Is The Sam’s Club Scan And Go Application Secure?

Yesterday I went to the Springdale store to purchase a 12 lb. bag of black beans. It is the only Sam’s Club store in the area with the 12 lb. bag and it is close to our church. Since I was only purchasing one item, I used the Scan and Go application to check out.  A few minutes later at my mother-in-law’s house, I noticed that the receipt on my phone was for a 50 lb. bag of potatoes. I went back to the store because I thought it was a scanning error. The black beans scanned correctly so they took my information and promised to investigate.

Today I noticed that I have two receipts. The first receipt was for the beans at 08/26/18 13:21. The second receipt was for the potatoes at 08/26/18 13:25. How does this happen? If the times are correct, I was probably in the car going to my mother-in-law’s house when the potatoes receipt was posted.

One of the oddities that caught my attention was that my phone was on the checkout screen for the potatoes. Typically when a Scan and Go transaction completes, the checkout screen is replaced with the completed transaction screen. Although credit card fraud is always a possibility, this looks like a Sam’s Club oops problem.

R Portable Version 3.5.1 and RStudioPortable Version 1.1.453 have been Released! Download R Portable for free! http://bit.ly/1G2ejZT via @sourceforge

R Logo
R Portable Version 3.5.1 and RStudioPortable Version 1.1.453 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.5.1 incorporates the 3.5.1 version of R in a portableapps format.
  • RStudioPortable Version 1.1.453 incorporates the 1.1.453 version of R Studio in a portableapps format.

R Portable Version 3.5.0 and RStudioPortable Version 1.1.447 have been Released! Download R Portable for free! http://bit.ly/1G2ejZT via @sourceforge

R Logo
R Portable Version 3.5.0 and RStudioPortable Version 1.1.447 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.5.0 incorporates the 3.5.0 version of R in a portableapps format.
  • RStudioPortable Version 1.1.447 incorporates the 1.1.447 version of R Studio in a portableapps format.

R Portable Version 3.4.4 and RStudioPortable Version 1.1.442 have been Released! Download R Portable for free! http://bit.ly/1G2ejZT via @sourceforge

R Logo
R Portable Version 3.4.4 and RStudioPortable Version 1.1.442 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.4.4 incorporates the 3.4.4 version of R in a portableapps format.
  • RStudioPortable Version 1.1.442 incorporates the 1.1.442 version of R Studio in a portableapps format.

R Portable Version 3.4.3 and RStudioPortable Version 1.1.383 have been Released! Download R Portable for free! http://bit.ly/1G2ejZT via @sourceforge

R LogoR Portable Version 3.4.3 and RStudioPortable Version 1.1.383 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.4.3 incorporates the 3.4.3 version of R in a portableapps format.
  • RStudioPortable Version 1.1.383 incorporates the 1.1.383 version of R Studio in a portableapps format.

R Portable Version 3.4.2 and RStudioPortable Version 1.0.153 have been Released! Download R Portable for free! http://bit.ly/2x9K8PS via @sourceforge

R LogoR Portable Version 3.4.2 and RStudioPortable Version 1.0.153 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.4.2 incorporates the 3.4.2 version of R in a portableapps format.
  • RStudioPortable Version 1.0.153 incorporates the 1.0.153 version of R Studio in a portableapps format.

Nmap Broke My Wi-Fi

Back in February, I ran into an interesting problem. Both my Wi-Fi and wired connections stopped working on my laptop. I was able to connect to the access point and get an IP address but was unable to ping or connect to anything. I was getting the infamous ‘limited connectivity’ error. After a day of debugging, I gave up and restored the computer from a backup. Everything worked fine until recently. This time I figured out why the Wi-Fi failed.

