Tuesday, March 31, 2009

H1B Visas - 2009

Why don't more Americans have jobs? In part due to the H1B Visa and some very poor regulation that allows tech companies to ship employees in from overseas rather than hire qualified Americans.

A recent but of an H1B Visa Scam shows that someone in the government needs to be paying more attention to this problem. Unlike Mexicans coming over the boarder to fill jobs that Americans don't want that pay very low wages to begin with in many cases, these are highly paid IT jobs - and people willing to work at prices that undercut American wages and put people out of work who actually want those jobs.

Legislation to fix some of the problems with H1B Visa was previously rolled into a larger, I would guess more controversial from the public perpective, immigration bill which failed. Hopefully the 2009 H1B Visa Legislation will not have such a fate and something can be done about this problem sooner than later to put more Americans back to work.

I recently worked at a company on contract and asked them why there were so may people from other countries when highly qualified Americans (like me) were out there looking for jobs. Turns out the overseas headquartered company (with I suppose an American office was handling all the H1B Visas) was giving the company I worked for a huge discount if they spent millions of dollars on consulting so the rates would be very low. This caused managers around the company to pressure other people in the company to use the foreign consulting firm to get the discount. That set up also gets the company I was contracting for off the hook for the H1B Visas. They can hire Americans at higher rates as needed and the foreign workers can still be paid less since they aren't getting hired on H1B visas through the American based company - but rather through the foreign based company.

The foreign company fails to comply with hiring Americans when available because if they hired an American who demanded a higher rate, they would have to bump up the pay for all the foreign workers on H1B visas. Therefore they only hire the foreign workers from overseas through some loophole in the legislation obviously. I didn't see one born and raised, native speaking American worker on the staff of the foreign company. I also noticed that in the IT lunchroom every day the foreign workers far exceeded the number of Americans. So obviously that puts me and a bunch of qualified Americans like me (my qualifications far exceeded those of the foreign workers - I was told this by managers at the company) out of a job and lowers American wages in this industry.

Not only that, the foreign workers are learning and becoming well versed in all the latest and greatest technoloogies at this big company, while American workers fall behind in skill sets and knowledge. Large companies can usually try, buy and utilize technologies that small companies cannot afford so workers gain valuable knowledge and experience. Right now the big American companies using this model are training staff in other countries and hurting the American technology base that supports the research and development that helps America remain a world leader. Also by undercutting wages and putting more Americans out of work - they have less customers, less revenue and less profits. It's a really poor business decision if you ask me and incredibly un-American.

Hiring these people from overseas who are able to crank out some code but not very good at designing software that is well architected and maintainable, and who cannot effectively speak the language or get the project done in a timely manner, companies end up throwing bodies at a problem rather than efficiently solving problems. One prior manager from Microsoft (who is European, not American) commented that the overseas workers were cheaper but it took so many more of them to do the job and so much longer that it wasn't cost-effective.

I have worked with some very intelligent people from this particular foreign company - in fact, one of the smartest QA people I ever worked with was from this company - but on average I would have to say the people were less skilled and in some cases not working much at all (sleeping at desk, combing hair in bathroom). I also don't see the sense of having these people write specifications documents when they cannot even speak English very well and no one can understand them and there are so many micommunications it drags out the project eternally.

Working with these foreign companies may be a dream for managers who get kissed up to while a nightmare for employees who are being sabotaged and undermined by political maneuverings. Many of these people treat their American managers much different than their peers.

In my case I went straight to management (after completing a successful project) and explained exactly what was going on. Since I was leaving they knew I had no reason to make these things up. I hope that some smart American managers are able to see through the politics and what is best for our country and their businesses - not just hiring people who kiss their you-know-whats. Measure the effectiveness of your employees based on metrics, ROI and maintainability of systems.

I wouldn't wouldn't call companies that kill American jobs and import or outsource American jobs "Best Places to Work" as some of them have been listed in various magazines. Before CNN updates the Best places to work list again, they should take this issue into account. Is the company outsourcing all a large percentage of IT or other jobs overseas? These places are not an ideal place to work if you cannot get the job.

By the way I heard that the company I was working for cut all their foreign staff. I applaud them. I hope they keep it that way for the sake of their revenues and the American economy in the short term and long term.

And to all the highly intelligent people I have worked with who are on H1B Visas in this country - I appreciate you and thank you for all your great work. I just hope it is not at the expense of my country. I have worked with some amazing people and if they are truly bringing value to the table not otherwise available, I'm all for it. If hired just because cheaper and puts me and other US citizens out of a job, not so much.

