security

Consumer News Roundup, Week of September 12th, 2011

Intellectual property is the new legal battlefield, as one industry after another lawyers up to try to make money from its IP, instead of making money from, say, a product people want to buy.

Righthaven, for example, has been running around suing bloggers and website owners who use quotations of copyrighted works. This is fair use, but Righthaven doesn’t care. Which is why it just got slapped with an order to pay $34,045.50 in attorney fees. Trying to weasel out of the inevitable, Righthaven tried to argue that it shouldn’t have to pay attorney fees because its claims were frivolous in the first place. Right. Props to the Randazza Legal Group and J. Malcolm DeVoy for a well-deserved check.

Porn producer Mick Haig Productions has another approach. Keep Reading »

Use Smarter Passwords

Your online security—from email to bank accounts—is only as strong as the weakest link: your passwords. For years, security experts have recommended long passwords with letters, numbers, and symbols, like this: 7@k4eu1jw$8p*gug. But people generally cope with these policies by using words with numbers and letters in them, like this: l0$er.

It turns out, passwords like that are not only hard to remember, they are pretty easy for a computer to crack.

The better password practice is to use four or five random words, which is (a) really easy to memorize and (b) much harder for a computer to crack.

Also, don’t use the same password for every website. If your password is ever cracked—if you wind up on the wrong side of an Anonymous attack, for example—you make it easy to access all your online accounts, unless they have different passwords. A convenient way to use a bunch of different passwords is to get a password safe program like KeePass, 1Password, or LastPass to keep track of them.

Take a few minutes today to upgrade your online security.

Citibank Credit Card Numbers Exposed by Blippy

Upstart social networking site Blippy apparently failed to protect its users’ credit card numbers—or at least some of them. Blippy allows users to see what friends are buying and comment on their purchases. It also let Google index the purchase information, including credit card numbers.

If you are a Blippy user—especially if you have a Citibank card—keep an eye on your account and look for unfamiliar charges. You might even ask for a new card as a proactive measure.

Blippy users’ credit card numbers found on Google | VentureBeat

Mint.com Wants to Sell Your Shopping Habits

According to Felix Salmon, Mint.com, the popular personal finance website, may be benefiting from playing outside the regulatory rules that govern banks. At a Banking 2.0 panel at SXSW, Mint’s Aaron Patzer explained why:

For instance, he said, he can see pretty much in real time how much money his huge database of customers is, in aggregate, spending at Blockbuster vs Netflix vs Redbox, or any other set of retailers — and that kind of information would surely be extremely valuable to hedge funds. It was clearly something he’s talked a lot about, and he never said that he wasn’t already selling that data to the highest bidder.

If I am to do my banking online, I need to be confident that my financial information is being kept secure. This is not like Google, where I can stomach giving up a bit of anonymized usage data in exchange for great software. No, when it comes to my financial information, I do not want my data sold to the highest bidder.

After reading Salmon’s column, I deleted my Mint account.

Personal finance online | Felix Salmon (thanks, Aaron!)

Don’t Be Promiscuous with Your Passwords

According to a study by Trusteer, a security firm, 73% of internet users use the same password for online banking and other sites. This is not a good idea.

If you use the same password to access multiple accounts, so can an identity thief. I recommend generating long, complex random passwords for your bank accounts, and keep track of them using KeePass, a free password safe. Use a unique password for KeePass–for example, a long sentence in which you replace all the As with @s and all the Os with 0.

Study: 73% use bank password everywhere | The Red Tape Chronicles

(photo: Whiskeygonebad)

What Credit Card Security Codes Are For

Credit card security codes (CVV2 codes) are not stored on your card’s magnetic strip, and merchants may not keep them. Providing it ensures that you have the actual card in your possession. Maryland consumer rights lawyer Sonya-Smith Valentine explains:

Sharing passwords post-mortem

Cory Doctorow’s post on sharing passwords after death was timely for me. My wife and I are currently working on our own wills and estate plans, and wrestling with how to ensure we are able to access one another’s digital information. Like Doctorow, our digital information is locked up safely in encrypted filesystems.

His solution is to split his master password in half, giving one half to his spouse, and one half to his lawyer. It is a good, long-term solution, but I am nervous about having any of my password written down anywhere, so we went another route.

My wife and I share a single long and complicated password, which neither of us has written down anywhere. Should I die, she can use our password to unlock my data, and with it, all my other passwords. The same goes for her. Simple and effective.

If you have a different plan for accessing your spouse’s digital data after death, I would love to hear about it.

When I’m dead, how will my loved ones break my password? | Guardian

(photo: Bohman)

Walmart: taxpayer-subsidized low prices

While the economy tries to pull out of its downward spiral, consumers are flocking to discount department stores like Walmart, looking for the cheapest products they can find. But Walmart’s prices are low for a reason: its business model includes relying on public benefits and services for everything from store security to employee healthcare.

So if you shop at Walmart, make sure to pick up something for your neighbors, because their tax dollars subsidized those “great deals.”

Keep Reading »

How Outsourced Call Centers Are Costing Millions In Identity Theft

Credit card industry kills Mythbusters attempt to examine RFID security