Before you rush to post about how insecure Microsoft is, don't forget that your social security number and financial history were released in a hack of Linux / Apache / Struts.
Funny thing this wasn't a windows hack. FTA: "The group, variously called Morpho, Butterfly and Wild Neutron by security researchers elsewhere, exploited a flaw in the Java programming language to penetrate employees' Apple Macintosh computers and then move to company networks"
Hypothesis: The hack was ordered by the SSA trying to discredit the use of social security numbers as financial credentials, so they could push the government to adopt cryptographically secure credentials for individuals.
You are going to have to expand on that hypothesis for me. I'm not seeing a link to SSA's desire to not use SSN for financial credentials and a hack of an internal Microsoft bug database.
That's why it's a hypothesis - so I don't have to prove it. The feds did ask NIST (I think NIST) to start working on a crypto based replacement for SSNs a couple of weeks ago. The SSA thing came from the post that is one level up in the hierarchy up, which brought up the topic.
>Whether they caused the fatality spike merits study but the circumstantial evidence is substantial,
By that logic, while the fatality rates were falling year on year and the cell phone usage rates were increasing year on year, it was providing substantial circumstantial evidence that cell phone cause the reduction in fatalities.
It's simply not true. You can't infer fact from nonsense like that.
Before you rush to post about how insecure Microsoft is, don't forget that your social security number and financial history were released in a hack of Linux / Apache / Struts.
Funny thing this wasn't a windows hack. FTA: "The group, variously called Morpho, Butterfly and Wild Neutron by security researchers elsewhere, exploited a flaw in the Java programming language to penetrate employees' Apple Macintosh computers and then move to company networks"
Hypothesis: The hack was ordered by the SSA trying to discredit the use of social security numbers as financial credentials, so they could push the government to adopt cryptographically secure credentials for individuals.
>It's not like we don't know which accidents are cell-phone related. But we don't know which road trips without accidents were cell-phone related. How about all the road trips without cell phones? Have the accident rates changed among that group?
There are 4 cases to consider. Considering only one of them is not statistically useful.
we can have the conversation about how road deaths have consistently not tracked cell phone use over many years and there is pretty much no solid statistical evidence that phones increase accidents. They certainly contribute to some accidents, but that's very different to them contributing to higher accident rates. It's entirely possible that map applications reduce accidents by causing people to drive less and to know where they are going to turn before they get there.
Why, when road deaths increase are people quick to blame cell phones? If road deaths go both up and down while cell phone use goes in one direction, that's evidence that they are not directly linked. What about other likely culprits like shorter yellow times at traffic lights? Increased use of speed and intersection cameras causing people to suddenly brake? An increase in politically infuriating radio shows?
People have simplistic minds and no clue about statistical inference.
>What else would you use to encrypt 8-byte long sequence.
I would establish a secured session using authenticated key agreement and use that session to carry all the traffic. If the PCI pixies forbid me from having a secured session, I would randomize it with nonces to achieve what the PAN does without the additional key.
But crypto protocol design is not a solo sport. You do it with a group like minded of cryptographers and implementers so you get it right.
I read the PCI specs once. It was like they wrote a set of thousands of statements and then randomized the order. They are still true, but the structure and purpose it lost.
Of course, I bothered to look at at least one version of the PCI DSS spec:
This means all CDE data must be encrypted as suggested in PCI DSS Requirement 4.1. Section 4.4 described Layer 2 specific wireless encryption protocols such as AES that is used within WPA2 to provide confidentiality and integrity at the wireless link layer. Higher layer encryption methods such as SSL/TLS and IPSEC and could be used to provide endto-end cryptographic protection of card-holder data.
So it *looks* like it may have considered WPA-2 built in encryption sufficient, but 'recommended' TLS/IPSEC.... So contrary to common sense there could be implementations with weakness...
Yet the shiny new PCI-DSS compliant card payment machine we got recently for the store had a sticker on the bottom proudly proclaiming it used triple DES. I shit you not.
Didn't catch the part about GCMP, hopefully for once sluggish wifi implementations being behind the curves mean most are using CCMP.
