Newsletter of the Potomac Area Technology and Computer Society

December 2014 www.patacs.org Page 1 Using Your Smart Phone as a Credit Card Substitute by Ira Wilsker

WEBSITES: https://www.paypal.com/us/webapps/mpp/pay-in- http://currentc.com stores http://www.pcworld.com/article/2607312/how- https://www.paypal.com/us/webapps/mpp/store- apple-pay-could-make-the-target-and-home- locator depot-breaches-a-thing-of-the-past.html http://www.pcworld.com/article/2846535/a-guide- https://www.gosoftcard.com to-the-top-mobile-payments-options.html https://wallet.google.com http://www.apple.com/apple-pay/ https://www.google.com/wallet/shop-in-stores/ www.mercurynews.com/business/ci_26938386/ http://www.mastercard.us/cardholder-services/ mobile-payments-apple-pay-google-wallet-and- paypass-locator.html otherhttp://currentc.com http://www.pcworld.com/article/2607312/how- (continued on page 2)

Using Your Smart Phone as a Credit Card Substitute ………...…....1 Fairfax October Meeting ……………………………………………6 Linux Sites Recommended By Geof Goodrum………………...... 8 With All of the Media Reports About Massive Data Breaches, What Can We Do?...... 9 Valuable Information From the PATACS Site ………………….....12 Vendors Recommended By Members…..…………………………..13 PATACS Annual Financial Report, Fiscal Year 2014 ……………...l4 PATACS Information ……………………………………………..,.15 December 2014 PATACS Posts Page 2

the number of Euro- pean credit and debit cards that were hi- jacked was much smaller. For the past several years, the ma- jority of European (and many Asian) issued cards have had a more secure embed- ded microchip that contained the cus- tomer information, It should be news to no one that over the rather than the magnetic stripe widely used past year there have been massive data breaches at here. As overseas POS terminals (and many thousands of retail locations. In my case, over the ATMs) were modified or replaced in order to past year, my bankcard issuers have initiated the take advantage of the more secure microchip replacement of four credit cards and a debit card technology, most domestic POS users have often (one major credit card was replaced twice). Since I been reluctant to implement the enhanced secu- carefully review my monthly credit card statements rity technologies citing the massive capital in- for questionable activity, I am fairly confident that vestment in the current generation of magnetic although several of my accounts were compro- stripe POS readers. Looking at my recently re- mised by the massive retail data breaches, there placed credit cards, all have the embedded chip, have been no illicit transactions posted to any of as well as a magnetic stripe. my accounts. These data breaches and the related vul- Following last year's massive Target data nerabilities have obviously caught the attention theft, the media played up the fact that most credit of our domestic technology industry, as in recent and debit cards in the United States are still using months there has been a flurry of technological the obsolescent magnetic stripe technology in order advancements that may offer most of us the op- to process "POS" (Point of Sale) transactions. It is portunity to mitigate the risks of a somewhat the vulnerability of this magnetic stripe data, and insecure plastic credit or debit card. While the methods used to process the digital transac- much of the media fanfare has gone to the intro- tions, have made such transactions vulnerable to duction of Apple's Apple Pay electronic pay- cyber attack. As the American credit and debit ments system (apple.com/apple-pay), others cards were purloined by the hundreds of millions, have been active in promoting their respective systems including eBay's PayPal, xx , xxxxxx

(continued on page 3) www.patacs.org December 2014 PATACS Posts Page 3

Google’s Wallet, CurrentC (a joint effort of Sears, cording to Apple, "One touch to pay with Target, and WalMart, CVS, and others), GoSoft- Touch ID. Now paying in stores happens in Card (joint effort of American Express, Chase, one natural motion - there’s no need to open an and Wells Fargo), and several others. While there app or even wake your display thanks to the are some variations in the technologies utilized by innovative Near Field Communication antenna each, they are all designed to allow the use with a in iPhone 6. To pay, just hold your iPhone near smart phone or related device to make secure re- the contactless reader with your finger on tail transactions without the use of a traditional Touch ID. You don’t even have to look at the plastic credit or debit card. screen to know your payment information was With its outstanding ability to promote successfully sent. A subtle vibration and beep itself, Apple has had much of the media spotlight let you know." Other Apple devices, without with its recently announced Apple Pay sys- the NFC capability can use the Apple Pay app along with an integral finger print reader (part tem. According to Apple, "Paying in stores or of the Apple Pay app) to complete a financial within apps has never been easier. Gone are the transaction without presenting a plastic credit days of searching for your wallet. The wasted mo- card. Apple Pay requires that one or more es- ments finding the right card. Now payments hap- tablished credit card accounts be linked to Ap- pen with a single touch. Apple Pay will change ple Pay, with the user having the option to se- how you pay with breakthrough contactless pay- lect which credit card will be used to process ment technology and unique security features the Apple Pay transaction. By default, the credit card linked to the user's iTunes account built right into the devices you have with you eve- is the primary credit source, but other cards ry day. So you can use your iPhone, Apple can be securely added to the account. Watch, or iPad to pay in a simple, secure, and pri- PayPal, one of the world's most widely used vate way." What garnered the most attention is a digital payment systems, recently introduced feature of the iPhone 6 devices (also present on its own smart phone app that can be used for in many other recent smart phones) called "NFC" or -store POS transactions (paypal.com/us/ "Near Field Communications". This is a very webapps/mpp/pay-in-stores), without the use of a plastic credit card. According to PayPal, short range radio technology that allows digital "Forget your wallet. Use our app like a wallet devices to communicate with each other when to pay at the counter, from the table, or from held physically close to each other. Again, ac- around the corner, your order is in your hands. (continued on page 4)

