Paulahmartin

Archbishop Robert Carlson will celebrate a "Mass of Reparation" for the victims Sept. 7.

Slow-roasting is a technique that can be applied to almost any fish, but it’s especially good with salmon. Just turn down the oven heat and cook for slightly longer than usual.

The total time is still minimal, but the result is a true revelation: tender, silky wedges of salmon, easily cut with a spoon. Serve the salmon on top of lightly seasoned greens, and you have a meal that appeals to the eyes and to the palate.

Continue reading "Slow-Roasted Salmon with Sweet Chili Glaze and Scallions" »

Blame an old storm drain that caved in for causing the sinkhole.

Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.

San Francisco resident Kristina Markula told KrebsOnSecurity that it wasn’t until shortly after a vacation in Cancun, Mexico in early November 2016 that she first learned that Chase Bank even offered cardless ATM access. Markula said that while she was still in Mexico she tried to view her bank balance using a Chase app on her smartphone, but that the app blocked her from accessing her account.

Markula said she thought at the time that Chase had blocked her from using the app because the request came from an unusual location. After all, she didn’t have an international calling or data plan and was trying to access the account via Wi-Fi at her hotel in Mexico.

Upon returning to the United States, Markula called the number on the back of her card and was told she needed to visit the nearest Chase bank branch and present two forms of identification. At a Chase branch in San Francisco, she handed the teller a California driver’s license and her passport. The branch manager told her that someone had used her Chase online banking username and password to add a new mobile phone number to her account, and then move $2,900 from her savings to her checking account.

The manager told Markula that whoever made the change then requested that a new mobile device be added to the account, and changed the contact email address for the account. Very soon after, that same new mobile device was used to withdraw $2,900 in cash from her checking account at the Chase Bank ATM in Pembroke Pines, Fla.

A handful of U.S. banks, including Chase, have deployed ATMs that are capable of dispensing cash without requiring an ATM card. In the case of Chase ATMs, the customer approaches the cash machine with a smart phone that is already associated with a Chase account. Associating an account with the mobile app merely requires the customer to supply the app with their online banking username and password.

Users then tell the Chase app how much they want to withdraw, and the app creates a unique 7-digit code that needs to be entered at the Chase ATM (instead of numeric code, some banks offering cardless ATM withdrawals will have the app display a QR code that needs to be read by a scanner on the ATM). Assuming the code checks out, the machine dispenses the requested cash and the transaction is complete. At no time is the Chase customer asked to enter his or her 4-digit ATM card PIN.

Most financial institutions will limit traditional ATM customers to withdrawing $300-$600 per transaction, but some banks have set cardless transaction limits at much higher amounts under certain circumstances. For example, at the time Markula’s fraud occurred, the limit was set at $3,000 for withdrawals during normal bank business hours and made at Chase ATMs located at Chase branches.

Markula said the bank employees helped her close the account and file a claim to dispute the withdrawal. She said the teller and the bank manager reviewed her passport and confirmed that the disputed transaction took place during the time between which her passport was stamped by U.S. and Mexican immigration authorities. However, Markula said Chase repeatedly denied her claims.

“We wanted to thank you for providing your information while we thoroughly researched your dispute,” Chase’s customer claims department wrote in the third rejection letter sent to Markula, dated January 5, 2017. “We confirmed that the disputed charges were correct and we will not be making an adjustment to your account.”

Markula said she was dumbfounded by the rejection letter because the last time she spoke with a fraud claims manager at Chase, the manager told her that the transaction had all of the hallmarks of an account takeover.

“I’m pretty frustrated at the process so far,” said Markula, who shared with this author a detailed timeline of events before and after the disputed transaction. “Not captured in this timeline are the countless phone calls to the fraud department which is routed overseas. The time it takes to reach someone and poor communication seems designed to make one want to give up.”

KrebsOnSecurity contacted Chase today about Markula’s case. Chase spokesman Mike Fusco said Markula’s rejection letter was incorrect, and that further investigation revealed she had been victimized by a group of a half-dozen fraudsters who were caught using the above-described technique to empty out Chase bank accounts.

Fusco forwarded this author a link to a Fox28 story about six men from Miami, Fla. who were arrested late last year in Columbus, Ohio in connection with what authorities there called a “multi-state crime spree” targeting Chase accounts.

“We escalated it and reviewed her issue and determined she did have fraud on her account,” Fusco said.  “We’re reimbursing her and we’re really sorry. This small pilot we ran allowed a limited number of customers to access cash at Chase ATMs without a card. During the pilot we detected some fraudulent activity where a group of people were able to go online and change the customer’s information and get the one-time access code, and we immediately notified the authorities.”