TKIP should already not be in use for many reasons.
CCMP always had higher security bounds than GCMP. GCMP exists for speed only because it is parallelizable and GCM was initially introduced for ethernet linksec as a workaround for the OCB patents. There is still no compelling reason for GCMP in 802.11. Modern logic is perfectly capable of keeping up with CCMP.
I need a new key made for my Late-ish model Subaru and they say itâ(TM)s $350 just for a key. When I demanded to speak to the manager of the parts and service depot and demanded an explanation they only would say âoeitâ(TM)s more secure than the $2.25 key copy you got with your last car at the hardware store.
Clearly thatâ(TM)s not true at all. Can we somehow sue them for price fixing the key market?
Probably, yes. The replacement key thing is a total shakedown. At least you can clone it now.
We don't define freedom the same in the US as they do in Europe. To the US freedom is not having the government restrict you. To Europeans, it means the freedom from having to worry about their economic status (socialism, basically.) Please don't try to equate the two.
I've lived in both places. I assure you the US government restricts its subjects just as much, and in many cases more than European governments restrict theirs.
I think the real world will be different. These cars will never be clean, be full of graffiti and other stuff like baby poo, animal shit and germs, unless they are cleaned after every trip, which makes them much more expensive.
The nice clean ones will be a little more expensive than most people can comfortably afford, like business class is today.
Slashdot Mirror
> It's nonsensical.
That's because it was a joke. Although with the current government I wouldn't be surprised if it was true.
Which raises the question "Why when you buy a brand new PCI certified payment terminal in 2017, does it still use RSA1024?".
Structured fuzzing is also very effective at finding compiler bugs.
Functional fuzzing is very effective at finding bugs in logical inference.
So PCI certification is approving new devices with both 1024 and 2048?
With RSA1024 according the printouts on our terminal. How many years ago was that deprecated?
>Session between what and what? The PoS terminal and the credit card processor. Isn't that what we were talking about?
Disclaimer, I wrote the software for a PoS once. The shame still haunts me.
Before you rush to post about how insecure Microsoft is, don't forget that your social security number and financial history were released in a hack of Linux / Apache / Struts.
Funny thing this wasn't a windows hack. FTA: "The group, variously called Morpho, Butterfly and Wild Neutron by security researchers elsewhere, exploited a flaw in the Java programming language to penetrate employees' Apple Macintosh computers and then move to company networks"
Hypothesis: The hack was ordered by the SSA trying to discredit the use of social security numbers as financial credentials, so they could push the government to adopt cryptographically secure credentials for individuals.
You are going to have to expand on that hypothesis for me. I'm not seeing a link to SSA's desire to not use SSN for financial credentials and a hack of an internal Microsoft bug database.
That's why it's a hypothesis - so I don't have to prove it. The feds did ask NIST (I think NIST) to start working on a crypto based replacement for SSNs a couple of weeks ago. The SSA thing came from the post that is one level up in the hierarchy up, which brought up the topic.
No. Humans count - they invented mathematics. Deers eat leaves.
>Whether they caused the fatality spike merits study but the circumstantial evidence is substantial,
By that logic, while the fatality rates were falling year on year and the cell phone usage rates were increasing year on year, it was providing substantial circumstantial evidence that cell phone cause the reduction in fatalities.
It's simply not true. You can't infer fact from nonsense like that.
Before you rush to post about how insecure Microsoft is, don't forget that your social security number and financial history were released in a hack of Linux / Apache / Struts.
Funny thing this wasn't a windows hack. FTA: "The group, variously called Morpho, Butterfly and Wild Neutron by security researchers elsewhere, exploited a flaw in the Java programming language to penetrate employees' Apple Macintosh computers and then move to company networks"
Hypothesis: The hack was ordered by the SSA trying to discredit the use of social security numbers as financial credentials, so they could push the government to adopt cryptographically secure credentials for individuals.
>It's not like we don't know which accidents are cell-phone related.
But we don't know which road trips without accidents were cell-phone related.
How about all the road trips without cell phones? Have the accident rates changed among that group?
