Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security - Payments - iPhones

Nothing is 100% secure. Credit card data can be stolen. Pickpockets can take your cash. Contactless pay systems like Apple Pay are more secure than any other payment method.

The only down side is that so few merchants take it. Hopefully, this will change.
 
  • Like
Reactions: SD-B and Applejuiced
I used the wrong terminology. Sorry, I do banking online. I meant shopping in China, etc, online BY cell phone. Thats where i am reluctant.

No issues on my computer
 
baypharm said:
You are doing everything you are supposed to do on your end to maintain security. One of the most basic as you point out is deleting cookies, cache files, and brouser history and logging out of web sites after using them. Everyone should be doing this. I never access any banking or credit card sites while on public WIFI. Too many sniffers out there drinking coffee next to me masquerading as an innocent student while gathering passwords. It is bad enough while on cellular with so many quasi cell towers in use in the U.S now. In my example above, we showed our contract client how easily a fingerprint file could be used for prescribing, ordering, and administering medication to a patient while in a hospital setting. This fingerprint "file" was obtained from a supposedly protected server.

With so many companies requiring criminal background checks on its applicants and existing employees, the future of fingerprint exploitation is surely to explode. As more companies require fingerprint checks through the FBI database, more and more fingerprint files will be gathered. When you submit to a background check your prints are not destroyed regardless of the outcome of the employment offer. A few years ago every employee of the U.S Government (including those who ever applied for employment) had their fingerprints stolen. To date no one knows who or what was behind this massive breach. Whoever was behind it is not your typical high school dropout corner store thief or bank robber with a gun. Today's criminal is ultra sophisticated, very smart, and most of all very patient. Some people may ask what is the perceived value of having millions of fingerprint files and other personal data - we don't really know at this juncture. We're still in the infancy of this technological breakthrough.

Another practice that should be avoided is the use of a remote control device to lock and unlock your car door while in a heavily populated area. There are BT devices readily available that can capture the signal and create a file so that a thief could later access the vehicle for clandestine purposes. Ok my lunch break is over now. Back to the grind.
Click to expand...

I know very little about all this stuff, so your post raised a lot of questions for me:

Deleting cookies: Cookies are useful. Are you advocating deleting them all? Or just those for financial sites?

Public wi-fi: I thought that with SSL encryption, the encryption happens on the computer by public-key cryptography, so that intercepted communication could not be decrypted by existing computers. What am I missing? (I don't access financial sites from public wi-fi, but I thought I was just being paranoid.)

I'm not too worried about the fingerprint thing because underneath it all, the bank eats the loss if someone uses my card fraudulently. And I figure ApplePay on the phone (at the few places that accept it) is safer than using the card, and I'm not paranoid enough to quit using my card and go back to cash.

As for remote car-door openers, I know that my car uses rolling codes, which are so hard to crack that it would be easier to use a flatbed truck to steal the car than to hack the code. Locks don't prevent theft. A good lock just makes it hard enough that the thief will steal someone else's car instead.
 
  • Like
Reactions: Applejuiced
daniel1948 said:
Deleting cookies: Cookies are useful. Are you advocating deleting them all? Or just those for financial sites?
Click to expand...

For what it's worth: ( i hope I have this right )

One of the problems we had at an online site in China was with those that did not log out after viewing and deleting cookies.
Those whose accounts had GCs or goods diverted to Russia had likely clicked on either a email, blog, somewhere that had led customers to this particular chinese site or so it was assumed.
But the bloggers, etc for the most part are legitimate emails.

By clicking on a suspected link to that site, it was determined that hackers intercepted cookies which contain passwords, etc and were then able to enter the site and whip through, choose those that had GCs in their accounts, or orders just about to ship and change the address to various Russian addresses.

The morning we first heard people talking of having had this happen to them, I had been browsing a competitor's site hours earlier. For some reason, it had gone offline voluntarily for 8 hours. Unheard of and then offered customers 10% for the next 24 hours. I would guess that they had been hit as well.
It went on for a couple of weeks, here and there with odd customers.

Personally, I always sign out of such sites, banks, online shopping, etc and delete cookies at such sites.

I always run 1Password and each time sign in using it.
 
I just used Apple Pay for the first time yesterday. It was really cool. The young lady at the registered was surprised. She had no idea what Apple Pay was, or that it was possible to pay just by holding one's phone over the reader. Apple Pay is still pretty new here in Canada, and neither the banks nor Apple have done much to promote it.
 
SD-B said:
For what it's worth: ( i hope I have this right )

One of the problems we had at an online site in China was with those that did not log out after viewing and deleting cookies.
Those whose accounts had GCs or goods diverted to Russia had likely clicked on either a email, blog, somewhere that had led customers to this particular chinese site or so it was assumed.
But the bloggers, etc for the most part are legitimate emails.

By clicking on a suspected link to that site, it was determined that hackers intercepted cookies which contain passwords, etc and were then able to enter the site and whip through, choose those that had GCs in their accounts, or orders just about to ship and change the address to various Russian addresses.

The morning we first heard people talking of having had this happen to them, I had been browsing a competitor's site hours earlier. For some reason, it had gone offline voluntarily for 8 hours. Unheard of and then offered customers 10% for the next 24 hours. I would guess that they had been hit as well.
It went on for a couple of weeks, here and there with odd customers.

Personally, I always sign out of such sites, banks, online shopping, etc and delete cookies at such sites.

I always run 1Password and each time sign in using it.
Click to expand...

It sounds as though the problems you refer to were from clicking on malicious links. I don't click on links I'm not certain about. Even if I'm confident an email is legitimate, I don't click on the links. I go directly to the site instead.
 
  • Like
Reactions: Applejuiced and kdarling
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back