1) Read up on two-factor. The idea is that both sides authenticate each other.
One way to make card transactions more secure would be to implement something such that bank would generate a random transaction code, you punch it into your card, and it shows you a code to enter. That way you have to actually have the card.
2) CC #s use a checksum. IIRC (its been a while since I played around with the checksum algorithm) it tended to reduce the search space by a factor of 100, i.e. only 1/100 numbers are valid.
You see it as a nuisance, I see it as an opportunity:). Set up a system where you either take their order and pass it on, or some kind of PBX-type thing and actually transfer them to a restaurant with whom you have commission arrangements:).
Of course, you would have to be very careful to make power very low, and do get proper channel re-use. Furthermore, many laptop wifi drivers hang on to an AP for dear life once they've associated, rather than move to one with a stronger signal.
So in theory it *should* work, and its a great idea. In practice, at present, I think it would be a nightmare.
So, people are always wanting to use these things as general purpose computing devices. Is the math still such that it is a good decision (as compared to purchasing standard PCs).
I know of someone who had a little data centre in their basement - a few T1s, a good number of servers. They had friendly visits (friendly being an extremely relative term in this case) from the local police no less than 3 times - you would have thought the police might have gotten it a little bit sooner (i.e. the first time).
Now, if I were to go to one of those real estate agents and say "I can potentially boost your sales (assuming this is their primary lead driver) 3.85% -- all it will take is a few hours of my time to re-design your site in a W3C compliant fashion"...
This particular type of site may be a poor example of that, but it would be very true for other kinds -- e.g. e-commerce.
I know someone who is always getting his cards demagnetized. Rather than figure out why, he decided it would be easier to always leave his original card at home and just carry around a copy he made for himself:).
I know... people are outsouring their telecom needs to so-called "telecom companies"... they outsource their electrical needs to so-called "power companies". Next they will have someone else building their roads!
Hint: It doesn't always make sense to do everything yourself. Not everything needs to be your core competency.
Actually, the part about it not mattering what the old random pad data had isn't quite true - if you don't secure that you reduce your technique to a delay in the ability to access the data (much like 'standard' modern crypto techniques). If it is somehow compromised on its trip then all the information that was sent using it could potentially now be recovered.
But other than that, yes, spot on.... a very good point.
I've actually often thought how our business would be a good one to run if we were identity thieves. Very, very few of our customers have pose any questions about giving us the documents we ask of them. Fortunately, we are not, and we are also very careful with our document retention/storage policies.
I agree ethics in business is important.. witness Worldcom and Enron if you want something more recent than the 1980s.
We don't charge the wads of do some companies do, but I would like to think we are both competent and trustworthy.
But I ask: If you are not going to judge a CA by the procedures they use to issue certificates, then how are you going to judge them (and the certificates they issue, and the holders of those certificates)? I would suggest that there is little else in the way of quantifiable properties that people can go on...
The reason I am not mentioning any URLs or names is that I don't want to be seen as badmouthing competitors, as that isn't the point of my post. I'm against the practice, not the people doing it.
Re: Getting a certificate without a corporation, you don't need one. We are happy to issue SSL certificates to individuals - instead of corporate documents we ask for personal ones (i.e. passport, driver's license, etc.).
Slashdot Mirror
And for the given application (checking for updates periodically), this makes a big difference how?
1) Read up on two-factor. The idea is that both sides authenticate each other.
One way to make card transactions more secure would be to implement something such that bank would generate a random transaction code, you punch it into your card, and it shows you a code to enter. That way you have to actually have the card.
2) CC #s use a checksum. IIRC (its been a while since I played around with the checksum algorithm) it tended to reduce the search space by a factor of 100, i.e. only 1/100 numbers are valid.
Decompiling Java by Godfrey Nolan on Amazon.
Another book on the subject is Covert Java : Techniques for Decompiling, Patching, and Reverse Engineering by Alex Kalinovsky... probably more targetted at those who are already pretty familiar with things and want a more in-depth look.