There are 4 cases to consider. Considering only one of them is not statistically useful.
Either way it doesn't end well for the deer.
Correction:
The poster of TFS has a simplistic mind and no clue about statistical inference.
>Write that shit down. Look at a map before you get in the car. Christ.
Luddite.
we can have the conversation about how road deaths have consistently not tracked cell phone use over many years and there is pretty much no solid statistical evidence that phones increase accidents. They certainly contribute to some accidents, but that's very different to them contributing to higher accident rates. It's entirely possible that map applications reduce accidents by causing people to drive less and to know where they are going to turn before they get there.
Why, when road deaths increase are people quick to blame cell phones? If road deaths go both up and down while cell phone use goes in one direction, that's evidence that they are not directly linked. What about other likely culprits like shorter yellow times at traffic lights? Increased use of speed and intersection cameras causing people to suddenly brake? An increase in politically infuriating radio shows?
People have simplistic minds and no clue about statistical inference.
>What else would you use to encrypt 8-byte long sequence.
I would establish a secured session using authenticated key agreement and use that session to carry all the traffic.
If the PCI pixies forbid me from having a secured session, I would randomize it with nonces to achieve what the PAN does without the additional key.
But crypto protocol design is not a solo sport. You do it with a group like minded of cryptographers and implementers so you get it right.
I read the PCI specs once. It was like they wrote a set of thousands of statements and then randomized the order. They are still true, but the structure and purpose it lost.
Of course, I bothered to look at at least one version of the PCI DSS spec:
This means all CDE data must be encrypted as suggested in PCI DSS
Requirement 4.1. Section 4.4 described Layer 2 specific wireless encryption protocols such as
AES that is used within WPA2 to provide confidentiality and integrity at the wireless link layer.
Higher layer encryption methods such as SSL/TLS and IPSEC and could be used to provide endto-end
cryptographic protection of card-holder data.
So it *looks* like it may have considered WPA-2 built in encryption sufficient, but 'recommended' TLS/IPSEC.... So contrary to common sense there could be implementations with weakness...
Yet the shiny new PCI-DSS compliant card payment machine we got recently for the store had a sticker on the bottom proudly proclaiming it used triple DES. I shit you not.
Didn't catch the part about GCMP, hopefully for once sluggish wifi implementations being behind the curves mean most are using CCMP.
TKIP should already not be in use for many reasons.
CCMP always had higher security bounds than GCMP. GCMP exists for speed only because it is parallelizable and GCM was initially introduced for ethernet linksec as a workaround for the OCB patents. There is still no compelling reason for GCMP in 802.11. Modern logic is perfectly capable of keeping up with CCMP.
I need a new key made for my Late-ish model Subaru and they say itâ(TM)s $350 just for a key. When I demanded to speak to the manager of the parts and service depot and demanded an explanation they only would say âoeitâ(TM)s more secure than the $2.25 key copy you got with your last car at the hardware store.
Clearly thatâ(TM)s not true at all. Can we somehow sue them for price fixing the key market?
Probably, yes. The replacement key thing is a total shakedown. At least you can clone it now.
We don't define freedom the same in the US as they do in Europe. To the US freedom is not having the government restrict you. To Europeans, it means the freedom from having to worry about their economic status (socialism, basically.) Please don't try to equate the two.
I've lived in both places. I assure you the US government restricts its subjects just as much, and in many cases more than European governments restrict theirs.
They have tens of thousands of employees. TFS says they fired hundred of workers. That's a 1 percent-ish firing.
After a period of rapid hiring, you need a firing to get rid of the mistakes.
This sounds like corporate house cleaning.
So can you cook a chuck roast at the same time?
"I don't know. England has been known to make a few nice cars."
Yes, nice cars, yes.
Reliable cars, on the other hand...
LOTUS : Lots Of Trouble, Usually Serious.
Brick machines are tres on topic.
I think the real world will be different. These cars will never be clean, be full of graffiti and other stuff like baby poo, animal shit and germs, unless they are cleaned after every trip, which makes them much more expensive.
The nice clean ones will be a little more expensive than most people can comfortably afford, like business class is today.