The Npcap/WinPcap Compatibility Problem

Until recently I was using an old version of Nmap from the February backup. Upgrading Nmap to the latest version broke my Wi-Fi. During the install process, Nmap installs its promiscuous driver, Npcap, and then says you might want to look for a newer version of the driver.  So I downloaded the 0.92 version. While installing the driver, I noticed that it recommended uninstalling WinPcap. I forgot that I had WinPcap installed. At one time WinPcap was the promiscuous driver of choice for Nmap and Wireshark but it has not been updated since 2013. Npcap is supposed to be the replacement for WinPcap even though it is not stable enough to be called version 1.0. Despite my stability concerns I uninstalled WinPcap, installed the latest version of Npcap, and everything works.

How did this occur?

My best guess is that I updated Nmap from version 6.47 to 7.40 in late January. I use Nmap about once or twice a year so I probably decided to upgrade to the latest version prior to running a network test. The network connectivity problem appeared when I rebooted in February. Although the Wi-Fi problem started occurring for people in April of 2016, it does not manifest itself until Nmap 7 installs Npcap. I upgraded Nmap to test our network Wannacry vulnerabilities in May. The next time I rebooted the network connectivity problem had returned.

R Portable Version 3.4.0 and RStudioPortable Version 1.0.143 have been Released! Download R Portable for free! http://bit.ly/2oEltzJ via @sourceforge

R LogoR Portable Version 3.4.0 and RStudioPortable Version 1.0.143 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.4.0 incorporates the 3.4.0 version of R in a portableapps format.
  • RStudioPortable Version 1.0.143 incorporates the 1.0.143 version of R Studio in a portableapps format.

R Portable Version 3.3.3 and RStudioPortable Version 1.0.136 have been Released! Download R Portable for free! http://bit.ly/2lXdfW9 via @sourceforge

R LogoR Portable Version 3.3.3 and RStudioPortable Version 1.0.136 have been released and are available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.3.3 incorporates the 3.3.3 version of R in a portableapps format.
  • RStudioPortable Version 1.0.136 incorporates the 1.0.136 version of R Studio in a portableapps format.

R Portable Version 3.3.2 and RStudioPortable Version 0.99.903 have been Released! Download R Portable for free! http://bit.ly/2fvgKAe via @sourceforge

R Portable Version 3.3.2 and RStudioPortable Version 0.99.903 has been released and is available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.3.2 incorporates the 3.3.2 version of R in a portableapps format.
  • RStudioPortable Version 0.99.903 incorporates the 0.99.903 version of R Studio in a portableapps format.

R Portable Version 3.3.1 and RStudioPortable Version 0.99.902 have been Released! Download R Portable for free! http://bit.ly/295whjJ via @sourceforge

R Portable Version 3.3.1 and RStudioPortable Version 0.99.902 has been released and is available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.3.1 incorporates the 3.3.1 version of R in a portableapps format.
  • RStudioPortable Version 0.99.902 incorporates the 0.99.902 version of R Studio in a portableapps format.

Let’s Encrypt Apache With Multiple Virtual Host Files – Version 2

Back in January I wrote an article about using Let’s Encrypt with Multiple Virtual Host Files and now I know a better way to do it. The problem I ran into was the script throwing an error when renewing the certificate.  After a little research the easiest way to get a robust installation is to follow Erika Heidi‘s instructions in How to Set Up Let’s Encrypt Certificates for Multiple Apache Virtual Hosts on Ubuntu 14.04. Now the script to renew the certificate works.

I found two problems that might people trying to implement SSL.

  1. The script kept generating a message saying, “No vhost exists with servername”. for two of my sites. When I looked into my site configuration file I found that I was still using a VirtualHost section to re-direct www.wehuberconsultingllc.com to wehuberconsultingllc.com. The script was upset that I had multiple VirtualHosts for the site. If I added a ServerAlias for the www address in the first VirtualHost section and deleted the extra VirtualHost section from my vhost configuration file, the script would find the site and create the certificate.
  2. When you are managing multiple WordPress sites I like to update the plugins via wordpress.com. The problem is that as soon as I implemented mandatory SSL for a WordPress site, Jetpack was no longer able to fetch plugin status and instead displayed the “error fetching plugins” message. After a lot of fiddling around I figured out that I could fix this problem by going to the Settings-General menu and changing the URL for the blog to https.

