password

I Really Want a Credit Card with a LCD Screen and Touchscreen Keypad

Source: http://gizmodo.com/5958721/i-really-want-a-credit-card-with-a-lcd-screen-and-touchscreen-keypad

I Really Want a Credit Card with a LCD Screen and Touchscreen KeypadYou can have your black card and your credit card carved out of adamantium (just kidding, I would really like that), the only credit card I want is MasterCard’s Display Card. MasterCard has been testing the card that comes with a LCD and touchscreen keypad, for some time and has now introduced it in Singapore. They say the added tech is for security: users can generate a one-time password as an authentication security measure.

Here’s MasterCard:

At present, banking institutions that necessitate a higher level of security for their online banking services require the use of a separate authentication token or device. The innovative 2-in-1 device, which combines the functionality of a standard payment card with a state-of-the-art security token, currently reflects the customer’s OTP. In future, this card could incorporate additional functionalities and be able to indicate other real time information such as available credit balance, loyalty or reward points, recent transactions, and other interactive information.

I’m in the camp of throwing a LCD screen and touchscreen keypad on as much things as you can. I don’t even really care about the security function, I just like staring at screens. [Mastercard via CNET]

Tags: , , , , , , , , , , , , , , , , , ,

Wednesday, November 7th, 2012 news No Comments

Source: http://gizmodo.com/5944045/google-developer-hints-at-possibility-of-an-internet-without-site-log+ins

Google Developer Hints at Possibility of an Internet Without Site Log-insToday in a post on his personal blog, Google developer Tim Bray wrote elliptically of a project he’s working on that could—if he means what I think he means—radically change our experience of using the Internet—for the better.

Logging in is annoying and slows you down. My job these days is mostly about reducing that pain, ideally to zero by eliminating it. Google really wants this to happen.”

Logging in is annoying. Between your various online banking passwords and user names, Amazon, eBay, every social network you belong to, Netflix, however many accounts you have with online retailers like ShopBop or Sephora or Petco or where ever—it can be a sort of nightmare trying to keep track of all your passwords and user names.

Sure, it isn’t sooo bad, now that more sites will ask if you’d like have them remember your password for future visits. But still.

What an Internet free of log-ins would look like, exactly, it’s difficult to imagine. Just how literally does Google want to execute this plan? At this point, it’s all speculation off an early-stage project. But if Bray’s post is any indication of where Google is in fact headed, we certainly have something to look forward to. [BGR]

Tags: , , , , , , , , , , , , , , , , , ,

Tuesday, September 18th, 2012 news No Comments

Source: http://gizmodo.com/5911057/new-forensics-tool-can-slurp-a-phones-data-via-the-cloud

New Forensics Tool Can Slurp a Phone's Data via the CloudThe police don’t even need to touch your phone anymore to know how you’ve been using it. A new off-the-shelf forensics tool lets cops retrieve all the data they want from your iPhone by accessing its contents through iCloud.

The software, developed by ElcomSoft, lets investigators retrieve user data associated with iPhones from Apple’s iCloud online backup service, reports The Register. There’s a thorough descripton of how the technology works on ElcomSoft’s website, but from The Register:

“iCloud backups offer a near real-time copy of information stored on iPhones including emails, call logs, text messages and website visits. iCloud backups are incremental. When set up to use the iCloud service, iPhones automatically connect to iCloud network and backup their content every time a docked device gets within reach of a Wi-Fi access point.

“‘While other methods require the presence of the actual iPhone device being analyzed or at least an access to device backups this is not the case with iCloud,’ ElcomSoft chief exec Vladimir Katalov explained. ‘With a valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect.’”

Of course, the solution does require access to the Apple ID and password of the person who’s being snooped on and they might not be easy to obtain. But, once those details are in place, the data can be swiftly downloaded, unencrypted. Nice. [ElcomSoft via The Register]

Image by Thoma Pajot/Shutterstock

Tags: , , , , , , , , , , , , , , , , , , ,

Thursday, May 17th, 2012 Uncategorized No Comments

Source: http://gizmodo.com/5884415/travelling-in-modern-china-requires-serious-secret-agent-skills

Travelling in Modern Day China Requires Cold War Era Secret Agent SkillsIf Kenneth G. Lieberthal were anything but a China expert at the Brookings institution, his travelling-in-China security procedures would read like the product of a paranoid mind that watched too many spy movies as a kid:

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

Talk about overkill, right? Well he’s not alone. The Times reports that these seemingly paranoid precautions are par for the course for just about anyone with valuable information including government officials, researchers, and even normal businessmen who do business in China.

