiting period and you happened to have spent those funds already. In that case, there is no overdraft fee involved. They know you are good for the funds and they wait patiently for the next deposit from Social Security to come through and deduct what you owe them from that. Also, in the case of any attempted overdraft being declined, there still is no fee involved. Comerica is an exception to the bad track records of banks such as Chase and Wells Fargo. Plus, the Direct Express card itself is managed under contract with the Treasury Dept, which either through the contract terms or just plain old incentives, provides Comerica with the motivation to treat the Direct Express customers at least with a touch of respect. Chase has an F rating with the BBB and has a customer complaint roster and government actions list on the BBB web site that is a mile long. Comerica's BBB file is fairly clean, with only a few complaints and they have a much deserved B- to A+ rating from the BBB depending on which specific branch you look up. I could not find a single govt action against Comerica on the BBB web site. I have no regrets continuing to have a Direct Express debit card and will likely continue to get my SS deposits there even if I end up doing a cash advance every month for the full amount and depositing that into my new credit union account in Eugene. My original reason for doing that was not because I had any knowledge about Comerica's BBB ratings. It was simply to protect myself from a possibly jealous dealer (Chase) possibly closing my account if they found out I was trading bitcoin. Comerica doesn't have the authority to close my Direct Express account. Only the Social Security Admin can close the account without my authorization. So as long as I am trading bitcoin that will be what I end up doing..<br>
<br></div>I also went to the Meriwest branch today to try to finish creating a log in for e-statements without having to first sign up for online banking. The web site was down so we couldn't do anything. But the customer service person (different person from yesterday) still had the, hopefully mistaken, belief that you have to sign up for online banking before you can create a log in for the e-statements feature. I will try again tomorrow. Cheers!<br>
<br></div>Sincerely,<br><br></div>John Thielking<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Apr 13, 2014 at 2:46 PM, Spencer Graves <span dir="ltr"><<a href="mailto:spencer.graves@prodsyse.com" target="_blank">spencer.graves@prodsyse.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi, Cameron, et al.: <br>
<br>
<br>
Might anyone have a source to back up Cameron's discussion
about Heartbleed and identity theft operations of some criminal
organizations? <br>
<br>
<br>
I'd like to add a discussion of that to the Wikipedia
article on "Heartbleed", but I'm concerned that my comments on
that would be removed if I don't cite a credible source. <br>
<br>
<br>
Thanks, <br>
Spencer <br><div><div class="h5">
<br>
<br>
On 4/12/2014 6:27 PM, Cameron L. Spitzer wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div><br>
>"It is believed that Heartbleed originates from the same
organisation as stuxnet and duqu."<br>
<br>
That's just silly, of course. OpenSSL is developed in the open
using a collaboration tool called Git that was invented for
Linux kernel development.<br>
OpenSSL's Git instance is online where anyone can fetch any
version any time.<br>
To see the fix, just google "heartbleed git commits" and follow
the <a href="http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3#patch2" target="_blank">first
link</a>. That's the fix (bug code in red, fix code in green,
in two files) being introduced to the code line.<br>
<br>
The bug was introduced with the heartbeat feature. That commit
is <a href="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1" target="_blank">here</a>.<br>
Robin Segglemann is not mysterious. He's given interviews about
it by now. It's a dumb error (missing bounds check, shouldn't
trust the remote system) that was all too common in networking
software a decade ago but reviewers usually look for these days.<br>
A stealthy intelligence agency introducing a secret back door
would have made some effort to hide it or sneak it in. It would
be much more subtle.<br>
<br>
<br>
>"the United States National Security Agency was aware of the
flaw since shortly after its introduction"<br>
<br>
Of Course. OpenSSL is open source security software. NSA
reviews that more carefully and faster than anybody else does.
We'd all be amazed if they, of all reviewers, <i>didn't</i>
spot a missing bounds check. (More disappointed than amazed it
got past everybody else.) Discovering the bug and not promptly
informing OpenSSL's maintainers was evil.<br>
<br>
<br>
<br>
On 04/12/2014 12:58 PM, Spencer Graves wrote:<br>
</div>
<blockquote type="cite">
<div>Hi, Cameron: <br>
<br>
<br>
[...] Example: 17:12 today (5:12 PM, UTC), an anonymous
user added a comment that, "It is believed that Heartbleed
originates from the same organisation as stuxnet and duqu."
This comment included a reference to an article that mentioned
neither stuxnet nor duqu. It was undone 49 minutes later.
The article also includes comments that, "According to two
insider sources speaking to Bloomberg.com, the United States
National Security Agency was aware of the flaw since shortly
after its introduction, but chose to keep it secret, instead
of reporting it, in order to exploit it for their own
purposes." [...]</div>
</blockquote>
<br>
<br>
<br>
<fieldset></fieldset>
<br>
</div></div><div class=""><pre>_______________________________________________
sosfbay-discuss mailing list
<a href="mailto:sosfbay-discuss@cagreens.org" target="_blank">sosfbay-discuss@cagreens.org</a>
<a href="http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss" target="_blank">http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss</a></pre>
</div></blockquote><div class="">
<br>
<br>
<pre cols="72">--
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San José, CA 95126
ph: <a href="tel:408-655-4567" value="+14086554567" target="_blank">408-655-4567</a>
web: <a href="http://www.structuremonitoring.com" target="_blank">www.structuremonitoring.com</a>
</pre>
</div></div>
<br>_______________________________________________<br>
sosfbay-discuss mailing list<br>
<a href="mailto:sosfbay-discuss@cagreens.org">sosfbay-discuss@cagreens.org</a><br>
<a href="http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss" target="_blank">http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss</a><br></blockquote></div><br></div>