Daily Dose of Common Sense

Debit cards are increasingly popular, and for good reason. It’s the convenience of plastic without the temptation to spend money you don’t really have.

But should you sign or enter your PIN? Although I’m a technologist, I’ll be the first to admit it’s just as much, if not more, of a business issue.

Thankfully both types of concerns land on the side of, in my opinion, only using your PIN when you withdraw cash from an ATM (and make sure it’s a legit ATM at that!).

On the business side, most card issuers offer better fraud protection if you sign for a debit purchase than if you use your PIN. This is at least partly due to the fact that when you sign, the transaction gets processed by the MasterCard or VISA networks, and at minimum you get the fraud protection offered by them. You should check with your card issuer to get the details.

The credit card networks used when you sign also offer better fraud detection, as they can analyze the data from many card issuers.

On the technology side, it’s a question of the risk to your PIN and the impact if it gets compromised. ATMs, especially the major brands like NCR and Diebold used by the big banks, are built with security in mind. The keypad module has built-in encryption and its tamper-proof, for instance.

Other equipment where you use your card and enter your PIN is unlikely to be as secure. Even if it is, a clever person can skim your card in the blink of an eye and have a surreptitious camera recording your PIN.

Once they have your PIN in addition to your card #, they can create a fake card and then carry out the less consumer-protected PIN transactions instead of just being limited to signature transactions if they didn’t have your PIN.

Depending on your bank and what other info they have, they might even be able to access your account(s) through your bank’s web site because they have your PIN as well.

If all that isn’t enough to convince you, consider this: more and more, banks are enrolling their debit card customers in rewards programs similar to the ones offered for credit cards, but you only get rewards for signature transactions.

More protection and free stuff. Sounds like a winning combination to me.

Photo

Netflix may be a great service but I’ll never subscribe. The reason? Pop-under ads. If you are a web surfer, you’ve seen these ads come up and then disappear quickly as you visit various sites. Then, as you’re closing windows, there’s a stupid Netflix ad taking up space.

I know you can block them with a pop-up blocker, but that doesn’t work all of the time. For some sneaky reason, the pop-under ads sometimes get around it.

If you’re fed up like me, here are a few sites that can help: How to Block Netflix Popup in Firefox, How Can I Get Rid of Netflix Popups?, Netflix Pop-ups in IE8.

Netflix should STOP advertising like this. It doesn’t win them any friends, only enemies.

Photo

They say that in real-estate, location is (at least almost) everything. The same can be said about the files on your computer. To put the issue in a more metaphysical light, if you don’t bother to know where you put something, how can you expect to find it?

When PCs first became available, the concept of location was easy for most users to understand, as there was usually a floppy disk involved, with (theoretically, at least) a label on it. Location was tangible, physical.

Now, we use increasingly large hard drives where we can create a virtually limitless collection of “nested” (one inside the other) folders to store our files in.

Just as it was incumbent on us to label and organize our storage when it was in small physical containers like floppies, it’s even more important to do so now, at least if we want to find our stuff.

When someone can’t locate a file and they ask me for help, nine times out of ten their answer to the question “Where did you put it?” is either “Huh?” or “I don’t know.”

Here’s one common scenario: Someone gets an email attachment and they open it (usually by double-clicking) without saving it in a known location first. They make some edits, then something goes wrong. The power goes out, the computer hangs, the reply email with the edited file doesn’t get sent or saved, etc. Poof…gone.

The way to avoid heartache like this is to NEVER open a file from an external source (email, a web site or application, etc.) without saving it to a location of your choosing first. It usually just takes one extra click (choose Save instead of Open, for instance) to make sure that you know where the file is being saved instead of just relying on the default setting of whichever program you are using.

I’ll end with an example of how crazy it is to do anything else. If you handed a clerk a piece of paper and said “Just file it anywhere,” would you ever expect to find it again?

Photo

The Consumerist has a funny tale of someone who tested an iPad at Best Buy, checked his email, and walked away while still logged in to his mail account. Lucky for him, the next person was a good samaritan and, instead of causing havoc, just logged out for the unknown person.

The good samaritan sent a pretty funny email to the person, and cc:d The Consumerist:

You decided to try out an iPad at your local best buy. But guess what? You logged into the mail app on a publicly used test product and didn’t log out?!?!?!?

