If it doesn't take too much expense, why not toss all those RNGs into the/dev/random (or more accurately/dev/urandom as that is the only device used in more recent Android versions) pool? Even if one of the sources ends up becoming periodic, there are enough "blended bits" that it won't make as much a difference.
It might be that after a decade of trying hard-line tactics with them working little at best, changing to the "using honey instead of vinegar for attracting flies" method might be better.
Push too hard, it doesn't take much for UK users to move to a VPN service, and after that, there would be no hope of copyright enforcement outside of blocking VPNs like Pakistan or passing a law require all endpoints have a program installed to scan for copyrighted material [1]. I wouldn't be surprised if these Draconian measures are waiting in the wings (all it takes is one severe break-in causing a disaster or another ACTA-like treaty), but for now, those are not on the table.
[1]: Think an AV scanner with signatures, coupled with VAC-like bans, except the local ISP doing the banning.
+1. Any solution is better than nothing. There isn't a 100% secure solution, but I've wondered about using TOR, but have the traffic hit a proxy after it leaves the exit node. The reason for this is that there are a lot of sites out there that block TOR traffic either for philosophical reasons or just due to abuse. Having the proxy in front allows for full access to websites. If the proxy's userdata is kept separate from IP address logs, it would be even better.
As for local network activity to protect people in the shelter, the Wi-Fi connection going through TOR, or at least a "hardened" VPN would go a long ways there. It will at least stop attempts at geolocation.
What I'd like to see is a service like the following:
One gets a client cert like how it is done normally... but the cert is used as a CA cert, perhaps stored in a dedicated HSM. Then, when one uses a new computer or gets a new smartphone, the device has a client cert, then it gets signed by one's own CA cert. That way, one has the security of client certs but without the need to manually copy the same certificate to each device (and risk having it stolen.) If a cert is stolen, the CA cert one has can easily revoke the stolen device key.
Realistically, if I were to make a large website, I'd have two-factor authentication mandatory, but flexible (so if someone has multiple phones or dual-SIM phones), it can send a code or use a voice (for POTS lines that can't do SMS) for the authentication code.
Recovery would be done by a number of means... perhaps recovery questions have a place, but they have to be detailed and stored encrypted... and even then, someone going through a mark's background can get access. Having some text one signs with their PGP key and pastes into a box is another method. Perhaps a method similar to Facebook's recovery with a shared secret stored among friends so you get x out of y associates to vouch for someone is another way.
Of course, there is always the option of a hardware device like a SecurID token that one just types the number shown to get access to an account. This makes it easy because physical security is usually a lot more straightforward than network security for some people. Of course the downside is that who gets the token owns the account. (Yes, it can end up PIN protected like the older "calculator" style SecurID tokens... but what happens if the PIN gets forgotten.)
I've used DB to allow a couple colleagues to download some reports as well as larger amounts of data. IMHO, if a link is generated, even if the link isn't public, someone or something will find it and have the ability to snarf that file.
The trick is simple -- if the files are small, but too big to E-mail, PGP/gpg encrypt them, then send the links via a secure message. If the files are bigger (~50-100 megs or larger), then the file goes into a TrueCrypt volume that uses a keyfile, and the keyfile is GPG encrypted and E-mailed.
This way, even if the link appears on Google and Mallory does get a copy, other than size and the public keys used [1], the file is encrypted and useless.
[1]: One can always put the file in a WinRAR wrapper and send the password via encrypted E-mail as well, further obfuscating the contents.
One of the biggest infection vector these days are holes in Web browsers or add-ons. I don't see worms and viruses a common threat these days. It is mainly something from a website or even worse, an ad server. By using adblock, noScript (or the "click to play" functionality in Chrome), and SpywareBlaster's black list, this has kept my machines clean where the AV program is mainly for scanning a download (and even then, for small downloads, VirusTotal does the job better.)
IMHO, an AV maker should take a page from that book and start blocking URLs and bad sites. Some ad company allowing malware to get posted through their server? Block it by IP and/or URL.
