• If you have bought, sold or gained information from our Classifieds, please donate to Kitchen Knife Forums and give back.

    You can become a Supporting Member which comes with a decal or just click here to donate.

WTS ATTENTION: PayPal Friends and Family - beware

Kitchen Knife Forums

Help Support Kitchen Knife Forums:

deskjockey

Senior Member
Joined
Dec 9, 2017
Messages
565
Reaction score
233
Location
Texas, USA
Yeah, not touching that one.

Avoiding VAT and 1099's is a politically oriented effort, isn't it or, is it just criminal? Personally, I like public libraries and good roads so, taxation for things like that seems reasonable to me. I'm also not opposed to a helping hand for people that need it. So for me, cheating on VAT and 1099 reports is not something I do.

Heck, I get paid in cash for rent on one of my pastures so I could easily just ignore that at tax time but, instead I pay the Self-Employment tax and other taxes when I file my 1040. I generally take a dim view of tax cheats unless the taxes in question are really unfair or distorted. VAT to me is not an unfair tax. YMMV
 

tcmx3

Senior Member
Joined
Feb 5, 2015
Messages
1,982
Reaction score
2,596
Just curious on how often disputes arise? I’ve never had an issue.

not sure about disputes, but for everyone saying this is "rare" we had two high profile events in the last month.

and with the increasing frequency of breaches of social media sites it's going to keep happening.
 
Joined
Aug 12, 2016
Messages
3,291
Reaction score
5,258
Location
USA
I've had an issue with a used camera lens I sold on ebay. The buyer bought the lens used it for a month, dropped it or banged it on something, not sure. Had to be something pretty hard since it was a professional level pretty tough lens. Then he claimed that the item was not as described. The lens was described as used and sold as is no refunds. It was in perfect working order when I sold it and he had it for a month, so if there was a problem in transit or before he would’ve told me after he received and used it. PayPal sided with him right away and told me that if I refuse to take the lens back he will keep the lens and they will still pay him from my account. So I took the lens back and when it came back it was broken. It took me another month of back and forth to get money back from PayPal. At one point they sent me to a police station to make a report since they needed an officer badge number and name to refund me. The cop at the station laughed at me, told me they have real problems to solve, but fortunately gave me his badge and name and that was enough for PayPal. I still had to cover shipping to the buyer and back. Lost about $100 on this transaction and many hours. PayPal basically said they can’t verify if the lens was as described or not since the damage was internal and they have to side with the buyer.
 
Joined
Aug 12, 2016
Messages
3,291
Reaction score
5,258
Location
USA
not sure about disputes, but for everyone saying this is "rare" we had two high profile events in the last month.

and with the increasing frequency of breaches of social media sites it's going to keep happening.
There was one hacking of the account. Is the crazy priced Kamon posting the other or was there something else?
 

McMan

Senior Member
Joined
Feb 15, 2018
Messages
2,537
Reaction score
2,921
There was one hacking of the account. Is the crazy priced Kamon posting the other or was there something else?
There were two--the one with Rick and then also Toddnmd.
 

DitmasPork

Senior Member
Joined
Aug 21, 2012
Messages
3,686
Reaction score
7,640
Location
BROOKLYN, NY
I've had an issue with a used camera lens I sold on ebay. The buyer bought the lens used it for a month, dropped it or banged it on something, not sure. Had to be something pretty hard since it was a professional level pretty tough lens. Then he claimed that the item was not as described. The lens was described as used and sold as is no refunds. It was in perfect working order when I sold it and he had it for a month, so if there was a problem in transit or before he would’ve told me after he received and used it. PayPal sided with him right away and told me that if I refuse to take the lens back he will keep the lens and they will still pay him from my account. So I took the lens back and when it came back it was broken. It took me another month of back and forth to get money back from PayPal. At one point they sent me to a police station to make a report since they needed an officer badge number and name to refund me. The cop at the station laughed at me, told me they have real problems to solve, but fortunately gave me his badge and name and that was enough for PayPal. I still had to cover shipping to the buyer and back. Lost about $100 on this transaction and many hours. PayPal basically said they can’t verify if the lens was as described or not since the damage was internal and they have to side with the buyer.
Nightmare! Sorry to hear that.
 

