Credit Card Chips Bad for Business? February 16, 2011
Posted by norm in Uncategorized.Tags: dumb, security, UI
add a comment
I just got one of those new credit cards with a chip on it. It came with a PIN that I have to remember to be able to use the card. Well, I already have a PIN for my Interac card. (A PIN that I chose myself, BTW, unlike the PIN for my credit card.)
Now I’m going to have to remember a PIN for each credit card I have? I can’t do that! It’s not like I have a dozen credit cards, but still, I’m not Watson.
So what’s going to happen? I suspect that in the near future, people will each primarily use one or two PIN-required credit cards only. Some credit cards are going to see a change in their business. The less popular cards are going to see a drop-off in transactions and the more popular ones an increase. Moreover, any credit card company smart enough to avoid requiring PINs should see an increase in business.
Wi-Fi Security January 26, 2011
Posted by norm in Uncategorized.Tags: network, security, useful
add a comment
I work in a large organization with a big central IT support group. Consequently, I was able to ask a network security expert about the security aspects of using public Wi-Fi networks, like those in some airports and at Starbucks. Here’s what the security expert wrote:
The safety of public wireless networks depends, for the most part, on the configuration and protections in place on your computer.
In order to prevent anyone from accessing content on your system, you need to have an active firewall that permits outbound connections but blocks random connections to any listening programs on your computer. This is installed by default for any properly patched and configured Windows XP with service pack 2 and above.
A properly configured and auto-updating anti-virus program is also a must. This helps protect your system from malware, including any that might disable other safeguards you already have in place or install a “back door” to allow the nasty people free access.
The downside of public wireless networks is that the traffic between your computer and the access point is, for the most part, unencrypted (clear text) and therefore subject to “sniffing”. This vulnerable traffic includes standard email, web surfing, some chat programs and forums.
Other common applications like Google, Facebook and Twitter use encryption for the sign-on process to protect your credentials, but not for the remaining activity while you are logged-on. These applications can be compromised through a process known as “session hijacking”; where an attacker can read some authentication content and jump in the middle pretending to be you by using this content.
To answer your question, “Would I know either way?” [i.e. would I know if my system were being compromised] I would reply no – not without specific tools and even then only a small portion could be detected at all.
If you are using your system for business activity from these locations I would recommend you connect via our Enterprise Virtual Private Network (VPN) immediately after obtaining a network connection. That way, even the clear text traffic will be protected inside an encrypted tunnel before heading out to the internet.