(Yes, Slashbots, those are affiliate links... that doesn't make them any less useful though, does it?)
Saying they are knowingly breaking the law is assuming a lot of things which may not be true...
Name servers??? Why would they care?
Of all things... name servers... were they trying to find the least bandwidth intensive (usually) type of server?
It also happens to be significantly improved voter turnout.
You see it as a nuisance, I see it as an opportunity :). Set up a system where you either take their order and pass it on, or some kind of PBX-type thing and actually transfer them to a restaurant with whom you have commission arrangements :).
Well, that is what they purport to sell...
I don't know, maybe to educate them. Not to keep them busy... to give them an education. A new concept, I realize...
If that pun was intentional, it was awful. In fact, even if it wasn't...
Of course, you would have to be very careful to make power very low, and do get proper channel re-use. Furthermore, many laptop wifi drivers hang on to an AP for dear life once they've associated, rather than move to one with a stronger signal.
So in theory it *should* work, and its a great idea. In practice, at present, I think it would be a nightmare.
So, people are always wanting to use these things as general purpose computing devices. Is the math still such that it is a good decision (as compared to purchasing standard PCs).
Sell them. Fleabay perhaps?
This does however give a slightly crafty person access to your internal network...
I know of someone who had a little data centre in their basement - a few T1s, a good number of servers. They had friendly visits (friendly being an extremely relative term in this case) from the local police no less than 3 times - you would have thought the police might have gotten it a little bit sooner (i.e. the first time).
Now, if I were to go to one of those real estate agents and say "I can potentially boost your sales (assuming this is their primary lead driver) 3.85% -- all it will take is a few hours of my time to re-design your site in a W3C compliant fashion"...
This particular type of site may be a poor example of that, but it would be very true for other kinds -- e.g. e-commerce.
Corrections: the hacks of which you are aware are few
Let me get this straight: Are you telling me online banking has been outlawed?
Or any other site that uses SSL Certificates? Our customers will be most upset...
So will PayPal, eBay, some webmail people, online grades systems, pretty much any e-commerce site, the list goes on...
Basically any implementation of crypto that achieves perfect forward secrecy?
I know someone who is always getting his cards demagnetized. Rather than figure out why, he decided it would be easier to always leave his original card at home and just carry around a copy he made for himself :).
I know... people are outsouring their telecom needs to so-called "telecom companies"... they outsource their electrical needs to so-called "power companies". Next they will have someone else building their roads!
Hint: It doesn't always make sense to do everything yourself. Not everything needs to be your core competency.
VI@GR@ X@N@X @ND M0R3 ALL 4 FR33
I can see the spam a new trend in spam coming now... get spammed to spam.
Actually, the part about it not mattering what the old random pad data had isn't quite true - if you don't secure that you reduce your technique to a delay in the ability to access the data (much like 'standard' modern crypto techniques). If it is somehow compromised on its trip then all the information that was sent using it could potentially now be recovered.
But other than that, yes, spot on.... a very good point.
I would hope the login gateway that it would redirect to has an SSL certificate? Check the name on the cert.
I've actually often thought how our business would be a good one to run if we were identity thieves. Very, very few of our customers have pose any questions about giving us the documents we ask of them. Fortunately, we are not, and we are also very careful with our document retention/storage policies.
I agree ethics in business is important.. witness Worldcom and Enron if you want something more recent than the 1980s.
We don't charge the wads of do some companies do, but I would like to think we are both competent and trustworthy.
But I ask: If you are not going to judge a CA by the procedures they use to issue certificates, then how are you going to judge them (and the certificates they issue, and the holders of those certificates)? I would suggest that there is little else in the way of quantifiable properties that people can go on...
The reason I am not mentioning any URLs or names is that I don't want to be seen as badmouthing competitors, as that isn't the point of my post. I'm against the practice, not the people doing it.
Re: Getting a certificate without a corporation, you don't need one. We are happy to issue SSL certificates to individuals - instead of corporate documents we ask for personal ones (i.e. passport, driver's license, etc.).