Monday, June 27, 2011

Insecure security

Dear credit cards users:
Next time when you gonna pay by credit card take a look on security camera behind the salesman. Today almost all point of sale equipped with a surveillance cameras. The best place to  install it - up at the wall right behind the salesman. But, this camera could not only capture your face for security purpose , but located at the best position and view angles to take a snapshot of both side of your credit card when salesman  or you rotate it looking for appropriate side to insert it in pos-terminal.

Hey, U , security guys, have you hide CVV code on your credit card? Or flashing it everywhere when take your card out of pocket?
Yes, current standart security camera resolution not enough for good snapshot, but time flies. 

PS. It's almost social engineering thing - we used to see surveillance cameras in any shop and never think about it as a possible security threat.

Monday, June 13, 2011

Security overseas

I thought that even people who faraway from infosec knows that WEP encryption for personal access point is bad idea.... But not for the biggest Canada telecom: Bell.
All Bell's new DSL-modem (with AP) shipping to the customer WEP enabled! More over it's not just shipping from stock- all AP already came preconfigured for the customer!

 The second surprise was: Canadian banks have no slightest idea about such simple thing of m-banking as sms notifications! So, in country where cash is used really rarely  there is absolutely  no way to stay informed by sms about you credit/debit card transactions! 
Sure thing, all bank have self-care web portals or , even, an iPhone apps, but , guess what? - no two-factors  authentication for end customer at all! No sms notification of login attempts to your online account too.