The IRS Has Your Numbers!

 

Correspondence from the IRS has a tendency to escalate a taxpayer's pulse rate. However, most of the letters received are not of the feared “come on down” type that requests an appearance for a face-to-face audit; they would be more likely to just require a written explanation. Generally, all types of income (wages, interest, dividends, etc.) are reported by the payer to the IRS, which, in turn, matches the reported income to the recipient's tax return based on Social Security number (SSN). Over the past few years, the IRS has become very proficient in using its matching software to pick up unreported income and other discrepancies on tax returns. Discrepancies will generate an IRS inquiry, so in addition to income, take note of the following items which are frequently monitored by the IRS computer:

 

·  Dependent SSN - The IRS allows only one taxpayer to claim the exemption for a dependent. Frequently, a dependent will claim the exemption himself or herself, or in other cases, separated or divorced individuals will both attempt to claim the dependent. Expect correspondence when the exemption for any SSN has been claimed twice.

 

·  Gross Proceeds of Sale - All brokerage firms are required to report security sales to the IRS as “gross proceeds of sale” on Form 1099-B. The 1099-B copy provided to the account owner is generally combined with interest and dividend reporting requirements and included in a consolidated 1099 statement. These statements can be confusing, and the “gross proceeds of sale” line is frequently buried in the multi-page statements. If a taxpayer fails to report these security sales, the IRS will treat the gross proceeds as all profit, recompute the tax owed and send a bill.

 

·  Stock Basis - For stocks purchased beginning in 2011, the IRS requires the brokerage houses to track the cost of the stock and report that information on Form 1099-B when the stock is ultimately sold, so the IRS can then verify profit or loss.

 

·  Pension and IRA Rollovers - Unless it is a direct (trustee-to-trustee) rollover, the plan administrator is required to issue a Form 1099-R whenever a taxpayer withdraws funds from an IRA or other type of qualified plan. If the 1099-R income is not properly accounted for on the tax return, the IRS may treat it as unreported, taxable pension income and issue a revised tax bill. Even if it is directly rolled over, ALWAYS bring rollovers to our attention.

 

·  Alimony - The person paying alimony must include the recipient's name and Social Security Number with the deduction claimed for alimony payments. The IRS will match the payments to income reported by the recipient. If the two amounts are not the same, the IRS will initiate correspondence to both parties.

 

·  Home Sales - Technically, escrow companies are not required to issue 1099-S forms to taxpayers who sell their primary residence for less than the home sale gain exclusion amount and certify that they meet the exclusion qualifications ($250,000 for a single taxpayer and $500,000 for married taxpayers). Despite this, many escrow companies choose to issue them, making it necessary to report the home sale on the seller's tax return to avoid IRS correspondence.

 

·  Home Mortgage Interest - Since all lenders who are in the business of lending money are required to report home mortgage interest, the IRS can verify the amount claimed as deductible mortgage interest on Schedule A of a tax return, and any significant discrepancy can lead to IRS correspondence. If a private party holds the loan (not in the course of business), Form 1098 is not required to be filed, but the taxpayer claiming the mortgage interest as a deduction is required to include that party's name, contact information and SSN on Schedule A. The IRS can then match the claimed interest deduction to the amount reported by the private party as interest income. However, if a third party lent money to the taxpayer to purchase the home, the third party's information is not required.

 

·  Education Benefits - Colleges and universities are required to report the tuition payments that may qualify for the American Opportunity or Lifetime Learning tax credits on Form 1098-T. Educational lenders report the amount of student loan interest paid on Form 1098-E. Both are used to match against claimed deductions and credits on the tax return.

 

Should you receive a notice from the IRS, it is generally best to contact this office. Don’t just pay the revised tax the IRS proposes. Frequently, the IRS notice is in error, and attempting to respond to the notice without professional advice may create additional problems.

 

 

New Per Diem Rates for Lodging, Meal and Incidental Expenses

IRS issued new per diem rates to be used in substantiating business expenses incurred away from home. Rates include rates for taxpayers in the transportation industry and incidental expenses only deduction. There are no changes in the high-cost localities and the with substantiation rules.  Please contact me for more information

Blended Fuel Tax Reimbursement and Repayment

In California

California extends provision reimbursing and repayment of the motor vehicle fuel tax to persons & companies who paid fuel tax when purchasing motor vehicle fuel for the production of blended fuels that are used to operate motor vehicles on the in-state public highways.  Requirements are (1) the tax paid must have been paid under the Use Fuel Tax Law, (2) the person or Company must submit a refund application request on or after January 1, 2011, and (3) must show that the applicable California use fuel tax has been paid on the blended fuel produced by them. [L. 2012, S1485, effective 09/23/2012]

Weekend Vulnerability and Patch Report 

September 24, 2012

This has been reposted from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com]

 

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash: Adobe has released an update to fix a highly critical vulnerability found in previous versions. Update to Flash Player 11.4.402.278 for Windows. The update is available from Adobe Flash Download Center.

Apple iOs: Apple has released an update to its operating system for the iPhone, iPad and iPod Touch to fix at least 197 vulnerabilities, many highly critical. Upgrade to iOS 6 via Software Update.

Apple Mac OS X: Apple has released an update to its operating system to fix at least 34 vulnerabilities, some highly critical. Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.

Apple Safari for the Mac: Apple has released an update to its Safari browser for the Mac to fix at least 61 vulnerabilities, many highly critical. Update to version 6.0.1.

Microsoft Internet Explorer: Microsoft has released an update to Internet Explorer to fix at least 5 extremely critical updates. Update to Internet Explorer from within the Windows Update in the Control Panel.

Web Content Management Systems: US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems (CMSs) such as WordPress and Joomla. Compromised CMS installations can be used to host malicious content. IT Departments can check for known vulnerabilities in the National Vulnerability Database by searching their CMS by name.

Important Unpatched Vulnerabilities

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.  

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection  remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.  

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched.  Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

• ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
• ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
• ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
• ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

 

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.