Chase declined to say how many like Markula were victimized by this gang. Unfortunately, somehow Chase neglected to notify victims, as Markula’s case shows.

“It makes you wonder how many other people didn’t dispute the charges,” she said. “Thankfully, I don’t give up easily.”

Fusco said Chase had made changes to better detect these types of fraudulent transactions going forward, and that it had lowered the withdrawal limit for these types of transactions — although for security reasons Fusco declined to say what the new limit was.

Fusco also said the bank’s system should have sent out an email alert to the original email on file in the event that the email on the account is changed, but Markula said she’s confident no such email ever landed in her inbox.

Avivah Litan, a fraud analyst at Gartner Inc., says many banks see mobile authentication as the way of the future for online banking and ATM transactions. She said most banks would love to be able to move away from physical bank cards, which often need to be replaced several times a year in response to data breaches at various retailers.

“A lot of banks see cardless transactions as a great way to reduce fraud and speed up transactions, but not many are offering it yet as a feature to customers,” Litan said.

Litan said Markula’s case echoes the spike in fraud that some banks saw after Apple debuted its Apple Pay platform. Many banks chose to adopt Apple Pay without also beefing up security around how they validate new customers and new mobile devices. As a result, this allowed fraudsters to take stolen credit card numbers and expiration dates — data that previously was only good for fraudulent online transactions — tie those cards to iPhones, and use the phones to commit card fraud at brick-and-mortar stores that accepted Apple Pay.

“Identity proofing remains the weakest point in mobile banking,” Litan said. “Asking for the customer’s username and password to on-board a new mobile device isn’t enough.”

Litan said Chase should require customers who wish to conduct cardless ATM transactions to enter their PIN in addition to the one-time code. But she said even that was not enough.

Litan said Chase should have flagged the transaction as highly suspicious from the get-go, given that the fraudsters accessed her account from a new location, changed her contact email address, added a new device and withdrew just under the daily maximum — all in a very short span of time.

“ATM transactions should have much stronger fraud controls because consumers don’t have as strong protections as they do with other transactions,” Litan said. “If a customer’s card is used fraudulently at a retailer, for example, the consumer is protected by Visa and MasterCard’s zero liability rule, and they can generally expect to get their money back. But when you withdraw cash from an ATM, you’re not protected by those rules. It’s down to Regulation E and your bank’s policies.”

Under the Federal Regulation E, if a retail banking customer reports fraud, the bank must investigate the first statement of the activity plus 60 days from the date the statement was mailed by the financial institution. Unless the institution can prove the transaction wasn’t fraud, it must reimburse the consumer. However, any activity that takes place outside of the aforementioned timeframe carries unlimited liability to the consumer, as the financial institution may have been able to prevent the loss had it been reported in a timely manner.

Fusco added that consumers should beware of phishing scams, and consider asking their financial institution to secure their accounts with a special passphrase or code that needs to be supplied when authenticating with the bank over the telephone (a precaution I have long advised).

Also, if your bank offers two-step or two-factor authentication — such as the requirement to send a text-message with a one-time code to your mobile device if someone attempts to log in from an unknown device or location — please take advantage of that feature. Twofactorauth.org has a list of banks that offer this additional security feature.

Also, as the Regulation E paragraph I hope makes clear, do not count on your bank to block fraudulent transfers, and remember that ultimately you are responsible for spotting and reporting fraudulent transactions.

Litan said she won’t be surprised if this incident gives more banks pause about moving to cardless ATM transactions.

“This is the first case I’m aware of in the United States where this type of fraud has been an issue,” she said. “I’m guessing this will slow the banks down a bit in adopting the technology because they’ll see now how easy it is for criminals to take advantage of it.”

Update, Jan. 6, 9:44 a.m. ET: Looks like Chase could have learned from the experience of NatWest, a big bank in the U.K. that experienced much the same fraud five years ago after enabling a cardless “get cash” feature.

Potholes are popping up, causing swerves and kerchunks (when unlucky). Report potholes on S. Big Bend Boulevard in Maplewood and Richmond Heights, and on S. Brentwood to St. Louis County at 314-615-8538. Manchester Road west of Big Bend is the MoDOT’s responsibility — go here to report a pothole to be repaired. East of Big […]

How modern slot machines develop a nearly unbreakable hold on the brain, leading around one in five pathological gamblers to attempt suicide.

[Full Story]

Read 3 remaining paragraphs | Comments

Looking for a special holiday side? Here’s a festive dish that alternates the flavors and colors of vibrant sweet potatoes with buttery yukon gold potatoes, all sitting on a bed of caramelized onions.