www.patacs.org December 2014 PATACS Posts Page 4

smart phones, as CurrentC does not incorporate store gift cards, and selected credit and debit card NFC. Instead of using NFC, which is not availa- (Pay). ble on most of the existing smart phones, Cur- I predict that as these new technologies become rentC displays a unique bar code or QR type of more widely implemented, we will see the num- image on the phone screen that is scanned by the ber of mass data thefts decline, saving the finan- cashier; every transaction will have a unique im- cial institutions (and their millions of account age displayed. CurrentC is designed to connect holders) from substantial losses. We will also see directly to the consumer's bank account, bypass- these payment systems evolve and improve as ing the credit card fees imposed by the bank cards they become more widely accepted, along with on the retailers. Like many of the existing indi- the inevitable failure of some. We may see con- vidual store cards and loyalty cards, CurrentC can solidations (mergers) among some of these sys- take advantage of the personal information en- tems, and some may simply cease to exist as they tered by the user when the account is creat- find that they cannot successfully compete in the ed. Since CurrentC will have some personal in- market place. formation, incentives, rewards, coupons and other Whatever happens with these new pay- promotions may be offered the user. CurrentC ment systems, it appears likely that our traditional will implement a "Save, Earn Pay" service where plastic credit cards may become as obsolescent as users will automatically receive offers, coupons, paper checks have become, and these new tech- and other incentives from the participating retail- nologies will reign supreme ... until some newer ers (Save); get instant points and rewards from technologies make these obsolete. In terms of participating loyalty programs (Earn); and com- POS payment technology, this will be an interest- bine and coordinate between checking accounts, ing couple of years.

www.patacs.org December 2014 PATACS Posts Page 5

Or simply select PayPal at the register to log in American Express offering a $1 cash back bo- and pay, just like online." Experimenting with nus, in addition to any other rewards, for each the PayPal Store Locator (paypal.com/us/ SoftCard transaction utilizing American Express. webapps/mpp/store-locator), using the Examin- Google wants very badly to compete in er's zip code (77701), there were about 75 nearby this lucrative field, and had developed an ad- businesses that accept payments with the PayPal vanced digital "Wallet" (wallet.google.com) that app including Home Depot, Dollar General, Of- can utilize a secure app that can be used for a ficeDepot, American Eagle, Aeropostale, variety of transactions. For users with NFC ToysRUs, Academy Sports, and a variety of med- compatible phones, that feature can be used at ical offices, florists, clothing stores and bou- many retail locations; for those without a com- tiques, restaurants, retailers and service business- patible phone, Google Wallet offers a secure es. Traditional PayPal transactions are connected plastic Google Wallet Card which is accepted to an existing bank account or credit card for ulti- domestically wherever a Debitor credit card, us- mate payment. xxxxxxxxxxxxxxxxxxxxxxxxxxx ing the same PIN number as card as the Wallet A consortium of major banks, along with account. Google requires that an existing card the major cell phone companies have created an be linked to the Wallet account. As with most of app "SoftCard" which enables users to digitally the competitors, any rewards or loyalty points enroll their existing credit cards issued by Ameri- affiliated with the linked card will continue to be can Express, Chase, Wells Fargo, and many other earned. Google Wallet can be used almost any- institutions in to their SoftCard app. SoftCard, where that Master Card is accepted, meaning that which is a free app for Android and Windows there are millions of locations that already accept Phone, requires a compatible smart phone with it. The NFC feature of Google Wallet can be NFC (Near Field Communications) in order to used anywhere that MasterCard PayPass is used converse with the POS devices. Many smart (mastercard.us/cardholder-services/paypass- phones will need an advanced SIM card, which is locator.html). designed to securely store and protect sensitive Several of the largest retailers, including payment information; generally, the participating Target, WalMart, and Sears, CVS, and RiteAid cell phone carriers will replace an older SIM card have created a consortium under the moniker with the newer advanced card at no charge. The "CurrentC" (pronounced like the money user adds participating credit and debit card infor- "currency"). Several of these retailers have al- mation to the device, which securely stores the ready announced that they will not be accepting information. Some prepaid cards can also be in- Apple Pay, and possibly some of the other smart corporated into the SoftCard app. Existing loyal- phone based payment systems. Projected to be ty plans, membership and rewards benefits, and widely available by early 2015 as these and other other features of existing credit cards are main- retailers implement the system, CurrentC works tained when used with SoftCard. Special offers differently than the other smart phone payment that may be available from participating mer- systems, as the free app will work on almost all chants and credit card companies will be dis- smart phones, as CurrentC does not incorporate played on the phone when in proximity of the merchant. One example, listed as I type this, is (continued on page 5)

