PIN
Source: http://gizmodo.com/5883585/google-wallets-pin-system-has-been-cracked-but-dont-panic-just-yet
The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.
Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.
Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,
The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.
So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]
Source: http://gizmodo.com/5883585/google-wallets-pin-system-has-been-cracked-but-dont-panic-just-yet
The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.
Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.
Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,
The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.
So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]
EMV in, magnetic strips out
Source: http://www.engadget.com/2012/01/31/mastercard-reveals-roadmap-for-our-electronic-payment-future-em/
It’s been over fifteen years since MasterCard, Visa and Europay developed EMV technology to make your credit cards more secure, but it has yet to really catch on here in the US. However, MasterCard has created a master plan to help usher in the EMV era and sound the death knell for the magnetic strip. Why? The EMV infrastructure is far more fraud-resistant because each transaction is authenticated dynamically using cryptographic algorithms and a user-specific PIN. That’s why MasterCard plans to help build out the EMV POS infrastructure by April of next year and have its secure e-payment system functioning at ATMs, online and with its myriad mobile payment options as well. For now, the nuts and bolts of how the credit card firm plans to bring its plan to fruition are few, but more details will be forthcoming, and there’s a bit more info at the source and PR below.
! MasterCard reveals roadmap for our electronic payment future: EMV in, magnetic strips out originally appeared on Engadget on Tue, 31 Jan 2012 05:42:00 EDT. Please see our terms for use of feeds.
Fraudsters Now Using 3D Printers To Make Authentic Looking ATM Skimmers [Scams]
Source: http://gizmodo.com/5866491/fraudsters-now-using-3d-printers-to-make-authentic-looking-atm-skimmers
![medium 15d9a3ae9e5f55659f5a24fd534dfd63 Fraudsters Now Using 3D Printers To Make Authentic Looking ATM Skimmers [Scams]](http://cache.gawkerassets.com/assets/images/4/2011/12/medium_15d9a3ae9e5f55659f5a24fd534dfd63.jpg "Fraudsters Now Using 3D Printers To Make Authentic Looking ATM Skimmers")
What looks like the card slot from a Chase Bank ATM is actually a sophisticated card skimmer removed from a branch in West Hills, California. And police believe a 3D printer may have been used to create it.
Those green bulbous card slots that were supposed to make it very difficult for a card skimmer to be attached to an ATM have turned out to be just a minor inconvenience for sophisticated thieves. Investigators believe this skimmer—which perfectly fits over the ATM’s regular slot— was created from a mould that came from a 3D printer. Which means those behind this particular ATM scheme had some very expensive tools at their disposal.
![medium 113917cd82a68a47720b748a885338bd Fraudsters Now Using 3D Printers To Make Authentic Looking ATM Skimmers [Scams]](http://cache.gawkerassets.com/assets/images/4/2011/12/medium_113917cd82a68a47720b748a885338bd.jpg "Fraudsters Now Using 3D Printers To Make Authentic Looking ATM Skimmers")
In addition to being a perfect replica of the ATM’s standard card slot, this skimmer incorporates a small pinhole camera that starts recording the PIN pad whenever a card is inserted. On the underside is a series of holes that investigators believe allowed the thieves to download data and footage, but the complex electronics on the inside may have been salvaged from a cellphone, giving this skimmer wireless connectivity. So in the future, like in many situations, make sure you take a good look at the hardware before you stick your thing in the slot. [KrebsonSecurity via BoingBoing]
—
drag2share – drag and drop RSS news items on your email contacts to share (click SEE DEMO)
Digital Consigliere
Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.
http://twitter.com/acfou
Send Tips: tips@go-digital.net
Digital Strategy Consulting
Dr. Augustine Fou LinkedIn Bio
Digital Marketing Slideshares
The Grand Unified Theory of Marketing
Tags
Popular Posts
- Netflix vs Blockbuster - Perfect example of an industry replaced by a more efficient version of itself
- Coke vs Pepsi vs Dr Pepper
- Marketing Costs Normalized to CPM Basis for Comparison
- 3G calling, no registration, and totally free
- The Top Endorsement Earners In Each Sport
- AOL's Plan To Steal TV Ad Dollars Is Totally Working
- Groupon launches Breadcrumb iPad app, vows to not be a typical POS
- Flash Sale Sites Have A Social Media Problem
- Top Most Shared Category on Pinterest is ... Food and Drink
Published Articles by Dr. Augustine Fou
- #SESNY: Toward a Performance Mindset for All Advertising
- Tips for Marketers Selecting a Digital Agency
- Context Is Not King or Queen; It's Just Necessary
- 2013 New Year's Digital Marketing Resolutions
- The Good, Bad, and Ugly of Online Campaign Ratings and eGRPs
- Why You Should Banish the Net Promoter Score Immediately
- Digital Strategy To-MAY-to vs. To-MAH-to
- The Agency-Client Relationship is Forever Changed
- Targeting vs. Privacy - Who Will Win?
- Digital + Traditional = Unified Marketing
Pages
Archives
- May 2013 (55)
- April 2013 (70)
- March 2013 (114)
- February 2013 (89)
- January 2013 (136)
- December 2012 (96)
- November 2012 (130)
- October 2012 (147)
- September 2012 (94)
- August 2012 (92)
- July 2012 (112)
- June 2012 (71)
- May 2012 (82)
- April 2012 (80)
- March 2012 (122)
- February 2012 (114)
- January 2012 (129)
- December 2011 (60)
- November 2011 (54)
- October 2011 (29)
- September 2011 (17)
- August 2011 (30)
- July 2011 (18)
- June 2011 (19)
- May 2011 (23)
- April 2011 (23)
- March 2011 (52)
- February 2011 (69)
- January 2011 (108)
- December 2010 (82)
- November 2010 (67)
- October 2010 (68)
- September 2010 (44)
- August 2010 (101)
- July 2010 (61)
- June 2010 (28)
- May 2010 (28)
- April 2010 (26)
- March 2010 (33)
- February 2010 (21)
- January 2010 (12)
- December 2009 (4)
- November 2009 (2)
- October 2009 (14)
- September 2009 (6)
- August 2009 (19)
- July 2009 (34)
- June 2009 (11)
- May 2009 (4)
- April 2009 (6)
- March 2009 (13)
- February 2009 (32)
- January 2009 (25)
- December 2008 (1)
- October 2008 (1)
- June 2008 (1)
- November 2007 (1)
Prototype Web Services
- drag2share – quickly share news items by drag and drop on email addresses
- LivePhotoFrame – upload and remotely manage a digital photo frame via unique URL
- MedleyTuner – create a continuous listening experience by uploading mp3s
- MusicSamplr – discover new artists and music, listen to samples
- SharedMost – what links on ANY webpage are shared most?
- Signatory – sign and date a document and verify it hasn't been altered since that exact time.
- WebTeleprompter – just what it says it is
