The Holiday shopping season officially kicks off in a few days and more and more people are turning to the online marketplace to avoid the headaches and hassles of Black Friday. The deep discounts, free shipping offers (and the appeal of shopping in your PJs and fuzzy slippers) have made more and more consumers advocates of the relatively new phenomenon of Cyber Monday.
Unfortunately, with the advent of this new technological shopping phenomenon has come new type of “cyber criminal” who create even more problems than the jerk who stole your parking spot at the mall. However, by following the steps illustrated below, you can greatly reduce the chances of your personal data being compromised. Cyber Shop-Till-You-Drop!
Source: HotSpot Shield
We all have our secrets. Some we would share, and some we place under lock and key, and it is usually with only our closest ally that we disclose those precious details in hopes of preserving our reputations and even our lives. Notice I don’t say ‘friends,’ because while I have some wonderful friends, some of them can’t keep a secret to save their own lives much less mine. Continue reading…
Sunset arrives and your afternoon nap went a little long. Suddenly you launch yourself from the couch and hurriedly begin closing your shutters using the new bolts you located on Amazon, which also introduced its latest product; Zombie Preparedness Kits; complete with HK1 hydrokinetic adjustable wrench that you never knew you needed until now. With local distribution centers, you need not wait 43-days, the new UPS-Ground delivery time from the West Coast. It avoids most cemeteries where the undead are mostly concentrated.
Your shoe closet is worthless. The boxes are great for your kids new hobby of collecting and burying reanimated human digits that squirm on the ground; one of the creepiest normalities of this new world. Prada’s sales have plummeted, while Zappos more practical Kevlar boots and thick leather mid-calf selections are flying off the virtual shelf. Everything has changed. Graphic novelists now became useful, hired as consultants because who else knows more about reanimated human life forms? This is was one of the millions of ways uninfected men and women needed to reinvent themselves.
The CDC.gov document was prophetic, as was the reportedly fictional work published by the Weather Channel. They were ready. Those who didn’t adapt digitally were eaten alive. Literally. Fortifications needed to be strengthen, food needed to be hoarded, and e-business became competitive to the extreme. Why? Clothing racks are great hidy-holes for mindless “Walkers” eager to eat your brains.
Smart businesses prepared early, using SEO strategies with key words like Brain Delicacies, Undead, cross bow, and throwing axes. Knowing how to play ball, they saw the trends before-hand and coded their sites appropriately. Security features didn’t just deal with PCI compliance, but maintained new rules on delivery men, including those who rode shotgun. Old school sites were still optimized for Gangnam Style queries; laughably useless in days like this.
Analytics and trend analysis has now saved many lives, feeding families with profits earned by businesses ahead of the horde. But even if there were not zombies, they would have been ready. Still – it’s not too late for you.
If you are thinking about how growing trends could impact your market then you have made your first step in staying ahead of the horde. Zombies or no, the tide is moving and you need to get on board.
You are probably using several software applications that talk to each other. Whether you have a custom web application or prepackaged financial solution, getting applications and services to communicate requires a skill, technique, and knowledge to protect your information. So, what happens when your web service is not secure? What information could you be leaking and how could you be vulnerable?
- Privacy refers to ensuring that messages are not visible to anyone except the web service and the web service consumer. Traffic should be encrypted so that machines in the middle cannot read the messages.
- Message integrity provides a guarantee that the message received has not been tampered with during transmission.
- Authentication provides assurances that the message originates from where it claims it did. Both a legal term as well as a technical term, non-repudiation refers to the concern of not only authenticating a message, but proving the origin of that message to other parties.
- Authorization refers to ensuring that only consumers who should have access to a resource of your web service actually have access to that resource. Authorization requires authentication because without authentication an attacker could pretend to be a highly privileged user.
Building a web service or API (application programming interface) requires a methodology for exchanging secure information, and there are two popular solutions: SOAP and REST.
Simple Object Access Protocol (SOAP) is a popular protocol specification. It is a complicated specification and some developers, though well-meaning, leave security vulnerabilities. An example of a vulnerability is SOAP injection. What is SOAP injection? It occurs when the server attempts to parse the XML message from a client. If the XML message is malformed, meaning that it does not follow the rules that the server expects it to follow, the server may return an error message that actually shows code and gives insight into the underlying system. Developers may turn off this behavior. However, this is often forgotten before a deployment.
REST (Representational State Transfer) is an architectural style for distributed systems. The World Wide Web is one such distributed system. REST has become a popular architectural choice for designing web services. Such web services are referred to as RESTful web services. An advantage of using REST is that the security vulnerabilities are well known as they are the same vulnerabilities that impact web sites. This means that developers who are familiar with website security will be able to leverage their knowledge to secure RESTful web services.
Developers working with either of these technologies must be concerned with the four security points. No methodology or architectural choice ensures that your information is well-protected. It is important that your consultants explain the architecture they plan to use and how their implementation plan accounts for security concerns. If your developer does not have a detailed answer, it is a red flag.
I remember hearing it on the radio; another major retail store was targeted by hackers, a store I had shopped not two weeks prior. That sinking feeling struck, the one that calls me to drop everything in order to familiarize myself with my credit card company’s phone bank to cancel my cards.
New brawny standards protect us against such events and the incentive for a company to comply is tremendous, but tough standards are not great if they are tough to reach. So we ask; is the arsenal guarding us from online theft too hard to grasp for the average online business?
So to answer our initial question; PCI Compliance is too costly for the average businessman to comply, but we are fortunate to live in a free market that sees bureaucracy as an opportunity. Companies like Braintree may have been created with profit in mind, but they are offering a service that gives us carrots and saves us from the stick.
Much of our identities are locked away in the ether. Kept safe in vapor pockets by banks and wireless providers with paper thin questions like, “What is your mother’s maiden name?” We’ve all answered them, developing password fatigue as we try to remember our favorite sports team or if we used our grandfather’s given name or “Gampy.”
Some things are not that hard to figure out. That Sarah Palin and her husband Todd met in high school was ferreted out by one such hacker just before her Yahoo mail became public knowledge. Same with the name of Paris Hilton’s dog. Yep. Hacked.
Good security questions are hard to design as they need to be definitive, applicable, memorable and safe. If the question is too hard, it might be easily forgotten by the person who is being protected. In the study mentioned earlier, participants forgot 16 percent of the answers within three to six months.
— If the question is too easy, the world of hurt can be indescribably huge.
As a user, you could increase your own security by giving false random answers, calling the bank for a reset whenever you forget them. Still, it is a work-around for a system employed way too liberally by banks that know better.
Perhaps they do it to make customers feel like they are participating in their own security. And better systems, like sending new passwords by email, require hiring an extra person on the phone bank as customers need tech-support when they forget how to use these systems or when they lose auto-generated emails in their spam filters.
Password questions are still king as there is no viable alternative. They reduce customer phone calls, giving companies incentive to keep status quo. Still, finding the balance between customer convenience and protection from identity theft might be difficult. With much at stake, responsible corporations with our identities in their hands might consider titanium locks over vapor.