Just over the last two months I’ve noticed a couple of security technical issues that may not have been completely worked out or thought about. I wanted to get them down somewhere so I could share the knowledge and maybe come back to them later.
2FA at 30,000 Feet
I recently flew to Minnesota with Erin and Sarah to visit family. On the way I wanted to give the airplane internet a try. It was miserable but that’s not what I want to talk about.
To pay, you have the option of using a credit card easy or PayPal. I really don’t like to use my credit card for small purchases because I’d like to reduce the amount of places that number exists. I tried to pay with PayPal instead but I have set up my PayPal account to require a second factor of authentication, a text message, before approving a charge.
Unfortunately that comes through the cellular modem, not WiFi, which I don’t have miles above earth. Even if I were to request it via email which can use WiFi, I do not have access until I pay. There’s a hole in this bucket…
I resigned and paid with a credit card which I immediately regretted because the connection was a painful 20 kbps. This meant I could browse a message board that was mostly text.
Flash is Required for Secure Access
Visa, via Bank of America, offers a service that provides a temporary credit card number with a fixed expiration date and limit that you can use for anything. If I do need to make a small purchase and credit card is the only option, I go to the Bank of America website, generate a credit card number with the dollar amount in my shopping card, and use it just as I would my normal card.
This saves my credit card number from a poorly guarded database. The limit is whatever I set. I recently bought a ticket to see Shin Godzilla at a local theater. The only payment option was credit so I used a temporary number with a $6.75 limit. It’s a good service.
Hilariously, through the Bank of America website, the service requires Flash be installed on the browser. Flash is one of the least secure, most attacked piles of code in existence. I strongly recommend people stop using it, uninstall, block, or otherwise resist using Flash as much as possible.
Flash is fully disabled on my personal computer for security reasons. My solution? I use a virtual machine with Flash installed. This is a headache that will be remedied in time. It just seems silly.