www.patacs.org December 2014 PATACS Posts Page 6 Fairfax October Meeting Mel Mikosinski gave a slide-based Learn 30 presentation about Zoom Video Teleconferenc- October 18th was a beautiful Fall day, but ing (http://zoom.us/) that PATACS and OPCUG we had a good turnout for the Fairfax meeting. uses for meetings (one member from Maryland Nick Wenri presided over the PATACS was participating in this meeting using Zoom). Paul Howard gave the introduction, explaining Annual Meeting election of Officers that preceded how PATACS experimented with several cloud the general meeting with OPCUG. Nick estab- web conferencing services before selecting lished a quorum, including e-mail Ballots. There Zoom. Participants can both view and give were no nominees from floor. The membership presentations over Zoom. The meeting host can elected the slate of candidates: James Rhodes, transfer screen sharing to other participants. President; Ron Schmidt, 1st Vice President; Mel PATACS objective is to reach members Mikosinski, 2nd Vice President; Paul Howard, unable to attend live meetings in person. The Treasurer; Bill Walsh, Secretary. xxxxxxxxxxxxx current PATACS limit is twenty-three end users Several topics came up during the General (service cost to PATACS is $99 per year with Meeting Question & Answer session. xxxxxxx no additional cost to members), but Zoom has There was discussion about the Raspberry service plans that allow up to one thousand us- Pi (http://www.raspberrypi.org/) and similar low- ers. Adding another one hundred participants cost (under $100) microcomputers. If you or would cost an additional $99 per year. There is someone you know can give a presentation on this no fee per meeting nor limit on number of meet- topic, please e-mail director2(at)patacs.org. xxxxx ings. 1-to-1 meetings (such as person to person) A member had questions about upgrading are free, and the software application (Microsoft to a new Verizon FiOS router and updating his Windows, Apple OS X and iOS, and Google wireless network from Wired Equivalent Privacy Android supported) is free. PATACS added the (WEP) to WiFi Protected Access II (WPA2) en- Room Connector feature (http://zoom.us/ cryption. WEP is not secure; WPA2 is the current roomconnector) for $499 per year to allow use recommended setting to prevent unauthorized of room teleconferencing systems like the one at eavesdropping and network access. See http:// OLLI’s Tallwood campus. xxxxxxxxxxxxxxxxx www.verizon.com/Support/Residential/Internet/ Mel explained how to setup and connect fiosinternet/Networking/Setup/ to a Zoom meeting. Zoom requires that partici- QuestionsOne/123890.htm. pants setup an account and activate it by clicking Has anyone used Amazon’s CreateSpace a link delivered via e-mail. Each Zoom meeting service (https://www.createspace.com/) to self- has a unique nine digit number. The same sign publish a book? This is another potential presenta- up and password on one device will work on all tion topic if someone has experience with this ser- devices. However, you cannot sign in on more vice. than one device simultaneously; log out from Recommendations on Password Manage- one device before logging into another device. ment software? There was discussion about Zoom offers dial-in (audio only) phone LastPass (https://lastpass.com/) and the pros/cons numbers for 1-to-1 (not group meeting) calls, but of cloud-based password management services. these incur additional charges. x See October 2014 issue of PATACS Posts for an Some tips for end users using Zoom for article about password managers, and the Septem- PATACS meetings: x ber issue article about Mitro password manager. PATACS provides Zoom meeting num- The George Mason OLLI ID(“G number”) ber and the Zoom meeting link in the e-mail is good for education discounts at the Apple Store. (continued on page 7) www.patacs.org December 2014 PATACS Posts Page 7 Install Zoom software updates before joining Internal storage is important. Stan finds 32GB the meeting. (Nexus 9 maximum option, $479) is too little, Turn off sending video to improve network and the Nexus 9 storage is not expandable. The performance. Apple iPad Air 2 has 64 and 128 GB options. Stan also finds the Android hardware from HTC Join the Zoom meeting about fifteen minutes is really old. xxxxxxxxxxxxxxxxx before actual meeting start time. When asked about Microsoft Use Log Out instead of Exit in the mobile app. Windows tablets, Stan said that the Surface 3 Pro running Windows 8.1 is a wonderful de- vice, but at $1,200 is $100 more expensive than Please provide feedback regarding how Zoom works for PATACS meetings. Xxxxxxx the Apple MacBook Air.. When asked whether there was an ad- vantage of Zoom 1-to-1 meetings over Mi- crosoft’s Skype teleconferencing, Mel said there Shopping on Amazon.com? was not a lot of difference for 1-to-1. However, x PATACS had problems hosting larger Skype Remember PATACS! meetings. Stan Schretter gave the main presentation, x “The Tablet Wars: Is there a clear winner?” Stan’s If you shop online at Amazon.com, remember talk focused on Apple iOS and Google Android to start each session by clicking the Amazon tablets. Stan covered market trends for Apple and link on the PATACS home page, then continue Samsung as the leader for Android and noted shopping on Amazon as usual. Doing so earns there is a “fight to the bottom” for the low-end of the tablet market. The Google Nexus 7 tablet was PATACS a 4 to 6.5% commission on your pur- about half the price of the equivalent Apple iPad chase at no additional cost to you. when released (July 2012), but now the price is about the same as Apple for an equivalent An- Thank you for supporting your user group! droid tablet. The recently announced Google Nex- Help Wanted: Meeting Speakers us 6 smartphone is the hottest selling item on Am- azon before it became available (pre-order). Look for the latest meeting information on TechRadar.com Top 10 rankings list the the PATACS web site and in announcement e- Apple iPad Air at the top of all tablets (http:// mails. Finding presenters for our meeting www.techradar.com/news/mobile-computing/ programs is difficult—your help in the effort to en- tablets/10-best-tablet-pcs-in-the-world-today- hance the value we all receive from PATACS mem- 1079603#articleContent). However, the Apple bership would be greatly appreciated! iPad Mini 2 is the best bargain. x Please consider speaking to your friends The Google Nexus brand products are rec- ommended for quick release of operating system at an Arlington or Fairfax meeting. We’d love updates. Other vendors may not upgrade the oper- to feature your take on a smart phone or tablet ating system as quickly, but Samsung is pretty app. A presentation on these or other topics of good. interest to you would undoubtedly be welcomed In a comparison of “Virtual Mobile Assis- by your PATACS colleagues. We have space in tant” Apple Siri vs Google Now, Google Now provided more answers, but don’t expect much! our schedule for 15, 30, 60 and 75 minute dis- Stan preferred Google Now, which answers ques- cussions—what are you waiting for? tions in the right way. Regarding screen size, An- We also have ready-made paragraphs droid tablets typically use the HDTV 16:9 aspect you could use in e-mail communications to help ratio. However, the new Google Nexus 9 is 4:3, us find speakers. Contact: director2(at) the same aspect ratio that Apple used all along. Stan finds the 4:3 screen more convenient. patacs.org

