"Useful" gadget.

[James Silverton]

Brookestone is selling a gadget that allows you to swipe a credit card
in order in input its number to a web site using a PC. That seems a
useful idea and it could also be applied to safely inputting passwords.
I wonder if anyone has heard such a hack?
--


James Silverton, Potomac

I'm *not* (e-mail address removed)

 

[Wolf K]

Brookestone is selling a gadget that allows you to swipe a credit card
in order in input its number to a web site using a PC. That seems a
useful idea and it could also be applied to safely inputting passwords.
I wonder if anyone has heard such a hack?

Dangerous, more like. It's already easy to divulge a credit card number
to people who will steal your money. Why make it any easier?

Wolf K.

 

[James Silverton]

Dangerous, more like. It's already easy to divulge a credit card number
to people who will steal your money. Why make it any easier?

Wolf K.

I'm not sure that I get the problem. Swiping a card will surely be safer
than typing in a password with keystroke recorders possible.

--


James Silverton, Potomac

I'm *not* (e-mail address removed)

 

[Bob Hatch]

Brookestone is selling a gadget that allows you to swipe a credit card
in order in input its number to a web site using a PC. That seems a
useful idea and it could also be applied to safely inputting passwords.
I wonder if anyone has heard such a hack?

Got a link for this?


--
Rumors are carried by haters, spread by fools,
and accepted by idiots.
"Anon"
http://www.bobhatch.com
http://www.tdsrvresort.com

 

[Gene E. Bloch]

Got a link for this?

Search for "the square", that should work.

 

[Stan Brown]

Brookestone is selling a gadget that allows you to swipe a credit card
in order in input its number to a web site using a PC. That seems a
useful idea and it could also be applied to safely inputting passwords.
I wonder if anyone has heard such a hack?

I can't see the use for it, when KeePass is free *and* portable. I
have one copy on my home computer and one on my USB stick, so I'm
never without my passwords and copy/pastable account numbers.

 

[James Silverton]

Got a link for this?

http://www.brookstone.com/smartswip...iid=SearchResults|CategoryProductList|651448p

or

http://tinyurl.com/743lxqj

--


James Silverton, Potomac

I'm *not* (e-mail address removed)

 

[Char Jackson]

I can't see the use for it, when KeePass is free *and* portable. I
have one copy on my home computer and one on my USB stick, so I'm
never without my passwords and copy/pastable account numbers.

Likewise Roboform, although Robo isn't free. I tried KeePass awhile
back and was frustrated to learn that it doesn't do anything when you
navigate to a site that has a saved login. I guess Roboform has
completely spoiled me. I agree, though, this card reader type thing
isn't my cup of tea.

 

[Bob Henson]

Brookestone is selling a gadget that allows you to swipe a credit card
in order in input its number to a web site using a PC. That seems a
useful idea and it could also be applied to safely inputting passwords.
I wonder if anyone has heard such a hack?

Why not use Roboform, which does the same but is *much* safer.
--
Bob
Tetbury, Gloucestershire, England

You know you're old when an "allnighter" means you didn't have to go to the
loo once!

 

[sharkman]

Can you explain how to put keepass on a USB stick.. I use the program and
would love to carry it on a USB.
thanks
sharkman

 

[James Silverton]

Why not use Roboform, which does the same but is *much* safer.

Incidentally, what do you think about the original purpose of the
Smartswipe for inputting credit card numbers?

--


James Silverton, Potomac

I'm *not* (e-mail address removed)

 

[Bob Henson]

Incidentally, what do you think about the original purpose of the
Smartswipe for inputting credit card numbers?

Providing the gadget can be checked to see exactly where the number is
being sent, it sounds OK and should avoid keyloggers etc. However, Roboform
must be cheaper and does the same thing by sending your stored data to the
site, again without any keying in. As Roboform already has the ability to
do the same with passwords (without the necessity for any hacking), and any
other data you choose, it must be a better bet than the card swiper over
which you have no control - unless you can reverse engineer it.

 

[James Silverton]

Providing the gadget can be checked to see exactly where the number is
being sent, it sounds OK and should avoid keyloggers etc. However, Roboform
must be cheaper and does the same thing by sending your stored data to the
site, again without any keying in. As Roboform already has the ability to
do the same with passwords (without the necessity for any hacking), and any
other data you choose, it must be a better bet than the card swiper over
which you have no control - unless you can reverse engineer it.

Probably entirely true but Smartswipe might be a good bet for credit
card number entry for people who don't want to concern themselves with
the intricacies of setting up forms. Of course, it's not beyond
imagination that someone would crack the process.

--


James Silverton, Potomac

I'm *not* (e-mail address removed)

 

[Tecknomage]

I'm not sure that I get the problem. Swiping a card will surely be safer
than typing in a password with keystroke recorders possible.