Monday, March 30, 2009

Directory Harvest Attacks

Recent directory harvest attacks:

03/30 10:02:59 by IP: 98.215.146.62 - Comcast

03/29 11:06:51 by IP: 71.1.227.69 - Embarq

03/28 22:32:19 by IP: 71.245.168.231 - Verizon

Email Attachments Replaced In Transit

Don't think your email can be altered in transit? Don't see a need for TLS? Find out how the Dalai Lama and US government computers have recently been hacked? The Dalai Lama had email attachments appearing to be from coworkers replaced in transit:

Emails Hacked In Transit

Using TLS is at least a starting point to help reduce this kind of thing. I am not well versed enough to know if it would prevent what the Chinse hackers did in this case to swap out email attachments in transit, however at least it provides authentication on both ends of the message and fixes a few problems in SSL.

Gmail Spamming Network Solutions

I have a gmail email address and a business email address that I have used to email Network Solutions in the past. Someone has bombarded Network Solutions with spam from my email addresses - both of them - so my email addresses got blocked by Network Solutions. The person at Network Solutions said the emails contained Viagra spam among other things.

The most annoying thing is that Network Solutions will not give me any of the mail headers so I can see who is doing it. The second most annoying thing is that I have set up TLS communication between myself and Network Solutions SSL. They had to email me the attachment via GMail - which is obviously not very secure.

I have contended for a long time that someone has been messing with my email and this pretty much confirms it. Coinicidence that it was both my gmail account and my business account? I doubt it.

So is it a problem with Gmail that someone can spoof my address to Network Solutions? Is this a problem with Gmail SPF records or lack thereof? Or is the problem that Network Solutions systems are not correctly checking SPF records and cannot tell the difference between spam and real emails that are actually from me?

The other problem with this whole scenario is the Network Solutions person said they were getting my emails, and replying to them. How is it that if my email address was blacklisted due to spam, they can still RECEIVE my emails (potentially spam) but not SEND emails to me? This doesn't really make sense to me. Don't you usually block spam? When they send to me they get no errors - so they didn't know they couldn't get emails to me until I called them and complained that someone really needs to fix this.

Additionally, they at first did not want to add the week onto my certificate for the time I have spent trying to get this to work - when the problem was not my fault. I cannot control their mail servers and know they are trying to email me but they cannot. This whole thing is very odd.

The other interesting thing is that they say they are sending these emails from the UK. This cannot be true because I have a block on emails from the UK. And it is also quite coincidental that one of my customers has been complaining suddenly that he cannot send emails to/from the UK -- but when he sent me the email header in question -- it was coming out of Texas.

Really, what is going on here? When is anyone going to believe that our email systems are really hacked and messed up and everyone needs to start using TLS (if that even works but it seems to be better due to authentication on both sides of the equation).

Thursday, March 26, 2009

123People - 123 People

Norton is reporting that 123 People is hosting drive by download software. Not to mention the completely bogus information they are displaying on their site. This site is bad news. Don't give them any "correct" information either, because who knows how they are using it.

Network Solutions SSL Cannot Email Me....

Just wondering what the problem is with Network Solutions trying to email me. Kind of odd - I've been a customer of theirs for years. Seems like the last few times I requested SSL certificates they couldn't send me an email with the new cert. They are fixing the problem now but I find this all kind of strange. Why me? Why a problem with my email address? What is going on? Email is so frustrating.

TLS Enforcement From Postini - Was Never Working?

Ok I've had TLS enforcement turned on in Postini since I got it for a particular domain of a company at which I was working. I just not got an error message stating that I cannot email this company because their mail server does not support TLS. I just used nslookup and telnet to test these mail servers and in fact they do not support TLS. So I don't know for how many months this "TLS Enforcement Policy" was not working. At all. I was sending messages to and from this client thinking they were encrypted.

Monday, March 23, 2009

Delay in TLS failure notifications

Apparently when using Postini TLS policy enforcement, there is quite a delay if you send an email to someone and their inbound server does not support TLS. It looks like it takes about a day or longer, so if you turn on TLS you won't know for some time that your email didn't go through.

Sunday, March 22, 2009

Volt Email Servers - TLS Failure

I tried TLS enforcement while sending to Volt email servers using Postini's TLS enforcement policies. I get a bounce back message saysing Volt servers do not support end to end TLS enforcement.

The error message is:
Technical details of temporary failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 451 451 Recipient does not support STARTTLS - psmtp (state 14).


This is very surprising since Volt is a very large technical staffing company. Why wouldn't they want the most secure email possible to protect the identities of their employees and their business communications?

