• Forum Think Finance - Bolsa e Forex »
• Perfil de Messiah »
• Mostrar Mensagens »
• Tópicos

Estou com um problema que se possível alguém souber me ajudar.

Eu andava a ver uns imóveis e a semana passada fiz a oferta por um, abaixo do preço que era pedido.

No dia seguinte, a imobiliária telefonou-me a marcar reunião para encontramos e assinar a reserva e entrega do cheque.

Obviamente fiquei a pensar que a proposta tinha sido mais que aceite.

Liga-me ela ontem a dizer que tinha havido outra proposta por parte de uma agência concorrente, e que só se eu cobrisse a outra é que seria aceite.

Ora, achei isto muito estranho, porque quando existe pedido de cheque existe logo a reserva.

Adicionalmente, desconfiei que ela ou o proprietário estavam a fazer bluff para ver se eu subia a parada.

Ora eu conheço a pessoa que está na agência concorrente, e perguntei se havia propostas em cima da mesa ao que ela me disse que não, não havia nada logo confirmei a minah suposição (não existe motivo desta parte mentir).

Reiterei que a minha proposta se mantinha nos valores propostos e que não ia entrar em joguinhos de leilão.

Ora a minha pergunta é, se existe algum regulamento relativo à aceitação do cheque como proposta aceite ou se podem andar aqui a perder tempo para ver se pescam mais alguma coisa e ver se arranjam mais interessados.

As únicas coisas que consegui verificar foi o decreto lei nº 211/2004 de 20 Agosto com redacção dada pelo dec lei 69/2011 apenas a dizer que serve como fiel depositária.

Acham que vale apena entrar em contacto com o InCI ou assim?

É impressionante isto chegar às massas e permitir às pessoas comuns, lerem 2, 3 ou 4x's mais rápido que um leitor normal.

Nao sei se teem conhecimento das técnicas de leitura rápida, mas permite leituras super rápidas. Eu próprio fiz um curso na altura a usar um software e passei dos 250 wpm para quase 900 wpm passado uns meses.

Entretanto, a empresa Spritz que é o criador da técnica, vai lançar um programa que permite a leitura e aplicar isso em aplicativos móveis como telefones e tablets.

É muito mais fácil e nem precisa de treino.

Eu já andava sem prática há algum tempo e mesmo assim pus a aplicação a detonar 700 wpm e li tudo na boa um artigo na internet em talvez 3 vezes mais rapido que o normal.

Ao criarem a aplicação esta mantém-se sempre no mesmo sítio e detona palavras atrás de palavras centradas no ponto de foco de cada palavra e uma pessoa normal instantaneamente consegue ler pelo menos 50-100% mais rápido.

Instalem isto no vosso browser:

https://gun.io/blog/openspritz-a-free-speed-reading-bookmarklet/

para tablets penso que a versão oficial ainda nao tenha saido por parte da empresa Spritz

Isto é perigoso realmente... através de reversing engineering a facilidade com que se faz uam coisa destas:

My $50,000 Twitter Username Was Stolen Thanks to PayPal and GoDaddy
I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up.

While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject “Account Settings Change Confirmation.” There was a good reason why that was the last one.

From: <support@godaddy.com> GoDaddy
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 12:50:02 -0800
Subject: Account Settings Change Confirmation
Dear naoki hiroshima,
You are receiving this email because the Account Settings were modified for the following Customer Account:
XXXXXXXX
There will be a brief period before this request takes effect.
If these modifications were made without your consent, please log in to your account and update your security settings.
If you are unable to log in to your account or if unauthorized changes have been made to domain names associated with the account, please contact our customer support team for assistance: support@godaddy.com or (480) 505-8877.
Please note that Accounts are subject to our Universal Terms of Service.
Sincerely,
GoDaddy
I tried to log in to my GoDaddy account, but it didn’t work. I called GoDaddy and explained the situation. The representative asked me the last 6 digits of my credit card number as a method of verification. This didn’t work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.

The GoDaddy representative suggested that I fill out a case report on GoDaddy’s website using my government identification. I did that and was told a response could take up to 48 hours. I expected that this would be sufficient to prove my identity and ownership of the account.

Let The Extortion Begin
Most websites use email as a method of verification. If your email account is compromised, an attacker can easily reset your password on many other websites. By taking control of my domain name at GoDaddy, my attacker was able to control my email.

