Amazing. I just looked at it at 01:12 (22:12 your time) or so and it's responding again... only the counter is at 2.6 million - it's gotten more than a million hits in the past 24 hours alone. So that's what they mean when the say "/. effect"!
Hmmm, I wonder what he gets if he gets 4 million hits...?
P2P is a bullshit justification. P2P doesn't cause higher ticket prices, market economics does. They'll slap any price on them they can get.
I remember some people complaining about the ticket prices for the Eagles "Hell Freezes Over" tour - which for golden circle were at least as high as these madonna ones (some went in excess of $750 for some shows, IIRC).
That was in 1994.
Concertgoers have been getting fleeced by some (though not all!) big-name acts for a lot longer than P2P has been around.
Re:The problem of nerve impulse conduction
on
An Alternate Human
·
· Score: 1
I would design something that incorporates the best of both worlds... The sensory input and auto-response can be incorporated into a small secondary brain in the cranium, while all the higher-order functions could be handled in the primary brain in the center of the body. Or you could take it even a step further and incorporate the basic/instinctive functions relative to each sensory organ into the organs themselves - so the eye would have its own neural network incorporated within or nearby.
As a matter of fact, I wouldn't be at all surprised to learn that we (v1.0) humans have some distributed sensory response capacity outside the brain itself already.
As far as sensory input response goes, however, I don't think that most functions require the absolute smallest distance. For instance, it's been said that the groin response to sensory input (especially pain) is eight times faster than anywhere else in the body except the eyes, and the groin is hardly the organ closest to the brain...
I agree to a point, but I think that the overall decision about FIPS vs. OSS should be based on your requirements. If you're doing business with the US federal government, for instance, there may well be a strict requirement to use something that is FIPS certified. If you're just doing a small in-house project for a start-up, OTOH, you're probably better off using TruCrypt.
In my mind, it comes down to the following tradeoff: -If you need to know that your data is truly and safely encrypted, use FIPS. The certification is expensive ($50k for each level, IIRC), requires dedicated effort to tackle, and has been scrutinized by very smart people with a very precise goal in a very methodical manner. This makes FIPS a great deal if you need VERY strong evidence to prove to some other entity that your data is well protected.
-However, if you need to be reasonably certain that the government, the corporate who wrote the FIPS software, or any others cannot get to your data by bypassing the crypto or escrowing the keys, you may wish to take the OSS route. TruCrypt in particular is popular, has a strong and demanding user base, and has a relatively low risk of compromise, since those who program it have a vested interest in keeping the code safe.
So in short, I'd say that NIST has the upper hand when it comes to "provable" security, but OSS has the upper hand when it comes to "keeping everybody's hands out of my cookie jar". But the race is neck-and-neck; as a security professional, I would say that either one will most likely meet your needs in most situations.
So let's say, for the sake of argument, that the whole keyspace is tested; i.e., that for an arbitrary key that you create you have gathered the entire range of challenge responses from a particular device and stored each. Is an addition vector an NP problem that wouldn't give up the secrets of the key itself even if all the challenge responses were known?
It would seem that it must be to serve the intended purpose. It's much more damaging to be able to spoof a particular device to other devices than to spoof a response sequence with a single devices, yes? That way you could sell a device to any user that emulates a "2007 sony model XXXXX" to any other device to decrypt the stream in real-time, versus having to buy a "2007 sony model XXXXX" to work with the theoretical gizmo. But all of that would rest on the ability of the addition vector to be reverse-engineered, which I must confess I'm ignorant about.
Ok, so help me out here. Doesn't that reduce the effective keyspace by an order of 2^16? Seems to me that would make a brute-force attack much more practical. (It doesn't matter if you set the first 16, last 16, or any arbitrary (but consistent) combination of bits to zero, it will still reduce the keyspace for all devices by the same amount.)
Of course, I don't know much about the algorithm itself, but from the blog's example, it should be simple to test the validity of any arbitrary key with any device.
Increasing the keyspace as you have suggested would actually make the codes more secure as time went on - but given that there are always going to be those initial devices with 24 instead of 40 bits, those will always be the most attractive target. And it only takes one key, one time, to build a device which can output an unencrypted stream, breaking the whole system catastrophically.
No scientists have set out to prove to Christians that their god doesn't exist.
That why I didn't write "scientists have tried to use it as evidence that there is no God" - I chose my words very carefully. I have many friends and family who are true scientists, some of whom believe in God, some of whom do not. And none of those who do not believe in God are a threat to those who do (and vice versa). Why is this? Because they are not fanatics, ipso facto.
A fanatic is, by definition: "A person marked or motivated by an extreme, unreasoning enthusiasm, as for a cause." Those who try to use evolution as proof that God does not exist often fit that description. Some scientists are fanatics. Some non-scientists are fanatics. Those who try to disprove the existence of God using evolution (which, logically, does not in any way address the issue of the existence of God) are fanatics; they are marked by an extreme, unreasoning enthusism, as for a cause - and that cause is the non-existence of God.