The other odd thing is that I sent to another Volt person and the email seemed to go through. Either that or the TLS failure messages are very delayed and I haven't gotten that failure message yet, which seems odd. Shouldn't the message rejection be immediately available? Isn't there a way to test an email server to see if it supports TLS prior to sending the message so I don't get a whole bunch of failures over time and wastes mail server resources when they continually try to resend when an email server doesn't support TLS?

At any rate not sure why Volt email servers don't support TLS. This seems kind of odd. Additionally a person at Volt could not email me for some reason. There seems to be something strange going on with their mail servers.

Google - MD5 Cipher

I just noticed that in my error messages on Google an MD5 Cipher is being used:

version=TLSv1/SSLv3 cipher=RC4-MD5

I am not an expert on TLS and SSL but the latest SSL hack that got a lot of hoopla in the news was using an SSL certificate with MD5 encryption. It has been widely reported that SHA is much more secure and MD5 has been vulnerable for a while. Why is Google using MD5 in that case?

MD5 hacked

Wednesday, March 18, 2009

Postini Didn't Block Specified IP

Yesterday a customer complained about not getting email from one of his customers. I thought maybe the customer was in an IP range blocked by Postini so I asked him for a mail header if he could provide one.

For some reason an email was able to get through at some point and we haven't made any changes on our Postini account recently (unless Postini and Google Apps are making these changes related to the string of problems noted in my blogs since November on those Postini/Google Apps problems).

The thing I don't understand is that the IP address should have been blocked according to our mail configuration settings in the first place. This particular IP address that should have been blocked was coming through Microsoft's Hotmail service. The last IP in the email address was the Microsoft hotmail product. The originating IP address was in the UK in a range we had blocked.

Apparently, Postini must be only blocking the last mail server in the header but not the originating IP address, which could be problematic obviously. Hackers and spammers can simply go through a "good" mail server you don't want to block no matter what their particular originating IP address is and you cannot block them.

It would be better if Postini could somehow look at that originating IP address (if that's not what it's doing).

Maybe the issue here is that maybe different email headers have different formats and it can be tricky to parse out the originating IP. What if email headers had to conform to an XML standard with a schema to validate them. Would that help drill down to the correct IP address? Maybe backwards compatibility could be provided to parse out old headers and stuff them into XML - but if they don't work the mail gets rejected - with a message telling the person to upgrade their mail server to an XML header compliant system.

Additionally mail headers could have details encrypted in transit except for what is required to get the mail from end to end with some sort of hash to make sure the message was not altered in transit.

Just dreaming here on a better way to solve mail problems...

Microsoft Mail Problems

I've had a string of people lately complaining about problems with Microsoft "in the cloud" mail products and/or having problems sending messages to me from this service.

Someone trying to email me who uses one of their services somehow (not sure exactly how he's set up but there's a Microsoft IP of some kind in the set up) is having problems emailing me. I've checked all the IPs he's using and his mail server IP and they're not blocked.

A girlfriend of a friend was complaining that she was having problems with her Microsoft mail. Not sure the details there.

Then, strangely a customer complained that he could not get messages from someone. When a message finally did get through it came from a Microsoft mail product - from an IP that should have been blocked by Postini. The Microsoft IP was ok but it originated from a blocked IP.

Not sure what is going on here exactly, just been hearing about and having problems myself with mail related to Microsoft's online mail services in various ways.

Friday, March 13, 2009

Phone Problems

Seriously having communication problems related to my business. Today a person with a potential large project called me. My phone rang once, on my end and dropped off. On his end he said the phone rang and rang and rang and then went to a fast busy signal.

What is going on? It is seriously disturbing when important customers are trying to reach you and they get all kinds of weird problems like those I have described with my email below and other types of phone problems.

So my question is - how do you know when a lot of potential customers are being redirected to some other third party or cannot reach you for some reason? If you got a call from someone you don't even know and they couldn't reach you - they would assume you were out of business or something like that...you'd never know you missed their call.

This is all very bothersome if you start wondering how many phone calls, emails, sales leads and other things your business may be missing due to problems like this.

Saturday, March 07, 2009

123People.com Posting Private Information

123People.com is posting personal and private information including email addresses on the web - easy for spammers to scrape. That's lovely. Additionally they are posting completely bogus information including addresses and phone numbers.

It is looks like they are probably scraping this information off social networks and possibly other sources based on the information I've seen so far.

It may also be somehow related to the Manta site which also displays completely bogus information about businesses, because I found some similar information on both sites. Could be a coincidence but at least these sites are related because they both post bogus information.

Thursday, March 05, 2009

How secure is Postini if your mail is hacked before it gets there?

I have been having problems with Postini lately. Or maybe it's not Postini - maybe it's before the mail ever gets to Postini.