Security Gotchas

Just over the last two months I’ve noticed a couple of security technical issues that may not have been completely worked out or thought about.  I wanted to get them down somewhere so I could share the knowledge and maybe come back to them later.

2FA at 30,000 Feet

I recently flew to Minnesota with Erin and Sarah to visit family.  On the way I wanted to give the airplane internet a try.  It was miserable but that’s not what I want to talk about.

To pay, you have the option of using a credit card easy or PayPal.  I really don’t like to use my credit card for small purchases because I’d like to reduce the amount of places that number exists.  I tried to pay with PayPal instead but I have set up my PayPal account to require a second factor of authentication, a text message, before approving a charge.

Unfortunately that comes through the cellular modem, not WiFi, which I don’t have miles above earth.  Even if I were to request it via email which can use WiFi, I do not have access until I pay.  There’s a hole in this bucket…

I resigned and paid with a credit card which I immediately regretted because the connection was a painful 20 kbps.  This meant I could browse a message board that was mostly text.

Flash is Required for Secure Access

Visa, via Bank of America, offers a service that provides a temporary credit card number with a fixed expiration date and limit that you can use for anything.  If I do need to make a small purchase and credit card is the only option, I go to the Bank of America website, generate a credit card number with the dollar amount in my shopping card, and use it just as I would my normal card.

This saves my credit card number from a poorly guarded database.  The limit is whatever I set.  I recently bought a ticket to see Shin Godzilla at a local theater.  The only payment option was credit so I used a temporary number with a $6.75 limit.  It’s a good service.

Hilariously, through the Bank of America website, the service requires Flash be installed on the browser.  Flash is one of the least secure, most attacked piles of code in existence.  I strongly recommend people stop using it, uninstall, block, or otherwise resist using Flash as much as possible.

Flash is fully disabled on my personal computer for security reasons.  My solution?  I use a virtual machine with Flash installed.  This is a headache that will be remedied in time.  It just seems silly.

Adblock Plus For Sale

I’ve talked before in my big security blog post about the dangers and shortcomings of ad blocking software.  Guess what?  The biggest player in the game which you may have running on your computer right now, Adblock Plus, is now selling acceptable ads.

Yep.  Highest bidder can walk through the doors.

Fabulous.  Great job.  This is like when the store Just Tires started carrying more than tires.  Their slogan is now “There’s more to just tires than just tires.”

Adblock Plus, “We don’t block ads.”

So what do you do?  Stop using it and start with the hosts file.  It’s not for sale, free, safe, and arguably the best way to stop ads.

You can use both if you are scared of change.  Use Adblock Plus and hosts.

Toddler Video Game

I’ve never understood where the game Goat Simulator fits into the world of games.  It’s a pretty stupid game overall but it is a game that I can enjoy with my two-year-old daughter.  She screams and laughs as the animals bound through the city, causing havoc. This is a giraffe (a.k.a. “Tall Goat”).

Here’s a sample:

She loves goats.

I don’t have a video of her screaming and laughing.