Having read a subset of these comments, it seems very much like programmers are using anecdotal evidence to refute doctors who are using anecdotal evidence...
Can anyone please provide some URLs to actual research on memory, intelligence, and the links between the two?
Just out of interest I have asked Ingenico Australia for their comments on this. I've no idea if they will reply, but I am very keen to hear their side of the story.
... which I guess just re-inforces the original point.
I must admit that I haven't tried this, and I am surprised. Such an ability is usually dependant upon the card issuer's processing parameters, and not upon those of the acquirer of the transaction (assuming that one of the major schemes isn't standing in for the transaction, and VISA may require address verification as well). One of these days I'll give it a go with my card.
(By the by, I was also surprised about your mention of attacking the PIN PAD, and obtaining it's master key. PIN PAD's are made for one reason only, and that is to not give up this information. I have been told that the only way this information can be obtained in most cases is to carry out some "scan" of the device to literally watch the electrons as they bounce about - I am no expert, but this is what I was told. If you have time, do you remember the PIN PAD manufacturer/type - Ingenico, Intellect, Bull...?)
It has been interesting following the posts regarding the safety of online banking - I guess this is where the technical ability and interest of most of the "posters" lies - but ATM/POS systems are far less secure. For the most part they depend on technology that is over 15 years old - the mention of the single length DES key is a good example; it will remain in widespread use until the Euro-Mastercard-Visa mandates require triple-DES encryption next year.
However, I think the important point that this raises is that banking is not, nor has it ever really been, that secure. The simple fact is that most banks accept the loss - they know they will be de-frauded/robbed of money, no matter what measures they introduce. (To paraphrase another post "they knew it was insecure, and yet they did it anyway".)
Whilst this offends techies to their deepest of deep-bits, in the end it is not our decision, it is up to the people who hold the purse-strings - I guess this is what actuaries get the big bucks for. (Fraud detection systems are all the rage now; note that the majority of these catch transactions after they are completed, not online. Hotcard the card involved, and issue a new one - this is how they work.)
Banks know that the vast majority of people don't have the cabability to crack them wide open - if they did, there are far easier ways than some of those that I have seen mentioned today. Who cares about SSL when, for example, there is an ATM/POS transaction type specific to "mail/telephone" orders... this doesn't require a PIN, just a number and an expiry date. Anyone can do it. Online shopping and e-commerce is basically just piggy-backing on this transaction type when it hits the back-end "core" systems, or when it is carried out by a VISA/EURO cardholder.
Banks are service providers, consumers demand a service, and as a defensive measure, banks will provide it. The profit in doing it is worth more than the loss from fraud. Not all downtown bricks and mortar banks are secured like the American Fort Knox, remember, it's just not worth it.
Further, limits exist on most credit/debit cards, you can't do 1/1.2 million dollar transactions - on most cards. You have to keep going back, in which case, as fraud detection improves, you'll find that your transactions are noticed much sooner each time. Fraud detection is neural net based, nowadays.
(And by the way, derision for the security employed by the Australian banking system is not really justified. I have been consulting worldwide in the electronic banking industry for the last three years (and worked for 6 years in Australia prior to that), and the ATM/POS network there is, at the very least, consistent with those utilised elsewhere. I'm sure it won't take long for internet banking there to exceed international standards either.)
At the end of the day, locks really do only keep honest people honest.
"2) Literary works, including computer programs and databases, protected by access control mechanisms that fail to permit access because of malfunction, damage or obsoleteness."
A couple of questions:
- Does a compiled computer program have a form of access control applied, that is, the actual compilation itself? (For the vast majority of the population this presents a barrier to their accessing the source.)
- If a computer program malfunctions, does the person who has licensed that program become excempt from this law, and have the right to reverse-compile that program in order to fix it (assuming they have the ability, of course)?
The obvious example here is the Windows 2000 bug barring a user from logging on following the installation of 128-bit security - but could this extend to any bug/malfunction? Or are you still bound by the initial license agreement barring reverse-compilation?
