What should be made clear is how D&D was influenced by these tales. Specifically, in the first volume, "The Dying Earth," magic spells are described laying in the mind like stones on a path, which are dispersed when the spell is used. This is much like the oft-maligned D&D magic system, where you must memorize specific spells, which can't be replaced readily or reallocated to other magical powers.
But don't forget other major influences: DeCamp and Pratt's "Incomplete Enchanter," Leiber's Fafhrd and the Grey Mouser tales, and of course Robert Howard's Conan tales.
I haven't seen any reports of packet-sniff card theft. But then again, it would be single cards, basically small potatoes from the newshound point of view. When compared to the risks of non-online card theft methods (carbon paper, photocopy of credit slips, dumpster diving, cell and cordless phone scanning), the chance of your particular packet getting sniffed seems pretty remote.
I'm constantly surprised by the reports of thefts of millions of card numbers. Why is the card number stored on the web server at all? I would expect that once registered, that only the card type, last few digits and expiration date would be listed, so that (a) the site could say "Is this your card?" and (b) it would know if it needs to get updated card info when the card expires.
Any live link to credit processing is going to be secure -- I hope. I'd be surprised if any merchant card processor wasn't secured. But many online transactions aren't going to be immediately processed: a lot of places don't bill until items ship, or need to negotiate shipping prices, etc.
Joel`
Addenda -- haven't started hacking yet, still researching, and good thing I did.
Turns out that a WH_KEYBOARD hook can't modify the message stream, you have to hook WH_GETMESSAGE, which gets passed the address to the message structure. See support article Q33690 at http://support.microsoft.com
It looks like there's some good starter code for this at
http://www.planethack.org/assemblertut/tut24.htm l
I haven't gotten my development machine close to where the cat is still sitting in its bag, but here's how I'm planning to tackle this in Windoze:
SetWindowsHookEx allows a procedure to snag the message queue. Setting the first parameter to WH_KEYBOARD lets you grab keyboard messages.
The Keyboard Hook routine, KeyboardProc, gets the virtual-key code, the scan code -- which is OEM dependent, a code indicating it's not on the main keyboard, and some other useless flags.
Once I know what the scan code is, and what v-key codes are used for their 'fake' barcode values, it should be possible to
(a) swallow the serial number
(b) keep the context of first, second, third digit
(c) translate the code type (optional?)
(d) translate to the real barcode value
Dunno if this works under NT/2000, and likely things are different under various Unices.
Joel
Whatever happened to SET, and E-sales experience
on
A Matter Of Trust?
·
· Score: 2
Visa and MC were supposed to provide the SET protocol to
lower costs to merchants: the 'discount' rate for Mail Order/Telephone Order sales is typically 1% or more over a brick 'n' mortar store. SET is supposed to eliminate that.
increase security for both the customer and the card issuer (not the merchant - heh)
This was done using a digital certificate for each customer, vetted by the bank. The e-store never gets the credit card number, just various confirmation numbers from the bank, and credit in their account.
Well, it's been several years, and SET still isn't implemented at any major e-commerce site that I know of. The costs SET-compliant software are huge.
I wouldn't shop at any place that is that much of a hassle to order from. Unless I'm assured of a great deal ahead of time, I won't shop from places that (a) require a log-in (esp. with credit card) before I can put the first item in the cart, or (b) aren't up-front with the shipping costs.
Hey - Toys-R-Expensive^h^h^h^h^h^h^h^h^hUs doesn't even use a secure server!
My wife runs a small children's book store on the web, and fraud really hasn't been a problem. We've never had a customer complain about theft, we've never gotten stiffed for a bill, and the couple of customers who tried to reverse a charge after receiving legit merchandise were re-credited to us -- a hassle, but we won.
We did get a pair of orders one day both shipping to the same city in Hungary using US cards. This raised some virtual hackles, and when the customers didn't respond to e-mail, we canceled the order and reported them to the credit card company [hey - where's our reward?].
Admittedly, the major fraud risks are for large ticket items, or direct-download items, from software to smut, none of which we work with (I think the biggest ticket items are under $200 for hardback sets of The Chronicles of Narnia or some such).
Slashdot Mirror
For a fictional account of the far-reaching consequences of q-computing, try Permutation City by Greg Egan.