I actually started out to make a gratin, more in the spirit of our gruyere potatoes, perhaps with a breadcrumb topping. But as I experimented with the recipe, the wonderful flavors of the sweet potatoes and potatoes seemed to get lost in the rich toppings.

Continue reading "Sweet Potato and Yukon Gold Bake" »

In anticipation of Christmas this year, a San Diego retailer has put out Modern Nativity, a limited edition of the classic nativity scene, updated for the year 2016.

A lot has changed in the last 2,000 years. For starters, I don’t even think they had iPhones back then, which explains why Joseph didn’t add the birth of Jesus to his Snapchat story. If you love Amazon Prime, and have no idea what frankincense and myrrh (sp?) are, this is the Nativity set for you.

via

Found in Croatia.  Photo credit Vedran Glavan/Barcroft, via The Telegraph.

Read 6 remaining paragraphs | Comments

Race was undeniably a factor in this US election.

Visual artist Trungles's little brother dressed up as a stock photo for Halloween.


@Trungles

Read 6 remaining paragraphs | Comments

Video game artist and animator Mauri Helme has created a pixelated version of the intro for Mike Judge and Greg Daniels' King of the Hill.


Mauri Helme

You’re reading Back of the Envelope, an experiment that aims to bring shorter, quicker content to FiveThirtyEight.

Donald Trump on Saturday threatened to sue the women who have accused him of sexual assault once the election is over. Threatening to sue is a well-worn tactic for Trump. (So is being sued: USA Today reported that Trump has been sued 17 times over the course of this campaign and he’s been the target of 4,095 suits in his lifetime, as of this writing.) By combining a few partial lists with a couple hours’ worth of googling, I managed to collect what I believe to be all the times Trump has threatened a lawsuit since announcing his candidacy on June 16, 2015. (I’m including any time Trump even informally raised the possibility of suing someone, like this or this.) Of the 20 instances that I could find in which Trump threatened to sue, he followed through twice. (Let me know if I missed one.)

1. On June 30, 2015*, Trump threatened to sue Univision over the Miss USA pageant. He sued.
2. On July 2, 2015, Trump threatened to sue the National Hispanic Media Coalition after it called one his speeches a “bigoted, racist, anti-Latino rant.”
3. On Sept. 21, 2015, Trump threatened to sue the Club for Growth, a D.C.-based nonprofit, over negative ads.
4. On Sept. 22, 2015, Trump threatened to sue StopTrump.us over selling anti-Trump shirts.
5. On Oct. 14, 2015, Trump threatened to sue Culinary Workers Union and Bartenders Union for saying Trump spent the night at the unionized Treasure Island casino-resort instead of his own hotel. He sued.
6. On Nov. 19, 2015, Trump threatened to sue John Kasich over negative ads.
7. On Nov. 20, 2015*, Trump threatened to sue New Day For America (a super PAC) over negative ads.
8. On Dec. 7, 2015*, Trump threatened to sue Mike Fernandez, a Jeb Bush donor, over negative ads.
9. On Jan. 18, 2016*, Trump threatened to sue The Washington Post for writing an article about how one of his casinos filed for bankruptcy.
10. On Feb. 3, 2016, Trump threatened to sue Ted Cruz over voter fraud in the Iowa caucuses.
11. On Feb. 12, 2016, Trump threatened to sue Ted Cruz for “not being a natural born citizen.”
12. On Feb. 17, 2016*, Trump threatened to sue Ted Cruz for attack ads.
13. On March 27, 2016, Trump threatened to sue the Republican Party over a dispute about Louisiana delegates.
14. On April 12, 2016, Trump threatened to sue the Associated Press for publishing an article about the handling of a Trump-branded condo development in Panama.
15. On April 27, 2016, Trump threatened to sue David Cay Johnston if he didn’t like what Johnston reported.
16. On May 18, 2016, Trump threatened to sue the Washington Post for libel.
17. On July 18, 2016, Trump threatened to sue Tony Schwartz, co-author of “The Art of the Deal,” for negative statements Schwartz made to The New Yorker.
18. On Oct. 4, 2016*, Trump threatened to sue The New York Times for publishing an article on Trump’s tax returns.
19. On Oct. 12, 2016, Trump threatened to sue The New York Times for publishing an article about two women who accused Trump of sexual assault.
20. On Oct. 22, 2016, Trump threatened to sue nearly a dozen women for accusing him of sexual assault.

*Date article was published.

CORRECTION (Oct. 24, 6:25 p.m.): A previous version of this article incorrectly counted two instances of Trump threatening a lawsuit. Trump threatened to sue Rolling Stone and The Huffington Post before he officially launched his campaign, not after.

