Podcast: Play in new window | Embed
Tech News and Commentary
Dave and the team discuss IFA 2021 being cancelled, Google I/O news including the new Android 12, smart canvas, the new WearOS, AT&T merging Warner Media with Discovery, and more.
Debbi calling in via the AskDave button at IntoTomorrow.com”I have a question about determining whether a website is safe to put my credit card information on. I use a – I think they call them an MVNO – one of those cheaper phone plans. And I gave them my credit card and in a few weeks, my credit card was hacked and I had to get a new card. Then I found out that that particular company was not being responsible and had leaked the information on peoples’ credit cards out. Is there a way to tell in the future, if I go to put my information in, if it’s going to be safe?”
Debbi, there are two parts to this: the technology and internal security practices. And for the benefit of our other listeners who may not know, MVNO stands for Mobile Virtual Network Operator. These are companies that basically piggyback on another cell network. These would be the low-cost cell services – carriers like Tracfone, Boost Mobile, Consumer Cellular and many others.
You can check to see if theyre using the technology that allows your credit card information to travel securely in a properly encrypted connection by checking your browsers address bar when youre on the page in which you need to enter your information. If theres a little padlock there and an https address, thats your browsers way of telling you that the website is using an SSL certificate and the information you enter in there can be securely transferred.
The other side of that is the internal security practices of the company and the truth is you cant really know what theyre doing for sure.
There have been plenty of recent cases of big names doing really unsafe and careless things.
Parler famously had millions of profiles content downloaded because incredibly enough they didnt randomize their user IDs, so just incrementing the user ID by 1 allowed anyone with basic programming skills to programmatically download the contents of the next profile and keep the chain going until they reached the last user in the database.
Facebooks default security settings are so poor that default profiles can be scraped by anyone, something they want to convince us is normal. Its not normal, its just the result of their own poor business practices. They sell your information and youre more likely to use their service if you can be creepy and read up on another users profile before you friend them, its a choice to share as much as they do.
If the MVNO you used happened to not sanitize inputs on the page, or otherwise opened themselves up to attacks, their database may have been accessed by someone else and youd really have no way to know that was a possibility before you signed up without running penetration tests on the page (which you cant really do without consent since youd be considered to be trying to hack their page and could get into trouble yourself).
The best way to avoid issues with virtual number providers is really to just go with a big enough name that theyd be afraid of the poor advertising and hopefully would be inclined to follow industry standards when it comes to securing your data.
Pam in Big Lake, Alaska listens on AM700 KBYR and called in to wish Dave well: “I don’t have a question. I hope you are well after they do the surgery to remove the problem with your vocal cords. I’ll keep you in my thoughts and prayers, sir.”
Thank you, Pam!
When you participate on the show – anytime 24/7 – and we HEAR you with any consumer tech question, comment, help for another listener, tech rage or just share your favorite App these days … you could win prizes.
BenjiLock: Fingerprint Bike Lock – secure your bike with just a finger
ROCCAT: Elo 7.1 Air – Wireless Surround Sound Gaming Headset
Tivic Health: ClearUP microcurrent device to relieve congestion from colds, flu and allergies
Razer: Kiyo Webcam with built-in adjustable ring light
Elepho: Infrared Ear & Forehead Thermometers
All CALLERS — using the AUDIO option on our Free App or 1-800-899-INTO(4686) – automatically qualify to win prizes.
Audio archived for at least 6 months