Slashdot Mirror


User: Darinbob

Darinbob's activity in the archive.

Stories
0
Comments
21,765
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 21,765

  1. Of course, since the constitution only allows the president to work for 3 years out of 4. So says the congress that works for 0 years out of 4.

  2. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    The skimming systems are added as extra transactions to the store in the cases I've read about. Thus the store gets paid back by the banks for more than the customer wanted to pay. It's not a third party that is skimming, but the actual store itself.

  3. Re: Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Right but I can't hand over $20 in cash and then when my bill comes find out that $40 are withdrawn from my account. Cash is vulnerable to physical security, but so are chip and pin cards (because you can't keep that PIN secret if you're entering it in public). I can worry about some thug taking my money, but I generally don't have to worry about the money secretly vanishing while inside a store and wondering where it went. There is a limit to the amount of cash I can lose also, only what I have in my wallet at the time.

    And the smart card makers in the past have not necessarily spent the proper amount of time to ensure it is really secure given how easy some of the hacks have been. It's slightly better thean feel-good security though but it's not great security.

  4. Re:Nice try... on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    As you say the network is often down or not present. The nonces don't help because the stores themselves are not to be trusted. Stores have hacked the chip+pin systems and skimmed from customers. So nothing has really changed here: in the past the banks have accepted as certain percentage of loss from fraud credit cards, and today the banks accept a certain percentage of loss from chip+pin. You're also assuming, possibly naively, that the crypto systems are written to the highest level of security possible, that the machines are designed to the highest standards with respect to security, and so forth. In practice that is too expensive so short cuts are taken as long as the marketing claims otherwise.

  5. Re:How Bout No on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    But, but... using smart phones is cool! You can pay your bill and update your Instagram at the same time! I can hardly believe how uncool old people are.

  6. Re:Yesterday tech coming real soon... on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Chip+pin doens't reduce fraud claims because it doesn't reduce fraud.

  7. Re:Yesterday tech coming real soon... on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    I would not trust a phone to handle anything to do with money, ever. When I see a vendor with an iPad with a credit card reader, I pull out cash instead and use that.

  8. Re:Sigh. on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 0

    But it's not as secure as you think. There are currently ways to hack those systems around the world. You still have the physical security problem though as it's too difficult to hide your PIN from spying. There's a lot of smug elitism to be had though by accusing Americans of being ignorant savages.

  9. Re:chip ? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    "X" has been a shortcut symbol for "Christ" for a thousand years. So saying "Xmas" is not an attack on Christmas like some want to claim.

  10. Re:chip ? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    The mark of the beast, but with a CRC at the end!

  11. Re:chip ? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Because it's not a perfect solution either. Chips are feel good solutions though, let the customer think that they have security.

  12. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Technically we're still supposed to be migrating to metric, as I think that law is still on the books. The snag is that Reagan stopped funding some of the programs. Everyone learns metric in school though, all science here is done in metric, even the UK (technically a part of Europe if you squint) still uses miles, etc. We are not ignorant troglodytes even though it's the current elitist fashion in Europe to laugh at everything in America.

    (seriously, they're going to put up a wall Europe to keep out immigrants before the US does, all the while claiming that the US is full of bigots :-)

  13. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    I've only done it once, and it was at my optometrist and only a few months ago. No where else did it, not even Target which was the damn store with the break in (unrelated to magnetic stripes) that encouraged banks to start re-issuing cards with chips.

  14. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    I don't even know what my PIN is with my card. It was assigned to me a couple decades ago and I've never needed it on a credit card. I got a reissued card a couple years with a chip but it did not come with any separate mail telling me what my PIN was...

  15. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    The signature is supposed to be important. It makes the transaction somewhat legal and a way to detect fraud or mistakes (find a mistake on your monthly bill you can complain to the restaurant and ask them to find your signature, though these days it's easier to just dispute charges with the credit card issuer).

    Personally I have little problem with cash. People hate it because they want everything to be electronic, thus it's more cool.

