NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Researchers fault 3-D Secure (3DS) online credit

>Message: 4

>Date: Thu, 28 Jan 2010 12:43:41 -0800

>From: Lauren Weinstein <lauren@vortex.com>

>Subject: [ NNSquad ] Researchers fault 3-D Secure (3DS) online credit

>     card  system

>I have never been a fan of birthday-based and "secret-question"-based systems.  Birthday data is widely available, and many "secret"

>questions tend to have answers that are more widely available than one might think.

 

>I usually suggest that when there's a concern, secret questions should be answered with anything memorable other than the "real" answer.  After all, is it really necessary >to tell your bank that your first dog's name was:

>Disturbingly, when I suggest this approach, the response I often get is, "You mean I really don't have to enter the real answer?"

 

>--Lauren--

 

I attended an all day session on privacy and data ( http://informationpolicy.iu.edu/dataprivacyday/ ) security here at Indiana University yesterday, hosted by the VP for the area, the chief policy officer, chief security officers, and most of their minions. Even had dinner afterwards with a group of eight, including the policy officer and one of my favorite university lawyers. IU is trying to emphasize and educate on privacy issues, and deserve a lot of credit for doing so.

 

One of the presentations was on Facebook and similar social networking sites, and how to approach management of settings to control exposure of your personal information, and the importance of understanding the consequences of what choosing you expose, with the usual examples of pictures people regret are now on the Internet forever, especially in a world where not only employers but now banks check you out online when you apply for jobs or credit.

 

A member of the audience asked what they should do when asked to enter their birthday during the registration process! When I raised my hand to answer his question, and informed him he should LIE, it was a shock to him. It apparently had never occurred to him.

 

I have a Facebook account I set up so I could check out other sites, especially ones that spring up related to my place of business (trust me, it happens. When coaches change, sometimes with hours.). But on Facebook I am a 90 year old Black Woman with a zip code in the middle of the Okefenokee swamp in Georgia, and the name of a daughter of a corrupt Renaissance pope.

 

It never occurred to me NOT to lie in this case.

 

Ron.

 

Ronald D. Edge

Director of Information Services

Indiana University Athletics

1001 East 17th St  Bloomington , IN 47408

812-855-9010  edge@indiana.edu

http://iuhoosiers.com

 

"You've got to be very careful if you don't know where you are going,

because you might not get there."

 “When you come to the fork in the road, take it”

--Yogi Berra