[thanks to ERIK KOLLOEN]

From a complaint filed in Texas in December by Mark Oberholtzer, the owner of Mark-1 Plumbing, against Charlie Thomas Ford, a car dealer.

In October 2013, Plaintiff traded in a 2005 Ford F-250 pickup truck. Plaintiff began peeling off the Mark-1 Plumbing decal located on the truck’s doors when Defendant’s salesman told Plaintiff that peeling off the decal would blemish the vehicle paint. The vehicle was sold at a Texas auto auction and exported to Mersin, Turkey. In December 2014, a member of a jihadist group operating near Aleppo tweeted a propaganda photograph of Plaintiff’s Ford F-250 with an antiaircraft gun mounted on it fighting on the front lines in Syria. Plaintiff’s logo and phone number were still on the vehicle door. Forty-eight hours later, Mark-1’s phones had received more than 1,000 calls. These calls included individuals who were: (a) irate and yelling expletives; (b) degrading to whomever answered the phone regarding their stupidity; (c) singing in Arabic for the duration of the call or voice-message recording; (d) making threats of injury or death against Mark-1’s employees, family, children, and grandchildren in violent, lurid, and grossly specific terms; and (e) directing expletive-laced death threats to whoever answered the phone. Nearly one year has passed since the news story broke. When the Islamic State commits an atrocity that is reported nationally, which occurs with distressing frequency, Plaintiff receives phone calls all over again.

Reproduced in its entirety from the June issue of Harper's Magazine.

COLUMBIA, Missouri—Jason Kander served in Afghanistan. He mentions this. Often. Not just when he’s talking about foreign or military policy. Even when he’s talking about, say, legislative and campaign ethics reform, which he also talks about a lot. He was talking about both things last week in a press conference on the University of Missouri campus.

On September 30, the Chicago Tribune awarded its presidential endorsement to the Libertarian candidate Gary Johnson, a political cypher who is polling around 8 percent in national polls, which would translate to about 10 million votes in November. Johnson’s support is particularly high among young people. According to a recent George Washington University Battleground poll, Johnson draws 18 percent of Millennials, nearly as much as Donald Trump (26 percent) and more than a third of Hillary Clinton’s support (46 percent).

Johnson’s chief advantage in this election is the possession of a surname that isn’t Trump or Clinton. The two major parties are now led by the two most unpopular major-party candidates in modern history. The cases against Clinton and Trump are well known, but the case for Johnson requires, well, a case for Johnson. And on this score, the third-party candidate has done little to distinguish himself—and quite enough to establish that, at least in this contest, America’s third-party lockout doesn’t deserve its historic breakthrough in five weeks.

Take Johnson’s bungling of foreign affairs. His level of expertise would be appropriate for an amiable CEO of a medical-marijuana company, but it's several standard deviations below the minimum viable threshold to be commander-in-chief of the world’s most significant military power. Johnson’s infamous “What is a leppo?” gaffe on MSNBC was compounded when he failed to name a single world leader in a televised town hall several weeks later on the same network. But more than an Aleppo moment, or an Aleppo month, Johnson suffers from an Aleppo mindset, a proud lack of curiosity about foreign affairs lurking behind an attractively simplistic rejection of military interventions.

Domestic policy is Johnson’s calling card, and the candidate is well known for his laissez-faire attitude toward regulating guns and pot. The Chicago Tribune singled out for praise Johnson’s sensible approach to the deficit and economic growth. "We wish the two main parties had not run away from today’s centrists,” the editorial’s authors wrote.

But far from “centrist,” the Libertarian candidate’s economic ideas are so radical they make Trump seem downright moderate. He would abolish federal income taxes, replace the current tax code with a more regressive national consumption tax, cut Medicare and Medicaid by 40 percent, push for a constitutional amendment to forbid the U.S. to run deficits even during downturns, ban federal bailouts of states, and seek to eliminate the Federal Reserve.

This is worse than fiscal irresponsibility. These ideas aren't politically or even morally responsible. Taken together, they could trigger a recession by taking hundreds of billions of dollars out of the economy, handcuff the federal government’s ability to stabilize the private sector, and throw millions of adults off health insurance, creating a needless economic crisis while whistling under the banner of economic freedom and choice. “Johnson is proposing an immediate fiscal tightening of 3 percent of gross domestic product,” the Washington Post’s Matthew O’Brien wrote. Without the Federal Reserve to buttress the downturn, O’Brien projected that the ensuing recession could push unemployment back above 7 percent.

