Categories ArchivesConsumer Security

Netgear (In)Security and their Failed Remote Management standard

I’ve been having issues with some home networking equipment and decided that after a couple of years, I needed to make some updates. I did my research and ultimately settled on the Netgear R8000. Not just because it looks dead sexy or because it’s called the Nighthawk, but because it had really great reviews and I’ve generally been on board with Netgear’s product quality and technology. That is, until today. One of my biggest complaints about today’s networking equipment is that it really wants to be the only router in your house. It wants to be the command center. So if you have a couple of pieces of networking equipment, they both want to be in charge. I get it, ...

Continue Reading

Does Age Determine How Quickly Shoppers Return? standard

Here’s another visualization to consider based on demographic data generated from my Consumer Attitudes Toward Breaches research (sponsored by MAC). Did age matter when it came to how quickly shoppers returned to a breached merchant? The data seemed to have a couple of stand-out bumps. Below is a graph that shows, on average, how quickly consumers returned to stores after a breach, grouped by age. The trend seems to be such that, in general, the youngest groups are more likely to return to a breached merchant before the older groups.  The middle two age groups are virtually identical up to the fourth digit past the decimal point—enough to consider them equal. What this means for management, is that younger generations ...

Continue Reading

Secure SSH, Go Beyond the Defaults standard

Secure Shell, or ssh, quickly became the replacement for telnet, rlogin, and rsh once system and network administrators realized how easy it was to capture credentials and modify traffic in flight. It’s the stuff out of movies. An administrator is logging into a system with an elevated account (such as root) while a bad guy is snooping all of the traffic and displaying the stream on his screen. He’s got all the credentials and can see everything that administrator is doing. Or worse, he’s sitting in between the administrator and his equipment and modifying the keystrokes from the administrator before forwarding them to the device. Cue the dramatic music. After its release over twenty years ago, it has seen near ...

Continue Reading

What an IRS Scam Sounds Like standard

Like many of you, I have come to the realization that people not in my contact list who actually use their voices to communicate with me over this texting machine usually want something from me—many times, a sales pitch. I’ve given up on answering most of these calls. For the few that leave a message, I will return it if it’s important. Hopefully people have figured out by now that written communication is preferred in many instances. I recently got one of those robo-dialers to leave me a generic, threatening message (which you can listen to here) that meets many of the requirements of good social engineering. The transcript is below (apologies for the bad copy in two areas, the ...

Continue Reading

Does Income Matter for Awareness? standard

Here’s another visualization to consider based on demographical data generated from my Consumer Attitudes Toward Breaches research (sponsored by MAC). Did income levels matter in breach awareness? It appears to have mattered, yes, but not in the way you might expect. Below is a graph that shows how consumers reported their awareness of breaches as separated by income level. When we add weights to our responses to make sure we are comparing apples to apples. What’s interesting here is that the smallest two and largest two income levels were the most aware of the breaches, while the middle three were much less aware. Do lower income segments watch their dollars more closely? Are higher income segments more likely to be ...

Continue Reading

Gender Differences in Breach Awareness standard

Over the next few posts, I’m going to show you a few more visualizations that didn’t make it in my Consumer Attitudes Toward Breaches report (sponsored by MAC). Most were omitted for brevity as they didn’t add anything material to the content already presented. Below is a graph that shows how consumers reported their awareness of breaches as separated by gender—pink for female, baby blue for male. What made this interesting to me was that even though males were generally more aware of breaches than females, but the two breaches where females were more aware (Michael’s and Target) seem to target that demographic. The respondents split the gender line at almost 50/50 (11 more females responded than males of the 1031 responses). ...

Continue Reading

WiFi Risks and Travel standard

Holiday travel is about to be in full swing for the holidays, and we’re all going to be wading in dangerous waters as we seek WiFi to keep ourselves and our kids occupied while we move around. Paul Ducklin just put together a great blog post on Naked Security about a risk you should be aware of when connecting to these networks. He specifically talks about unsecured requests for information before you are allowed to reach the Internet. There are a couple of other scary things you should be aware of: Don’t forget that open, free, and no-password-required WiFi is about as wild west as you can get. When you connect to these networks, anything you do that is not encrypted ...

Continue Reading

The Privacy Plug-in You Need standard

Sometimes I’m a bit behind the times on all this new fangled technology stuffs, so I wanted to make sure that everyone else knew that I caught up to 2015 and installed Ghostery. Ghostery is a cross-platform browser plugin that will help you select which tracking networks you want to participate in and which ones you want to block. If y0u have ever been annoyed by countless ads for some product that you Googled late one Saturday night that one time, this is a product for you. Here are my two reasons for keeping this installed on my machines: It allows me to selectively whitelist both certain ad networks and certain sites. So, for example, if I want to support ...

Continue Reading

Will Plastc Succeed where Coin Failed? standard

Facebook has some really interesting ways to position products in front of its users. Not one day after a few of us went on a Coin rant I was presented an advertisement for Plastc, a bigger and better version of Coin that includes an EMV Chip. Early adopters of Coin had mixed results with the card itself with some merchants refusing to accept it, and current users are struggling with the lack of chip support in the device. Here’s why Coin will slowly be phased out in a way to be completely ineffective. Embedded in the magnetic stripe of your payment card is a collection of data that is submitted for payment when you swipe the card. One of the ...

Continue Reading

Samsung Pay is Here standard

The first major challenge to Apple Pay is now here (I’m not counting the Google Wallet as it predates Apple Pay). While I hate the name (seriously Samsung? You accuse Apple of copying you all the time), there is a very cool technology (Thanks LoopPay) that allows for some backwards compatibility that is not present with Apple Pay. These features are part of the Samsung Galaxy S6 and S6 Edge. Couple of key highlights: There are two method of payment, Contactless EMV using Near Field Communications (NFC) and Magnetic Secure Transmission (MST). MST is backwards compatible with (most) existing terminals and will transmit payment information by creating a field that the magnetic stripe reader can interpret. As far as the ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!