deskjockey

Senior Member
Joined
Dec 9, 2017
Messages
565
Reaction score
233
Location
Texas, USA
I've had an issue with a used camera lens I sold on ebay. The buyer bought the lens used it for a month, dropped it or banged it on something, not sure. Had to be something pretty hard since it was a professional level pretty tough lens. Then he claimed that the item was not as described. The lens was described as used and sold as is no refunds. It was in perfect working order when I sold it and he had it for a month, so if there was a problem in transit or before he would’ve told me after he received and used it. PayPal sided with him right away and told me that if I refuse to take the lens back he will keep the lens and they will still pay him from my account. So I took the lens back and when it came back it was broken. It took me another month of back and forth to get money back from PayPal. At one point they sent me to a police station to make a report since they needed an officer badge number and name to refund me. The cop at the station laughed at me, told me they have real problems to solve, but fortunately gave me his badge and name and that was enough for PayPal. I still had to cover shipping to the buyer and back. Lost about $100 on this transaction and many hours. PayPal basically said they can’t verify if the lens was as described or not since the damage was internal and they have to side with the buyer.

Issues like this is why I try to avoid PayPal if I have a choice in the matter.
 
Joined
Dec 10, 2014
Messages
823
Reaction score
588
Paypal is $hit for sellers. Thankfully I'm not buying and selling that much anymore on BST. I try to deal with people who have been on the forum for more than 30 seconds-- sorry newbies.

I was there a while back and felt like I got the short end of the stick for being unknown and new, but who wants to be out of hundreds of dollars?
 

M1k3

New Mexico prefecture #1
Joined
Jul 28, 2018
Messages
8,488
Reaction score
13,817
Avoiding VAT and 1099's is a politically oriented effort, isn't it or, is it just criminal? Personally, I like public libraries and good roads so, taxation for things like that seems reasonable to me. I'm also not opposed to a helping hand for people that need it. So for me, cheating on VAT and 1099 reports is not something I do.

Heck, I get paid in cash for rent on one of my pastures so I could easily just ignore that at tax time but, instead I pay the Self-Employment tax and other taxes when I file my 1040. I generally take a dim view of tax cheats unless the taxes in question are really unfair or distorted. VAT to me is not an unfair tax. YMMV
🤷‍♂️

Keep me out of any political and, while on the subject, religious talks please.
 

mc2442

KKF Supporting Member
Founding Member
Joined
Feb 28, 2011
Messages
2,146
Reaction score
378
Location
San Diego
I definitely view post count as a valuable piece of info, a lot of purchases, and some sells, have been FF but I always understand, and often request, the other.
 

Bensonhai

Troll Killer!
Joined
Nov 4, 2021
Messages
187
Reaction score
543
Location
Orange County, Ca
I wouldn't have pushed for F and F before, but this 1099 cause is going to make seeking to some unwanted knives almost not worth it. Sad...
 

deskjockey

Senior Member
Joined
Dec 9, 2017
Messages
565
Reaction score
233
Location
Texas, USA
I wouldn't have pushed for F and F before, but this 1099 cause is going to make seeking to some unwanted knives almost not worth it. Sad...

PayPal is convenient but, in more recent years I have had other "concerns" that encouraged me to go back to the days when PayPal, Zelle, and the others didn't exist.

In the past ~two "COVID" years, I have used a lot of USPS Money Orders with satisfaction. Sure it costs $2 to buy it and requires a trip to the Post Office but, thanks to huge mailbox theft issues, I'm at the USPS every day or two anyway so, really I'm only out a stamp, envelope, and the Money Order charge and a small amount of effort.
 

bahamaroot

Idiot Savant
Joined
Jan 13, 2013
Messages
2,147
Reaction score
1,787
Location
A Planet Far Far Away
And another really aggravating part about PayPal and sites like eBay is if you are forced to make a refund to a con they still keep all the selling and transaction fees you paid so you lose that on top of all the shipping costs. I won't use eBay to sell anything anymore and only sell to people I'm really comfortable with when selling a knife.
 

JoBone

Jobone_craftsman
KKF Sponsor
KKF Supporting Member
Joined
Apr 14, 2018
Messages
314
Reaction score
699
Location
NC
And another really aggravating part about PayPal and sites like eBay is if you are forced to make a refund to a con
PayPal merch can be abused by the buyer and you are more likely to run across a bad buyer over a bad seller. You can try adding a ‘no refund policy’ with the description in a money request; it may help.
 
