Wednesday, October 24, 2012

Barnes and Noble payment terminals hacked

Barnes and Noble is reporting the detection of tampering with the keypads used for debit card transactions in at least 63 stores, with press release here

 Persons who used debit cards with PINs on these keypads might be in danger of theft from associated checking accounts, and should contact their own banks.

Ars Technica has a story on the incident by Dan Goodin here

 In theory, these sorts of problems could happen in any retail establishment.  However, I have had no problems myself with 7-11’s, Rite-AIDSs, CVS, or local supermarkets. 

Consumers should always look at their bank accounts online frequently. 

Sunday, October 21, 2012

Beware of debt settlement offers

Here’s a cautionary article by Michelle Singletary (“The Color of Money”) in section G of the Washington Post, Oct. 21, “Debt settlement is rarely a done deal”, link here

A person with heavy debt might sign a contract with a debt counseling service, which reduces the total debt by a percent for a fee.  But if the person falls behind on the reworked payment schedule to the debt consolidation company, the effect of the service is eliminated, and all the original debt comes back and is still owed.

During my “post layoff” period, I was approached to do “debt counseling” work with unsolicited calls and emails. 

Thursday, October 18, 2012

Destroying data on old electronics

Here’s a video from MSN about how to wipe old electronics clean before discarding.

Most smart phones have an easy button to press.  For Windows PC, there is a CD with a utility called Dban, and for the Mac there is a utility that comes with the boot disc; you reboot with the disc in the drive and follow some instructions. 

The link is here

What about physical destruction of the unit or exposure to heat or to magnetic fields? Could a strong magnet wipe out a smart phone?  None of this would work with data stored on CD drives (and backup on optical devices could be a good strategy to protect against an enemy EMP strike some day – something that has of yet never happened in the U.S. or the West).

Perhaps another concern is personal data on equipment after a burglary, unless it is detected immediately.  

Two-step verification might not even protect actual hardware that is stolen.  It’s perhaps a good idea to change passwords before leaving a residence or small business alone for long periods of time. This could be a particularly sensitive matter for businesses that store consumer information on site.  
It still boggles the mind, that businesses can give loans to fictitious dopplegangers of real people without contacting them at real addresses.  Some banks insist of mail verification of any changes (for example, my ING retirement plan insists on verification by last known address).

In 2000, I found out that I had a questionable “debt” where notices had been sent to an address I had not lived at since 1979. 

Monday, October 01, 2012

Civilian contractor posts social security numbers of Armed Forces members

The Washington Times, in a story by Rowan Scarbporough, reported Friday (Sept. 28) that a civilian contractor had posted, on a public website, the Social Security numbers of at least 31 current or former US Armed Forces members, “war heroes”, in the profiles of over 500 such persons.

The link for the story is here.

There isn’t much question that such activity would have been a gross violation of the confidentiality provisions of his job.  But the ease with which this was done is alarming to some.