This guide contains basic information for cardholders about security of credit card payments. It starts with false statement though: "you have no viable alternatives when buying something online". This is wrong because today major online retailers, in addition to credit cards, accept alternative methods of Internet payments. PayPal and Amazon Payments, which were originally based exclusively on credit cards, nowadays allow payments directly from bank accounts, with the same convenience of instant transactions as credit and debit cards. In fact, they prefer payments via bank accounts which save them a lot of money on interchange fees.
This is my first McAfee conference. I did not expect to see so many people! Well, so far it was just a welcome reception night club for the partners, in Venetian Las Vegas... The conference actually starts tomorrow...
Biometric scanner on mobile phone is interesting feature that might be helpful to enhance security of mobile payments, as well as simplify the payment process and reduce the transaction processing time.
I wish all the systems I work with were "All Secure"!
But I can't even imagine how attractive "All Secure" rating is for hackers!
"Financial Tracking Technologies, LLC announced today that it received an "All Secure" rating, the highest possible, by a third party security penetration test of its data security. The penetration and vulnerability tests were conducted during the months of May and June of this year by Loricca Inc., a world class data security consulting firm located in Tampa, Florida."
The popular Costa Rica based online payment system Liberty Reserve went down following the arrest of his founder Arthur Budovsky (Артур Будовский). Budovsky, 39, a former U.S. citizen and naturalized Costa Rican of Ukrainian origin, was arrested in Spain as part of a money laundering investigation.
I found interesting U.S. Department of Justice report about money laundering in digital currencies. In addition to information about the money laundering payment systems, it explains in an accessible form the methods of anonymous Internet access:
Various technologies can increase the utility of digital currencies for money laundering by providing additional anonymity and networking abilities. Because digital currency transactions are conducted over the Internet, they can be traced back to individuals’ computers. The origins of Internet activity can often be identified using IP (Internet Protocol) addresses. Each computer on a network, including the Internet, must be uniquely identified by an IP address in order to receive information, such as web pages, requested from remote servers. These servers, including digital currency servers, track and record users’ IP addresses.
However, anonymizing proxy servers and anonymity networks protect individuals’ identities by obscuring the unique IP (Internet Protocol) address as well as the individuals’ true locations. Anonymizing proxy servers and anonymity networks are designed to prevent identification of Internet users’ IP addresses. Such proxy servers and networks redirect users’ activities so that they appear to originate from a proxy server’s or anonymity network’s IP address rather than the IP address of an individual Internet user.
Furthermore, mobile payments conducted from anonymous prepaid cellular devices, such as web-enabled phones, may be impossible to trace to an individual. Such portable devices that provide Internet access enable transfers of digital currency; afterward, they can be destroyed, easily and inexpensively, to prevent forensic analysis.
National Security Agency has unclassified the document which previously was a secret guide to search engine hacking including Google and Yahoo. In fact, this is the full-size book (640 pages) called Untangling the Web: A Guide to Internet Research.
Interesting quote from the introduction:
"We pay for the benefits of the Internet less in terms of money and more in terms of the currencies of our age: time, energy, and privacy."
I agree with the following quotes in this article:
"Facebook thinks it's more important to people than it actually is"
"The Facebookification of the mobile web is a threat to openness, to choice, to privacy - but only if you care about those things"
One more incident with fake website certificates: Turkish Certificate Authority screwup leads to attempted Google impersonation.
The fake certificate was issued by Turkish certificate authority - TurkTrust:
After reporting the incident, TURKTRUST discovered it had accidentally issued two intermediate certificates instead of normal site certificates in August 2011, including the one used to sign the fake Google certificate.
Recipe for security through obscurity: "When you put information on the internet do not use your real name, your real date of birth"
Sounds like an attempt to implement "security through obscurity" principle:
Give social networks fake details, advises Whitehall web security official:
"When you are putting information on social networking sites don't put real combinations of information, because it can be used against you."
"When you put information on the internet do not use your real name, your real date of birth"
There is a new password protection technology available from RSA. They split the passwords in two and store them on two separate servers in two different locations so if one server/location is compromised it does not compromise the whole password. This is interesting idea, but what about performance, and what if both servers are compromised (probably, they are going to be managed by the same entity)?