Joined
Aug 12, 2016
Messages
3,291
Reaction score
5,258
Location
USA
PayPal merch can be abused by the buyer and you are more likely to run across a bad buyer over a bad seller. You can try adding a ‘no refund policy’ with the description in a money request; it may help.
No refund doesn't help. Sold as is or no returns doesn't either. Sellers can be abused much easier than buyers by PayPal policies. They make transactions very convenient though, I just wish there were better alternatives.
 

bahamaroot

Idiot Savant
Joined
Jan 13, 2013
Messages
2,147
Reaction score
1,787
Location
A Planet Far Far Away
PayPal merch can be abused by the buyer and you are more likely to run across a bad buyer over a bad seller. You can try adding a ‘no refund policy’ with the description in a money request; it may help.
Doesn't work I've tried it. I sold a new Anova Sous Vide circulator and the customer tried it and didn't like it, said it was a gimmick and wanted a refund. I said no that it was listed as "No Refunds" so they filed a complaint and said that it didn't work. When speaking to a PayPal rep I told them that the listing stated "No Refunds" and I was told it doesn't matter. They said if the customer complains then they get their money back regardless. When I got the item back it worked perfectly but after all the fees and shipping costs I incurred reselling it would have netted me nothing in the end so I just ate it and gave it away.
 

Jeff

Well-Known Member
Joined
Jan 30, 2018
Messages
253
Reaction score
166
All of you know that is not to be used when buying from the members that sale here on the forum.
Be sure to use the invoice or business send. It will cost a bit more to the seller, but you can always add a few $$ to pay the difference or split the difference by upping the price of the item a little bit.

But it has come to the "staff's" attention that at least one seller is encouraging the Friends and Family payment. This is a NO! If anything happens there is NO recourse.
If you do a sale/buy in that manner and it gets screwed up, do not expect anyone to be able to do anything to help you. Be sure to know who you are entering into a transaction with. And you may want to RUN away if they are pushing Friends and Family.


@Angie, if I may be so bold - let me (Matus) please add the following comment:

Everyone who offers anything for sale in the BST section is obliged to quote a price that includes whatever fees they expect to be paying. That means - if a potential buyer expresses interest via a private communication with the seller and then the seller asks for F&F - please let us know. That is unacceptable and will have consequences for the seller.

Of course we as a mod team can not 'stop' anyone for paying Friends & Family, but every buyer that is about to type 'PM sent' in that WTS thread should know that they are entitled to pay with Goods & Services and not be coerced to cover extra fees or pay with F&F.


I wonder how a seller would react if a buyer agreed to pay via “friends & family” only AFTER the seller sent the knife and it was received by the buyer? That is asking a lot of the seller. But, it is pretty much what the seller is asking of the buyer when the seller requests payment via Friends & Family.
 

spaceconvoy

Senior Member
Joined
Mar 7, 2011
Messages
1,402
Reaction score
2,864
Location
Florida
So I was just hacked today, and I think I have an inkling of why my account was targeted. In the last message I posted before the hack, I said something like "I haven't been active here lately but here's a short update." Maybe just a coincidence, but I was thinking it might be a phrase a hacker would look for to find an account that's just active enough to feel safe to send money to, but not engaged enough to quickly alert the mods. Kinda like if a burglar sees newspapers piling up in your driveway and knows you're on vacation.

Luckily the member whose knife photos were used noticed right away, but still, my apologies for being so lax on security.
 

deskjockey

Senior Member
Joined
Dec 9, 2017
Messages
565
Reaction score
233
Location
Texas, USA
So I was just hacked today, and I think I have an inkling of why my account was targeted. In the last message I posted before the hack, I said something like "I haven't been active here lately but here's a short update." Maybe just a coincidence, but I was thinking it might be a phrase a hacker would look for to find an account that's just active enough to feel safe to send money to, but not engaged enough to quickly alert the mods. Kinda like if a burglar sees newspapers piling up in your driveway and knows you're on vacation.

Luckily the member whose knife photos were used noticed right away, but still, my apologies for being so lax on security.

With all the hacks and public listings of "old" and "reused" passwords, a lot of people on sites like this one are an easy target, especially with social indicators as you mentioned.