www.patacs.org December 2014 PATACS Posts Page 8 Linux and Open Source News Apple® OS X®, and GNU/Linux® by Fabien by Geof Goodrum Chéreau et al. Stellarium is a planetarium for your computer. It shows a realistic sky in 3D, Potomac Area Technology and Computer Society just like what you see with the naked eye, bin- linux(at)patacs.org oculars or a telescope. It is being used in plane- tarium projectors. Just set your coordinates and Featured Open Source Software of the Month: go. Stellarium features a catalog of 600,000 December 2014 stars by default with additional catalogs of 210 million stars, images of nebulae, constellation The software described below can be art, planets and their satellites, atmospheric ef- downloaded at the links provided or copied onto a fects, and a realistic milky way. Stellarium re- USB flash drive at the PATACS Fairfax meeting. quires at least 256 MB of RAM, 150 MB of However, please check the online package man- disk, and a OpenGL 2.1 3D capable graphics agement tool included with your GNU/Linux dis- card tribution first, as installation is often just a click The Dark Mod – v2.02. http:// away. www.thedarkmod.com/main/. Free GNU Gen- eral Public License source code and executables Exo Platform – v4.1. http:// for Microsoft® Windows®, Apple® OS X® www.exoplatform.com/. Free Affero GNU Public (v1.08 only), and GNU/Linux® by Broken License, GNU Library or Lesser General Public Glass Studios. Additional non-software content License version 3.0 (LGPLv3) Java 7 code for is under a free Creative Commons Attribution- Microsoft® Windows®, Apple® OS X® and Noncommercial-Share Alike 3.0 Unported li- GNU/Linux® by eXo Platform SAS. eXo Plat- cense. The Dark Mod (TDM) is a first-person form is the first cloud-ready enterprise portal and stealth game set in a 3D Gothic Steampunk user experience platform-as-a-service (UXPaaS) world. The player controls an agile thief who for building and deploying transactional websites, must use his equipment and the environment to managing web and social content and creating avoid guards, traps, creatures and other threats. gadgets and dashboards. Built on open standards There are over eighty downloadable missions and open source technologies, eXo Platform has and a campaign in development. TDM won PC the features and extensibility of a UXP and the Gamer’s 2013 award for Mod of the Year. The cloud architecture to build public and private TDM updater executable initially downloads 2 clouds. eXo Platform features collaboration tools, GB of base content and updates software for user profiles, enterprise wiki, discussion forums, new releases. NOTE: 64-bit Linux PCs require calendars, native apps for mobile devices, and 32-bit compatibility libraries. much more. Minimum recommended system re- Kernel Source – v3.17.2. http:// quirements include a multicore 2GHz processor, www.kernel.org/. Free GNU General Public Li- 4GB RAM, 10 GB disk space, and Java 7+. cense source code for all platforms by the Linux Stellarium – v0.1.3.1. http://www.stellarium.org/ community. en/. Free GNU General Public License source code and executables for Microsoft® Windows®,

eXo Platform collaboration spaces http://a.fsdn.com/con/app/proj/ exo/screenshots/my-spaces.jpg

www.patacs.org December 2014 PATACS Posts Page 9

cybercrooks and how it is often impossible to arrest and prosecute the villains because they are mostly in nations that will generally not cooper- ate with American law enforcement, that cyber- crime on a massive scale is rampant. The most likely source of the malware that has wreaked such havoc on our retail and banking industry has been Russia, where stolen credit and debit With All of the Media Reports card information is readily and openly bought and sold. While most of the high profile data About Massive Data Breaches, breaches and outright financial crimes are perpe- What Can We Do? trated against big businesses, it is almost always by Ira Wilsker we the consumers who are actually being victim- WEBSITES: ized. http://consumerist.com/2014/10/10/kmart- Just this weekend (October 10), K-Mart announces-credit-and-debit-card-breach-that-began acknowledged that its payment system had been -in-september/c compromised (kmart.com/en_us/dap/ statement1010140.html). In an official corporate http://consumerist.com/2014/10/10/do-you-ever- press release, Alasdair James, President and shop-anywhere-congratulations-your-data-will-be- Chief Member Officer of Kmart said, "I am hacked/ reaching out to inform our loyal Kmart custom-

