Since none of us use cash anymore (except for that one guy in accounting), often your PIN code is the only thing standing between a would-be thief and the piles of treasure you have stashed in your checking account.
Actually, the card plus PIN number is a reasonably good, if simple, implementation of the “something you have” plus “something you know” principle of security. Neither the card nor the PIN number is much good without the other. (We’re ignoring the fact that most debit cards can also be processed as credit cards for the moment.)
Obviously, hanging on to the card itself is a good start, so that covers the “something you have” side of the equation. But sleight of hand, accidental drops, and old-fashioned purse-snatching still happen today.
So that leaves us with the “something you know” piece: your PIN.
Why Be Concerned About Infrared PIN Theft?
Being a security-minded person, I’m sure you’re already in the habit of covering your fingers when entering PIN numbers. After all, it takes only a tiny bit of effort, and it prevents cameras and sneaky eyes from catching what you’re entering, right?
But what about heat?
You did know your fingers transferred heat to those keys, right?
And since heat dissipates at a linear rate, the heat signature reveals not just which keys got pressed, but also the order in which they were pressed!
But that’s not really a problem, right? After all, who has equipment that can detect heat?
Until recently, the ability to walk up to a PIN pad and detect which buttons had just been pressed required an expensive (and bulky!) infrared camera that would pick up the heat signature left by your fingers.
But with the advent of relatively inexpensive ($349) iPhone attachments, infrared smartphone camera technology is easily within reach of a ne’er-do-well… especially since they might recoup that much or more in just one ATM transaction. But even for one who’s looking for something less expensive (or who uses an Android device instead of an iPhone), there’s this Kickstarter project, or even a tutorial on how to build one with an old floppy disk! (…for the Macgyver types, evidently).
In other words: stealing your PIN even up to 1 minute after you enter it is pretty easy these days.
So What’s the Solution?
It’s pretty simple, really. Just touch your fingers to several buttons and hold them there while you’re entering your PIN.
Heat multiple buttons up, obfuscate the ones you pressed.
Not so sure about all of this? Mark Rober made this video to demonstrate:
Oh yeah… and don’t use PINs that are easy to guess!
Yesterday, my brother sent me a link to this video (posted below). It features some analysis and commentary on the Olympics that you might actually find startling.
What do you think? Are the Olympics in fact:
shameless exploitation of athletes?
a justification for child labor and even abuse?
an enormous boondoggle of corruption that lines the pockets of the well-connected and powerful?
an irrational exercise in tribalism?
Share your thoughts in the comments below.
Admittedly, I’m just becoming aware of Stefan Molyneux, the creator of this video content. So it would be too much to treat my posting of this video as an endorsement. But he’s incredibly thought-provoking, and perhaps impossible to ignore.
A recent piece in The Economist (which included the above graphic) got me thinking about just how Google pulled off such a massive global coup in the world of desktop web browsers.
After all, the choice of what web browser to use has long been a deeply personal one.
And when I say “long,” I’m going back to when we had to decide between the original Netscape (c. 1994) and AOL’s crappy browser (lovingly referred to as “Nyetscape”). Microsoft wasn’t a serious player in this fight—although they began rolling out Internet Explorer with Windows 95—until they forced it on the world with service packs and ultimately integrated it into Windows 98 (because it was necessary, of course!).
Let’s not forget that in those days Apple was in the toilet and a workable Linux operating system for home use—even geek home use—was many years away. So, for all intents and purposes, Microsoft completely controlled the operating systems of, well, all of us. Thus, they had a bit of an advantage when it came to providing the world’s default web browser.
And that’s exactly what Internet Explorer (“IE”) became… the world’s default web browser. Despite its security flaws, vulnerabilities and overall user experience, IE’s dominance was unshaken for many, many years.
We could discuss why this was true for so long, but at the end of the day, I believe it all comes down to “friction.”
Very simply, IE came bundled with Windows. Installing a new browser meant going out of your way to a different website, selecting the right download, finding the download on your computer and running it. Then… it meant changing your habits. Instead of looking for the little blue “E,” you had to find the icon for whatever new browser you installed… and then there was the matter of default websites, bookmarks/favorites, etc. For an average user, this represented a fair amount of pain (geeks did all of this a long time ago… more on that later), and was more than most would prefer to deal with.