So no, most scientists do not try to use evolution to prove that God does not exist. It's the fanatics that do that.
Not unreasonable, just different. And that was a big part of my original point - that atheism and a belief in God are truly separate but equal belief systems, entirely and logically built on differing fundamental precepts: "There is a God", and "There is not a God".
I have seen enough Christians become atheists, and enough atheists become Christians, to know that a shift in that one precept is enough to change the entire belief structure. We as human beings, in the absence of some great traumatic force (either internal or external, though most assuredly more often external) strive to reinforce those things we already believe. We attempt to shore up our lack of understanding with what we see as solid evidence of our belief. Christians do it and so do athiests.
(I should indicate that I'm using Christians as a nominative pronoun to include all those who believe in a supernatural deity of some sort.)
I can tell you with certainty, based on my own empirical observations, that if you were able, for a month, to honestly believe in the premise that there IS a God, that you would see overwhelming evidence of His existence during that period. It's a very difficult exercise, requires a great deal of thought, and will stretch your brain to nearly the breaking point, but it works. Change that simple precept and accept that there is a God, and you will find Him.
That goes for all the Christians, too. Believe honestly that there is no God, and you'll see all sorts of evidence that He does NOT exist.
Both are very valid viewpoints, and have entirely self-consistent logic systems, though each seems entirely incongruous to the other, because of the difference in precepts.
And this brings me back to my original point in the GGP - as long as atheists and Christians will not accept the other view as a valid one, this argument will continue. Once, it was heliocentrism vs. terracentrism. Today, it's evolution vs. ID. Tomorrow it will be something else. But the fundamental difference, that refusal to accept that both are valid views, will be the catalyst for animosity and war for millenia to come, just as it is today.
"42" Jokes aside, one day, science will be able to answer anything.
Ok, time to jump in here again. I agree that science is capable of answering a lot of questions, including some that to us seem unanswerable. But there are limits - real, logical, provable limits - to what science is able to even address, much less answer.
You can start by reading Gödel's work. He has proven, logically, that there are some things which are unprovable. (Think about that for a minute, it's an amazing concept.) This means that in science and mathematics there will always be some axioms - those things which we know intuitively are true, but which we are unable, by the laws of the systems by which we are constrained, to prove. Don't confuse this with our current abilities, but rather understand that these are the fundamental properties of logic systems. And without stepping outside of those systems, we will never be able to prove what a '+' is, or why the commutative property is what it is, or why a quotient works the way it does. These are axiomatic, and Gödel proves that no matter what, there will always be axioms.
This leads us to realize, in short, that for all science will ever be able to tell us, it will never - by its own constitution - be able to tell us why. It simply isn't part of the nature of logic. And it's also why it is a logical fallacy to think that science, in any form, can replace any fundamental philosophy, even those philosophies we call religions.
In the past, we as humans have applied philosophy to the question of "how" wherever we have lacked science. (Cf. Plato, DesCarte, Nietzsche.) And the more science has answered "how", the less philosophy has needed to answer "how". But science cannot answer "why", and so even when all the "how"s have been answered, we will still have philosophy to answer "why". And the best part is that is the truest, purest form of philosophy there can be, unencumbered and undiluted by any "how".
I hold firmly to the idea that a civilization is only advanced to the point where its average person (or a group of average people) can recreate a concept.
That said, the problem - since the beginning - with Evolution is that fanatics have tried to use it as evidence that there is no God. ID is a social manifestation of Newton's Third Law, where the fanatics on the other side are trying to prove there is.
I have yet to see any evidence whatsoever that ID vs. Evolution is anything but a religious debate. Evolution may be sound scientific principle, and ID may not be - but it doesn't matter a whit, because this debate isn't about science. It's about whether or not there is a God.
This seems a horrendous misapplication of intelligence and faith to me. There should be no debate - Evolution is not inconsistent with the existence of God. If everyone treated it that way, there would be no need for ID.
I disagree. No one is going to bother porting games to OSX for PowerPCs, but I think there will be a great market for OSX-native games on OSX/Intel. Now that it only requires a recompile instead of a complete subsystem rewrite for a lot of code, it should be much easier to port to OSX.
There are also many people who will be buying Intel Macs who won't want to take the time, money, or effort to install XP - they will be a major reason for companies to port games to OSX.
And the best substitute, without a doubt, is to get there as fast as you can and stay until you can speak like a nihonjin.
Seriously, full immersion is really the only way to get a true mastery of a language.
Barring that, the very next best thing is to get a Japanese girlfriend (one who was born and raised there and came here after the age of 12 or so) and get her to tell you as much as possible. (This was advice given to me by a couple of retired NSA guys about learning Korean, though it works for any language.)
Nicely dramatic. But instead of just writing witty retorts, try to think it through.