So far, this has done a good enough job for protection. I mainly browse the Web in a VM, and when I take the VM offline and scan the disks with a decent AV program, the scans turn out clean.
This doesn't mean AV is useless. Not using it is similar to leaving the key in the ignition when running into a gas station. However, it would be nice if AV programs could build in functionality similar to AdBlock and block not just by IP, but by URL.
Even in newer cars, the crank action is bogus. For example, newer Fords, when you move the key to the start position and let go, it automatically cranks for a set duration, as opposed to turning the starter motor as long as you have it in that key position. So, essentially it is a push button start, but using the momentary position in "start" as pressing the button. However, turning the key back to "off" does kill the engine.
Personally, I'm neutral. On one hand, the Prius and Nissan keyfobs that just sit in a pocket are cool with one less thing to flip open. On the other hand, having to stick the physical key in the vehicle with a very low power transmitter handling the passive anti-theft access gives a bump in security.
I wonder how much energy is spent doing reverse osmosis desalination. Distillation is very expensive, so even pumping at high pressure will be a lot cheaper in terms of energy than boiling large quantities of water to have it condense somewhere else.
As for the barge mentioned, I wonder if coupling a reverse osmosis plant with a reactor (the US Navy has perfected smaller marine reactors for decades) might just be the ticket. However, I don't know how it would scale to the size needed for a thirsty desert region.
It can be done. Saudi Arabia, the UAE, and Israel get most of their water from desalination plants.
There are always issues of invasive species. Kudzu in the US's south is one. Will reviving extinct species contribute to another ecological disaster like "killer bees", "crazy ants", or fire ants?
Assuming some backhoe resistance on lines, Montana makes sense for data centers. It is well out of the way geographically from the more populated areas, and other than winter, there isn't much in the way of natural disasters that could come that way. As stated above, the cold climate makes it perfect for a data center.
Only downside is that people would have to live quite near the data center if a blizzard happens, but done right, that shouldn't be much of an issue if planned right.
The best solution is not just disks, not just tapes, but a multi-pronged solution.
For example, most drive arrays can replicate asynchronously via a WAN link. This provides protection against drive failure, but provides no protection against deliberate destruction of data.
One useful tool is D2D2T. Have all the machine data hit a landing zone that is deduplicated. Then, depending on how critical the box is, have that machine's data sent to two sets of tape for long term storage, or just let the machine's data expire on the disk array (for example, a dev machine or a QA box where all one needs is a month at most.) Part of this procedure is a check every so often to suck in a backup set and verify the data on it.
Tape, disk, and cloud storage are all different media types. None of them will magically fix a problem. It takes being able to use what media for the task at hand. D2D2T addresses a lot of issues with tape, including having the availability of backups quite fast if a restore is needed, while having media able to be transported to the nearest Iron Maiden warehouse just in case of a disaster, coupled with an archive of files kept on WORM media to keep the IRS and other regulators happy.
In my experience, tapes are extremely reliable, especially LTO tapes. I've used tens of thousands of tapes in one job, and I have had only a couple tapes fail in that time, and their failure mode were soft (correctable) media errors, and not hard (data is gone) errors.
I do wish Sony or someone would make a consumer level tape drive. Tape isn't stylish, but it does the job quietly and effectively.
MPGe is like MPG... It is cool for advertising, but in the real world... doesn't mean that much. What really counts is both gpm (or l/km) or even more generally, cost per unit distance. For example, new diesel vehicles are touted as great for mileage. However, if one factors in the repair costs, and the need to use DEF as a second fuel, the gap can close between a TDI vehicle versus a hybrid or even a plain old gasser.
This can vary for a person. For example, one cow-orker I work with lives fairly close. So, the relatively small range of a Leaf is good enough, since he never really taxes it. However, if the EV was an only vehicle, it might be that the greater CPM of a gasser might be a better fit.