This time a good citizen has decided to alert you of your mistake. I will also be kind and log you out Be aware and use some common sense the next time.

If you have the opportunity to test a wireless device in a store, go ahead and check your email. Just remember to LOG OUT when you’re done. That is, unless, for some reason, you want strangers reading your email, having access to your personal information and contacts.

Photo

Progress in technology always brings about new kinds of dangers. Crossing the street must have become a frightening experience for a fair percentage of the folks who lived through the transition from horse-drawn to motorized vehicles, but soon every 5-year old knew enough to look both ways before they cross and pay attention to traffic signals. Education and adapting your behavior are the key.

The security dangers posed by the Internet are no different. By now (hopefully) we’ve all learned not to open email attachments we weren’t expecting (even if they appear to come from friends).

But a newer and more subtle danger is deceptive web links in emails and on web sites. But, like the simple rule about looking both ways, there’s also an easy way to mitigate this danger as well.

The key is to understand that the text of a link doesn’t necessarily have to match the actual web “destination” (the technical term being a URL, Uniform Resource Locator). So, if I want to link to CNN, I can make the link text match (http://www.cnn.com/) or use some other text (CNN).

The malicious links are crafted to appear like that first link that shows the URL as the text (let’s call this a “bare link”), but the actual URL is a different site that is a fake version of the real site shown in the text. So, how can you detect this subterfuge?

Every web browser and email program has a feature that shows you the URL of a link when you hold the mouse pointer without clicking (called hovering) over the text. So, for instance, this fake bare link to Citibank can be easily detected: http://www.citibank.com/

So, anytime a bare link’s destination URL doesn’t match what looks like the URL in the text, don’t click it. It’s as simple and common-sensible as looking before you cross the street.

Photo

If you’re an avid user of social media–specifically FourSquare and Twitter–PleaseRobMe.com is a site you might want to know about. Done with a sense of humanitarianism (as in not for criminals), this site collects all the location data sent to Twitter and FourSquare and publishes it in a running stream.

For example, on PleaseRobMe.com, you’ll see posts like this:

@USERNAME left home and checked in 4 minutes ago:
I’m at The Computer Corner (99-185 Moanalua Road Suite 101, Aiea). http://4sq.com/….

@USERNAME left home and checked in less than a minute ago:
I’m at acclamation bar and grill (James street north and mulberry). http://4sq.com/….

@USERNAME left home and checked in less than a minute ago:
I’m at Costco Kawasaki (3-1-4 Ikegami Shincho, Kawasaki Ku, Kawasaki-shi, Kanagawa). http://4sq.com/….

The creators look to raise awareness about internet privacy and how the information we put out there could be used in the wrong hands. When you visit the site, you will see that most of the entries on PleaseRobMe.com are from FourSquare, a social media site that is practically a continual GPS of where you are. Which makes it kind of obvious where you aren’t.

The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home. It gets even worse if you have “friends” who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.

We did learn this week that 30% of Americans are not online either at work or at home. So, there is a small percentage of people not iFollowing your movements. But, do you want the other 70% to know your precise location?

[Via The Consumerist]

Sometimes we make it easier on the bad guys.

Many computer users prove themselves easy targets for hackers and identity thieves. First, we learn that “123456″ is the most common password in use today.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456″ as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123″ and “princess.”

Not exactly hacker-proof. Instead, pick a password of a letter and number combination that is at least six characters long.

Second, we learn that many adults put their full addresses in their social media profiles.

In one example, the study commissioned by a unit of credit reporting services firm Experian found that 14 percent of adults – and 20 percent of those age 60 and over – listed their full home addresses in their social media profiles.

Now, I’m not suggesting that putting your address online guarantees a robbery. (See our recent post “Do Thieves Read Twitter, Too?”) But, do you really want anyone, and we mean anyone, knowing where you live? Identity theft, junk mail, stalkers, past girlfriends, Jehovah’s Witnesses… you open yourself up to a variety of ways to have your personal domain invaded.

Don’t make it easy on them. Make the bad guys work harder and perhaps save yourself some aggravation down the road.

