Across the world, and particularly in India, using a credit card to shop online has always been fraught with danger, though you’re just as likely to have your card cloned when paying a bill at a restaurant.

Visa Europe now tries to add a layer of security for all those who are paranoid / terrified about using their credit card for online purchases. They have announced the commercial launch of their new credit card which features an inbuilt 12 button keypad, a battery designed to last three years and an alphanumeric digital display which generates ever-changing unique passwords each time you use the card.

Called Visa CodeSure, it  is designed to work on any Visa debit, credit, prepaid or commercial card and has been approved for use in the following services:

• PIN generated one-time-passcode for Verified by Visa payments at participating merchants globally – without changes to merchant software or cardholders having to register and remember passwords
• PIN-generated one-time passcode for online banking access
• PIN-generated one-time passcode for telephone banking services
• Transaction signing for online banking services, using specific elements such as Account Reference Number or amount of transaction
• Access to third party services such as corporate virtual private networks (VPN) for commercial card users, or frequent flyer programmes and other online services.

The process of validating the transaction is done in three simple steps:

1. When shopping online or logging in to an online banking service, the cardholder activates the authentication process by pressing the “Verified by Visa” option button on the card’s keypad
2. When prompted the consumer inputs their PIN into the keypad embedded in the card
3. A unique one-time-passcode appears on the card’s display, which is then used by the cardholder to authenticate a normal Verified by Visa transaction.

I have been an HSBC cardholder for some time now and a few years ago, they had sent me a “security device”, which did something similar, by generating a unique set of digits each time I transacted online or even logged in to my HSBC account. Eventually, once the novelty wore off, it became a pain to carry around and since I rarely use my HSBC card anyway, the device is probably lying in a forgotten nook somewhere.

Likewise, HDFC Bank has something called Netsafe. You need to create an account and then each time you want to transact online, the system generates a virtual card number. You are then prompted to link this virtual card with either your credit card or bank account, for making payment to the merchant site. I tried it a couple of times, but there were too many hassles at the time, especially on Amazon, where I ended up using my American Express card. Haven’t used Netsafe recently though.

This new card from Visa promises much, but I can’t escape the feeling that no matter what levels of security are introduced, it will only be a matter of time before some hacker cracks that system too.

Till then, happy and safe transacting online!

Related Posts:

• Smart Credit Gold Overdraft from StanChart
• Credit card scam at Hotel Le Meridien Pune
• Visa to offer $406 million Class A shares at $37-$42 each
• Actor Amol Palekar victim of credit card fraud
• A credit card defaulter without a credit card !!

It wasn’t a very pleasant feeling to log in to the blogosphere and twittersphere to find that WordPress was under attack.

To be more precise, all blogs running self-hosted WordPress that weren’t up to date were facing a threat from hackers. The latest version is 2.8.4 and for your own sake, it is better you upgrade right away! Apparently, the attack has not affected blogs hosted on wordpress.com.

Basically, the worm seeks to exploit holes in previous versions by taking control of admin accounts and also compromising the database integrity. A couple of ways to know if your blog has been hit;

a) You will notice some weird strings added to your permalinks, like xyz.com/title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The danger words here are “eval” and “base64_decode.”

b) Another way to confirm this is via the site users panel, where a hidden admin account will have been created.

Recovering from an attack will be an extremely painful process, including but not limited to firstly cleaning the content, exporting it, uninstalling & reinstalling WordPress and then importing the content after ensuring there is no malicious code in it.

As Matt explains in his post on How to Keep WordPress Secure, upgrading is like taking your vitamins, fixing a hack is open heart surgery , so upgrade NOW !!

Related Posts:

• WordPress 3.0 is here
• Google’s Pac-Man logo marks a return to blogging
• Amazon Associates integrates with Blogger
• WordPress 2.6 released
• WordPress releases Version 2.5.1

Logged into my HDFC Netbanking account and saw some changes there.

Firstly, the earlier login screen has now been replaced by one where you first enter only your Customer Id. Once the bank verifies that, you are allowed to enter the password at the next screen.

Once you fill in your customer id and password, you are then greeted by a message informing you of HDFC Bank’s new Secure Access policy according to which you are now required to register if you wish to avail of:

• Transfer from one HDFC Bank account to other HDFC Bank account holders (under distinct customer ID)
• Transfer from HDFC Bank account to any other Bank’s account (also known as RTGS & NEFT)
• Visa Money Transfer
• Third Party Demand Draft through NetBanking

This is a one time registration process and to do so, you will need to

• Personalise an image
• Personalise text
• Answer 5 questions
• Share two contact numbers

Initially, I thought this was going to be a long process, but it was quite painless and was wrapped up within 5 minutes.

Most banks now allow you to use a virtual keyboard to enter the password. Banks like HSBC send you a hardware device that generates a random code whenever you press a button on it. You then input that code when prompted during your netbanking session.

All for the better, no doubt, however, what defeats all this is the lack of common sense shown by people who continue to visit phishing sites like moths to a flame !!