Two-factor authentication is important but, be aware that SMS messages can be intercepted and used to highjack accounts these days. I ABSOLUTELY WILL NOT USE THEM TO AUTHENTICATE BANK ACCOUNTS AND BROKERAGE ACCOUNTS.

Personally, I am a huge fan of the Yubikey hardware tokens. Sure, they are not as convenient but, they aren't hackable (at least not unless you are such a lucrative target that other scams make you a target). While hardware tokens are best IMHO, the Yubikey and similar software security apps are pretty good. Be aware also, that a lot of businesses use the McAfee version of the token passcode which is a proprietary algorithm to McAfee. Those McAfee passcode generator tokens are available for ~$12 as well on Amazon and similar places. Yubikeys are ~$30.

Lastly, use a password generator like Bitwarden and Lastpass to generate truly unique and complex passwords for each website! 32 characters of mixed case, alphanumerics, with special symbols are complex enough to thwart most dictionary attacks. Again, if you are such a lucrative target to make that sort of attack worthwhile, you need to look at the social engineering aspects as well.

And yes, Social Media and related public posts will increase the likelihood of a web crawler finding your post and using your 'identity' to attempt any number of scams. If you can, post about the vacation your returned from instead of the one you are going on!
 

tcmx3

Senior Member
Joined
Feb 5, 2015
Messages
1,982
Reaction score
2,596
With all the hacks and public listings of "old" and "reused" passwords, a lot of people on sites like this one are an easy target, especially with social indicators as you mentioned.

Two-factor authentication is important but, be aware that SMS messages can be intercepted and used to highjack accounts these days. I ABSOLUTELY WILL NOT USE THEM TO AUTHENTICATE BANK ACCOUNTS AND BROKERAGE ACCOUNTS.

Personally, I am a huge fan of the Yubikey hardware tokens. Sure, they are not as convenient but, they aren't hackable (at least not unless you are such a lucrative target that other scams make you a target). While hardware tokens are best IMHO, the Yubikey and similar software security apps are pretty good. Be aware also, that a lot of businesses use the McAfee version of the token passcode which is a proprietary algorithm to McAfee. Those McAfee passcode generator tokens are available for ~$12 as well on Amazon and similar places. Yubikeys are ~$30.

Lastly, use a password generator like Bitwarden and Lastpass to generate truly unique and complex passwords for each website! 32 characters of mixed case, alphanumerics, with special symbols are complex enough to thwart most dictionary attacks. Again, if you are such a lucrative target to make that sort of attack worthwhile, you need to look at the social engineering aspects as well.

And yes, Social Media and related public posts will increase the likelihood of a web crawler finding your post and using your 'identity' to attempt any number of scams. If you can, post about the vacation your returned from instead of the one you are going on!

a 32 character password like you described would not only beat any dictionary attack, the likelihood that you could crack it with existing hardware in this lifetime is effectively zero.
 

esoo

living the patina
KKF Supporting Member
Joined
Jan 15, 2018
Messages
2,915
Reaction score
5,899
Location
Canada, eh?
a 32 character password like you described would not only beat any dictionary attack, the likelihood that you could crack it with existing hardware in this lifetime is effectively zero.

Don't be so certain about that. It always has to do with the actual encryption used on the server side. Long password stored badly makes for easy cracking.
 

tcmx3

Senior Member
Joined
Feb 5, 2015
Messages
1,982
Reaction score
2,596
Don't be so certain about that. It always has to do with the actual encryption used on the server side. Long password stored badly makes for easy cracking.

not to be pedantic, but stealing a password and cracking it are not the same, even if the consequences are largely identical.

furthermore, breaking an encryption to get a plain text representation is also not exactly cracking the password.

what I said is accurate as stated: there is not a method that would be able to defeat that password in this lifetime with current hardware. defeating the stuff around the lock is another matter sure.
 

esoo

living the patina
KKF Supporting Member
Joined
Jan 15, 2018
Messages
2,915
Reaction score
5,899
Location
Canada, eh?
not to be pedantic, but stealing a password and cracking it are not the same, even if the consequences are largely identical.

furthermore, breaking an encryption to get a plain text representation is also not exactly cracking the password.

what I said is accurate as stated: there is not a method that would be able to defeat that password in this lifetime with current hardware. defeating the stuff around the lock is another matter sure.

