I'm not saying it proves it was a spy front or not. I'm saying you are drawing conclusions based on incomplete information. If you are interested, perhaps you want to read more about it in his book.
FWIW, there is more to it than having eggs, this is just a quote. As I recall, they were selling the eggs below cost, and there were other signs it was not a normal restaurant.
If you haven't seen people doing degrading things (presumably for money) on the Internet, you haven't surfed far, or your definition of 'degraded' is an outlier. I don't think anyone in this discussion would feel differently if it was gay porn, so I'm not sure how hypocrisy or misogyny come in to it.
My neighbors leave their wifi open. Any suggestions on limiting access to this?
Aside from tinfoil wall paper. I have an extra WAP, is there a wifi jamming utility?
I think you have some misconceptions about PCI. "At best", I have seen PCI make companies improve firewall rules, secure WLANs, and encrypt your plaintext credit card numbers (for starters).
If someone has told you that PCI requires using a 3rd party provider for public networks, you should get a second opinion. I have never seen that required or implemented.
Similarly, your firewall problem seems specific to your implementation. PCI requires firewalls between public networks and the cardholder data environment. Internal firewalls are not required, but are usually used to limit the scope of PCI. You don't want to make your CEO or secretary's computer PCI compliant, so you use firewalls to isolate only the systems in the cardholder data environment. You don't -have- to do this, but it makes things easier. I don't understand specifically what you mean by "a concentrated firewall and internet provider hub", but it does not sound like something required by PCI. Although it may have been a system designed by your organization to make compliance easier.
An economic loss to who? In the past, some merchants have not had firewalls and sent cardholder data over FTP on the Internet, because it was 'too expensive' to do otherwise.
PCI may be a loss for the merchant (cost of doing business), but an overall gain if it prevents loss to the card brands or consumers.
The problem is the entire infrastructure that pretends certain data is secret (PAN, track, CVV2), but makes you provide it to everyone for a purchase. The answer is to use smartcards, so that even if they intercept the data, they can't use it for purchases. We have strong systems, if they will just deploy them.
This has driven down crime in the UK with their Chip and PIN system.
Here in the states, the industry is pushing ahead with encrypting magnetic stripe readers, but that still does not protect you if the attacker taps into the read head before it is encrypted.
I saw a device inside a gas pump in California two years ago. It was the size of a pack of gum, and made specifically to plug into the pump's cables. Small ICs, a pro job.
And it's quite accurate: nothing can guarantee security.
FTFY. There is no perfect security. I don't know anyone that says PCI compliance guarantees you are secure. But it is an indication of the controls you have in place protecting cardholder data.
For instance, hiring a licensed, bonded plumber doesn't guarantee they won't screw something up. But your chances of a good outcome are a lot better.
Really? So it works for 30 year olds, probably? Are there any, say, facts you are basing this conclusion on? Any reasoning?
Your post seems to say that drugs that work on younger people generally don't work on older people, or people with health problems. Can you give some other examples of this general rule? Maybe some other scientific studies?
I took my driod to europe, and the GPS tools ("GPS Status") would never get coordinates. I think this is because I did not have a data plan there; it worked once while i was connected to wifi. I bought a program made for storing maps to use w/o a data connection ("GPS Save and Go"), and it did not work either.
I just want an app to do gps waypoints I can go to and return to, but nothing on andriod seems to do this.
Really? The entire point of the submission is that the post does not have any authority. Do you just make this post on any website using the word czar?
Sorry if you were using sarcasm and I couldn't differentiate from a wingnut.
Have you never seen those pictures of obese mothers in the 3rd world with starving, emaciated children?
Uh, no, I haven't. The mothers are always bone-thin in the pictures I've seen of Africa. When I see obese mothers, they usually have either normal or fat little kids.
Meanwhile, the things that really mattered were left virtually untouched. I don't even know how many times something was completely and utterly screwed up by someone, somewhere in the company... and we couldn't even figure out who did it because there were no logs of what had happened, or because the logs pointed to a shared account that anybody could have used. My account on the actual card processing front-end system was watched like a hawk, however, nobody would ever have noticed if I'd downloaded a database dump from the FTP server and made off with it.
I'm not sure if you are joking, but by this statement alone I can tell you were not PCI compliant, whether you were certified or not. Full logging is a requirement, it has an entire section of the PCI standard. Shared accounts are prohibited. And FTP? In a compliant cardholder data environment? Not likely.
Perhaps you were actually doing 'Auditing Theater', where you pretend to be audited, and buy a cert from a small company that isn't actually validating your systems.
That said, I have personally found software written by payment processing companies that write unencrypted cardholder data to disk. Until PCI, it seems that the most common way of interfacing to payment gateway software was writing plaintext files to disk. I can't tell you how many clients were heart-broken when I explained that they may not use FTP any more. Or merchants I visited and found were literally keeping transaction data for years (millions of credit card numbers) in unencrypted files.
On the balance, as a credit card holder, I'm glad for PCI.
PCI is crap, because it's only really meant to be a way to cover your ass if something goes wrong. I see you skimmed the headlines of PCI compliance, and a lot of it is either just common sense or plain bullshit.
The vast majority of organizations were not doing these 'common sense' controls. I've been in orgs where the IT department wanted and tried to increase security, but had no budget until PCI required it.
Slashdot Mirror
Thanks for posting, I had to skim a lot of replies before finding some informed opinions.
PA-DSS (a PCI standard) requires code review by someone other than the original author, who has training in secure coding practices.
I'm not saying it proves it was a spy front or not. I'm saying you are drawing conclusions based on incomplete information. If you are interested, perhaps you want to read more about it in his book.