Slashdot Mirror
I've forgotten, who is the most obese country in the world? ... enjoy the forthcoming recession.
Oh, and speaking of rich countries
Having read a subset of these comments, it seems very much like programmers are using anecdotal evidence to refute doctors who are using anecdotal evidence
Can anyone please provide some URLs to actual research on memory, intelligence, and the links between the two?
Just out of interest I have asked Ingenico Australia for their comments on this. I've no idea if they will reply, but I am very keen to hear their side of the story.
I must admit that I haven't tried this, and I am surprised. Such an ability is usually dependant upon the card issuer's processing parameters, and not upon those of the acquirer of the transaction (assuming that one of the major schemes isn't standing in for the transaction, and VISA may require address verification as well). One of these days I'll give it a go with my card.
(By the by, I was also surprised about your mention of attacking the PIN PAD, and obtaining it's master key. PIN PAD's are made for one reason only, and that is to not give up this information. I have been told that the only way this information can be obtained in most cases is to carry out some "scan" of the device to literally watch the electrons as they bounce about - I am no expert, but this is what I was told. If you have time, do you remember the PIN PAD manufacturer/type - Ingenico, Intellect, Bull
You jumped in before I had a chance
It has been interesting following the posts regarding the safety of online banking - I guess this is where the technical ability and interest of most of the "posters" lies - but ATM/POS systems are far less secure. For the most part they depend on technology that is over 15 years old - the mention of the single length DES key is a good example; it will remain in widespread use until the Euro-Mastercard-Visa mandates require triple-DES encryption next year.
However, I think the important point that this raises is that banking is not, nor has it ever really been, that secure. The simple fact is that most banks accept the loss - they know they will be de-frauded/robbed of money, no matter what measures they introduce. (To paraphrase another post "they knew it was insecure, and yet they did it anyway".)
Whilst this offends techies to their deepest of deep-bits, in the end it is not our decision, it is up to the people who hold the purse-strings - I guess this is what actuaries get the big bucks for. (Fraud detection systems are all the rage now; note that the majority of these catch transactions after they are completed, not online. Hotcard the card involved, and issue a new one - this is how they work.)
Banks know that the vast majority of people don't have the cabability to crack them wide open - if they did, there are far easier ways than some of those that I have seen mentioned today. Who cares about SSL when, for example, there is an ATM/POS transaction type specific to "mail/telephone" orders
Banks are service providers, consumers demand a service, and as a defensive measure, banks will provide it. The profit in doing it is worth more than the loss from fraud. Not all downtown bricks and mortar banks are secured like the American Fort Knox, remember, it's just not worth it.
Further, limits exist on most credit/debit cards, you can't do 1/1.2 million dollar transactions - on most cards. You have to keep going back, in which case, as fraud detection improves, you'll find that your transactions are noticed much sooner each time. Fraud detection is neural net based, nowadays.
(And by the way, derision for the security employed by the Australian banking system is not really justified. I have been consulting worldwide in the electronic banking industry for the last three years (and worked for 6 years in Australia prior to that), and the ATM/POS network there is, at the very least, consistent with those utilised elsewhere. I'm sure it won't take long for internet banking there to exceed international standards either.)
At the end of the day, locks really do only keep honest people honest.
"2) Literary works, including computer programs and databases, protected by access control mechanisms that fail to permit access because of malfunction, damage or obsoleteness."
A couple of questions:
- Does a compiled computer program have a form of access control applied, that is, the actual compilation itself? (For the vast majority of the population this presents a barrier to their accessing the source.)
- If a computer program malfunctions, does the person who has licensed that program become excempt from this law, and have the right to reverse-compile that program in order to fix it (assuming they have the ability, of course)?
The obvious example here is the Windows 2000 bug barring a user from logging on following the installation of 128-bit security - but could this extend to any bug/malfunction? Or are you still bound by the initial license agreement barring reverse-compilation?