But what about the rest of us? I may not have any valuable state secrets or research that needs protecting but that doesn’t mean I want the Chinese government snooping on my internetting when I visit my grandparents (especially when the consequences can be so severe). In the past, I’ve relied on a combination of VPNs, TOR, and password-protecting everything I can, but now it sounds like even that isn’t enough. Or maybe it’s totally overkill given my general unimportance in the grand scheme of things. Dear readers, I ask you, how much security is enough when it comes to the average person on vacation? [NY Times]

Image credit: Shutterstock/Rynio Productions

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sunday, February 12th, 2012 Uncategorized No Comments

Microsoft Store hacked in India, passwords stored in plain text

Source: http://www.engadget.com/2012/02/12/microsoft-store-hacked-in-india-leaked-passwords-stored-in-plai/

untitled 1 1329074256 Microsoft Store hacked in India, passwords stored in plain text

Frequenters of India’s online Microsoft Store were briefly greeted with the suspicious visage of a Guy Fawkes mask this morning, following a hack that compromised the site’s user database. According to WPSauce, Microsoft Store India’s landing page was briefly taken over by a hacker group called Evil Shadow Team, who, in addition to putting a new face on Windows products, revealed that user passwords were saved in plain text. The group’s motivations are unknown, though the hacked page warned that an “unsafe system will be baptized.” The store is now offline, suggesting that Microsoft may have regained control. Read on for a look at the compromised password database.

[Thanks to everyone who sent this in]

Continue reading Microsoft Store hacked in India, passwords stored in plain text

Microsoft Store hacked in India, passwords stored in plain text originally appeared on Engadget on Sun, 12 Feb 2012 14:19:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceWPSauce, HackTeach  | Email this | Comments

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sunday, February 12th, 2012 news No Comments

Source: http://gizmodo.com/5882888/new-man-in-the-browser-attack-bypasses-banks-two+factor-authentication-systems

New "Man in the Browser" Attack Bypasses Banks' Two-Factor Authentication SystemsThe banking industry often employs two-step security measures—similar to Google Authenticator—as an added layer of protection against password theft and fraud. Unfortunately, those systems have just been rendered moot by a highly-advanced hack.

The attack, know as the Man in the Browser method, works like this. Malicious code is first introduced onto the victim’s computer where it resides in the web browser. It will lay dormant until the victim visits a specific website—in this case, his bank’s secure website. Once the user attempts to log in, the malware activates and runs between the victim and the actual website. Often the malware will request that the victim enter his password or other security pass into an unauthorized field, in order to “train a new security system.” Once that happens, the attacker has full access to the account.

Luckily, the method is only a single-shot attack. That is, the attacker is only able to infiltrate the site once with the user-supplied pass code. But, once in, the attacker can hide records of money transfers, spoof balances and change payment details. “The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking,” Daniel Brett, of malware testing lab S21sec, told the BBC.

Since this attack has shown that the two-factor system is no longer a viable defense, the banking industry may have to adopt more advanced fraud-detection methods similar to what secure credit cards. When compared to having your account silently drained, standing in line for the teller suddenly doesn’t seem like that much of a hassle. [BBC News via Technology Review]

Image: jamdesign / Shutterstock

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tuesday, February 7th, 2012 news No Comments

Encrypting Your Hard Drive No Longer Works Against Federal Prosecution [Law]

Source: http://gizmodo.com/5878709/encrypting-your-hard-drive-no-longer-works-against-federal-prosecution

Encrypting Your Hard Drive No Longer Works Against Federal ProsecutionSometimes common “street smarts” fail you. Like when you ask the guy who’s selling you drugs if he’s a cop. Or when you encrypt your hard drive and refuse to unlock it for prosecutors while citing the self-incriminating clause of the Fifth Amendment.

