The Home Shopping Network (HSN) has a nifty little tool for those of us who don't have a computer and just don't want to be bothered with a phone call - and who have Dish Network. It's called Shop by Remote (SbR). A report by Michael Finney on KGO-TV San Francisco details a security flaw in the SbR system. According to the story, all you have to do is enter a little information and your address and credit card info will just pop up. The reason your information pops up is because you have to have an account with Home Shopping Network to use Shop by Remote. As you type information it is compared to info in their database. When there is enough to positively identify you, it pops your data up on the screen.
They were right about there being no security. HSN's SbR info page says that you have to have an HSN account, but really doesn't give any other information. Except for an 800 number to call if you have any other questions or wish to sign up. Well, there's an 800 number for questions, so I called it.
It was a very disappointing call. When I asked about security, I was told, "You have an account number that no one else knows."
So if anyone does get your account number, there is nothing else to protect you. And if you enter the right information into SbR, the system pops up your name, address and credit card number on the TV screen. So it appears if I can locate an HSN account number that is tied to SbR I can get the account holders name, address and credit card numbert. I asked about usernames and passwords again and was told that if I didn't trust Shop by Remote, I could just give the information to her to make the order.
Shop by remote is a pretty neat idea, but one that is far too insecure. Account numbers are often easy to find. Without some other type of authentication you might even find yourself victimized by a crook using a random number generator - all he needs is the format of HSN account numbers. So I told the associate that I wasn't interested, and hung up.
You can't use a credit card without making it possible that some one may steal your info. But Home Shopping Networks Shop by Remote makes it easy. Stay away until they add some security to it.
Hey, I keep forgetting to tell ya congratz on going daily with the updates. :)
ReplyDeleteThanks. But I'm dropping back to 5 days a week now. I spend a ridiculous amount of time creating these simple little daily posts. ;^)
ReplyDelete