So how are direct bank transfers validated? This is one of the main uses for ACH, at least in my experience, and the only validation is I can call the bank and reverse any charges after they appear in my statement.
It is indeed wonderful if you think about it. The only reason it works is because there is comparatively very little fraud. A great example of how security works in the real world. As Marcus Ranum wrote once "[security] is only as good as it has to be". There is just enough protection on it to discourage most of the fraud, and we accept the rest. If technology changes and the fraud rate rises to an intolerable level, the system will get updated. But not before then, no matter how much security folks complain.
That is interesting, do you know off hand any good summaries of the differences? I thought the US ACH system was fairly global. Rather parochial of me, I know. I'll Google on it at some point in any case.
I don't want to give you nightmares, but it is horrifying how little security there is on ACH transactions. The whole system relies on the ability to undo transactions to discourage fraud. All anyone needs is the routing and account numbers that are helpfully printed on your checks.
I was once called in for a similar-sounding incident. It turned out to be the guy at the next desk who had the same make/model of wireless keyboard. But to answer your question, the article already answered it.
It was described to me by the computer experts I consulted with afterwards that that was purely an attempt to let me know that they could do that, that they were watching, that they were in my computer.
But it seems like you would have to read the book to get more details on who these experts were.
I just checked using http://centralops.net/co/ over my Verizon mobile phone and sure enough there is the X-UIDH header. Well, this cements my plan to switch carriers in a month when my contract expires. Any tips on moving to a pay-as-you-go plan that lets me keep my phone number?
I agree with you this works in a lot of cases. But it seems to me there are major differences in some of the activity I have read about in these cases. One, the sheer level of bullying, hiding behind the Internet, is very different. Death threats, assault threats, "swatting", and so on. Two, they don't just go away. The mere existence of the target seems to enrage a small group of chumps. The Internet makes it easy for them to get together and harass their victim full time. "Just ignore it and they will go away" isn't good advice when they don't go away.
This summary is a bit hysterical, in the excessively panicked sense. TFA indicates there is a cap on taxes for both individuals and service providers, and this DRAFT bill is likely to contain the same sort of provisions. Of course, whether such a tax is a good idea is up for debate, but statements like "could set back the country's technological development by some 20 years" are ridiculous. Excise taxes already exist on other goods and services without complete disaster.
Did you read the study and find some flaw in the method or conclusions? Or do you have some idea that persons sponsored by organizations you approve of are somehow magically not human (as in subject to bias and cognitive error)? A study isn't credible or not based on who might sponsor it. Sure, sponsorship might indicate that the study should be taken with a grain of salt, but since every result in science should be taken with a grain of salt, what difference does that make? And since the conclusion seems to indicate a bad result for these particular sponsors, do you still think it isn't credible?
I think the role of Chinese lending is overblown. The share of US debt held by China is the largest chunk outside that held by the Federal Reserve, it is true. But that chunk is in the vicinity of 5%.
Did we? Verizon was doing no such thing. Netflix was coming into Verizon over congested links. There was no 'throttle' any more than the government is 'throttling' your car doing your local rush hour. Netflix paid to get a dedicated link, problem solved. It isn't a question of neutrality or 'slow lanes' on the Internet, it is a question of physical limitations trumping wishful thinking.
OK, so if two parties decide to make a huge number of calls to each other and overwhelm the system, who should pay for the extra capacity? Are you saying the phone company should be expected to provide infinite capacity at no additional charge? That doesn't seem in line with physical reality.
You misunderstood the point. If Comcast charges each subscriber an extra $5, for example, in order to pay for Netflix traffic infrastructure, this is undesirable since any given subscriber may or may not be using Netflix. Now, if they had some sort of metering system to only charge Netflix users the extra, well that would violate 'net neutrality'.
This approach is partly why breaches continue to happen. Imagining that somehow many thousands of coders will always do things right over many thousands of projects is the stuff dreams are made of. An actual effective solution would be to provide an environment where the application coder can't screw it up.
Exactly. So many people go in and out of there at all hours, what would be the point of a lock? The article doesn't follow up what this comment was supposed to mean, I thought perhaps it meant there was no way to bar the door in the event of an emergency. Like on TV when a big steel panel descends from the ceiling. I wonder if they have something like that, but it wouldn't surprise me to hear they don't since their plan is to rush the President out of there rather than try to defend an old building/museum.
Slashdot Mirror
So how are direct bank transfers validated? This is one of the main uses for ACH, at least in my experience, and the only validation is I can call the bank and reverse any charges after they appear in my statement.
yours will be a highly rated comment
+1 Accurate
He didn't mention /. posters.
A good point. An obvious case of fraud would get reversed quickly. "Walmart screwed up and charged me twice" could take forever to get reversed.