Related Posts:

• Respite for PayPal customers in India
• PayPal nukes users in India
• Visa CodeSure-security for your credit card
• Playing with Google’s bag of tricks
• Death By Twitter

The annual DefCon gathering of hackers has brought to light the fact that Google Gadgets can be hacked. These nifty little gadgets have become quite popular with people personalising their ”iGoogle” home pages using them to keep track of the time, stock prices, the weather, currency converters, news, task lists et al.

SecTheory CEO Robert Hansen aka RSnake said, “I could force you to download child porn or send subversive material to China. The exploitation is almost limitless. Google has to fix it. We pretty much break into anything we try.”

He also said Gmail users faced dangers from the same security glitch, and that they’d been telling Google about these vulnerabilities for years, but they were not patched yet.

Related Posts:

• Playing with Google’s bag of tricks
• Check your Gmail offline now
• Sending SMS from Gmail, almost there
• Google Mail Goggles – Saviour for drunkards on Gmail
• View all unread mail in your Gmail inbox

All the hype and hoopla surrounding the launch of Firefox 3 has hardly subsided, and there is already a security glitch. Firefox 3 was downloaded 8.3 million times within 24 hours of it’s release, a yet to be verified world record.

Tipping Point, in it’s Zero Day Initiative upcoming advisory, have discovered the very first critical vulnerability in Firefox 3 within five hours of the browser’s release, and have rated it as ‘High Severity’. The flaw is not disclosed publicly allowing the vendor, Mozilla in this case, to patch it.

Mozilla acknowledged the flaw, saying it wasn’t public so the threat was minimal and that they were working to find a fix to the problem.

Related Posts:

• Firefox 3: Download Day is here
• Playing with Google’s bag of tricks
• Death By Twitter
• WordPress 3.0 is here
• Google’s Pac-Man logo marks a return to blogging

If you’ve ever been in a situation where you lost / misplaced your laptop and despaired of ever getting it back again, you’d wish you had installed Locate Laptop on it.  

Ok, so what is Locate Laptop?

Well, it is a system brought out by Unistal Systems, a provider of data care, data recovery, anti-virus and Internet security products.

What does it do and how does it work?

Once installed on a laptop, it resides and operates in stealth mode, silently transfering critical stuff to their servers. If you think your laptop has been stolen, you can login to this site’s Personal Tracking and Monitoring Page to view and trace where your laptop has been accessed from.

You then need to confirm that it is indeed a theft by reporting it to Unistal’s emergency response team, who activate Locate Laptop’s WebSniff technology and sounds an alert as soon as the offender connects to the internet. The City and IP address are informed to the user. It keeps tracking all the locations whenever the offender connects to the internet, so you need to hope and pray that the cops in your city are cyber savvy enough to see this trail and nab the culprit.

How much does it cost ?

$75 (Rs.3,000), which doesn’t seem quite a lot.

What if I still can’t get my laptop back?

Unistal has a money back guarantee ONLY for Indian customers, offering 5 times the cost of this system, in case the laptop cannot be traced, and subject to proper FIR submission !! No wonder, these chaps know the Indian criminal system well enough ! So good luck with the FIR, and if that goes well, what you get back in this case is Rs.15,000 (in all probability, less than half the price of a your laptop, not to mention your data which is gone forever).

I’d prefer to wait a bit, though, before I go rushing out to buy this. How about you ?

You may also like to read:

• Ramalinga Raju admits to massive fraud, quits Satyam
• Mystery Shoppers have a field day..
• How long should a password be?
• Graziano Indian CEO beaten to death by dismissed employees
• Test drove the i10 Kappa, Paul Newman dies, Ferrari screws up at Singapore

Related Posts:

• How to quickly charge your mobile or iPod
• Weekend blues – My iPod also acts up
• Stay with us, get an iPod free
• Apple sells 100 million iPods

Related Posts:

• WordPress Hack Attack – Is your blog safe?

With the advance in technology over the years, access to information has become quite easy, and confidential data can now be accessed in a matter of minutes with a few clicks. There is an increasing reliance on everything being available “online”, whether it is netbanking, credit card information, investments et al.

It is not surprising to see in the increase of “phishing” sites that have mushroomed lately, and banks have been under a lot of pressure to educate their customers about which sites and links NOT to visit.

Almost a decade ago, there was an interesting movie called, quite appropriately, “The Net“, in which the character played by Sandra Bullock becomes a victim when her identity is switched.

You may also like to read:

• Shillong guitar fiesta aims to enter Guinness Book
• Satyam to list in Europe
• PPF – A safe option in troubled times
• Daiichi's open offer for Ranbaxy
• Was Dhoni correct in playing for a draw?

Related Posts:

• Apple’s Steve Jobs is CEO of the decade
• iPhone finally hits India, should you buy?
• iPhone finally debuts in India, 14 yr old among first buyers
• Airtel, Vodafone to launch iPhone on Aug 22
• Pre-register your iPhone with Vodafone