Beware Of Twitter User Name Identity Theft
Strangest thing happened to me the other night while I reviewed Google alerts that watch my name, company name and social networking user names. I like to keep an eye out for strange happenings so I’m not blind sided by something. The Google alert for my Twitter username picked up one of my tweets.
I thought that strange so I investigated. Upon clicking the link, I was directed to this Twitter site:
Looks like my Twitter page, but it’s not. After I reviewed the tweets, I decided to delete a couple then tried to logon to my Twitter account. Suddenly, IE security kicked in, alerting me to the account information phishing scam.
Seems that someone‘s after unsuspecting Twitter users. So, time for all of you IE users to update your web browsers to the latest versions. I’m glad I did.
QuickBooks PCI Compliant
Beginning in 2004, the single most important question that merchants need to ask about their business software has to do with PCI Compliance. “The Payment Card Industry (PCI) has created the Data Security Standards (DSS) in order to support merchants. Credit Card companies now require merchants to be aware of and compliant with the Data Security Standards… Merchants, Is Your POS System PCI Compliant?”
Point of Sale or POS systems bear the brunt of the load when it comes to credit card transactions in the modern retail sales business establishment. It’s nice to know that according to VISA’s List of Validated Payment Applications , Intuit’s QuickBooks ranks as a fully PCI compliant software. I consistently recommend QuickBooks Merchant Services to clients mostly because it mitigates PCI risk.
I also recommend that people use the old style dial out or dual ip-dial out credit card terminal that uses a standard telephone line whenever possible because it shifts PCI compliance back to the merchant service provider. Avoid the newer network type terminals because no typical small business network can pass PCI’s muster without the business spending a great deal of money on special firewalls and logging software.
I’m simply amazed that since 2004, credit card companies and banks have successfully shifted the risk of data breach to merchants that use their services all while building inherently less secure transactional hardware and software APIs simply because of the need to connect through the Internet.
Merchants are in a terrible position. Check out this video.
The bankers birthed an entire new business model on unloading credit card risk to merchants. Kind of reminds you of the ridiculous fees and interest rates we are paying to the same banks.
Millions tricked by 'scareware'
Great article on BBC this morning detailing the “security” software forced on unsuspecting computer users. Fortunately, two simple solutions will stop this dead in it’s tracks.
Use OpenDNS when configuring your home or office network. Your web browser will not go where a name cannot be resolved to an ip address.
Use a UTM device for your firewall. Unified Threat Management should be the choice of any educational or business entity. This year, UTM is now affordable to home network users.
If all else fails, buy your security software from a reputable manufacturer.
Secure WordPress With Proactive Upgrade Management
Frank Corso wrote an excellent plugin called Quote Master. It adds a widget that displays random quotes, as well as others features, which I’ve used to display "Murphy’s Law" on my sidebar for some time now. With a bit of a hack, I added my "Murphy’s Law" tidbits by replacing Frank’s quotes.
With Frank’s latest plugin release, his architecture completely changed, so I’ve removed "Murphy’s Law" from my site for a while. This situation got me to thinking about my view of WordPress security and the necessity to proactively perform upgrades.
Once upon a time, the upgrading ordeal consumed much of my time. Today, thanks to Matt and team, upgrading is a breeze. My favorite quote from Matt’s article, "How to Keep WordPress Secure" reads like this:
“A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)”
I use "Upgrade Notification by Email" By Konrad Karpieszuk to send me a daily notification if any of my WordPress installations are out of date. I believe in proactively upgrading the WordPress core as well as plugins and themes, so much so that I will loose functionality such as Murphy’s Law, for a brief time.
If I manage your WordPress installations, you can rest assured that your WordPress will be up to date and secure. If I don’t manage your WordPress installations, contact me.
Even The Very Best Are Vulnerable
Came across this notification from Network Solutions this morning pointing to the fact that even the very best ecommerce providers in the industry are vulnerable to criminal activities compromising Network Solutions ecommerce hosting customers. I respect their forensic and remediation efforts, but its time to rethink the paradigm and reinvent ecommerce.
How does an industry sort through fault and remedy the consumers that will eventually be hurt by overall process design that exposes private credit card and personal information? Every day another consumer’s credit is ruined and identity compromised. The source of this type of consumer injury can be months away from the actual impact and never actually be revealed.
I happened to accidently come across this notification from Network Solutions, a company I’ve used for years. I did not receive any proactive notification from them. However, I certainly didn’t miss my daily marketing email from them.