I soon realized, based on my previous experiences being attacked, that my coveted Twitter username was the target. Strangely, someone I don’t know sent me a Facebook message encouraging me to change my Twitter email address. I assumed this was sent from the attacker but I changed it regardless. The Twitter account email address was now one which the attacker could not access.

The attacker tried to reset my Twitter password several times and found he couldn’t receive any of the reset emails because it took time for the change of my domain’s MX record, which controls the email domain server. The attacker opened issue #16134409 at Twitter’s Zendesk support page.

N, Jan 20 01:43 PM:
Twitter username: @n
Your email: *****@*****.***
Last sign in: December
Mobile number (optional): n/a
Anything else? (optional): I’m not receiving the password reset to my email, do you think you could manually send me one?
Twitter required the attacker to provide more information to proceed and the attacker gave up on this route.

I later learned that the attacker had compromised my Facebook account in order to bargain with me. I was horrified to learn what had happened when friends began asking me about strange behavior on my Facebook account.

I received an email from my attacker at last. The attacker attempted to extort me with the following message.

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 15:55:43 -0800
Subject: Hello.
I’ve seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again D:
I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?
Shortly thereafter, I received a response from GoDaddy.

From: change@godaddy.com
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 17:49:41 -0800
Subject: Update [Incident ID: 21773161] — XXXXX.XXX
Unfortunately, Domain Services will not be able to assist you with your change request as you are not the current registrant of the domain name. As the registrar we can only make this type of change after verifying the consent of the registrant. You may wish to pursue one or more of the following options should you decide
to pursue this matter further:
1. Visit http://who.godaddy.com/ to locate the Whois record for the domain name and resolve the issue with the registrant directly.
2. Go to http://www.icann.org/dndr/udrp/approved-providers.htm to find an ICANN approved arbitration provider.
3. Provide the following link to your legal counsel for information on submitting legal documents to GoDaddy: http://www.godaddy.com/agreements/showdoc.aspx?pageid=CIVIL_SUBPOENA GoDaddy now considers this matter closed.
My claim was refused because I am not the “current registrant.” GoDaddy asked the attacker if it was ok to change account information, while they didn’t bother asking me if it was ok when the attacker did it. I was infuriated that GoDaddy had put the burden on the true owner.

A coworker of mine was able to connect me to a GoDaddy executive. The executive attempted to get the security team involved, but nothing has happened. Perhaps because of the Martin Luther King Jr. holiday.

Then I received this follow-up from the attacker.

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 18:50:16 -0800
Subject: …hello
Are you going to swap the handle? the godaddy account is ready to go. Password changed and a neutral email is linked to it.
I asked a friend of mine at Twitter what the chances of recovering the Twitter account were if the attacker took ownership. I remembered what had happened to @mat and concluded that giving up the account right away would be the only way to avoid an irreversible disaster. So I told the attacker:

From: <*****@*****.***> Naoki Hiroshima
To: <swiped@live.com> SOCIAL MEDIA KING
Date: Mon, 20 Jan 2014 19:41:17 -0800
Subject: Re: …hello
I released @N. Take it right away.
I changed my username @N to @N_is_stolen for the first time since I registered it in early 2007. Goodbye to my problematic username, for now.

I received this response.

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:44:02 -0800
Subject: RE: …hello
Thank you very much, your godaddy password is: V;Mz,3{;!’g&
if you’d like I can go into detail about how I was able to gain access to your godaddy, and how you can secure yourself
The attacker quickly took control of the username and I regained access to my GoDaddy account.

PayPal and GoDaddy Facilitated The Attack
I asked the attacker how my GoDaddy account was compromised and received this response:

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification. When asked about this, the attacker responded with this message:

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:00:31 -0800
Subject: RE: …hello
Yes paypal told me them over the phone (I was acting as an employee) and godaddy let me “guess” for the first two digits of the card
But guessing 2 digits correctly isn’t that easy, right?

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:09:21 -0800
Subject: RE: …hello
I got it in the first call, most agents will just keep trying until they get it
He was lucky that he only had to guess two numbers and was able to do it in a single call. The thing is, GoDaddy allowed him to keep trying until he nailed it. Insane. Sounds like I was dealing with a wannabe Kevin Mitnick—it’s as though companies have yet to learn from Mitnick’s exploits circa 1995.

