post

Are You Still Using Your Real Credit Card Online? You Shouldn’t.

So iTunes got hacked and some users saw unauthorized purchases up to $600 in their accounts.

itunes hacked

I’m shocked.  Not at the fact that iTunes got hacked, but that users exposed their credit accounts to such extent.  Websites do get hacked, it’s a fact of life.  Users need to change their passwords, consider what other sites may get compromised, and generally think of getting more secure password management schemes – but it’s all too late.  Why not protect your credit card in the first place?

You don’t ever have to submit  your credit card number online.

No, I’m not saying give up the convenience of online purchases – just don’t use your real credit card number.  I haven’t, for at least a decade.  Instead I’ve always used Citbank’s Virtual Credit Card Numbers.  It allows me to generate an ad-hoc credit card number for a specific vendor, either for one-time use or for a period of time with a dollar limit.

There are many other use cases, not just theft / hacking: think of all those subscriptions you just can’t cancel… they keep on billing, and you can’t just shut down the offending vendor, your only choice is canceling the credit card itself.  A major pain.  With a virtual number you go online and remove the particular vendor’s instance.

I’ve been living in the secure world of virtual credit cards for a long time, and simply took it for granted it’s the norm by now – I’m really shocked to see now how few providers offer it.  All I could find (at least in the US) was Citi, Bank of America, Discover, and there was a half-cooked attempt by PayPal, first called virtual debit card, then secure card, but I believe it is now discontinued.

Shame on the Financial Services industry, throw-away credit cards should be the online standard in 2010.  I’m not advocating any particular service (Citi’s implementation – the software side – is outright shabby, but the safety is worth it) but it might be worth signing up for one of these services just for the sake of safe online purchases.

(Cross-posted @ CloudAve)

post

Hacker Disables Cars via the Web – Our Remote Controlled Life

vw-remote This is what remote controlled toy cars looked like when I was a kid.  Yes, the control box was connected to the car with a 3-4feet cable… not exactly the level of freedom you get with today’s wireless models.

But it was fun, nevertheless.  I wonder if 20-year-old Omar Ramos-Lopez had a toy car when he was a kid.  He seems to have found one now.. let me correct that: he seems to have found over 100 remote controlled cars to play with.

The laid-off employee of Texas Auto Center sought revenge and he found it in the Webtech Plus system, which allows dealers to remotely switch off ignition, sound the honk …etc. in the cars of non-paying customers.  Our hacker immobilized over 100 cars and triggered their honks in the middle of the night… probably almost as much fun as a crazy SXSW party 🙂

On second thought, it probably wasn’t fun for the drivers whose cars would not start going to work, or whose only remedy against a shrieking honk at midnight was to remove the car battery.  But at least they were aware of the presence of the remote device… unlike students and families of Lower Merion School District in Pennsylvania (has Lower Merion just become the most famous school district in the US?).  The Spy Cam District’s victims had no idea their homes could be monitored using the school issued laptops.  (And the school district blew their chances of becoming a hit Reality TV show…)

pge-smart-meterTalk about remote sensors: I had no idea of the extended capabilities of the smart meter PG&E, the local utility has installed recently.  These smart meters were all about remote reporting of consumption, and somehow the utility company forgot to tell us they came equipped with a wireless switch to shut off electricity supply.

Shall I go on?   I’m not sure I even want to know how many aspects of our lives can be digitally controlled… all in the name of progress, but dangerous when falling in the wrong hands. 🙁

(Cross-posted @ CloudAve )