Using Google Wallet? Might Want to Check This Out
Monday, December 19, 2011 - 08:33

From Dark Reading:

 

Google's much-anticipated mobile payment application locally stores some sensitive user information unencrypted, such as a cardholder's name, transaction dates, email address, and account balance, new research released today reveals.


What is most concerning is that Google apparently felt that layered protection on a non-rooted Android phone was sufficient:

 

A Google spokesperson points out that the viaForensics report is based on research conducted on a rooted Android smartphone. The report also applauds the layered security built into the OS and app, the spokesperson says. "The viaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet," the spokesperson says. "But even in this case, the secure element still protects the payment instructions, including credit card and CVV numbers."


Of course, a percentage of Android users (the article mentions 10-15%) do jailbreak or "root" their Android phones, and that is not to mention the potential malware that can compromise an Android phone remotely and potentially gain access to the information.

 

The bottom line is that if you are using Google Wallet, you should be concerned about what credit card information is being stored on your phone and how exposed that data could be.

 

http://www.darkreading.com/mobile-security/167901113/security/news/23230...

The 25 Worst Passwords of 2011
Wednesday, December 14, 2011 - 11:44

 

Recently, SplashData published their annual list of the worst Internet passwords.  Here's a tip.  If you are using 'password' as your online password, it's a really good idea to go change it.

 

Without further ado, here are the top 25 worst passwords of 2011.  Do you see one of yours in the list?

 

 

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football



The more we get online, the more we find ourselves struggling with how to handle passwords.  On the one hand, we want to be secure.  We definitely don't want to see our bank accounts emptied out!  On the other hand, we are looking for convenience.  Who wants to remember multiple 14-character passwords made up of random letters, numbers and symbols?

 

 

While we have published tips on choosing strong passwords, we also recommend considering a password escrow tool to manage and securely store your passwords:

 

 

You can find an excellent write up on password escrow options here.

Holiday Phishing Warning & Quiz
Thursday, December 8, 2011 - 08:01

'Tis the season to be jolly, and increase the amount of phishing scams.  We have two interesting tidbits for you.  

 

First, can you tell the difference between a scam site that is attempting to get your account information from you versus the real site?  Head over to OpenDNS's Phishing Quiz and see how you do.  This is an excellent test to help you understand how to tell the real websites from the scam ones.

 

http://www.opendns.com/phishing-quiz/

 

Second, the US-CERT has published holiday season phishing scam message, and we thought it would be interesting to share some of the things US-CERT recommend to watch for as well as the preventive measures that you can take to protect yourself.  

 

Be mindful that phishing and malware scams can take the form of:

 

  • Electronic greeting cards that may contain malware
  • Requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
  • Screensavers or other forms of media that may contain malware
  • Credit card applications that may be phishing scams or identity theft attempts
  • Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

 

Some of the things you can do to protect yourself include:

 

  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. 
  • Maintain up-to-date antivirus software.
  • Verify charity authenticity through a trusted contact number. 

 

http://www.us-cert.gov/current/index.html#holiday_season_phishing_scams_and

Pages

More