  16. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Part of the US bag groceries for you, and much of Europe will not bag groceries and think you're some sort of elitist by wanting such service. There are some European countries with high gun ownership. The stop light and stop sign are extremely common in mainland Europe.

    I think there's a disconnect in assuming that teh UK is a typical European country.

  17. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 2

    But what if the shop keeper is skimming off your card? How does the customer know that the chip reader has not been hacked? And yes, this situation has happened.

    Consider the example of the Target stores. The machines were hacked to intercept customer information. The machines did use mag stripes and have since become slightly more secure (Target today does not use the chip reader even though the reason my card was exchanged to have a chip was because of Target!). However the core cause of the breach was not the machines themselves or the magnetic strips but the transfer of the data from end point to back office and on to the credit card company. Customers are given false assurances that they've "fixed" things because they see new machines and have been issued new cards.

    Good security is damned expensive. So businesses only want to deal with "good enough for now" security. The losses due to poor security are smaller than the cost of implementing proper security. The two problems with this thinking is that encourages criminals and when a flaw is discovered it be exploited on a large scale, and the ability to steal from the system become much easier over time as technology changes (mag stripe readers used to be extremely expensive but now are quite affordable).

  18. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Chip and pin suffers from a flawed assumption common in many systems. The assumption that breaking it is too costly for the average person and that any remaining losses will be handled as a cost of business.

    For the mag strip credit cards the banks actually do assume a percentage of loss rather than fix the flaws. For chip and pin they assume that hacking it is too difficult for the average corner shop or quickie mart, except that once someone figures out how that information is easily spread and replicated. Start with a reader with a poor design, figure out its schematics and software, find the hole, and exploit it (some have been hacked unobstrusively by drilling through the potting material from the to reach test points which is not detectable by the customer). Chip and pin systems also rely on an approach used by a lot of smart cards in where they assume it is better to provide absolute physical security rather than improve the cryptography, so you can get buggy algorithms at the same time that there are features to thwart physical tampering.

  19. Re:actually it is really easy on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    I used a mag strip ATM card in Europe quite easily.

  20. Re:Who is still using mag stripes on ATM cards? on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    The chip and pin system can and has been hacked. Use cash when you can.

  21. Re:actually it is really easy on To Secure ATM Transactions: Ditch the Card (securityledger.com) · · Score: 1

    Use a bitcoin and contribute to criminal agencies and support its pyramid scheme. Bitcoin was not designed to be an independent secure alternative to cash or it would have been designed differently.

  22. Media plays up terrorism as the greatest threat. But the odds of being harmed by terrorism is miniscule compared to every day dangers that people become complacent about. Auto accidents, smoking, crossing the street. There's a bigger chance of being injured by lightning.

  23. Re:I must know the other half ... on More Than Half of Americans Think Apple Should Comply With FBI, Finds Pew Survey (theverge.com) · · Score: 1

    And has the DOJ pinky promised to never ask again in the history of the universe? No. It is not a one time only request. It's one time only until the next time. Plus as soon as Apple gives in there are plenty of non-DOJ players in the wings wanting help in their fishing expeditions. The NY DA who has over a hundred phones in a vault wants them cracked even though there's not necessarily any evidence on those phones. Once the precedent is set it becomes very difficult to rein back in police powers to a reasonable level again.

    At the very least we need this to get to the highest court. Right now we have a relatively low level judge making this decision. Apple has every right to fight back and make use of appeals.

  24. Re:Ads == Malware Delivery and Nuisance Content on Google, Yahoo Cry About Ad-Blocking (cnbc.com) · · Score: 1

    Advertising on the internet IS spam. The same people people who sent email spam are some of the same people still working in online advertising today. And they have exactly the same amoral attitude towards it all.

  25. Re:I must know the other half ... on More Than Half of Americans Think Apple Should Comply With FBI, Finds Pew Survey (theverge.com) · · Score: 1

    We do think about privacy though. You can have a functioning democracy without being able to force companies to crack open devices for the government. It's highly unlikely that there's anything on that phone related to geopolitical security. The government is essentially asking for half-assed security that does not limit the criminals or hostile foreign entities that will use the best encryption they can get.