Johnson would say that his policies are necessarily bold to confront the dangers of U.S. debt. But his presidency might author a kind of Greek tragedy in America—the sort where the heroes, acting to prevent a certain calamity, ironically bring about that very catastrophe. To keep the U.S. from becoming a bloated welfare state “just like Europe,” Johnson would pinch the economy in austerity's straitjacket, drive up unemployment, and purposefully withhold any economic stimulus, which would make the U.S., well, just like Europe.

The U.S. is not looking at an imminent debt crisis. Still, the rising cost of health care combined with the aging of the population will require that the U.S. government spend more on Medicare and Social Security than current tax levels can support. Just as there are many diet plans that don’t involve absolute starvation, there are many deficit-reduction strategies that don’t require the U.S. to cut taxes on the rich, raise taxes on the poor, and take away the federal government’s two best weapons during recessions—monetary easing and deficits. A sensible debt-reduction plan might look quite a lot like the opposite: Taxes on the rich might go up a little bit, federal benefits might have to be reduced or means-tested, and technological advancements and insurance-policy changes could slow the growth of health costs.

From a certain perspective, Johnson’s appeal to young people isn't a surprise. His most well known policy stance—leave people alone, and let them smoke pot—certainly has a constituency. His high numbers among Millennials suggest that he has attracted some positive looks from erstwhile supporters of Bernie Sanders. Like Sanders, whose bed head became an iconic symbol of his authenticity, Johnson similarly comports himself with the demeanor of somebody who has been recently jostled out of an afternoon nap and couldn’t lie to you if he tried.

But on policy, the two could not be more opposite. Sanders, a democratic socialist, proposed to raise taxes by historic sums and spend hundreds of billions of dollars to nationalize health insurance and make college free. Johnson’s plans are the complete reverse: He has proposed to eliminate the federal income tax code, unwind 100 years of anti-poverty and health-insurance programs, and shutter the Department of Education.  His plan would almost certainly raise the cost of college for many middle-class teenagers and 20somethings who rely on federal loans and grants, and his repeal of Obamacare would immediately boot tens of thousands of them off their parents’ health plans.

Beyond his jovial demeanor and admirably passionate anti-interventionist position, Johnson puts a likable face on a deeply troubling economic policy. Scrapping the Federal Reserve while cutting federal spending by 40 percent, while eliminating federal income taxes and trying to institute a new consumption tax would have a predictable effect: It would take hundreds of billions of dollars out of the economy, likely triggering a recession, while shifting the burden of paying for what’s left of the federal government to the poor just as unemployment started to rise, all the while shutting off any possible monetary stimulus that could provide relief to the ailing economy.

Given the electorate’s deep frustration with both the political establishment and the candidates chosen by the two major parties, 2016 is theoretically the perfect year for a third-party candidate to break through. But Gary Johnson’s economic ideas are neither theoretical nor perfect. They are real and simply disqualifying.

With the poster’s permission: a photo from Facebook of an unknown man passed out, face down in a Brentwood resident’s van. At the time she didn’t know who the man was. She said her husband believes it’s better to leave a car unlocked with nothing in it rather than locking it and risk getting broken […]

We finally have an answer as to whether Vladimir Sobotka will return to the NHL and St. Louis Blues this season.

He’s not.

According to Omsk of the KHL, the 29-year-old Sobotka will stay in Russia to fulfill the final year of his contract.

“The situation is developing exactly as we expected. Sobotka has Omsk [have a] valid contract for next year and representatives of the KHL to the NHL signed a memorandum of respect for treaties,” said club president Vladimir Šhalaev in a statement on Omsk’s website.

The Blues, according to Jeremy Rutherford of the St. Louis Post-Dispatch, are “still waiting to hear” from Sobotka’s camp.

[Sign up to play Yahoo Fantasy Hockey for free | Mock Draft | Latest news]

Sobotka’s agent had been saying for months that his client, despite signing a three-year deal with Omsk in 2014, would be coming back to the Blues to fulfill the one-year of service owed following an arbitration ruling.

Despite the reassurances, St. Louis GM Doug Armstrong was still skeptical as of last month.

“It’s one of those ones where I understand everyone’s nervousness because he’s not here,” he said. “But he’s not going to be here until after the World Cup, so I think the questions are going to persist until he gets off the plane at Lambert (Airport) and comes into the Mills or to Scottrade. When he does that, this will finally be behind us.”

Looks like Armstrong won’t have to make a trip to the airport anytime soon.

– – – – – – –

Sean Leahy is the associate editor for Puck Daddy on Yahoo Sports. Have a tip? Email him at puckdaddyblog@yahoo.com or follow him on Twitter! Follow @Sean_Leahy

An oral history of Air Force One on September 11th.

[Full Story]