R Portable Version 3.3.0 and RStudioPortable Version 0.99.896 has been Released! Download R Portable for free! http://bit.ly/1rxl03e via @sourceforge

Please update RStudio to the latest version to avoid this warning message when using R Version 3.3.0.

R graphics engine version 11 is not supported by this version of RStudio. The Plots tab will be disabled until a newer version of RStudio is installed.

R Portable Version 3.3.0 and RStudioPortable Version 0.99.896 has been released and is available at the R Portable project page,https://sf.net/projects/rportable/.

  • R Portable Version 3.3.0 incorporates the 3.3.0 version of R in a portableapps format.
  • RStudioPortable Version 0.99.896 incorporates the 0.99.896 version of R Studio in a portableapps format.

R Portable Version 3.2.5 has been Released! Download R Portable for free! http://bit.ly/1XLbe7U via @sourceforge

R Portable Version 3.2.5 has been released and is available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.2.5 incorporates the 3.2.5 version of R in a portableapps format.

R Portable Version 3.2.4 has been Released! Download R Portable for free! http://bit.ly/22k1uYF via @sourceforge

R Portable Version 3.2.4 has been released and is available at the R Portable project page, https://sf.net/projects/rportable/.

  • R Portable Version 3.2.4 incorporates the 3.2.4 version of R in a portableapps format.

Let’s Encrypt Apache With Multiple Virtual Host Files

Over the holidays I converted this site over to use SSL using a free SSL certificate from Let’s Encrypt since the folks at Digital Ocean had written a nice tutorial, How To Secure Apache with Let’s Encrypt on Ubuntu 14.04. The problem was that the installation script partially worked. It created a SSL certificate for multiple hosts but it did not update any of the virtual hosts files. So I had to update the files manually using the template in the /etc/letsencrypt folder. To get an “A” rating from Qualys SSL Server Test I had to download the intermediate certificate https://letsencrypt.org/certificates/. Finally I redirected all of my encrypted traffic to the SSL site. Here is what my Apache host configuration file looks like.

<virtualhost *:80>
ServerName mysite.com 
Redirect / https://mysite.com/ 
</virtualhost>
<virtualhost *:80>
ServerName www.mysite.com 
Redirect permanent / http://mysite.com/ 
</virtualhost>
<virtualhost *:443>
ServerName mysite.com 
DocumentRoot /var/www/html 
ErrorLog ${APACHE_LOG_DIR}/error.log 
CustomLog ${APACHE_LOG_DIR}/access.log combined 
SSLEngine on 
# Intermediate configuration, tweak to your needs 
SSLProtocol all -SSLv2 -SSLv3 
SSLHonorCipherOrder on 
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA 
SSLCompression off 
SSLOptions +StrictRequire 
SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem 
SSLCertificateChainFile /etc/letsencrypt/lets-encrypt-x1-cross-signed.pem 
</virtualhost>

R Portable Version 3.2.3 has been Released! Download R Portable for free! http://bit.ly/1SW96rk via @sourceforge

R Portable Version 3.2.3 has been released and is available at the R Portable project page, http://sf.net/projects/rportable/.

  • R Portable Version 3.2.3 incorporates the 3.2.3 version of R in a portableapps format.

R Portable Version 3.2.2 has been Released! Download R Portable for free! http://bit.ly/1JmwEp7 via @sourceforge

R Portable Version 3.2.2 has been released and is available at the R Portable project page, http://sf.net/projects/rportable/.

  • R Portable Version 3.2.2 incorporates the 3.2.2 version of R in a portableapps format.

R Portable Version 3.2.1 has been Released! Download R Portable for free! http://bit.ly/1JbYrro via @sourceforge

R Portable Version 3.2.1 has been released and is available at the R Portable project page, http://sf.net/projects/rportable/.

  • R Portable Version 3.2.1 incorporates the 3.2.1 version of R in a portableapps format.