Monday, January 13, 2014

Over 110 MILLION Customer Accounts Hacked and Stolen:

TARGET Et Al. Are To Blame,
Not the magnetic strip credit card system!

• Why RFID chip credit cards are crap
• SQRL promises to be the safest alternative


Recently the US retail company Target, famous for obnoxious LGBT discriminatory statements in public, discovered that they had been so thoroughly lax in their credit card security system scrutiny that over 40 MILLION customer accounts were HACKED and STOLEN.

40 million credit card numbers stolen from Target

No, sorry, counting error! Make that 70 MILLION:

Target doubles hack attack victim estimate to 70 million, personal info stolen too

Oops, sorry. Try again! That's 110 MILLION:

Target: Hacking hit up to 110 million customers

Need I point out, this is outrageous.

Other biznizziz are now chiming in that they too, boohoo, have had all their customer data thoroughly hacked and stolen.

At least THREE other stores had credit card numbers hacked over holidays, reveal experts amid signs Target and Nieman Marcus are tip of the iceberg

And I personally expect that even LAZIER companies are going to be chiming in as well as they discover that their incredible lack of security consciousness has paid off the hackers by historical proportions. 

What a glorious time to be a crook! $s, £s, s, Yeah!

And customers are really, seriously, viscously ticked off:

Customers seeing red over Target’s hacking response


It's time for some public relations work! 

Eh? All you security oblivious, cheap, lazy, stupid bastard, disrespectful Corporations?!

Now What?

The rubbish-news for today, aka the Corporate Oligarchy propaganda spin-of-the-day, is:

We poor, sad, victimized biznizziz (Target ad nauseam) who are getting hacked-to-oblivion are not to blame. Sobbity sob. Boohoo. (;_;)


Instead, it's those horrible magnetic stripes on your credit cards that are to blame!


So let's all save the biznizz world and spare us all (and oh yeah, you customers too) this terrible embarrassment by moving over to RFID chip embedded credit cards, aka 'Smart Cards'.


Why? Because the RFID standard leaves user's (victim's) credit cards wide open to casual scanning by anyone nearby, thus rendering them even more dangerous and insecure than magnetic stripe credit cards.

Therefore: Go frack yourselves Target, et al! Go-Frack-Yourselves.

Rather than give you a long boring research dump about how incredibly AWFUL RFID chip technology remains to this day, I'm going to give you a very simple, straight forward example:

The New York State RFID Driver's License


I live in New York State. I have cousins who live in Canada. I often travel to Canada to visit them. Because of the scared-of-foreigners frame of mind of my country in the current era, it is no longer allowed for me to travel back and forth to Canada with a mere US driver's license. Instead, I have to have a passport. This has never, ever been required before. US passports are slow and expensive to obtain.

Thankfully, New York State offers the ability to embed all the passport required data into an RFID chip implanted driver's license. Therefore, I saved a lot of money and time and obtained a NYS passport data enabled driver's license. Now it is easy again to drive back and forth to Canada without having to carry around an expensive, oops I lost it, passport. I can still just use my driver's license. Excellent.

The Problem:

RFID chip technology is primitive. This is entirely typical of our current era: Extremely few people pay attention to security. Still, even today. Shocking. Unacceptable. Terrible for business, as security-ignorant Target stores have discovered.

The ramification is that the current standard state of RFID chip technology does NOT use ANY form of personal security. Zero. None. You scan the RFID chip, it tells you EVERYTHING. It's that simple. It's that idiotic. Done. You're screwed.

Some people dare say that the RFID chip has to be within a teeny/tiny distance from the scanner in order for the chip to be downloaded. And of course the response is: SO WHAT?! Anyone can walk up to you, bump into your wallet/handbag, and SCAN YOUR RFID CHIP. You've been pwned. Hacking mission accomplished. This has been consistently proven. RFID chip technology has been blasted out of the water. This is EXACTLY why the USA HAS NEVER and WILL NEVER allow RFID chips to be embedded into credit cards.

Meanwhile In New York State:

So I have this nifty driver's license that acts as a passport thanks to its RFID chip. Except, darn! I value my privacy! And so does every other New York State citizen! And we're stuck with these CRAP TECHNOLOGY RFID chips in our wallets! What to do???

New York State's solution is to wrap our driver's licenses in AFDBs: Aluminum Foil Deflector Beanies. You can read about such things here:

The source name for such a thing is the Faraday Cage. It was invented by 19th century British scientist Michael Faraday as a method of protecting an enclosed object from electromagnetic energy. Faraday is one of my heroes:

In other words: I have to keep my NYS driver's license inside an aluminum envelope, kindly provided by NYS, at all times until needed. If I don't, anyone can casually walk by me with an RFID scanner, trigger my driver's license to dump all my passport data, and walk away with my private information.

So thank you NYS for:

1) Protecting my personal information with a freely provided AFDB, and

2) Proving my point that current RFID chip technology has NO security and is TOTAL CRAP.

~ ~ ~
Therefore, a special message to Target and the rest of the security oblivious Corporate Oligarchy:

STFU and PROTECT YOUR CUSTOMERS, you cheap, lazy, stupid bastards! Crap RFID chip technology is, as you well know, just a red herring to deflect customers from the fact that you are cheap, lazy, stupid bastards!
~ ~ ~

What's better than crap RFID chip technology?


It turns out that there are A LOT of things better than crap RFID chip technology. One of my security heroes, Steve Gibson, has invented what promises to be the single best method of secure information exchange possible in our current era. It's called SQRL ('squirrel'), aka Secure Quick Reliable Login. No chips are required. Steve is offering it as open source technology. It works. In fact, it works so well that a flock of other inventors and companies have jumped on board to elaborate upon the standard and make it as usable and ubiquitous as possible, ASAP.

You can read about SQRL here:

~ ~ ~
Stay safe out there kids!
Our Corporate Oligarchy doesn't give a crap about our data security. 
Customer BEWARE!
We only have our personal identity and privacy at stake!
~ ~ ~

***Please note that the word 'biznizz' is my sarcastic term for any business that is blatantly self-destructive and customer-disrespectful. I consider it a thoroughly descriptive, useful and important term, as well as cynically humorous. I never refer to responsible, respectful, customer-driven, creative, positive capitalist businesses, such as Apple, with this sarcastic term. :-Derek


No comments:

Post a Comment