RSS Feed
Apr 12

Preventing Bad Grease Monkeys from changing your prices in eCommerce sites

Posted on Thursday, April 12, 2007 in Ajax, Ask Tim, Browsers, Do it yourself guides, Firefox Extensions, Greasemonkey, How To's, PHP, Programming, Security Tips, Self Defense, Technology News, Web Tools

Naughty Grease MonkiesI spoke with Gina Trapani on Wednesday about my concerns on this issue. The problem is that many online shops are using hidden fields in forms to pass information such as pricing, shipping, and quantity to their online checkout systems. Now I love Google Checkout for its sheer simple integration methods, but there is also an option to auto approve the payment and this concerns me. So I am writing to you today to illustrate some of the methods I have came up with which will hopefully prevent this sort of attack. Here are three ways you can circumvent this little flaw in many online stores.
(more…)

Comment (1) |
Feb 20

Sprint website reveals personal customer information

Posted on Tuesday, February 20, 2007 in Cellphone Hacks, Cellular Providers, Consumer Tips, Privacy, Security Tips, Wireless Tips

Sprint

Sprint’s website features a “Check Upgrade Eligibility” link that might reveal your personal information to anyone with your phone number and billing zip code. Simply enter your information here and see if your information has been compromised. This is just one more reason you should not use Sprint as a wireless provider.

Link

Comments (0) |
Jan 25

Security Tip: Better passwords with a CueCat (Windows)

Posted on Thursday, January 25, 2007 in Automation, Do it yourself guides, Hardware Hacks, How To's, MacGyver, Passwords, Productivity, Security Tips, Windows Hacks

Cuecat

CueCats are barcode scanners that were given away by Digital Convergence in the late 1990s. They were designed as a way for consumers to scan barcodes from magazines and other media and be directed to a website with more information on the product or service they scanned. The scans were encrypted to prevent law suits based on the DMCA (Digital Millennium Copyright Act) of 1998. However they are still useful today as a low cost barcode scanning solution with a little hardware modification and or some free software known as CatNip which bypasses the encryption. The nice thing about these devices is that they type any scan into any field and press enter which makes them perfect for passwords. In this article I am going to show you how to take your modified or unmodified CueCat and use it to login to your computer via passwords encoded into barcode format.

What you will need.

1. A CueCat USB or PS2 will work.
2. A barcode (You can use one from an existing rewards card or make your own here)
3. An account to test it on before using this as your form of authentication.

(more…)

Comments (0) |