Photo

Our lives are crowded with electronic devices, and that’s mostly a good thing, as they entertain, inform and connect us. Keeping track of all of the various chargers and adapters for these devices, however, can be a huge hassle. Here’s two common sense tips that will help reduce the burden.

First, when you get a new device or adapter, get a Sharpie and write the name of the device on its charger/adapter. A black marker on a black plastic case still works, as you can see it fine if you change the viewing angle. This will prevent you from losing track of which “brick” goes with which device.

The next tip is for the car. If you prefer to have a separate adapter for the car (so that you don’t forget your cell phone charger, for instance), then just follow your usual shopping routine (with comparison shopping on the web highly recommended). But if you want to avoid paying for another adapter, a great solution is to buy what’s known as an inverter.

An inverter plugs into your car’s DC power outlet and then generates the AC power for an outlet just like you find in your home. It costs about the same as one specialized car power adapter that will only run one device, but lets you use any regular home adapter. Also, many of these inverters now feature a USB port to charge/power any device that plugs into your computer’s USB port.

If your kids, for instance, have several different portable gaming devices, you need only buy the one inverter and then you can use the home adapter that came with each device.

Keep in mind that inverters generate limited amounts of power, so don’t plug a power strip into them or otherwise try to run multiple devices off them (unless you’ve bought a larger-capacity, higher-priced truck mounted unit or similar).

Photo

Hard really is better than soft.

While trying to explain to a friend why clicking on untrusted links or attachments is bad, I came up with an analogy. It’s the equivalent of walking down the street and having some stranger hand you an opaque container filled with unknown liquid, and you discarding or ignoring your common sense and swallowing the stuff.

I don’t have a good analogy, however, for this next bit of tech advice, which is common sense for the pocket-protector set, but may seem like an arbitrary edict for anyone without a degree in computer science.

Whenever you buy a new computer, it doesn’t matter what kind it is (Windows, Mac, Linux, etc.), ALWAYS connect it to the Internet via a router (which acts as a hardware firewall).

The reason is that even if the computer is equipped with the best software firewall, when the computer is brand new, it hasn’t had a chance to download the latest security updates. Therefore, in those first tens of minutes when you are setting up the PC and getting those updates, the computer is extremely vulnerable.

In case you think I’m exaggerating, you should know that people have done studies that have found the time it takes for an un-patched (missing the latest security updates) system to get infected can be as low as four minutes.

You don’t need a fancy firewall like a corporate office may have, any cheapo home router will do. This is because the function in the router that  allows it to share the Internet connection with multiple computers also means that it blocks any connections originating from the Internet (as opposed to originating from one of the computers connected to the router).

This is not to say that you shouldn’t bother with software firewalls (whether built-in to your operating system or part of 3rd party security software). You should have a software firewall as well. Computer security experts call this kind of layering “defense in depth”. Think of the hardware firewall as the doorman or security guard in an apartment building. You still want to keep your own door locked too.

So, don’t let the hacker grinches out there ruin the experience of setting up a new computer this holiday seasons. And yes, I realize that I did come up with an analogy after all. It’s a Christmas miracle!

Photo

If you’ve heard anything about Tiger Woods’ drama the past few days (and, really, who hasn’t?), you now know that your text messages can haunt you. For example, if you’re cheating on a partner, your text messages could be used against you.

The New York Times has an article about how text messages are the “new lipstick on the collar.”

Unlike earlier eras when a dalliance might be suspected but not confirmed, nowadays text messages provide proof. Divorce lawyers say they have seen an increase in cases in the past year where a wronged spouse has offered text messages to show that a partner has strayed. The American Bar Association began offering seminars this fall for marital attorneys on how to use electronic evidence–text messages, browsing history and social networks–in proving a case.

Seriously, who is so naive as to think texts are private? Perhaps they should be. But, in our digital world, privacy can be difficult to maintain. Emails can be found after deleting them. So, even if someone isn’t peeping into your phone’s in-and-out box:

…messages can remain on the sender’s and receiver’s phones, and even if they are deleted, communications companies store them for anywhere from days to a few weeks. AT&T said that, at most, it saved text messages for 72 hours while Verizon said it saved them for 5 to 10 days.

Text away! Just be prepared to live with the consequences.