Secure All Channels!
Secure All Channels! was Originally Posted on July 29, 2005 by lavarock
It sounds like a command from the bridge of Star Treks Enterprise, that analogy is not far from my meaning.
A current news item mentions that “Wireless Wallets†are becoming the rage. A wireless wallet is the ability for you to pay for items by waving or pointing your cell phone at them. Parking meters might get a text message from you or a cash register a swipe of the cell phone is all you would need to pay for things.
I’m sure that there will be some procedures to avoid the problem of “I was trying to buy a candy bar and ended up buying a suit in the store next doorâ€. However, that type of problem has occurred recently with people who subscribed to a particular satellite TV service. That service used “wireless†remotes that could go through apartment walls. When a neighbor decided at 3am to watch adult material, their transmitter might also trigger their neighbors box to receive the same program. Without a local password, both systems would buy the program. The answer was to ensure you had a password in your satellite box, which must be used to order programs. The trouble is, most people never set one up.
Speaking of security, how many people use their birth date or house number or last 4 digits of their phone number as their bank pin? How many people use an animals name for their login password? Even when a system tries to be secure, it can fail. Have you ever entered correct data for the question “Mothers maiden nameâ€? Remember, this is NOT a test; it is a away to help verify that you know how you answered a question last time. For example, when asked to enter “Mothers Maiden Name†you could use a word, which you associate with Mom, yet not be her name. Perhaps when you think of your “Mother Maiden name†it reminds you that she worked in a bakery. Thus you might answer Mothers Maiden Name as “Cakeâ€. As long as you correctly answer the question with the word CAKE next time, you win.
Why would I propose this? Imagine that your bank will let you transfer large amounts of cash over the phone, IF you can correctly answer the question Mothers Maiden Name. I could go to a genealogy site and look, or I could just call you and ask you. “Hello Mrs. Smith. My name is Mark and I hope you can help me. I may be related to you and if so, you may be able to save my brother’s life. He has a rare blood disorder and I need to find a match of T-BLA cells. The doctor said it has to be someone on my Mothers side of the family. Were you a Kroft before you were married? “NO, MY MAIDEN NAME WAS JONES’… After just a few seconds this person revealed a correct security answer.
Think about the questions you are asked when prompted to create a verification phrase… Where were you born? Mothers maiden name? Name of first pet? First car?, well you get the idea. Any of these responses might be easy to discover or be forthcoming from you under simple circumstances.
The cell phone issue is funny. I would not trust cell phones to be secure. Years ago cordless phone were touted as secure. Yet their transmitted signal could and may still be heard in the top UHF TV band on certain TV sets. All you had to do was tune up around TV channel 83 and there were people on cell phones driving around.
Even computer programs are NOT secure. Microsoft, a self-proclaimed world leader in operating systems cannot produce a secure system. Each week they have to supply patches fro the same problems over and over and over again. You would think that a company this large could protect their product from such giant holes. An example just this week is that Microsoft now requires people to validate their copy of Windows XP to keep it from being stolen. At the same time this was being enforced, word spread around the Internet on how to defeat this protection.
Many people have set up a wireless router in their house, yet not secured it from outsiders. They may find that their neighbor or perhaps a person sitting in a car across the street is browsing your files or using your Internet connection to break into a bank.
Big scams for Seniors include statements such as “You have won!â€, “You just need to pay taxes up front…â€, “We need a deposit before we can issue your prize…â€, “We would like to send a courier to your home…â€, “We were in your neighborhood and have this driveway sealant left over…â€. Get information and investigate!
If someone calls you on the phone or sends you an email asking for you to “update data†or “verify†something, look up their number and call them back. If a bank or PayPal or whatever asks that you do something to your account, tell them you will handle it and then go into a branch, call the number in the phone book. If someone contacts you to donate to a disaster, YOU look up the charity and contact them; don’t rely upon information the person gives you directly. Verify things!
To ensure you are safe, start asking questions of the technology you use and don’t just rely upon the salesman to tell you. If you buy a router, check to see how you can secure it. Browse the Internet for security issues with products you want to use. Determine if you must answer a validation question with correct data or only with a consistent answer.
A quote from another TV show may be appropriate here, “Be careful out there”!