Security Flaw Found in Visa (But Not MasterCard)

Security Flaw Found in Visa (But Not MasterCard)

A security vulnerability has been found in Visa Cards which does not exist in MasterCard. Basically, it involves the number of times you can try to process a transaction with an incorrect expiration date (or CVV).  Visa allows multiple attempts to process a transaction, and Mastercard allows only 10 attempts before the transaction is blocked not.

Why does this matter?  Because if a computer can make an unlimited number of attempts, then it can try different numbers until it guesses the correct number.  In  this case, criminal that illegally purchased a 16-digit credit card number can (literally) guess different month/year combinations until they find correct information.  On average, there are roughly 60 likely month/year combinations that are available for a valid Visa card at any given time.  Continue reading “Security Flaw Found in Visa (But Not MasterCard)”

The Yahoo! Breach – What Happened, What You Can Do, and Why

The Yahoo! Breach – What Happened, What You Can Do, and Why

If you had a Yahoo account in 2014, you should read this to find out what happened, and what you can do about it. The bottom line is, the advice that Yahoo is giving their users is not nearly enough to protect from the scale of this data breach.

The timeline seems to suggest that much of the damage may have already been done because the information has been on sale in the Deep Web for at least two months, or longer. The Yahoo breach, originally thought to have occurred in 2012, actually occurred in Continue reading “The Yahoo! Breach – What Happened, What You Can Do, and Why”

“Cyberschizophrenia” in the US Government

“Cyberschizophrenia” in the US Government

In the last few days, the US Government both mandated and rejected the same method of cybersecurity.

It’s called Second Factor Authentication, specifically a One Time Passcode (OTP) sent by Short Message Service (SMS). So, together, its a “SMS OTP,” which is basically what happens when you receive a 4 to 6-digit security code to your  cell phone as a text message after you enter your username and password.  You must enter this security code (usually) on the same screen where you entered your username and password as an extra factor of security to complete online registration and/or to sign in to an account.  The shorthand for all of this is sometimes referred to as Continue reading ““Cyberschizophrenia” in the US Government”

Second Stagefright Attack (Averted?)

Second Stagefright Attack (Averted?)

A serious vulnerability was discovered today with a common picture file type called “Tagged Image File Format, or TIFF.  It is an older type of file, but you probaly have many of then somewhere in your computer right now.  Every now and then, a new way to hack a computer is discovered before any bad guys figure it out. Thankfully, that happened in this case.

The vulnerability was reported yesterday by Tyler Bohan of Cisco Talos.   He said: Continue reading “Second Stagefright Attack (Averted?)”

Will Mobile Payments Become a Format War?

Mobile Payment products either use the current payment system, or challenge the current payment system.

It is called a “Format War.”  Two or more companies with different products compete for your attention.  Of course, as a consumer, you get to choose the product you want.  If you don’t like it, certainly you are free to switch to another product. However, since companies know this, they can make it incredibly cumbersome for you to do so.

Mobile Payments could be heading toward a format war, and the first casualty could be consumer privacy.  On one side are all of the mobile wallet and mobile payment products that are based on the existing payments system in use around the world today.  On the other side are alternatives to the existing payment system, which could bypass the processors or schemes that are the backbone of the payment system. Continue reading “Will Mobile Payments Become a Format War?”