Let's say that a quantum computer can simulate the results of a computer twice its complexity which simulates a computer twice its complexity...
And the original computer doesn't even need to be on!
Now imagine the virtual worlds within it evolving.
That's just the tip of the iceberg in this story. Accepting the virtual q-computers is a big "if" to swallow, but it all hangs together beautifully.
Read it. Now, before it becomes reality and less interesting.
Joel
What should be made clear is how D&D was influenced by these tales. Specifically, in the first volume, "The Dying Earth," magic spells are described laying in the mind like stones on a path, which are dispersed when the spell is used. This is much like the oft-maligned D&D magic system, where you must memorize specific spells, which can't be replaced readily or reallocated to other magical powers.
But don't forget other major influences: DeCamp and Pratt's "Incomplete Enchanter," Leiber's Fafhrd and the Grey Mouser tales, and of course Robert Howard's Conan tales.
I haven't seen any reports of packet-sniff card theft. But then again, it would be single cards, basically small potatoes from the newshound point of view. When compared to the risks of non-online card theft methods (carbon paper, photocopy of credit slips, dumpster diving, cell and cordless phone scanning), the chance of your particular packet getting sniffed seems pretty remote. I'm constantly surprised by the reports of thefts of millions of card numbers. Why is the card number stored on the web server at all? I would expect that once registered, that only the card type, last few digits and expiration date would be listed, so that (a) the site could say "Is this your card?" and (b) it would know if it needs to get updated card info when the card expires. Any live link to credit processing is going to be secure -- I hope. I'd be surprised if any merchant card processor wasn't secured. But many online transactions aren't going to be immediately processed: a lot of places don't bill until items ship, or need to negotiate shipping prices, etc. Joel`
Addenda -- haven't started hacking yet, still researching, and good thing I did.
m l
Turns out that a WH_KEYBOARD hook can't modify the message stream, you have to hook WH_GETMESSAGE, which gets passed the address to the message structure. See support article Q33690 at http://support.microsoft.com
It looks like there's some good starter code for this at
http://www.planethack.org/assemblertut/tut24.ht
Happy coding
Joel
I haven't gotten my development machine close to where the cat is still sitting in its bag, but here's how I'm planning to tackle this in Windoze:
SetWindowsHookEx allows a procedure to snag the message queue. Setting the first parameter to WH_KEYBOARD lets you grab keyboard messages.
The Keyboard Hook routine, KeyboardProc, gets the virtual-key code, the scan code -- which is OEM dependent, a code indicating it's not on the main keyboard, and some other useless flags.
Once I know what the scan code is, and what v-key codes are used for their 'fake' barcode values, it should be possible to
(a) swallow the serial number
(b) keep the context of first, second, third digit
(c) translate the code type (optional?)
(d) translate to the real barcode value
Dunno if this works under NT/2000, and likely things are different under various Unices.
Joel
Visa and MC were supposed to provide the SET protocol to
This was done using a digital certificate for each customer, vetted by the bank. The e-store never gets the credit card number, just various confirmation numbers from the bank, and credit in their account.
Well, it's been several years, and SET still isn't implemented at any major e-commerce site that I know of. The costs SET-compliant software are huge.
I wouldn't shop at any place that is that much of a hassle to order from. Unless I'm assured of a great deal ahead of time, I won't shop from places that (a) require a log-in (esp. with credit card) before I can put the first item in the cart, or (b) aren't up-front with the shipping costs.
Hey - Toys-R-Expensive^h^h^h^h^h^h^h^h^hUs doesn't even use a secure server!
My wife runs a small children's book store on the web, and fraud really hasn't been a problem. We've never had a customer complain about theft, we've never gotten stiffed for a bill, and the couple of customers who tried to reverse a charge after receiving legit merchandise were re-credited to us -- a hassle, but we won.
We did get a pair of orders one day both shipping to the same city in Hungary using US cards. This raised some virtual hackles, and when the customers didn't respond to e-mail, we canceled the order and reported them to the credit card company [hey - where's our reward?].
Admittedly, the major fraud risks are for large ticket items, or direct-download items, from software to smut, none of which we work with (I think the biggest ticket items are under $200 for hardback sets of The Chronicles of Narnia or some such).
J