Avoid Custom Domains for Your Login Email Address
With my GoDaddy account restored, I was able to regain access to my email as well. I changed the email address I use at several web services to an @gmail.com address. Using my Google Apps email address with a custom domain feels nice but it has a chance of being stolen if the domain server is compromised. If I were using an @gmail.com email address for my Facebook login, the attacker would not have been able to access my Facebook account.

If you are using your Google Apps email address to log into various websites, I strongly suggest you stop doing so. Use an @gmail.com for logins. You can use the nicer custom domain email for messaging purposes, I still do.

In addition, I also strongly suggest you to use a longer TTL for the MX record, just in case. It was 1 hour TTL in my case and that’s why I didn’t have enough time to keep receiving emails to the compromised domain after losing the DNS control. If it was a week-long TTL for example, I would have had a greater chance to recover the stolen accounts.

Using two-factor authentication is a must. It’s probably what prevented the attacker from logging into my PayPal account. Though this situation illustrates that even two-factor authentication doesn’t help for everything.

Conclusion
Stupid companies may give out your personal information (like part of your credit card number) to the wrong person. Some of those companies are still employing the unacceptable practice of verifying you with the last some digits of your credit card.

To avoid their imprudence from destroying your digital life, don’t let companies such as PayPal and GoDaddy store your credit card information. I just removed mine. I’ll also be leaving GoDaddy and PayPal as soon as possible.

Outra história:

Hi Naoki,

Just read your story about how your Twitter username was stolen. Sadly, the story was all to familiar to me, and mine has a couple implications that are far worse. Just thought I’d share the story in case you were interested.

I’m @jb on both Twitter and Instagram. So you can imagine my username is a very heavy target. It used to be primarily because of the Jonas Brothers but of course now it’s all related to Justin Bieber. As you can imagine, with the marketing power behind his name, there’s thousands if not more companies/hackers/etc… who’d love to get their grubby hands on it for profit.

It started when I received a forgot password email from Amazon. Forgot password emails are regular for me, because of my @jb username, but this was the first I had ever received from Amazon. “Why in the world would someone want that?” Twitter released feature awhile back ago that turns off the forgot password feature unless you have some specific information about the person. This was a godsend. Unfortunately Instagram has yet to implement something similar.

I of course ignored the first email from Amazon like I normally do with any forgot password emails I get that I didn’t initiate. Imagine my surprise when I received a second email about an hour later saying that my password had been successfully changed! I also had 3 fresh forgot password emails from Apple. It was clear I was being targeted.

I got lucky. I still had access to my Amazon account because I was able to do an automated forgot password request and reset it myself. I had caught everything just in time —the limbo between when the attacker had gained access to Amazon but had yet to gain access to my email. After I changed my password through their website, I called Amazon, found out that they had given access over the phone, and then asked them to lock my account and make a note not to allow any requests to change it again over the phone.

My next step was to call iCloud support and ask them if they had given out any of my information. Sure enough, I finally was able to talk to a representative who was able to tell me that there had been 4 support calls in the last hour regarding my account. The attacker was calling Apple, pretending to be me by giving them any information he had about me, and trying to gain access. I gave them the same instructions I gave Amazon, that this was not me and to please not allow any requests over the phone.

As I was on the phone with them, I received an email from iCloud support with instructions on how to reset my password. It was clearly an email from a representative and not an automated message. And what stood out to me was that the email was “To” a random gmail address and my email address was only CC’d. That was it, I had the email the attacker was using. I quickly sent an email to the attacker, assuming I would never hear a response. But I did get a reply a few minutes later.

The attacker was very open about what he was doing. He was after my Twitter username, @jb. He explained that he first started by doing a little research and learning every piece of information he could find on me through public records. My Twitter profile linked to my website, my website had WHOIS information. I use a very very old address on all my public WHOIS records, but it happens to be the address of my parents, and since I’ve shipped gifts to my parents through Amazon, they had that address on file.

He then called Amazon with what little information he had gained and cried that he had lost his password and didn’t have access to that email address anymore. The representative caved and reset the password over the phone giving him full access to my Amazon account. His plan was to then gain as much information he could with Amazon (last four of credit card numbers, current and previous addresses, etc…) and use that as ammunition to do the same thing with Apple. And it worked. He had an email in his gmail inbox with instructions on how to reset my iCloud account.