While I'm not defending Russia, I think there is one reason for this hard-line rhetoric:
Russia has a lot of borders, from Finland in the west to the US in the east. Historically, Russia has learned that the slightest sign of weakness, they get invaded. Hell, even the US went into Russia after WWI (although we did stop Japan from making a major incursion a year or two later.) So, they have a right to be paranoid.
There is a mindset with some of Russia's neighbors, especially near the Middle East: Some of them view strength above anything else. Their world view is that if they are not running from an enemy, they are running at an enemy.
Because of this, and the sagging economy Russia has had, they have to maintain a strong posture, even if it costs them economically. If they don't, Russian land can turn Chinese as easily as Tibet did.
Yes, Russia is scary (especially talking with people who lived life behind the Iron Curtain before the USSR fell), their leadership can be extremely brutal, and it isn't good that we are on the verge of another Cold War, but not many people (especially people in the US) understand the history of Russia and thus their siege mentality mindset.
Expanding on this, how about high schools focusing on life after graduation? Sports and e-sports are a nice sideshow, but a US kid fresh out of high school will be competing for jobs with someone from Germany, China, Chile, or Russia whose government has paid for not just the college education, but likely graduate level work.
I'd probably suggest having trades as an option, be it basic electrical, welding, plumbing, even PC troubleshooting and obtaining certificates in the IT world. None of these are glamorous, but they are needed, and oftentimes, high school is the end of the education run for a lot of people (as college is not affordable, nor does it help in the job market.)
Maybe even a way for students to obtain certificates if they wanted to go into IT. A 18 year old fresh out of high school with a MCSE is likely better off for a lot of work than someone with a CS degree and no certificates. No student loan debt either.
Right now, nothing edible... but better gray water on a tree than a dead tree with local water restrictions. A garden with edibles is different, and I wouldn't be doing this type of system.
I should have clarified things: RSARef is a reference library for RSA. Code for modern symmetric algorithms like AES and such would have to come from somewhere else.
However, RSA's code has seemed to stand the test of time well, so it might be worth using, assuming no licensing issues.
For plants, I'd rather have a garden than a front/back lawn, because it means less to mow, and it puts a (rather limited) resource to use. Plus, I have a grey water reclamation system [1], so having the water go into food production makes more sense than just having it making an end product of grass clippings that go into the city landfill.
For animals, basic sense comes to mind. Chickens go to the avian vet yearly or when sick. If it is respiratory, they get yanked away ASAP. I'm not a farmer, but there are always common sense practices (such as not having a rooster in an urban area) that should be intuitive to anyone.
[1]: Make sure to use a decent, graywater friendly laundry soap.
There is always RSAREF 2.0, which has not had anyone find any major holes in it since 1994. However, it only supports RSA, and not newer algorithms like AES.
I mentioned this elsewhere, but one way the CNP transactions could be addressed would be an e-Ink display. Similar to the card I use for authenticating to PayPal, press the number, enter the six to eight digit code, and send in the transaction. With the fact that e-Ink displays only need power when changing state, the battery powering the display should easily last the life of a card (until it expires.)
With a card having this, a user just enters the numbers on the display in one field, his "CNP" PIN (could be different from the regular PIN in the chip and PIN transaction, or can be identical), and sends that in. Without the number from the display, the transaction won't go through, so it would require the physical presence of the card by the owner -somewhere- for the transaction to work.
Of course, this won't help if someone is mugged and their PIN is given out at knife-point, but muggings and coercing PINs are a weakness with chip and PIN as well.
Now, here is the secondary question: How well vetted/audited will the replacement libraries end up? Disconnecting OpenSSH from OpenSSL does help isolate things, but it also means that there is twice the cryptographic code to sift through in order to ensure security.
I trust the OpenBSD developers and Theo, so IMHO, this is a net security gain.
Maybe for the lost ciphers, it might be good to implement LibreSSL?
Reputation also can have a quantifiable value. For example, if Mallory's exchange has a reputation of $25,000 and Alice/Bob want to do a $30,000 exchange, it might be worth it for Mallory to destroy the reputation of his exchange for the $5000 gained by seizing the transaction.
Part of the reason is that instead of regulation (the "trust us, we are a bank and guaranteed"), reputation is critical to their business. So when SR2 had BitCoins stolen, it was cheaper to replace the lost currency than to lose the reputation they are working on.
I've wondered about just having a small e-Ink display on credit cards similar to the authentication card I use with PayPal/eBay. Press a button, up pops a number, and because e-Ink only needs power when changing state, the battery in the card has lasted a good number of years.
In combination with chip/PIN, this would protect transactions done online (basically turning CNP or card not present transactions into CP, or card present) because the user just enters the number on the card when checking out.
I do agree with the parent poster -- the security on my Gmail or World of Warcraft account is light-years ahead of the security on my credit card account, or even my bank account.
This reminds me of debit cards. Yes, it is quick and fast to just swipe the card, enter a PIN and be off without signatures or waiting days for the amount to stop floating and be debited... but the anti-fraud protection is nowhere near what one finds when one runs transactions via credit card processors.
What I wonder about is if chip/PIN does get compromised, on whose shoulders do the bogus transactions get dropped on. I'm guessing this is decided by who has the fattest wallets.
This has been going on since the days of the US having 120 volt electricity and Europe having 240VAC/50 Hz.
Chip and PIN is a necessity. Without it, the only thing actually preventing fraud are the anti-theft algorithms that banks use to detect out of place transactions and either call the person up for approval, or just put the kibosh on them. Long term, it is a good thing that chip and PIN is making its way here to the US. This will reduce CC fraud by a large amount [1].
[1]: Of course, there will be unexpected consequences. In the 1980s, anti-theft key ignitions stopped wholesale car theft, but what replaced it were carjackings. Same with burglaries being replaced by home invasions. I wouldn't be surprised to see muggings go up (only reason they went down in most areas is because people stopped carrying cash.) However as a whole, it presents a lot higher barrier to criminals succeeding at credit card fraud.
Slashdot Mirror
If it doesn't take too much expense, why not toss all those RNGs into the /dev/random (or more accurately /dev/urandom as that is the only device used in more recent Android versions) pool? Even if one of the sources ends up becoming periodic, there are enough "blended bits" that it won't make as much a difference.
It might be that after a decade of trying hard-line tactics with them working little at best, changing to the "using honey instead of vinegar for attracting flies" method might be better.
Push too hard, it doesn't take much for UK users to move to a VPN service, and after that, there would be no hope of copyright enforcement outside of blocking VPNs like Pakistan or passing a law require all endpoints have a program installed to scan for copyrighted material [1]. I wouldn't be surprised if these Draconian measures are waiting in the wings (all it takes is one severe break-in causing a disaster or another ACTA-like treaty), but for now, those are not on the table.
[1]: Think an AV scanner with signatures, coupled with VAC-like bans, except the local ISP doing the banning.
Translation: " I am altering the deal. Pray I don't alter it any further."
+1. Any solution is better than nothing. There isn't a 100% secure solution, but I've wondered about using TOR, but have the traffic hit a proxy after it leaves the exit node. The reason for this is that there are a lot of sites out there that block TOR traffic either for philosophical reasons or just due to abuse. Having the proxy in front allows for full access to websites. If the proxy's userdata is kept separate from IP address logs, it would be even better.
As for local network activity to protect people in the shelter, the Wi-Fi connection going through TOR, or at least a "hardened" VPN would go a long ways there. It will at least stop attempts at geolocation.
What I'd like to see is a service like the following:
One gets a client cert like how it is done normally... but the cert is used as a CA cert, perhaps stored in a dedicated HSM. Then, when one uses a new computer or gets a new smartphone, the device has a client cert, then it gets signed by one's own CA cert. That way, one has the security of client certs but without the need to manually copy the same certificate to each device (and risk having it stolen.) If a cert is stolen, the CA cert one has can easily revoke the stolen device key.
Realistically, if I were to make a large website, I'd have two-factor authentication mandatory, but flexible (so if someone has multiple phones or dual-SIM phones), it can send a code or use a voice (for POTS lines that can't do SMS) for the authentication code.
Recovery would be done by a number of means... perhaps recovery questions have a place, but they have to be detailed and stored encrypted... and even then, someone going through a mark's background can get access. Having some text one signs with their PGP key and pastes into a box is another method. Perhaps a method similar to Facebook's recovery with a shared secret stored among friends so you get x out of y associates to vouch for someone is another way.
Of course, there is always the option of a hardware device like a SecurID token that one just types the number shown to get access to an account. This makes it easy because physical security is usually a lot more straightforward than network security for some people. Of course the downside is that who gets the token owns the account. (Yes, it can end up PIN protected like the older "calculator" style SecurID tokens... but what happens if the PIN gets forgotten.)
I've used DB to allow a couple colleagues to download some reports as well as larger amounts of data. IMHO, if a link is generated, even if the link isn't public, someone or something will find it and have the ability to snarf that file.
The trick is simple -- if the files are small, but too big to E-mail, PGP/gpg encrypt them, then send the links via a secure message. If the files are bigger (~50-100 megs or larger), then the file goes into a TrueCrypt volume that uses a keyfile, and the keyfile is GPG encrypted and E-mailed.
This way, even if the link appears on Google and Mallory does get a copy, other than size and the public keys used [1], the file is encrypted and useless.
[1]: One can always put the file in a WinRAR wrapper and send the password via encrypted E-mail as well, further obfuscating the contents.
One of the biggest infection vector these days are holes in Web browsers or add-ons. I don't see worms and viruses a common threat these days. It is mainly something from a website or even worse, an ad server. By using adblock, noScript (or the "click to play" functionality in Chrome), and SpywareBlaster's black list, this has kept my machines clean where the AV program is mainly for scanning a download (and even then, for small downloads, VirusTotal does the job better.)
IMHO, an AV maker should take a page from that book and start blocking URLs and bad sites. Some ad company allowing malware to get posted through their server? Block it by IP and/or URL.
So far, this has done a good enough job for protection. I mainly browse the Web in a VM, and when I take the VM offline and scan the disks with a decent AV program, the scans turn out clean.
This doesn't mean AV is useless. Not using it is similar to leaving the key in the ignition when running into a gas station. However, it would be nice if AV programs could build in functionality similar to AdBlock and block not just by IP, but by URL.
Even in newer cars, the crank action is bogus. For example, newer Fords, when you move the key to the start position and let go, it automatically cranks for a set duration, as opposed to turning the starter motor as long as you have it in that key position. So, essentially it is a push button start, but using the momentary position in "start" as pressing the button. However, turning the key back to "off" does kill the engine.
Personally, I'm neutral. On one hand, the Prius and Nissan keyfobs that just sit in a pocket are cool with one less thing to flip open. On the other hand, having to stick the physical key in the vehicle with a very low power transmitter handling the passive anti-theft access gives a bump in security.
I wonder how much energy is spent doing reverse osmosis desalination. Distillation is very expensive, so even pumping at high pressure will be a lot cheaper in terms of energy than boiling large quantities of water to have it condense somewhere else.
As for the barge mentioned, I wonder if coupling a reverse osmosis plant with a reactor (the US Navy has perfected smaller marine reactors for decades) might just be the ticket. However, I don't know how it would scale to the size needed for a thirsty desert region.
It can be done. Saudi Arabia, the UAE, and Israel get most of their water from desalination plants.
There are always issues of invasive species. Kudzu in the US's south is one. Will reviving extinct species contribute to another ecological disaster like "killer bees", "crazy ants", or fire ants?
Assuming some backhoe resistance on lines, Montana makes sense for data centers. It is well out of the way geographically from the more populated areas, and other than winter, there isn't much in the way of natural disasters that could come that way. As stated above, the cold climate makes it perfect for a data center.
Only downside is that people would have to live quite near the data center if a blizzard happens, but done right, that shouldn't be much of an issue if planned right.