Along Came Google
Ultimately, it was all the “friction” that Google solved. After all, they’re a default of their own… when it comes to search. By placing a simple little button on their famously stark and simple search page, they provided many with the opportunity to experience the web with a better browser.
Now don’t get me wrong… Google had to also build a great browser. And they did. Chrome was lightweight and elegant (and still is, for the most part).
But the more important factor was that it was easy.
Google built an installer that ran right inside IE and eliminated most of the steps required that might have represented some degree of pain for the average user. In fact, I would argue that a direct correlation could be drawn between the improvements made to that installation process and the spread of Google Chrome.
And Google continues to innovate. Borrowing a page from the Mozilla playbook, they’ve created a marketplace for developers to contribute extensions that add features and functions to their browser, and they constantly look for ways to remove friction from processes—especially when they can carve a “path of least resistance” that leads to their own door.
Their latest innovation with Chrome involves streaming content from your browser to your television via WiFi. All it requires is the Google Chromecast, a simple device that connects to the HDMI port of your television and connects to your wireless network. The device is officially priced at only $35, but when it sold out in less than 2 days, it began selling for double and nearly triple that in no time.
In short, it’s the simplest and easiest way to enjoy internet-based content on your TV. Picture yourself sitting on the couch or laying in bed… you stumble across an interesting YouTube video on your smartphone, but you don’t want to be forced to watch it on that small screen… simply press a button and “Presto!” — it’s playing on your TV instead.
And the Chromecast isn’t limited to YouTube. All sorts of content can be sent to your TV. I believe it’s truly a game-changer… and it continues the tradition of eliminating friction.
What Does Your Choice of Browser Say About You?
As a quick sidebar, most of the geeks of the world jumped off the IE train just as soon as Firefox became a real alternative (for me, that was about 10 years ago). Firefox was much safer, and Mozilla had grown a community that fostered innovation (remember when “tabbed browsing” was new?). Overall, it was much less painful.
Other browsers began to pop up… Apple gained decent market share in the desktop and laptop space, increasing the presence of its Safari browser. More and more people realized just how bad IE really was… and somewhere along the line, your choice of web browser began to really say somethingabout you.
Where web browsing will go in the future is anybody’s guess. For now, Chrome is the browser of choice for geeks and non-geeks alike. And we appear to be one step closer to Google’s takeover of the known world. Resistance, apparently, is futile.
Recently, I’ve become starkly aware of how demanding our culture has become. One day last week, within the span of a just a few short minutes, I was randomly assaulted by literally dozens of phone calls and text messages.
I will certainly admit that that exact scenario is very uncommon. But since I was desperately trying to get something accomplished at the time, and since some of those texts and phone calls were from people who had made repeated attempts at reaching me already, I became particularly frustrated. (Let’s just say it’s a good thing there weren’t any sledgehammers, ponds or toilets close by… because my phone might not have survived.)
This isn’t to mention the daily onslaught of emails, Facebook messages, Twitter DMs, instant messages and face-to-face interruptions that bombard so many of us today.
In my business, large uninterrupted blocks of time are required to produce the kind of output it takes for our work to get done. I’m increasingly cognizant of the fact that this doesn’t mix well with a culture that expects a response within a matter of seconds, minutes or hours from any given interaction. It’s forcing me to recognize that two of my most valuable assets—time and attention—require bigger and better defense systems today.
Today, a group of techies took over G.WIZ as part of the weekend event known as BarCamp Sarasota. I had the opportunity to be a part of this special Occupy Sarasota: Techies Take Over G.WIZ event with a twist — not to be confused with any other “occupy” events taking place around town today.
If you missed today, there’s still time to make it tomorrow for the 2nd Day of BarCamp. Here’s where to learn more.
Okay, I haven’t actually verified that it was made by a consulting firm. But that’s beside the point. Give a consultant a chance to play with a script, sets, a cast, and some nifty cameras and video editing equipment, and this is what we’d create:
And for all you consultants and other providers of professional services who’ve been in this situation–you know who you are–I know you enjoyed this as much as I did.