Luckily I had been online when all this was happening and was able to call Amazon and Apple respectively to lock my accounts and prevent access. Had I been even 5 minutes later, well…

The scary thing was that I only thought of the true implications of this attack days later. As I was contemplating what had happened and how I could prevent it in the future, a very frightening thought occurred to me. This attacker started with Amazon because he knew that an commerce shopping site’s customer support would be relatively easy to convince and gain access. However, that same site offers cloud services that many startups (including mine) rely on to host their data. Droplr, the startup that I am a founder of, is completely based on Amazon’s stack, from using EC2 servers where we host all of our technology to S3 which we use for file storage. This attacker had access to all of it. I was extremely lucky that in his rush to gain access to @jb, he didn’t think to check if my account had anything under AWS.

I was obviously infuriated with Amazon. I spoke to someone high up on the phone and they promised that it was a priority for them to train their representatives better. There were a couple other very public cases of this happening around the same time so they were just at the beginning of a PR fallout from their lack of security.

So what did I learn?

1. Even though Amazon encourages you to only have one identity, don’t. Use completely separate accounts for your AWS services and your Amazon.com shopping account.

2. Always use a private WHOIS service with domains that you own.

3. Naoki’s thesis was that you shouldn’t use personally owned domain-based email addresses for your logins to these services. Unfortunately, this isn’t a guarantee. The problem is, all the big email providers like Gmail and iCloud are so big that they deal with thousands of requests on a daily basis from people who have genuinely forgot their password, and the only way they have to grant them access again is “verifying” their identity over the phone. If someone can fake being “you” over the phone, they’re even more likely to succeed with these large providers.

4. Some of the biggest companies in the world have security that is only as good as a minimum-wage phone support worker who has the power to reset your account. And they have valid business reasons for giving them this power.

É impressionante como estas empresas passam impunes nisto !!

Judite Sousa critica Lorenzo Carvalho em entrevista

Enfim julgar o livro pela capa...

Estava agora meio perdido a ver cosias da minha antiga escola e realmente os níveis de transparêncai são outros...

Estava a ver os vários detalhes administrativos da minha escola nos EUA quando lá vivi, e é impressionante a dimensão de valores como transparência desde acesso às actas, resultados financeiros, assembleias, etc etc...

Pena que este tipo de cosias não haja mais por cá:

E isto numa cidadezinha com 10 mil habitantes:

Boas a todos,

Nao sei se teem conhecimento mas a XTB está a promover uma espécie de mercado de aplicações para trading.

Existe não só um mercado de futuras aplicações, como também um mercado de developers e criadores de estratégias/aplicações/ideias mas que não sabem programar.

De momento, podem registar-se e quem tiver a melhor ideia pode ganhar 750 euros.

A melhor aplicação financeira, quem a desenvolver ganha 2500 euros.

Poderão ver no site:

http://www.xtb.pt/pt/xapi

todos os requisitos, através do API da XTB.

Obviamente posteriormente não é preciso ser a melhor aplicação para ganhar $, podem vender as vossas aplicações, ideias, nesse mesmo mercado e existe um split entre os lucros da aplicação.

Para quem souber programação tem aqui uma hipotese de ganhar $, e mais ainda, ver colmatadas possíveis défices nas plataformas, ou qualquer ideia que tenham e monetizar essa ideia ou programação.

Convém ainda dizer, que o mercado apesar de ser todo ele internacional, o concurso para os 2500 euros e 750 euros é apenas nacional.

http://www.xtb.pt/pt/xapi

Uma das coisas a riscar da minha "bucket list" é fazer uma maratona.

Odeio cardio e correr, no entanto esta prova é um dos "accomplishments" que gostaria de fazer. Ora, não faço ideia como treinar para uma coisa destas ...

Estou a pensar em cerca de 16-20 semanas de treino, parece-me algo mais apropriado para quem não está habituado a correr grandes distâncias.

Pergunto portanto aqui aos mais experienciados nestas andanças da corrida, algumas dicas, para me começar fazer a' estrada

Começará a fazer sentido olhar para alguns dos países?

Eu sei que muita vez focamo-nos mais no presente, e os problemas actuais... mas a olhar para este rácio alguns países estão mesmo supostamente atractivos: