How would this work for public wifi? Would you get charged an extra 15 cents on your tab when you pick up your coffee? What about waiting at the airport, would that be an extra 15 cents on your flight?
I have to agree with this. I've been browsing for so long with NoScript and AdBlock that I can't go back. No one should have to endure purple monkeys and flashing balloon animations on their pages.
I agree that there needs to be some penalty for dying, but the combination of factors involved in an EQ style death were just too much. I can't tell you how many times it was late at night and I was off soloing when going LD caused me to log back in at my bind point, naked, with absolutely no way to recover my stuff, time, and xp until the next day when guildies were on. Later on that got a bit better, but you still had to hope that you could find a necro at 3am that was willing to travel to zone x to summon for you. That didn't make me fear going into those places, that just flat out made me angry. There has to be a reasonable balance in the punishment and EQ didn't have it.
I played EQ for 5 years and I can't for the life of me figure out why I and so many people thought 28 minute spawn timers in L Guk was fun, let alone the Ancient Cyclops or Feathermane. Corpse runs were godawful. I can't see any game recreating that sort of horror and being a success now that WoW has done away with that.
I'm going to voice my support of your hypothesis that you living in Norway would have something to do with the diminished amount of stereotypical American comic book nerds you see at your local store.
Having used Sonicwall products in the past, I can believe the results. They weren't the models tested but they were fairly effective for their price and performed well for a fairly small environment (around 100 or so employees). Sourcefire has some nice stuff as well. I'm sure other posters much more experienced with hobbitmon can chime in on the configuration and deployment of that but from what I've seen it was a nice component of home-built threat managers that also had snort and open-source firewalls on them.
I agree in principle, but the fact of the matter is that the sites they're choosing to use to spread that information have some of the most godawful security records. If we're relying on Obama's tweets for information, it's going to suck when some staffer gets hit with a worm while checking out some hot chick's profile and the next thing the rest of the world sees is something akin to Russia being outlawed.
Indeed. This just means that companies receiving R&D money will adjust (lower) their own R&D budget accordingly to increase profits. This works for DHS money as well.
I argue differently. SQL injections, XSS attacks, and drive-by exploits are every bit a part of the botnet problem. Firstly, malware needs a place to exist. This is not only on domains stood up with the express purpose of hosting said malware, but on legitimate compromised webservers.
Secondly, malware and botnet coders are coming up with as many possible exploits that do not involve user interaction through javascript, browser exploits, and unpatched security vulnerabilities. For the remainder there are intensely sophisticated attacks relying on social engineering and reputation hijacking. It's a lot easier to run code on users machine when the webserver is one the user already trusts and has set in a trusted security zone.
The solution to this problem is going to require multinational political agreement. The problem with that is not only is it work, but the countries the criminals reside in have little to no incentive to cooperate. These countries are often poor and have a base of computer science and programming majors with low-paying or no jobs who commit computer crime for the income. It may not be legal, but those people are at least making and spending money making it a heck of a lot more difficult to enlist the host countries help in apprehending them.
This still doesn't address drive by exploits, XSS, SQL injections, or any number of other threats. That being said, vigilantism isn't the approach either. You have to get countries and governments on board, with treaties signed and all that jazz.
You reply just as I'm about to go home!
I don't think they're talking about the card verification code. I'm positive they're talking about PINs aquired through PIN input devices, which are most certainly covered under PCI standards. All primary accounts, debit or credit, must be stored and properly protected through the PCI Data Security Standard , and all PIN Entry Devices are covered under the PCI PED Security Requirements. The PCI SSC is going to be testing all HSMs from here on out as well to ensure PINs are cryptographically protected as they should be.
While you might be right, they'll solve it by giving themselves a pay raise and appointing a Federal Cyber Homeland Banking Czar who'll immediately institute a tax on all bank transactions. Hey, the criminals won't want to steal your money if they have to pay a tax on it, right?
You want the people that think the Internets is a series of tubes and that it has a giant off switch to come up with a way to protect against banking fraud? For fucks sake, the CTO of the White House outsourced IT for the city of DC to Google, and that guy got a promotion! The only thing worse than an inept banking and credit industry is politicans.
Actually, it is. The reason this article is written is because thieves are attacking yet another part of an incredibly weak and out-dated network. You *have* to get everyone from the owner of the gas station to the credit card provider to the Head of the Board at of Deutsche Bank to agree that something has to be done. There have to be tangible policies set down with real penalties to enforce them. This problem is massive and pervasive and financial crooks will attack every exposed system they possibly can to exploit the network. For instance, that little swipey thing? Until the release of PCI 1.2 standards that interface to the cash register wasn't even required to be encrypted. You could hang a dongle off of the serial port on the thing and record all data right there at the register. That's just one tiny, tiny part of a standard that has to be implemented across an entire industry. This problem is technical in nature, yes, but it's not a matter of a protocol not being in place. It's a result of a security policy not even existing.
There's the expense, the lack of technological expertise, the competing standards, and worst of all - the lack of any need for them to institute a set of security standards. Only recently have institutions within the payment card industry been held accountable for lax security. The most notable incident is the infamous TJX hack, in which wireless routers with default passwords and no encryption were exploited to steal thousands of user's data. In order to square things with the end users TJX shelled out millions of dollars and promised to take things more seriously. Escalating security breaches have gotten the vendors to start instituting security standards, but it's far too little too late. They're going to have to rebuild their systems from scratch with security baked in to solve the problem.
Slashdot Mirror
To reserve the right to decide how it gets used in relation to me.
Because it's MY data, sitting encrypted on MY hard drive, in MY house, and I get to decide who gets to see it and how.
How would this work for public wifi? Would you get charged an extra 15 cents on your tab when you pick up your coffee? What about waiting at the airport, would that be an extra 15 cents on your flight?
I have to agree with this. I've been browsing for so long with NoScript and AdBlock that I can't go back. No one should have to endure purple monkeys and flashing balloon animations on their pages.
I agree that there needs to be some penalty for dying, but the combination of factors involved in an EQ style death were just too much. I can't tell you how many times it was late at night and I was off soloing when going LD caused me to log back in at my bind point, naked, with absolutely no way to recover my stuff, time, and xp until the next day when guildies were on. Later on that got a bit better, but you still had to hope that you could find a necro at 3am that was willing to travel to zone x to summon for you. That didn't make me fear going into those places, that just flat out made me angry. There has to be a reasonable balance in the punishment and EQ didn't have it.
I played EQ for 5 years and I can't for the life of me figure out why I and so many people thought 28 minute spawn timers in L Guk was fun, let alone the Ancient Cyclops or Feathermane. Corpse runs were godawful. I can't see any game recreating that sort of horror and being a success now that WoW has done away with that.
Now if only the library and brothel were complimentary, that I would consider progress.
I'm going to voice my support of your hypothesis that you living in Norway would have something to do with the diminished amount of stereotypical American comic book nerds you see at your local store.
Having used Sonicwall products in the past, I can believe the results. They weren't the models tested but they were fairly effective for their price and performed well for a fairly small environment (around 100 or so employees). Sourcefire has some nice stuff as well. I'm sure other posters much more experienced with hobbitmon can chime in on the configuration and deployment of that but from what I've seen it was a nice component of home-built threat managers that also had snort and open-source firewalls on them.
After so many years of hearing "vision" from Sony/Verant I vomit uncontrollably when I hear it used in the context of an MMO.
It's simple, we just have to ask Dr. Manhattan for the lithium. Problem solved.
I agree in principle, but the fact of the matter is that the sites they're choosing to use to spread that information have some of the most godawful security records. If we're relying on Obama's tweets for information, it's going to suck when some staffer gets hit with a worm while checking out some hot chick's profile and the next thing the rest of the world sees is something akin to Russia being outlawed.
Now if only you could figure out a way to convince them that they are your personal army.
Indeed. This just means that companies receiving R&D money will adjust (lower) their own R&D budget accordingly to increase profits. This works for DHS money as well.
I'll either buy it...or I won't.
I argue differently. SQL injections, XSS attacks, and drive-by exploits are every bit a part of the botnet problem. Firstly, malware needs a place to exist. This is not only on domains stood up with the express purpose of hosting said malware, but on legitimate compromised webservers. Secondly, malware and botnet coders are coming up with as many possible exploits that do not involve user interaction through javascript, browser exploits, and unpatched security vulnerabilities. For the remainder there are intensely sophisticated attacks relying on social engineering and reputation hijacking. It's a lot easier to run code on users machine when the webserver is one the user already trusts and has set in a trusted security zone. The solution to this problem is going to require multinational political agreement. The problem with that is not only is it work, but the countries the criminals reside in have little to no incentive to cooperate. These countries are often poor and have a base of computer science and programming majors with low-paying or no jobs who commit computer crime for the income. It may not be legal, but those people are at least making and spending money making it a heck of a lot more difficult to enlist the host countries help in apprehending them.
Good ol' Bobby!
This still doesn't address drive by exploits, XSS, SQL injections, or any number of other threats. That being said, vigilantism isn't the approach either. You have to get countries and governments on board, with treaties signed and all that jazz.
You reply just as I'm about to go home! I don't think they're talking about the card verification code. I'm positive they're talking about PINs aquired through PIN input devices, which are most certainly covered under PCI standards. All primary accounts, debit or credit, must be stored and properly protected through the PCI Data Security Standard , and all PIN Entry Devices are covered under the PCI PED Security Requirements. The PCI SSC is going to be testing all HSMs from here on out as well to ensure PINs are cryptographically protected as they should be.
Start select? That's why I couldn't get that damned code to work, thanks!
While you might be right, they'll solve it by giving themselves a pay raise and appointing a Federal Cyber Homeland Banking Czar who'll immediately institute a tax on all bank transactions. Hey, the criminals won't want to steal your money if they have to pay a tax on it, right?
You want the people that think the Internets is a series of tubes and that it has a giant off switch to come up with a way to protect against banking fraud? For fucks sake, the CTO of the White House outsourced IT for the city of DC to Google, and that guy got a promotion! The only thing worse than an inept banking and credit industry is politicans.
Actually, it is. The reason this article is written is because thieves are attacking yet another part of an incredibly weak and out-dated network. You *have* to get everyone from the owner of the gas station to the credit card provider to the Head of the Board at of Deutsche Bank to agree that something has to be done. There have to be tangible policies set down with real penalties to enforce them. This problem is massive and pervasive and financial crooks will attack every exposed system they possibly can to exploit the network. For instance, that little swipey thing? Until the release of PCI 1.2 standards that interface to the cash register wasn't even required to be encrypted. You could hang a dongle off of the serial port on the thing and record all data right there at the register. That's just one tiny, tiny part of a standard that has to be implemented across an entire industry. This problem is technical in nature, yes, but it's not a matter of a protocol not being in place. It's a result of a security policy not even existing.
That's not "free money", that's a Chief Scamming Officer's bonus.
There's the expense, the lack of technological expertise, the competing standards, and worst of all - the lack of any need for them to institute a set of security standards. Only recently have institutions within the payment card industry been held accountable for lax security. The most notable incident is the infamous TJX hack, in which wireless routers with default passwords and no encryption were exploited to steal thousands of user's data. In order to square things with the end users TJX shelled out millions of dollars and promised to take things more seriously. Escalating security breaches have gotten the vendors to start instituting security standards, but it's far too little too late. They're going to have to rebuild their systems from scratch with security baked in to solve the problem.