You have totally missed my point - a 32 character password is nothing by itself. It's like holding a key and not know where in the world the lock is. The password needs a system/lock on which to use it on, and dependant on how that system is setup, the fact that you have a highly complex password could be meaningless. For example in the not so distant Windows past, NTLM was hamstrung by the fact that LM only understood 14 character passwords. As a result, you could drop protocol levels and your 32 character password was suddenly only used as 14 characters making the attack space smaller. I'm overlooking how the password was actually stored as two 7 byte packages making it even worse.

And here is the thing, most password storage takes password + salt and runs it through a hashing algorithm to get a hash to store, and then runs the entered password + salt through the same through the same hashing algorithm and compares the results and if they are the same you get in. So the quality of the password really depends on the algorithm. But here's the thing - every hashing algorithm is subject to collisions - two different bodies that create the same hash. This has huge consequences, as your 32 character password could have the same hash as a 5 character password if stored in a poorly designed system, making a dictionary attack useful and quick.

The point is you are always trying to defeat the lock, not the key. If the lock is designed poorly, doesn't matter what your key is. A great key means nothing if you can bump pick the lock.

And in this case, if the hacker is trying to brute force the lock, the system should be doing a better job of banning the IP. Or the hash database has been exfiltrated somehow, which they should've told us.
 

tcmx3

Senior Member
Joined
Feb 5, 2015
Messages
1,982
Reaction score
2,596
You have totally missed my point - a 32 character password is nothing by itself. It's like holding a key and not know where in the world the lock is. The password needs a system/lock on which to use it on, and dependant on how that system is setup, the fact that you have a highly complex password could be meaningless. For example in the not so distant Windows past, NTLM was hamstrung by the fact that LM only understood 14 character passwords. As a result, you could drop protocol levels and your 32 character password was suddenly only used as 14 characters making the attack space smaller. I'm overlooking how the password was actually stored as two 7 byte packages making it even worse.

And here is the thing, most password storage takes password + salt and runs it through a hashing algorithm to get a hash to store, and then runs the entered password + salt through the same through the same hashing algorithm and compares the results and if they are the same you get in. So the quality of the password really depends on the algorithm. But here's the thing - every hashing algorithm is subject to collisions - two different bodies that create the same hash. This has huge consequences, as your 32 character password could have the same hash as a 5 character password if stored in a poorly designed system, making a dictionary attack useful and quick.

The point is you are always trying to defeat the lock, not the key. If the lock is designed poorly, doesn't matter what your key is. A great key means nothing if you can bump pick the lock.

And in this case, if the hacker is trying to brute force the lock, the system should be doing a better job of banning the IP. Or the hash database has been exfiltrated somehow, which they should've told us.

Im not missing your point.

What Im telling you is that is my comment +1ing people using strong passwords in a manger was absolutely correct as stated. And that you're being an *******.

Congrats, you've shown off you know some infosec stuff. I worked in the industry myself as an engineer, and Ive done work specifically in the area of hashing collisions btw. Fairly recently too. This conversation has gone exactly zero steps forward by you rattling off a bunch of obvious stuff.
 

esoo

living the patina
KKF Supporting Member
Joined
Jan 15, 2018
Messages
2,915
Reaction score
5,899
Location
Canada, eh?
Im not missing your point.

What Im telling you is that is my comment +1ing people using strong passwords in a manger was absolutely correct as stated. And that you're being an *******.

And that was something you never stated. All you claimed was a 32 character long password was unbreakable.

For the record, I personally support password manager use. But am also aware that proper 2FA is the way to back that up. Given code quality today, I’d take an 8 character password + token based MFA over your 32 character password any day.

And yes, I’m may be an ********, but spout BS and expect to be called on it.

Congrats, you've shown off you know some infosec stuff. I worked in the industry myself as an engineer, and Ive done work specifically in the area of hashing collisions btw. Fairly recently too. This conversation has gone exactly zero steps forward by you rattling off a bunch of obvious stuff.

If you really think that a long password is unbreakable you need to get out of the industry. Everything is breakable. Just because you don’t know how it can be done doesn’t mean it can’t and won’t be tomorrow (or hasn’t been by nation state already). I’ve been doing this long enough to know that basic truth. It’s always a matter of when not if something will get broken.
 
Top