The best solution is not just disks, not just tapes, but a multi-pronged solution.
For example, most drive arrays can replicate asynchronously via a WAN link. This provides protection against drive failure, but provides no protection against deliberate destruction of data.
One useful tool is D2D2T. Have all the machine data hit a landing zone that is deduplicated. Then, depending on how critical the box is, have that machine's data sent to two sets of tape for long term storage, or just let the machine's data expire on the disk array (for example, a dev machine or a QA box where all one needs is a month at most.) Part of this procedure is a check every so often to suck in a backup set and verify the data on it.
Tape, disk, and cloud storage are all different media types. None of them will magically fix a problem. It takes being able to use what media for the task at hand. D2D2T addresses a lot of issues with tape, including having the availability of backups quite fast if a restore is needed, while having media able to be transported to the nearest Iron Maiden warehouse just in case of a disaster, coupled with an archive of files kept on WORM media to keep the IRS and other regulators happy.
In my experience, tapes are extremely reliable, especially LTO tapes. I've used tens of thousands of tapes in one job, and I have had only a couple tapes fail in that time, and their failure mode were soft (correctable) media errors, and not hard (data is gone) errors.
I do wish Sony or someone would make a consumer level tape drive. Tape isn't stylish, but it does the job quietly and effectively.
MPGe is like MPG... It is cool for advertising, but in the real world... doesn't mean that much. What really counts is both gpm (or l/km) or even more generally, cost per unit distance. For example, new diesel vehicles are touted as great for mileage. However, if one factors in the repair costs, and the need to use DEF as a second fuel, the gap can close between a TDI vehicle versus a hybrid or even a plain old gasser.
This can vary for a person. For example, one cow-orker I work with lives fairly close. So, the relatively small range of a Leaf is good enough, since he never really taxes it. However, if the EV was an only vehicle, it might be that the greater CPM of a gasser might be a better fit.
While I'm not defending Russia, I think there is one reason for this hard-line rhetoric:
Russia has a lot of borders, from Finland in the west to the US in the east. Historically, Russia has learned that the slightest sign of weakness, they get invaded. Hell, even the US went into Russia after WWI (although we did stop Japan from making a major incursion a year or two later.) So, they have a right to be paranoid.
There is a mindset with some of Russia's neighbors, especially near the Middle East: Some of them view strength above anything else. Their world view is that if they are not running from an enemy, they are running at an enemy.
Because of this, and the sagging economy Russia has had, they have to maintain a strong posture, even if it costs them economically. If they don't, Russian land can turn Chinese as easily as Tibet did.
Yes, Russia is scary (especially talking with people who lived life behind the Iron Curtain before the USSR fell), their leadership can be extremely brutal, and it isn't good that we are on the verge of another Cold War, but not many people (especially people in the US) understand the history of Russia and thus their siege mentality mindset.
Expanding on this, how about high schools focusing on life after graduation? Sports and e-sports are a nice sideshow, but a US kid fresh out of high school will be competing for jobs with someone from Germany, China, Chile, or Russia whose government has paid for not just the college education, but likely graduate level work.
I'd probably suggest having trades as an option, be it basic electrical, welding, plumbing, even PC troubleshooting and obtaining certificates in the IT world. None of these are glamorous, but they are needed, and oftentimes, high school is the end of the education run for a lot of people (as college is not affordable, nor does it help in the job market.)
Maybe even a way for students to obtain certificates if they wanted to go into IT. A 18 year old fresh out of high school with a MCSE is likely better off for a lot of work than someone with a CS degree and no certificates. No student loan debt either.
Right now, nothing edible... but better gray water on a tree than a dead tree with local water restrictions. A garden with edibles is different, and I wouldn't be doing this type of system.
I should have clarified things: RSARef is a reference library for RSA. Code for modern symmetric algorithms like AES and such would have to come from somewhere else.
However, RSA's code has seemed to stand the test of time well, so it might be worth using, assuming no licensing issues.