FWIW, there is more to it than having eggs, this is just a quote. As I recall, they were selling the eggs below cost, and there were other signs it was not a normal restaurant.
The black egg anecdote was in Ira's 2005 book, 'Spies Among Us', which I do not recommend except for some of the stories like that.
If you need to ask that, you don't understand the problem. Try reading up on the broken window fallacy.
If you need to ask that, perhaps you need to read up on this.
Obviously it is a small economical loss to the merchant, but it prevents much larger losses by others. This is called an externality.
If you haven't seen people doing degrading things (presumably for money) on the Internet, you haven't surfed far, or your definition of 'degraded' is an outlier. I don't think anyone in this discussion would feel differently if it was gay porn, so I'm not sure how hypocrisy or misogyny come in to it.
My neighbors leave their wifi open. Any suggestions on limiting access to this? Aside from tinfoil wall paper. I have an extra WAP, is there a wifi jamming utility?
I know level 1 merchants and service providers that are using virtualization. You may want to look into that further.
I think you have some misconceptions about PCI. "At best", I have seen PCI make companies improve firewall rules, secure WLANs, and encrypt your plaintext credit card numbers (for starters).
If someone has told you that PCI requires using a 3rd party provider for public networks, you should get a second opinion. I have never seen that required or implemented.
Similarly, your firewall problem seems specific to your implementation. PCI requires firewalls between public networks and the cardholder data environment. Internal firewalls are not required, but are usually used to limit the scope of PCI. You don't want to make your CEO or secretary's computer PCI compliant, so you use firewalls to isolate only the systems in the cardholder data environment. You don't -have- to do this, but it makes things easier. I don't understand specifically what you mean by "a concentrated firewall and internet provider hub", but it does not sound like something required by PCI. Although it may have been a system designed by your organization to make compliance easier.
PCI may be a loss for the merchant (cost of doing business), but an overall gain if it prevents loss to the card brands or consumers.
This has driven down crime in the UK with their Chip and PIN system.
Here in the states, the industry is pushing ahead with encrypting magnetic stripe readers, but that still does not protect you if the attacker taps into the read head before it is encrypted.
I saw a device inside a gas pump in California two years ago. It was the size of a pack of gum, and made specifically to plug into the pump's cables. Small ICs, a pro job.
And it's quite accurate: nothing can guarantee security.
FTFY. There is no perfect security. I don't know anyone that says PCI compliance guarantees you are secure. But it is an indication of the controls you have in place protecting cardholder data.
For instance, hiring a licensed, bonded plumber doesn't guarantee they won't screw something up. But your chances of a good outcome are a lot better.
Also: Make sure your PIN is only 4 digits, some places do not accept longer PINs.
That is close to militant agnostic: "I don't know and you don't either."
Your post seems to say that drugs that work on younger people generally don't work on older people, or people with health problems. Can you give some other examples of this general rule? Maybe some other scientific studies?
Does the droid GPS -require- a data connection?
I took my driod to europe, and the GPS tools ("GPS Status") would never get coordinates. I think this is because I did not have a data plan there; it worked once while i was connected to wifi. I bought a program made for storing maps to use w/o a data connection ("GPS Save and Go"), and it did not work either.
I just want an app to do gps waypoints I can go to and return to, but nothing on andriod seems to do this.
Sorry if you were using sarcasm and I couldn't differentiate from a wingnut.
Password Gorilla is compatible, and works on OSX and other platforms.
http://www.fpx.de/fp/Software/Gorilla/
"Now Available for Microsoft Windows, Mac OS X, Linux, Solaris, *BSD, etc.
Free, Open Source Software!"
City = Settlement + 3 ore + 2 wheat
Have you never seen those pictures of obese mothers in the 3rd world with starving, emaciated children?
Uh, no, I haven't. The mothers are always bone-thin in the pictures I've seen of Africa. When I see obese mothers, they usually have either normal or fat little kids.
The encryption scheme will usually have a MAC, hash, or other check so that it knows when the message was successfully decrypted.
http://en.wikipedia.org/wiki/Message_authentication_code
Meanwhile, the things that really mattered were left virtually untouched. I don't even know how many times something was completely and utterly screwed up by someone, somewhere in the company... and we couldn't even figure out who did it because there were no logs of what had happened, or because the logs pointed to a shared account that anybody could have used. My account on the actual card processing front-end system was watched like a hawk, however, nobody would ever have noticed if I'd downloaded a database dump from the FTP server and made off with it.
I'm not sure if you are joking, but by this statement alone I can tell you were not PCI compliant, whether you were certified or not. Full logging is a requirement, it has an entire section of the PCI standard. Shared accounts are prohibited. And FTP? In a compliant cardholder data environment? Not likely.
Perhaps you were actually doing 'Auditing Theater', where you pretend to be audited, and buy a cert from a small company that isn't actually validating your systems.
I work for a PCI assessment company.
That said, I have personally found software written by payment processing companies that write unencrypted cardholder data to disk. Until PCI, it seems that the most common way of interfacing to payment gateway software was writing plaintext files to disk. I can't tell you how many clients were heart-broken when I explained that they may not use FTP any more. Or merchants I visited and found were literally keeping transaction data for years (millions of credit card numbers) in unencrypted files.
On the balance, as a credit card holder, I'm glad for PCI.
PCI is crap, because it's only really meant to be a way to cover your ass if something goes wrong. I see you skimmed the headlines of PCI compliance, and a lot of it is either just common sense or plain bullshit.
The vast majority of organizations were not doing these 'common sense' controls. I've been in orgs where the IT department wanted and tried to increase security, but had no budget until PCI required it.