ers of a recent payment security incident. On http://www.usatoday.com/story/tech/2014/10/02/ Thursday, Oct. 9, 2014 our IT team detected that home-depot-data-breach-credit-card-fast- our Kmart store payment data system had been food/16435337/ breached and immediately launched a full inves- https://www.annualcreditreport.com tigation working with a leading IT security firm. http://www.verizonenterprise.com/DBIR/2014/ The security experts report that beginning in ear-

ly September, the payment data systems at http://www.verizonenterprise.com/DBIR/2014/ Kmart stores were purposely infected with a new reports/rp_Verizon-DBIR-2014_en_xg.pdf form of malware (similar to a computer virus). http://www.bloomberg.com/news/2014-10-10/sears This resulted in debit and credit card numbers -s-kmart-says-hackers-stole-payment-card-data-in- being compromised." Later in the statement Mr. attack.html James stated, "There is also no evidence that kmart.com customers were impacted. ... I want http://www.kmart.com/en_us/dap/ our customers to be aware of the situation and I statement1010140.html suggest that customers carefully review and monitor their credit and debit card account state- http://consumerist.com/2014/10/02/chase-data- ments. If customers see any sign of suspicious breach-hit-76m-households-7m-businesses-account activity, they should immediately contact their -info-not-stolen/ card issuer. More guidance is also available on our website, kmart.com and customers can con- https://www.creditkarma.com tact our customer care center at 888-488-5978." The advice presented by Mr. James that http://consumerist.com/2014/10/02/chase-data- consumers need to carefully monitor credit and breach-hit-76m-households-7m-businesses-account debit card statements for suspicious activities is -info-not-stolen/ sound, and is a repetition of the guidance previ- Tonight (October 12) on the CBS news ously offered by executives of other corporate magazine "60 Minutes" , the Director of the FBI, victims of similar attacks. xxxxxxxxx James B. Comey, discussed how the internet is a According to an article published online very dangerous place. Director Comey explained at the "Consumerist" on October 10, the "top that because of the massive data breaches, the bil- five" retailer credit and debit card thefts were the lions of dollars that can be illicitly accrued by (continued on page 10 www.patacs.org December 2014 PATACS Posts Page 10 2008 hack of Heartland used by others for nefarious purposes. In last Payment Systems where year's Target data theft, malware had been em- 130 million cards were bedded into the payment system itself, such that compromised, followed even if we personally swiped our own cards at by TJX Companies the checkout, with our cards never leaving our (2007, 94 million cards), possession, our payment information was stolen Home Depot (2014, 56 at the instant that we swiped our own cards. In- million cards), Target ternational cyber crooks have found that it is (2013, 40 million cards much more efficient and profitable to steal credit and 110 million total records stolen), and and debit card information by the millions CardSystems Solutions (2005, 40 million through compromised payment systems, rather cards). While these data thefts from large retail- than the small numbers of local thieves stealing ers have garnered most of the publicity, again our information for predominantly local criminal according to the Consumerist, there have also purposes. These mas- been millions of additional credit and debit sive data breaches and hacks beg an answer to cards compromised from smaller re- the rhetorical, "So what can we as individuals do tail businesses, including recent breaches at about it?" According to the Consumerist, " Jimmy John’s, Dairy Queen, P.F. Chang’s, Here’s a cheerful thought: there is absolutely UPS, Albertsons, Jewel-Osco, ACME, Shaw’s, nothing that you can do about this situation. In- Sally Beauty Supply, Goodwill, some Marriott dividual consumers are pretty much powerless to hotels, Neiman Marcus, and Michael’s craft prevent retail hacks." That does not mean that stores. Most of the retailers that were recently we as individuals are totally helpless, or that we compromised had their "POS" or "Point of Sale" must accept some degree of victimization. Cer- systems compromised. Online financial ser- tainly, there may be an increasing number of vices, as well as other companies with a strong people who may prefer to pay with the tradition- online presence can also be compromised, such al and anonymous cash, rather than digitally dis- as the recent data breach at J.P. Morgan Chase close private information, a sure way to prevent in which personal and private data (but probably the information from that transaction from being not credit and debit card information) from 76 used against us. Even though virtually all major million households and 7 million businesses credit and debit card com- was stolen, again probably by Russian hackers. panies offer a "no fraud As we approach the peak shopping sea- guarantee" of some type, son of the year, many of us have some rational where the credit or debit suspicions or fears about using our credit and card company will absorb debit cards at local and national businesses, as any timely and properly well as online. In the back of our minds may be reported unauthorized the nagging doubt, "Will this card information transactions, there is still a be stolen?". In years past, there was a credible lot of aggravation and grief if the user is victim- fear of a sales clerk or checker who might swipe ized, even if the losses will eventually be cov- our cards twice, once through the legitimate ered by the card issuer. payment system, and then illicitly and immedi- The Consumerist has several recommen- ately a second time through a simple device that dations that we should all implement in order to reads and saves the magnetic stripe infor- minimize the threat, and to better recover if we mation. This allowed our information to be are victimized by these cyber thieves. As has used by others for nefarious purposes. In last year's Target data theft, malware had been em- been mentioned many times previously in this bedded into the payment system itself, such that column, for online purchases and financial trans- even if we personally swiped our own cards at asctions, use complex randomized passwords, the checkout, with our cards never leaving our which should be changed periodically (many say possession, our payment information was stolen at least every six months or even more frequent- at the instant that we swiped our own ly), and never use the same password on multi- cards. International cyber crooks have found (continued on page 11 www.patacs.org December 2014 PATACS Posts Page 11

