If your email account is with Google or Yahoo, your days of seeing phishing emails from fake eBay or PayPal addresses should be over. Google announced last week that it’s now using DomainKeys to verify messages really do come from paypal.com or ebay.com—if they don’t, they never even make it to your In Box. This is possible because eBay and PayPal are now making sure “that all their email is signed with DomainKeys and DKIM.” Since Yahoo! also uses DomainKeys and DKIM (they developed it, in fact), phishing attacks for Yahoo! Mail accounts should also disappear.
security
Stein Mart Settles Personal Data Breach By Offering… Coupons
By 7.8.08
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
"Apple Just Gave Out My Apple ID Password Because Someone Asked"
By 7.8.08
All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
Want Safe Skies? Strap This Remote-Controlled Stun Device To Yourself!
By 7.7.08
Make of this what you will, as the story comes from the Reverend Sun Myung Moon’s church-owned Washington Times and may be more fiction than fact, but “a senior government official with the U.S. Department of Homeland Security (DHS) has expressed great interest in a so-called safety bracelet that would serve as a stun device, similar to that of a police Taser.” Yes, the EMD Safety Bracelet from Lamperd Less Lethal is designed to make flying a fun experience once again. Just check out everything it can do:
- Take the place of an airline boarding pass.
- Contain personal information about the traveler.
- Be able to monitor the whereabouts of each passenger and his/her luggage.
- Shock the wearer on command, completely immobilizing him/her for several minutes.
Chase Doesn't Encrypt Your Login Credentials?
By 7.2.08
We’re not IT experts or anything, but when Chase writes that “all your account information is protected by 128-bit encryption to maintain the privacy and confidentiality of your data,” shouldn’t that mean a little lock icon on the browser window, and an https address? Update: Not necessarily, according to our commenters, although the lack of an https login screen does pose other security risks.
Wal-Mart & Local Police Detain Man, Threaten Arrest Over 4 Bags Of Sugar
By 6.14.08
This guy was trying to make strawberry jam this morning, and he had to go buy 4 bags of sugar. The cashier threw away the original receipt but put the sugar in a couple of Wal-Mart shopping bags, so Ben left the store thinking everything was, you know, normal for a Saturday morning. Then he was stopped by a security guard, a store manager, and an off-duty police officer, all of whom went batshit crazy on Ben over his 4 bags of sugar and lack of receipt. Before it was over one of the shopping bags was ripped open, a bag of sugar lay broken open on the parking lot, the guard had threatened to kick Ben’s ass, and the police officer said, “you’d better not be lying to me.” Ben was marched back into the store so they could verify with his cashier that he wasn’t a sugar thief. Welcome to Wal-Mart, the police-state superstore where prices are low and civil rights don’t exist.
Mastercard Says Merchants Can't Require Additional ID, Except In Specific Circumstances
By 6.13.08
A MasterCard spokesperson has confirmed, just like we’ve been telling you all along, that a store cannot refuse to sell you something solely because you refuse to provide additional identification along with your MasterCard. The only time it’s ok is if it’s required for shipping, or when you’re at a gas pump or making orders via internet, phone, or mail, in which case they can use the MasterCard Address Verification System (AVS). But if you’re in a store, right in front of them, in the flesh, it violates their MasterCard merchant agreement. Consumers experiencing this can fill out a Merchant Violation form found in the FAQ/Contact US part of Mastercard.com. Full statement, inside…
Do You Have Any Naked Pictures Of Your Mother? The TSA Does
By 6.11.08
The TSA recently announced that airport security scanners which can see under clothing are being installed at 10 U.S. airports, according to the AFP. Travelers will enter glass booths while a 3-dimensional full-body image is rendered using “millimeter waves.” Because the image gives a clear representation of travelers’ bodies and genitalia, it has some people concerned about their privacy. More, inside…
By 5.29.08
../../../..//2008/05/29/okay-who-decided-it-would/
Okay, who decided it would be funny to hack Comcast? DSLReports says, “Though there’s no indication that user privacy is jeopardized, you may want to avoid using Comcast webmail until things have been completely cleared up. [DSLReports]
Former Time Warner CSR Arrested For ID Theft
By 5.28.08
A woman in Cincinnati was arrested this week and charged with two counts of identity theft and two counts of theft, for allegedly stealing the credit card information of a customer who was paying a bill in November 2007. Time Warner fired her when the investigation started and it appears no other customers were affected, but it’s a good reminder to stay on top of your credit report at all times.
Former Employee Says TJX Security In Lawrence, Kansas Is A Joke
By 5.27.08
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
Bank of America Mistakenly Shuts Down Access To Your Account, Charges You For The Pleasure
By 5.17.08
Poor Jacob. He only wanted to deposit a $2,019 check with Bank of America. Apparently, this was enough to provoke the bank into shutting down his account, leading to overdraft fees whenever Jacob tried to access his money.
Court Rules Customs Agents Can Collect Data From Laptops & Cellphones Without Cause
By 5.7.08
Some visitors and citizens of the United States may be shocked to learn that their computers, cell phones and data devices are now subject to search and data retrieval upon entry into the U.S., even without cause or suspicion. On April 19th, the Ninth Circuit Court of Appeals ruled that all computers and data devices are the same as luggage in that they can be searched without cause, and that all collected data may be stored indefinitely. More, inside…
$50k Porn-Pilfering Lawsuits Opens With Geek Squad Employee Confession
By 5.5.08
The Star Tribune reports a woman is suing Best Buy for $50,000 after the Best Buy/Geek Squad repair service stole her naked photos from her computer, shared them with other Geek Squad agents, and even copied them onto the hard drives of other customers (this is hardly the first time Geek Squad has been caught stealing porn from customer’s computers). William E. Giffels admitted in a written statement that he copied Kaylee Hall’s nude photos from her computer onto his personal flash drive. On this drive, he also kept the most up-to-date version of the Geek Squad diagnostic tools and told other agents to copy from it. Then other Geek Squad made CD copies of the drive and installed the tools, along with Kaylee’s photos, onto other customers’ computers in the Traverse City, Michigan area. Inside, Giffels’s written confession…
It's Easy To Access Random Customer Info With Best Buy URLs
By 5.2.08
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
By 4.26.08
../../../..//2008/04/26/miami-police-are-having-a/
Miami police are having a fun chat with a 73-year-old guy who drove his Chevy Cobalt onto the main runway at Miami International Airport. For the moment, police do not believe the incident was “terrorism related,” saying, “It’s a possibility that this guy lost his way or was disoriented.” They quickly added, “But until they finish interviewing him, we won’t know for sure.” [The Miami Herald]
