I might as well just publish my SSN and credit card numbers on my blog

“Taking your computer or phone into china”:http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all is a bad idea, and I assume you are at risk in other countries as well. And why do we think we are safe here, when “someone can just litter around these sniffers”:http://www.theverge.com/2012/1/27/2753176/f-bomb-diy-darpa-funded-spy-computer, and “squadrons of these things may be flying around”:http://www.realdanlyons.com/blog/2012/02/01/these-mini-copters-flying-in-formation-are-the-coolest-thing-ive-seen-all-day/, and not that far in the future — the “FAA is letting these things in domestic airspace this year”:http://www.allgov.com/Controversies/ViewNews/Arrival_of_Domestic_Drones_Challenges_Air_Safety_120207.

Probably time to radically rethink my approach to data security.

UPDATE: and of course today I got a call from my bank and my credit card has been compromised. Somebody trying to sneak in $1 charges repeatedly. I don’t need to even put my card numbers up here, I should just assume that they are compromised from the get-go. In some sense it makes life easier — I don’t worry about giving my credit card numbers out to anyone because I assume they are already in circulation. What is important is watching my account statements carefully.

  3 comments for “I might as well just publish my SSN and credit card numbers on my blog

  1. Terence Spies
    February 13, 2012 at 1:28 am

    The era of data being in plaintext by default is drawing to a close. The basic design of CCNs and SSNs — that you build an authenticator that works by disclosing the entire credential — has that problem in spades. EMV goes some distance to solving this by creating a dynamic authenticator per transaction. Even if higher level payment and auth systems move to more sophisticated mechanisms, there are going to be a huge number of legacy systems that need to transition to storage strategies that do not assume protected channels and storage. This is why tokenization and data level encryption (enabled by format-preserving encryption) are starting to take off.

  2. February 13, 2012 at 3:35 pm

    “He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.””

    eh? this seems silly – surely if I can install key logging software on your OS, then it’s even easier to monitor content on the clipboard.

  3. john
    February 13, 2012 at 4:06 pm

    yeah the usb idea was silly and i’ve seen other commentors slam it.

    personally if i go to china, i will create a new throwaway email account, advise people to use that, log in to only that account while in china, and not log into any other account.

Comments are closed.