For plants, I'd rather have a garden than a front/back lawn, because it means less to mow, and it puts a (rather limited) resource to use. Plus, I have a grey water reclamation system [1], so having the water go into food production makes more sense than just having it making an end product of grass clippings that go into the city landfill.
For animals, basic sense comes to mind. Chickens go to the avian vet yearly or when sick. If it is respiratory, they get yanked away ASAP. I'm not a farmer, but there are always common sense practices (such as not having a rooster in an urban area) that should be intuitive to anyone.
[1]: Make sure to use a decent, graywater friendly laundry soap.
There is always RSAREF 2.0, which has not had anyone find any major holes in it since 1994. However, it only supports RSA, and not newer algorithms like AES.
I mentioned this elsewhere, but one way the CNP transactions could be addressed would be an e-Ink display. Similar to the card I use for authenticating to PayPal, press the number, enter the six to eight digit code, and send in the transaction. With the fact that e-Ink displays only need power when changing state, the battery powering the display should easily last the life of a card (until it expires.)
With a card having this, a user just enters the numbers on the display in one field, his "CNP" PIN (could be different from the regular PIN in the chip and PIN transaction, or can be identical), and sends that in. Without the number from the display, the transaction won't go through, so it would require the physical presence of the card by the owner -somewhere- for the transaction to work.
Of course, this won't help if someone is mugged and their PIN is given out at knife-point, but muggings and coercing PINs are a weakness with chip and PIN as well.
Now, here is the secondary question: How well vetted/audited will the replacement libraries end up? Disconnecting OpenSSH from OpenSSL does help isolate things, but it also means that there is twice the cryptographic code to sift through in order to ensure security.
I trust the OpenBSD developers and Theo, so IMHO, this is a net security gain.
Maybe for the lost ciphers, it might be good to implement LibreSSL?
Reputation also can have a quantifiable value. For example, if Mallory's exchange has a reputation of $25,000 and Alice/Bob want to do a $30,000 exchange, it might be worth it for Mallory to destroy the reputation of his exchange for the $5000 gained by seizing the transaction.
Part of the reason is that instead of regulation (the "trust us, we are a bank and guaranteed"), reputation is critical to their business. So when SR2 had BitCoins stolen, it was cheaper to replace the lost currency than to lose the reputation they are working on.
I've wondered about just having a small e-Ink display on credit cards similar to the authentication card I use with PayPal/eBay. Press a button, up pops a number, and because e-Ink only needs power when changing state, the battery in the card has lasted a good number of years.
In combination with chip/PIN, this would protect transactions done online (basically turning CNP or card not present transactions into CP, or card present) because the user just enters the number on the card when checking out.
I do agree with the parent poster -- the security on my Gmail or World of Warcraft account is light-years ahead of the security on my credit card account, or even my bank account.
This reminds me of debit cards. Yes, it is quick and fast to just swipe the card, enter a PIN and be off without signatures or waiting days for the amount to stop floating and be debited... but the anti-fraud protection is nowhere near what one finds when one runs transactions via credit card processors.
What I wonder about is if chip/PIN does get compromised, on whose shoulders do the bogus transactions get dropped on. I'm guessing this is decided by who has the fattest wallets.
This has been going on since the days of the US having 120 volt electricity and Europe having 240VAC/50 Hz.
Chip and PIN is a necessity. Without it, the only thing actually preventing fraud are the anti-theft algorithms that banks use to detect out of place transactions and either call the person up for approval, or just put the kibosh on them. Long term, it is a good thing that chip and PIN is making its way here to the US. This will reduce CC fraud by a large amount [1].
[1]: Of course, there will be unexpected consequences. In the 1980s, anti-theft key ignitions stopped wholesale car theft, but what replaced it were carjackings. Same with burglaries being replaced by home invasions. I wouldn't be surprised to see muggings go up (only reason they went down in most areas is because people stopped carrying cash.) However as a whole, it presents a lot higher barrier to criminals succeeding at credit card fraud.