ple websites. Most fi- Obviously, be very careful in reviewing month- nancial websites offer ly credit card and banking statements for ques- and utilize a multi-factor tionable transactions. Be cognizant that many fraudulent transaction are in small odd amounts, authentication process, as they will be less likely to be noticed and ques- where in addition to a tioned by the victim than large, round num- username and password, bers. If anything questionable is found, contact an additional security the financial institution immediately. xxx question must be answered, or a randomly selected It is not just credit and debit transactions term or number must be manually entered. When that are being used to deprive us of our personal setting up these security questions, avoid using assets, but also other forms of credit and medical fraud. While there are commercials on TV tout- questions and answers that can be readily found on ing a variety of credit reporting and credit score social networking websites (such as Facebook and services, be aware that most of those, including Twitter), or other simple public information web- some of those with the word "Free" prominently sites. Think about how many times you might have in their name, charge monthly or annual fees for said something on a social network about your first the services that others may offer for free. The car, favorite color, favorite flower, sibling's name, real source of free credit reports, as established honeymoon location, favorite vacation spot, pet's by law, is Annual Credit Report dot Com (www.annualcreditreport.com), where each indi- name, and other information that could be readily vidual can get a legitimately free credit report used by others to complete your authentication se- from each of the three major quence. Some of the more secure financial institu- credit reporting companies tions actually select questions from old credit re- (Experian, TransUnion, ports and other sources that unauthorized third par- Equifax), every 12 months. If ties will likely have easy access to, such as "what any improper or unauthor- ized credit was extended, or erroneous data ap- was your street address in the summer of 1983?" pears, instructions are provided in order to xxxxxxxxxxxxxxxxxxxxxxxxxxxxx properly challenge questionable data. While not While mostly localized, ATM and credit so much an indicator of fraud, many people like card skimmers are surpris- to monitor their credit scores, of which each of ingly common; these are us have several different scores compiled for devices placed by the different purposes. Some credit card companies, thieves on the ATM or such as Discover Card, now disclose credit scores directly on the monthly statement, as well point of sale device, typi- as online, while an advertiser supported website, cally invisible to the casual CreditKarma (creditkarma.com) offers free cred- user, that reads or skims a it scores without ever asking for any form of credit or debit card simulta- payment. neously as it is be- Since the credit card companies are ab- ing scanned by the legiti- sorbing the massive losses from these frauds and mate device. If using a PIN scams, they are gradually implementing en- hanced physical security directly on the credit based card, such as a debit and debit cards, such as embedded microproces- card, be sure to cover the sors, dual factor authentication, variable account keypad as you enter your PIN, preventing dishonest numbers, and other technology that would other- viewing by others, as tiny cameras are often placed wise make stolen credit and debit card data with the illegal skimmer in order to read the PIN as worthless. Since many of us will be doing a lot the user enters it on the keypad. Xxxxx xx of our holiday shopping online, there is one tac- tic that may provide substantial protection form Obviously, be very careful in reviewing monthly credit card and banking statements for (continued on page 12)

www.patacs.org

December 2014 PATACS Posts Page 12

vide substantial pro- card. Some online payment ser- tection form online vices are offering a USB dongle credit card that creates a new unique ac- fraud. Most of the count number every few sec- credit card compa- onds, making previous account nies offer a free service where the user can create numbers obsolete as the new some form of virtual wallet, where a unique, one time numbers are created. use credit card number is created for each transaction, Inevitably, this will be a classical "cat-and and the user can often pre-determine a limit on each -mouse" game; as new se- of these virtual accounts. Since the account numbers curity devices and meth- cannot be reused, they would be worthless to data ods are created, the cyber thieves. Some of the new virtual wallets, such as crooks will find a way or those offered by Google and Apple, may allow us to method to defeat them. utilize our mobile devices to make secure financial This is a win. Our finan- transactions, rather than by using a plastic cial health is at stake.

And You Offer Me What???

Valuable Information From The PATACS Site

And now - YOUR TURN

What resources do you recommend?!?

