Categories ArchivesConsumer Security

Gender Differences in Breach Awareness standard

Over the next few posts, I’m going to show you a few more visualizations that didn’t make it in my Consumer Attitudes Toward Breaches report (sponsored by MAC). Most were omitted for brevity as they didn’t add anything material to the content already presented. Below is a graph that shows how consumers reported their awareness of breaches as separated by gender—pink for female, baby blue for male. What made this interesting to me was that even though males were generally more aware of breaches than females, but the two breaches where females were more aware (Michael’s and Target) seem to target that demographic. The respondents split the gender line at almost 50/50 (11 more females responded than males of the 1031 responses). ...

Continue Reading

WiFi Risks and Travel standard

Holiday travel is about to be in full swing for the holidays, and we’re all going to be wading in dangerous waters as we seek WiFi to keep ourselves and our kids occupied while we move around. Paul Ducklin just put together a great blog post on Naked Security about a risk you should be aware of when connecting to these networks. He specifically talks about unsecured requests for information before you are allowed to reach the Internet. There are a couple of other scary things you should be aware of: Don’t forget that open, free, and no-password-required WiFi is about as wild west as you can get. When you connect to these networks, anything you do that is not encrypted ...

Continue Reading

The Privacy Plug-in You Need standard

Sometimes I’m a bit behind the times on all this new fangled technology stuffs, so I wanted to make sure that everyone else knew that I caught up to 2015 and installed Ghostery. Ghostery is a cross-platform browser plugin that will help you select which tracking networks you want to participate in and which ones you want to block. If y0u have ever been annoyed by countless ads for some product that you Googled late one Saturday night that one time, this is a product for you. Here are my two reasons for keeping this installed on my machines: It allows me to selectively whitelist both certain ad networks and certain sites. So, for example, if I want to support ...

Continue Reading

Will Plastc Succeed where Coin Failed? standard

Facebook has some really interesting ways to position products in front of its users. Not one day after a few of us went on a Coin rant I was presented an advertisement for Plastc, a bigger and better version of Coin that includes an EMV Chip. Early adopters of Coin had mixed results with the card itself with some merchants refusing to accept it, and current users are struggling with the lack of chip support in the device. Here’s why Coin will slowly be phased out in a way to be completely ineffective. Embedded in the magnetic stripe of your payment card is a collection of data that is submitted for payment when you swipe the card. One of the ...

Continue Reading

Samsung Pay is Here standard

The first major challenge to Apple Pay is now here (I’m not counting the Google Wallet as it predates Apple Pay). While I hate the name (seriously Samsung? You accuse Apple of copying you all the time), there is a very cool technology (Thanks LoopPay) that allows for some backwards compatibility that is not present with Apple Pay. These features are part of the Samsung Galaxy S6 and S6 Edge. Couple of key highlights: There are two method of payment, Contactless EMV using Near Field Communications (NFC) and Magnetic Secure Transmission (MST). MST is backwards compatible with (most) existing terminals and will transmit payment information by creating a field that the magnetic stripe reader can interpret. As far as the ...

Continue Reading

On Self-Driving Cars standard

What could possibly disrupt the great wheeled livery disruptor Uber? Self-driving cars can certainly take a chunk of money away from them for those of us who have cars, but use Uber to take us around when we go out with friends. It won’t topple Uber like they have toppled taxis, but it will pull some share. Self-driving cars and other livery are the focus of much debate in a number of different circles. Unions, lawmakers, citizens, and technologists all have opinions on the viability of the technology. To be clear, I love the concept. I think the technology has a ton of promise, much like many other things that technology companies are contributing to the automotive industry. But much like other ...

Continue Reading

CurrentC, Off to a Rough Start standard

Last week we saw a flurry of announcements around CurrentC, a merchant-driven alternative payment scheme that is designed to cut the costs from electronic payment processing. Sure, they didn’t demonstrate a great approach to security with the notification of their breach last week, but no payment information was put at risk. CurrentC is designed to work in a similar manner as Apple Pay (enabled by a smartphone), but it platform independent and works using QR-codes to transact business. Essentially, any merchant with a scanner that can read a QR-code would theoretically be able to accept this form of payment. That brings in grocery stores and big-box retail for sure as most use some kind of scanning technology to assist in ...

Continue Reading

Enable 2-Factor Everywhere standard

Dropbox is the latest victim to announce that a third party (Snapchat was last week) integration caused a ton of their usernames and passwords to be leaked on Pastebin. At this point, most of our super-useful cloud services (Evernote, Twitter, Facebook, Google, and Dropbox to name a few) all have the ability to turn on some kind of stepped-up authentication. Some of these use Google Authenticator, which couldn’t be any easier to use than it already is (probably). So after you go change your Dropbox password (to something unique, not used on any other website), take a few moments to step up your authentication with 2-factor authentication. It will only take you a few minutes, and it will provide much ...

Continue Reading

Shellshock and the Cyber Safety Program standard

I recently had a conversation with Josh Corman of IAmTheCavalry where he shared with me his open letter to the automotive industry. Entitled, the Five Star Automotive Safety Program, it outlines five specific areas that affect information security, and thus will affect the safety of humans that rely on those systems. The five areas are: Safety by Design Third-Party Collaboration Evidence Capture Security Updates Segmentation & Isolation When Josh and I first chatted, I was wary of number 4. Not the fact that security updates are needed, but that there must be a mechanism by which updates can be automatically deployed (not by taking a car to the repair shop). Could someone create a cyber-zombie army by taking over an ...

Continue Reading

Apple Pay is Not P2PE, and Does Not Replace PCI Compliance standard

Apple Pay’s announcement two weeks ago caused a flurry of activity—some of it right here on this blog. I had a chance to catch up with someone who is very close to the design of Apple Pay. I was able to get a few questions answered and I wanted to share those answers here with you all. Apple Pay’s NFC uses EMV. EMV is a standard which was implemented in both the chip and contactless variants for payments. It is effectively the first wide-scale system that uses the EMV Token standard released this year. Apple Pay is software that uses the NFC radio built into the iPhone 6/6+. Why did I make this distinction? Each technology (for example, PayWave and ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!