A federal court judge has just ruled that being forced to decrypt one’s hard drive during prosecution does not violate the defendants’s Fifth Amendment rights. The ruling stems from a case against Ramona Fricosu, who is charged with mortgage fraud. She has refused to decrypt the contents of her hard drive arguing that doing so would require her to essentially testify against herself.

Nuh-uh, said judge Robert Blackburn, citing an earlier ruling against one Sebastien Boucher. In that case, the courts decided that, while Boucher’s encryption password was certainly protected, the information on his drive could be considered evidence in the case and was therefore not subject to the same liberties.

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,” Blackburn wrote in his opinion today. He also cited the All Writs Act, a 1789 statute, could be invoked as well to force Fricosu’s compliance.

Friscosu has until February 21 to comply or face contempt of court charges. Geez, it’s getting to the point that your secrets are better left on microfilm in pumpkin patches rather than on your hard drive. [CNet via The Verge]

Image – Tatiana Popova / Shutterstock


drag2share – drag and drop RSS news items on your email contacts to share (click SEE DEMO)

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tuesday, January 24th, 2012 news No Comments

If You Use Any Of These 25 Passwords On Your Computer You Better Change Them Now

Source: http://www.businessinsider.com/if-you-use-any-of-these-25-passwords-on-your-computer-you-better-change-them-now-2012-1


hackers computerRemember how all those lazy Subway managers caused millions of dollars to be stolen from customers?

A band of hackers was able to guess the passwords to their point-of-sale systems and went to town nabbing credit and debit card numbers from everyone who walked into the restaurants.

Don’t let that happen to you, people.

The Internet Crime Complaint Center just released 25 of the most commonly hacked passwords of 2011.

It boggles the mind to think people are still using these everyday words [e.g.: Monkey, football, 123456) to protect devices that hold all their financial data – especially in the workplace.

Raise your virtual hand if your employer assigns workers a single password to access company databases, content management systems or email accounts. (See 11 ways to protect yourself when shopping online.)

“Sharing passwords among users in a workplace is becoming a common theme to continue the flow of operations,” the ICCC says, but “users have prioritized convenience over security when establishing passwords.”

Here’s the full list of passwords to avoid:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

Now see the dirty dozen internet scams to watch out for this holiday season >

Please follow Your Money on Twitter and Facebook.

Join the conversation about this story »

See Also:




drag2share – drag and drop RSS news items on your email contacts to share (click SEE DEMO)

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Thursday, January 5th, 2012 news No Comments

If You Use Any Of These 25 Passwords On Your Computer You Better Change Them Now

Source: http://www.businessinsider.com/if-you-use-any-of-these-25-passwords-on-your-computer-you-better-change-them-now-2012-1


hackers computerRemember how all those lazy Subway managers caused millions of dollars to be stolen from customers?

A band of hackers was able to guess the passwords to their point-of-sale systems and went to town nabbing credit and debit card numbers from everyone who walked into the restaurants.

Don’t let that happen to you, people.

The Internet Crime Complaint Center just released 25 of the most commonly hacked passwords of 2011.

It boggles the mind to think people are still using these everyday words [e.g.: Monkey, football, 123456) to protect devices that hold all their financial data – especially in the workplace.

Raise your virtual hand if your employer assigns workers a single password to access company databases, content management systems or email accounts. (See 11 ways to protect yourself when shopping online.)

“Sharing passwords among users in a workplace is becoming a common theme to continue the flow of operations,” the ICCC says, but “users have prioritized convenience over security when establishing passwords.”

Here’s the full list of passwords to avoid:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

Now see the dirty dozen internet scams to watch out for this holiday season >

Please follow Your Money on Twitter and Facebook.

Join the conversation about this story »

See Also:




drag2share – drag and drop RSS news items on your email contacts to share (click SEE DEMO)

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Thursday, January 5th, 2012 news No Comments

Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.

Augustine Fou portrait
http://twitter.com/acfou
Send Tips: tips@go-digital.net
Digital Strategy Consulting
Dr. Augustine Fou LinkedIn Bio
Digital Marketing Slideshares
The Grand Unified Theory of Marketing