It is indeed wonderful if you think about it. The only reason it works is because there is comparatively very little fraud. A great example of how security works in the real world. As Marcus Ranum wrote once "[security] is only as good as it has to be". There is just enough protection on it to discourage most of the fraud, and we accept the rest. If technology changes and the fraud rate rises to an intolerable level, the system will get updated. But not before then, no matter how much security folks complain.
That is interesting, do you know off hand any good summaries of the differences? I thought the US ACH system was fairly global. Rather parochial of me, I know. I'll Google on it at some point in any case.
I don't want to give you nightmares, but it is horrifying how little security there is on ACH transactions. The whole system relies on the ability to undo transactions to discourage fraud. All anyone needs is the routing and account numbers that are helpfully printed on your checks.
Probably the whole goal of getting rid of the windows is to shrink the walls an inch so they can cram one more row of seats into the plane.
It was described to me by the computer experts I consulted with afterwards that that was purely an attempt to let me know that they could do that, that they were watching, that they were in my computer.
But it seems like you would have to read the book to get more details on who these experts were.
T-Mobile doesn't, at least as far as I could tell. Not yet at least.
I just checked using http://centralops.net/co/ over my Verizon mobile phone and sure enough there is the X-UIDH header. Well, this cements my plan to switch carriers in a month when my contract expires. Any tips on moving to a pay-as-you-go plan that lets me keep my phone number?
Probably the company heads all voted for secession.
Nuts, sorry, redundant, please mod down. :)
I believe Apple phones now have a function to periodically change their broadcast MAC for this very reason. Does anyone know of a tool for Android that does the same thing?
This sort of reasoned and mature response has no place on the Internet.
I agree with you this works in a lot of cases. But it seems to me there are major differences in some of the activity I have read about in these cases. One, the sheer level of bullying, hiding behind the Internet, is very different. Death threats, assault threats, "swatting", and so on. Two, they don't just go away. The mere existence of the target seems to enrage a small group of chumps. The Internet makes it easy for them to get together and harass their victim full time. "Just ignore it and they will go away" isn't good advice when they don't go away.
This summary is a bit hysterical, in the excessively panicked sense. TFA indicates there is a cap on taxes for both individuals and service providers, and this DRAFT bill is likely to contain the same sort of provisions. Of course, whether such a tax is a good idea is up for debate, but statements like "could set back the country's technological development by some 20 years" are ridiculous. Excise taxes already exist on other goods and services without complete disaster.
Did you read the study and find some flaw in the method or conclusions? Or do you have some idea that persons sponsored by organizations you approve of are somehow magically not human (as in subject to bias and cognitive error)? A study isn't credible or not based on who might sponsor it. Sure, sponsorship might indicate that the study should be taken with a grain of salt, but since every result in science should be taken with a grain of salt, what difference does that make? And since the conclusion seems to indicate a bad result for these particular sponsors, do you still think it isn't credible?
I think the role of Chinese lending is overblown. The share of US debt held by China is the largest chunk outside that held by the Federal Reserve, it is true. But that chunk is in the vicinity of 5%.
Did we? Verizon was doing no such thing. Netflix was coming into Verizon over congested links. There was no 'throttle' any more than the government is 'throttling' your car doing your local rush hour. Netflix paid to get a dedicated link, problem solved. It isn't a question of neutrality or 'slow lanes' on the Internet, it is a question of physical limitations trumping wishful thinking.
OK, so if two parties decide to make a huge number of calls to each other and overwhelm the system, who should pay for the extra capacity? Are you saying the phone company should be expected to provide infinite capacity at no additional charge? That doesn't seem in line with physical reality.
You misunderstood the point. If Comcast charges each subscriber an extra $5, for example, in order to pay for Netflix traffic infrastructure, this is undesirable since any given subscriber may or may not be using Netflix. Now, if they had some sort of metering system to only charge Netflix users the extra, well that would violate 'net neutrality'.
The solution is to use proper coding practices
This approach is partly why breaches continue to happen. Imagining that somehow many thousands of coders will always do things right over many thousands of projects is the stuff dreams are made of. An actual effective solution would be to provide an environment where the application coder can't screw it up.
Perhaps enough crud will accumulate in the current system and the pendulum will swing back to professional reviewers.
Exactly. So many people go in and out of there at all hours, what would be the point of a lock? The article doesn't follow up what this comment was supposed to mean, I thought perhaps it meant there was no way to bar the door in the event of an emergency. Like on TV when a big steel panel descends from the ceiling. I wonder if they have something like that, but it wouldn't surprise me to hear they don't since their plan is to rush the President out of there rather than try to defend an old building/museum.