Our site, patacs.org, has much valuable in- dors of goods and services are not en- formation - worth taking your time to dis- dorsed by PATACS, or its members, but cover. Also, you can offer suggestions on have been found by members and friends additional topics or articles. You will find to provide good value, prompt service, vendors recommended by members. Ven- or offer unique products. (continued on page 13)

www.patacs .org Our site, patacs.org, has much valuable in- valuable much has patacs.org, site, Our

December 2014 PATACS Posts Page 13

O’Reilly Media - Books, eBooks, Technology, conferences. User Group Members receive 40% discount on print books, 50% discount on eBooks in many DRM-free formats. O’Reilly Battery Mart - web vendor, locations in Win- has been providing books and ebooks used by chester, VA and Martinsburg, WV. Recommend- PATACS for door prizes and “thank you” gifts for ed by Roger Fujii for UPS batteries. "I ordered 2 presenters. Lines include O’Reilly, Pragmatic, No UPS batteries and packages of AA and AAA cells Starch, Rocky Nook, and SitePoint products. Also on a Sunday evening, received Tuesday." - P.Howard eBooks from Wiley, Wrox, Sybex, Visual, and For Dummies. Store Link. Use discount code: DSUG

Buy.com - Computers, software, books, music, other tech products. Items frequently get free ship- 703-516-0300, Custom builds, parts & accesso- ping, and with stocking locations in PA, packages ries, tech support (Screwdriver Shop). Recom- arrive in one or two days with lowest cost ship- mended by Gabe Goldberg. PATACS Meeting ping. Good for multi-seat paks of security (AV, Presenter, April 2014. Firewall) software, often difficult to find in retail stores. "I've bought software and OEM laser print cartridges from Buy.com since 1998, and have been very pleased with pricing and quick receipt of orders." - P. Howard TCS Computer, 703-913-0900, Abi Soltani, Systems Engineer - Custom system builds, parts and accessories, tech support. (Screwdriver Shop) Recommended by Jorn Dakin. Presenter, April

2014. Print Pal Printer inkjet cartridges, laser toner cartridges. Recommended by Dean Mires for quality refills.

Bat Batteries Plus - Retail locations locally: Rock- Stevenson On-Site Repair Service (540) 439- ville, Fairfax, Chantilly, Woodbridge. Carry large 2999 They're honest, economical, knowledgeable, assortment of batteries (UPS, Lantern, flat cells, friendly, reliable! From their website: Repairs La- household) and light bulbs. Recommended by ser Printers, Fax Machines, and Printing Equip- Paul Howard. They will make up custom batteries ment. Specializes in helping maintain Hewlett from cells, for tools, electronics, while you wait, Packard, IBM, Okidata, Brother, and other quality or for later pickup. laser printers. In business since January, 1991. Recommended by Gabe Goldberg.

www.patacs.org December 2014 PATACS Posts Page 14

This Annual Treasurer's Financial Report for Fiscal PATACS Annual Financial Report, Year 2014 has been approved by the Board of Direc- Fiscal Year 2014 tors of PATACS on 10/20/2014. The account balanc- By Paul Howard, Treasurer es noted above are based on on-line and email que- ries of our banks – statements for all accounts as of PATACS's fiscal year concluded on September 30th. the 9/30/2014 close of the fiscal year have not yet Although we experienced a negative cash flow of been received. On that basis, the balances and the $1377.23, the group is in excellent financial condition. Cash Flow Report below are certified as correct. Results from Operations reflect $2386.68 in expendi- Paul Howard, Treasurer James Rhodes, President tures to replace a 10 year old video projector, acquire The “organizational documents” area of our web site a wireless mic system, audio mixer, cables, surge pro- contains additional information about the user group’s tectors, and other costs to enhance Arlington meet- financial operations, including prior years' Financial ings. Reports for comparison purposes

Donations are vital to the fiscal soundness of the PATACS Cash Flow Report group. Member generosity accounted for 33 percent FY '14: 10/1/13 - 9/30/14 of our income. These donations received were $106 Revenues more than in FY 2013. Amazon commissions via our website links were $471.46 Pizza SIG Cash Donations 806.00 Donations by Check 655.00 Member donations were received this year from: Goldfarb, Total Donations $1461.00 Graham, Harvey, Housley, Howard, Lusby, K. Johnson, M. Johnson, Leggett, Loew, Mabudian, Mikosinski, Porter, Membership Dues 2425.00 Schmidt, Scheuman, Smith, Throneburg, Weeks, Wertime, Interest Income 13.45 Willard, and Vestrich. Amazon Commissions 471.46

Pizza SIGs were sponsored by Jim Brueggeman and Total Revenues $4370.91

Jon Mabudian, who picked up the entire check for a Expenses meal session, while the attendees donated the amount Insurance - Liability & Personal Prop. 425.00 of their bill to the club. Pizza SIG donors include Legal - VA Corporation Fee 25.00 Brueggeman, Chance-Sampson, Fraser, Fujii, Garson, APCUG Dues, Editor Recognition 214.33 Goldberg, Howard, K. Johnson, Mabudian, Mikosin- Donation – Friends of OLLI 250.00 ski, Schmidt, Throneburg, Walsh, and Wenri. Total Administrative $914.33

PATACS is financially sound because of prudent M'bership / PR – Printing, Hospitality $139.35 planning and fiscal restraint. Membership stands at 100. Our “rainy day fund” was established many years ago, and is held in interest-bearing accounts. Interest Door Prizes 61.47 yields on insured deposits are disappointing, but will Meeting Hall Expenses 24.34 continue until the Fed changes its low interest rate Webinar Services Expenses 353.52 policies. Meeting Equipment 2386.68 Total Meetings & Other Svcs $2826.01 Our reconciled account balances within our Quicken accounting system at the close of the fiscal year (September 30th) were: Checking Account $4461.22; Newsletter Assembly 102.35 Interest Checking - $11,569.68; CD account: Newsletter Postage 558.03 $1110.09. Newsletter Printing 968.16 Total Newsletter $1628.54 During the year, the Financial Oversight Committee has been working on methods to improve the efficien- Web Site – Domain / Hosting $239.91 cy of our biennial audits. Documentation on the Soci- ety's Financial System has been revised to reflect cur- Total Expenses $5748.14 rent practices, and is available on the website. A four- page document describing the Treasurer's procedures Results from Operations (Loss) ($1377.23) has been prepared. Prepared 10/20/2014

www.patacs.org December 2014 PATACS Posts Page 15

PATACS Information PATACS, Inc. 201 S. Kensington St. Arlington VA 22204-1141 Club Information call: 703-370-7649 Web Site: www.patacs.org

