Links: MCX’s ever-downward spiral, Apple nixes PCalc widget, ID theft site was sold credit data (and more)

Rite Aid, With Us, it's Personal, Signs, 2014, by Mike Mozart of TheToyChannel and JeepersMedia on YouTube #Rite #Aid
A selection of 10 links for you. Use them wisely.

MCX says merchants doing what’s best for customers, being attacked for ‘challenging the status quo’ >> Mac Rumors

MCX certainly appears to be placing the blame for its member retailers’ refusal to accept Apple Pay on the merchants themselves. Asked whether Apple Pay and MCX’s CurrentC solution should be able to exist side-by-side, the executives noted that believe they will in the future and that it will take two or three major players in mobile payments to allow the entire market to thrive.

But pressed as to why some retailers such as CVS and Rite Aid have shut down NFC entirely rather than allow unofficial Apple Pay payments in their stores, Davidson argued that merchants know their customers best and are making the choices they believe are right for their customers. He said the merchants believe customers want more than just mobile payments, and CurrentC’s integration of payments with loyalty cards and coupons will in his opinion prove to be the best solution.

“Merchants know their customers best.” That’s why you stop them paying in one way and make them wait for another that will come at some unspecified time next year and require them to enter all sorts of other stuff.

The narrative around MCX/CurrentC has its own fascinating momentum – hacks, press conferences – which suggests that it’s already heading towards some sort of crisis.

Drupal Core – Highly Critical – Public Service announcement >>

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement…

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

The vulnerability was notified (highly critical) on 15 October; every version of version 7 from before that is vulnerable if you didn’t update.

James Thomson on Twitter: “Apple has told me that Notification Center widgets on iOS cannot perform any calculations, and the current PCalc widget must be removed.”

Apple has told me that Notification Center widgets on iOS cannot perform any calculations, and the current PCalc widget must be removed.

This was bad – but I understand Apple will reverse course and approve it today, Thursday. Especially in light of this.

Apple eyes new uses for NFC beyond iPhone payments >> The Information

Amir Efrati:

For instance, the “Clipper” card that’s used in California’s Bay Area Rapid Transit system uses a near-field communication (NFC) chip made by the same company that built the NFC chip that powers Apple Pay. And the Clipper card transmits data using the same standard and frequency as the iPhone 6 (ISO 14443 at 13.56 MHz), says Mr. Rosenberg of Creating Revolutions.

That means Apple could easily allow for Clipper cards to be uploaded into the phone, with key information stored in the phone’s “secure element,” along with bank cards used through Apple Pay, and let people tap their phones at the BART turnstiles to transmit the information to the card reader using the iPhone’s NFC chip.

Such a scenario would require a formal deal with Apple. For now, Apple restricts access to the iPhone’s NFC chip, meaning software developers can’t build apps that use it. But observers expect the company to open up access to developers in the future, just as it did for the iPhone’s Touch ID fingerprint sensor. Developers are already building apps that use the NFC chips in many Android phones like the Samsung Galaxy.

You can imagine software updates enabling new features on old iPhones, though Apple’s never done it before. Is it feasible on the NFC elements in the iPhone 6 range?

Experian sold consumer data to ID theft service >> Krebs on Security

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

In November 2011, this publication ran a story about an underground service called, a fraudster-friendly site that marketed the ability to look up full Social Security numbers, birthdays, drivers license records and financial information on millions of Americans. Registration was free, and accounts were funded via WebMoney and other virtual currencies that are popular in the cybercriminal underground.

Answers to Your Questions >> MCX

MCX sets out how wonderful it is for everyone.

On the data security side, the technology choices we’ve made take consumers’ security into account at every aspect of their core functionality. We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network. Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised.

In the cloud? I’m so.. not reassured. Also enjoyable:

When merchants choose to work with MCX, they choose to do so exclusively and we’re proud of the long list of merchants who have partnered with us. Importantly, if a merchant decides to stop working with MCX, there are no fines.

(MCX emphasis.)

72 Hours of #Gamergate >> Medium

Andy Baio did a fantastic analysis of three days’ tweets around Gamergate, and then (with help) drew up a Delphi graphic showing how the pro- and anti- camps look:

This network visualization is as good a metaphor as any for #Gamergate. Two massive, impenetrable hairballs of people that want little to do with one another, only listening to their side and firing volleys across the chasm.

Much the same as any political divide, and as unlikely to be closed.

Sprout >> HP® Official Site

It’s a PC that has inbuilt cameras that look down onto a tabletop mat, which connects the cameras to what appears on the screen.

Hard to categorise. If this had come from Apple everyone would be raving about it; as it’s HP it’s had a collective “hmm”. The difference, perhaps, is that Apple knows how to drive the interest – and use – for such a product. Still, could find some eager buyers in particular segments. (Bonus point for the “Sprout” name, though.)

Anita Sarkeesian on video games’ great future >>

Anita Sarkeesian:

The Wii reignited my interest in gaming, offering play experiences I found engaging and rewarding, like Mario Kart, de Blob and The Beatles: Rockband. From there, I immersed myself in zany PC games like Plants vs. Zombies, World of Goo and Spore, and eventually became a fan of mainstream first-person titles like Mirror’s Edge, Portal and Half-Life 2.

Even though I was playing lots of games, I still didn’t call myself a “gamer” because I had associated that term with the games I wasn’t playing — instead of all the ones I was playing. This was largely because I’d bought into the myth that to be a “real gamer,” you had to be playing testosterone-infused blockbuster franchises like Grand Theft Auto, God of War or Call of Duty.

And that’s the crux of what’s going on. It’s like “cracker” v “hacker” (“hackers aren’t crackers, maaaan!”) and “what does ‘troll’ actually mean?” (“You see, ‘troll’ actually means humorously annoying people…”). Language is fluid, but the latter meaning above of “gamer” is – ironically – becoming a carapace that won’t let its participants out, because they’re building it around themselves.

Note also how the cracker/hacker, “define troll” and “actually, a ‘gamer’ is…” lends itself to mansplaining.

Getting chipped: Why I will live with an NFC chip implant for a year | Network World

René Schoemaker lives in Holland:

I’ve been living with an NFC chip in my left hand since Sept. 25. It was implanted between my thumb and index finger, and I can tell you that it hurt quite a bit. But that was mainly because of all the TV camera people trying to film it, which dragged the process out from the normal five seconds to about 30 seconds.

I got chipped together with nine other volunteers during the IT Innovation Day organized by IDG Netherlands. The other volunteers and I will spend the next 12 months testing the use of an NFC chip in our daily lives to see whether having the chip implanted in our bodies is more useful than using a chip embedded on a card or in a smartphone.

So far, it has been pretty useless though. We are still in the process of coming up with possible applications such as using the chip to pay for public transportation or in shops and restaurants.

Isn’t that the sort of thing you’d think about before getting the implant? Perhaps he’ll meet Kevin Warwick.

Leave a comment. Be informative. Add to the conversation.

1 thought on “Links: MCX’s ever-downward spiral, Apple nixes PCalc widget, ID theft site was sold credit data (and more)

  1. Pingback: Links: how two-factor gets hacked, Microsoft Band, Page’s ambition, too-smart TV?, and more | The Overspill: when there's more that I want to say

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.