HELLO, do you live in the real world? You don't believe Wolf K's
post?

The question means you are unaware of the fraudulent use of such
devices by crooks who want to steal your credit card number. We are
having enough trouble without you spreading a source for such devices.

Example from the police files; you give your credit card to a
restaurant server, he/she takes it out-of-sight to a personal laptop
with a card capture device, bingo he/she has just stolen your credit
card number, the card has the CIV on it AND you full name. Now the
person can go home and use the stolen info directly online.

Worst, there are hand-held card readers out there.

As Wolf K states "Why make it any easier" for crooks? (by advertising
a device)

 

[Brian Matthews]

Dangerous, more like. It's already easy to divulge a credit card number
to people who will steal your money. Why make it any easier?

Wolf K.

Actually, my wife owns a photography business and her smart phone has
an attachment that allows her to swipe a credit card and charge for
her sales. Anyone can get one of these and misuse it. I agree 100%
that it's a dangerous thing to be giving out to people. The dishonest
people to honest people ratio is probably 100 to 1. Maybe these
swipers have some sort of tracking that can see where the stealing
comes from? If not, it should. But as long as the banks make money,
I'm not sure if they care if people are getting ripped off.

 

[Gene E. Bloch]

Can you explain how to put keepass on a USB stick.. I use the program and
would love to carry it on a USB.
thanks
sharkman

Go to their site. They explain it.

 

[Gene E. Bloch]

On Thu, 8 Dec 2011 20:54:56 -0500, Stan Brown

Likewise Roboform, although Robo isn't free. I tried KeePass awhile
back and was frustrated to learn that it doesn't do anything when you
navigate to a site that has a saved login. I guess Roboform has
completely spoiled me. I agree, though, this card reader type thing
isn't my cup of tea.

I never was aware of that limitation, because, Luddite that I might be,
I prefer always to type in my own credentials. Also, I remember a
surprising[1] number of my passwords (of course those are the ones I
use most often).

But if I preferred your way, obviously I'd drop KeePass too

[1] Maybe I'm easy to surprise

 

[DGDevin]

I'm not sure that I get the problem. Swiping a card will surely be safer
than typing in a password with keystroke recorders possible.

If it becomes popular enough that will merely motivate someone to develop
the technology to steal that data as well. Every time someone finds a way
to raise the bar, crooks find a way over, under or around it. It will help,
but the advantage will be temporary.

I recently found that I could order from a certain online merchant I hadn't
dealt with before by paying them through Amazon.com, the merchant never sees
my CC info (which Amazon has had for years without a problem) and I don't
have to give it to Amazon "over the air" either, they have it on file. This
wasn't someone selling on Amazon's website, their only connection with
Amazon is they allow Amazon to process payments for them presumably for a
percentage. Paypal provides a similar capabilty, and if need be my bank
will give me temporary CC numbers to use when ordering online from a company
I haven't dealt with before. There are already ways around the problem of
typing CC numbers or passwords into forms online.



..

 

[Gene E. Bloch]

Probably entirely true but Smartswipe might be a good bet for credit card
number entry for people who don't want to concern themselves with the
intricacies of setting up forms. Of course, it's not beyond imagination that
someone would crack the process.

The device seems to be intended for use by small-business people, and
requires a bank account connection. I don't know the details: I am
definitely not part of the target demographic

As for the issue of security, here's just one anecdote:
This week a story broke about one of the major supermarket chains,
where some (apparently very skilled) alleged criminals put some kind of
capture device *inside* the card scanners of the self-service checkout
stands in a number of local stores, and ripped off a number of people.

I was lucky - the one time I used one of those within the window of
vulnerability, I happened to pay with cash.

The chain was Lucky Markets in the San Francisco Bay Area.

So sticking with the big guys might not help...Also, a small retailer
with one of the Squares might be relatively immune just by keeping the
device in his possession at all times.

 

[Gene E. Bloch]

The device seems to be intended for use by small-business people, and
requires a bank account connection. I don't know the details: I am definitely
not part of the target demographic

As for the issue of security, here's just one anecdote:
This week a story broke about one of the major supermarket chains, where some
(apparently very skilled) alleged criminals put some kind of capture device
*inside* the card scanners of the self-service checkout stands in a number of
local stores, and ripped off a number of people.

I was lucky - the one time I used one of those within the window of
vulnerability, I happened to pay with cash.

The chain was Lucky Markets in the San Francisco Bay Area.

So sticking with the big guys might not help...Also, a small retailer with
one of the Squares might be relatively immune just by keeping the device in
his possession at all times.

BTW, I finally followed James Silverton's link to the subject gadget,
and I realize that the thing I'm talking about, the Square, isn't the
same device.

So adjust everything I said to compensate. But remember: ignoring or
disbelieving me is not allowed

Here's the device I was thinking of:
https://squareup.com/