President Jim Rhodes 703-931-7854 president(at)patacs.org 1st VP Ron Schmidt 301-577-7899 director11(at)patacs.org 2nd VP, Membership Chair Mel Mikosinski 703-978-9158 director4(at)patacs.org Treasurer, Registered Agent, Internet Services Paul Howard 703-860-9246 director2(at)patacs.org Secretary, Meeting Setup Bill Walsh 703-241-8141 director14(at)patacs.org Director, APCUG Liaison Gabe Goldberg director10(at)patacs.org Director, Vendor Liaison (vacant) volunteer needed director12(at)patacs.org Director, Linux Support Geof Goodrum 703-370-7649 director1(at)patacs.org Directors: Jorn Dakin, Sy Fishbein, Walter Fraser, Roger Fujii, Gabe Goldberg, Mel Goldfarb, Geof Goodrum, Nick Wenri Windows Support Jim Brueggeman 703-450-1384 windows(at)patacs.org Newsletter Co-Editors Geof Goodrum, Kathy Perrin editor(at)patacs.org

Posts is an official publication of the Potomac Area Technology and Computer Society (PATACS), a Virginia member- ship corporation. PATACS is a tax exempt organization under section 501(c)(3) of the Internal Revenue Code. Contributions are gratefully received and tax deductible.

Posts provides news, commentary and product information to PATACS members. Products or brand names men- tioned may be trademeakes or registered trademarks of their respective owners. The contents of articles herein are the respon- sibility of the authors and do not necessarily represent PATACS, the Board of Directors, nor its members.

E-mail article submissions and reprint requests to editor(at)patacs.org

Membership Policy

Membership dues are $25.00 (U.S.Funds) per year, with a $15 surcharge for Upcoming Meetings international mail. Membership in PATACS includes membership in all SIGs, access to the software libraries, and subscription to the Posts published 12 times per year in print by US Mail and PDF download by PATACS Arlington - Internet. Applications may be obtained at any club meeting, by downloading from the website, by calling one of the officers or board members, or by writing to the club. A sample newsletter, membership application and (12/3) 7 PM: General Meeting related information may be obtained by enclosing $2 (for US addresses only) and mailing your request to the membership address. Please do not send cash by mail. Payment and applications may also be submitted at any Board of Directors - (12/15) meeting, or mail to: PATACS Membership, 4628 Valerie CT, Annandale VA 22003-3940 Arlington

.Advertisement Policy None in December: Technology and Members' advertisements: Ads are accepted from members for non- PC Help Desk commercial purposes at no charge. Copy should be sent to the Editor in the same format as article submissions. Commercial Advertisements: Ads are accepted from commercial advertisers at the rate of $40 per full page, per OPCUG / PATACS - (12/13) 1 PM, appearance, with discounts for multiple insertions. Smaller ads are priced accordingly. Payment for ads must be made in advance of appearance. Fairfax - OLLI Tallwood Advertisers must supply a permanent address and telephone number to the editor. "Virtual Roots" - Genealogy; Reprint Policy Presented by Sharon MacInnes

Permission to reprint articles from the PATACS Posts is given to school, personal computer club, and nonprofit organization publications, provided that: Learn 30: TBA (a) PATACS Inc. receives a copy of the publication; (b) credit is given to the PATACS Posts as the source; (c) the original author is given full credit; and (d) the article author has not expressly copyrighted the article. Recognition is one means of compensating our valued contributors If you are moving Microcenter Clinics Please send your change of address to the See http://microcenter.com/site/stores/ club address as soon as possible to avoid missing issues. instore-clinics.aspx Thank You! for the latest new9s on these free clinics.

www.patacs.org PATACS, Inc. 201 S. Kensington St. Arlington VA 22204-1141

TEMP-RETURN SERVICE REQUESTED

PATACS Meeting Information Call (703) 370-7649 for meeting announcements Scan the QR code at left or enter http://www.patacs.org to visit our web site Free Admission — Bring a Friend!

Arlington Meetings Fairfax Meetings (with OLLI PC User Group) Carlin Hall Community Center Osher Lifelong Learning Institute (OLLI) 5711 S. 4th Street, Arlington, VA 22204 4210 Roberts Road, Fairfax VA 22032 http://www.patacs.org/arlingtonmeetings.html http://www.patacs.org/fairfaxmeetings.html

General Meeting General Meeting 1st Wednesday, (12/3), 7 pm 3rd Saturday, (12/13), 1 pm

Technology and PC Help Desk (SIG) Online-Only Webinar None in December 2nd Wednesday,(12/10), 7-9pm http://www.patacs.org/webinarpat.html Board of Directors 3rd Monday, (12/15), 7 pm

December 2014 PATACS Posts Page 16