There's a huge difference between a soup-to-nuts manufacturer that's completely under the control of a foreign government (remember, there is no true private enterprise under Communism) and a component supplier which provides individual pieces which must be incorporated into others' designs.
It's much more difficult (and therefore more risky) for a component manufacturer to try to target government users than it is for a whole system manufacturer with direct GSA contracts.
Remember that the U.S. Government does not usually buy crypto that has been produced overseas, and just put the brakes on the Snort acquisition. This sort of selective purchasing is not without precedent or reason. And until the government has finished their inquisition, it's very reasonable for them not to buy from Lenovo.
Absolutely! This is what the counterintelligence agencies DO!
Seriously, who would be surprised if a Chinese company (remember the Chinese? They're still Communists!!) was encouraged to spy on U.S. Government agencies? To think otherwise is, IMO, incredibly naïve.
Personally, I think Lenovo ought to be barred from selling hardware to the U.S. Government altogether. It's simply not worth the security risk.
Sadly, that's not an iPod-specific phenomenon. (Phenomenon, do-doo do-doo-do, phenomenon, do-doo do-doo!) It generally happens when Bono sings anthing post-Joshua Tree.
Same thing happens with the Red Hot Chili Peppers and anything after "Give it Away".
Now if Apple could fix that with a firmware update, I'd be impressed.
Riiiight. You know as well as I do that for most major corporations, a "little" integrity isn't much in the same way that a "little" neutron star isn't heavy.
That's true to a point. They don't take any direct losses, as far as I know. They are keenly aware, however, that if it gets too painful for the merchants, they will stop accepting VISA, and their market (and revenue) will dry up overnight. That's half the impetus behind the VISA PCI reviews and audits that are sweeping the industry now (the other half being increased customer warm fuzzies). Fewer transactions == less revenue. VISA is literally playing both ends against the center to maximize the number of and value of transactions.
My esteemed uncle, the Grand Vizier of the Carribean National Bank, Doctor Moroawe mBasse, has just passed away, leaving me, some property. I have a nice little island in the Carribean that I need to turn into cash immediately, and I will sell it to you for just $150.00 American. Just send me your bank account login information and Iwill send to you the title right away.
VISA actually requires that merchants, in some circumstances, NOT challenge the person using the card. (Have tou noticed that many merchants won't even ask for a signature for purchases below a set limit now?) Why? Because the cost of turning away potential sales - including fraudulent ones - is many multiples of VISA's cost of lost revenue due to fraudulent activity and theft.
What's more is that merchants, not the credit card issuers or underwriting banks, are the ones ultimately responsible for more than 90% of chargebacks. So if the merchant sells a product to someone using a fake card, and the rightful owner of that card challenges it, the merchant takes the loss, not VISA. So for the most part there's really not a direct reason for VISA to curb fraudulent activity at all.
So security in this case actually leads to loss of sales, and therefore loss of revenue for VISA. The customer is indemnified, VISA and the banks are insulated, and the merchant gets screwed - until they raise their prices to make up for the loss. And even then, it's the customer who bears the ultimate financial burden. IOW, VISA has every incentive to make it easier for people to use their cards, even if that means more identity theft.
Slashdot Mirror
...today a new startup called ShareBear P2P was just formed....film at 11.
Please give more than just the first octet when posting. Film at 11.45.25.164:6346. Thank you.
Amazing. I just looked at it at 01:12 (22:12 your time) or so and it's responding again... only the counter is at 2.6 million - it's gotten more than a million hits in the past 24 hours alone. So that's what they mean when the say "/. effect"!
Hmmm, I wonder what he gets if he gets 4 million hits...?
Counter went over 2m right around 10:03pm EDT on 4/27/06. Just FYI.
No, don't worry - it's only the opposites sketch!
(Though the fact that this show has a website is enough to make me think you are right about the Bizzaro World thing... WTF?)
P2P is a bullshit justification. P2P doesn't cause higher ticket prices, market economics does. They'll slap any price on them they can get.
I remember some people complaining about the ticket prices for the Eagles "Hell Freezes Over" tour - which for golden circle were at least as high as these madonna ones (some went in excess of $750 for some shows, IIRC).
That was in 1994.
Concertgoers have been getting fleeced by some (though not all!) big-name acts for a lot longer than P2P has been around.
I would design something that incorporates the best of both worlds... The sensory input and auto-response can be incorporated into a small secondary brain in the cranium, while all the higher-order functions could be handled in the primary brain in the center of the body. Or you could take it even a step further and incorporate the basic/instinctive functions relative to each sensory organ into the organs themselves - so the eye would have its own neural network incorporated within or nearby.
As a matter of fact, I wouldn't be at all surprised to learn that we (v1.0) humans have some distributed sensory response capacity outside the brain itself already.
As far as sensory input response goes, however, I don't think that most functions require the absolute smallest distance. For instance, it's been said that the groin response to sensory input (especially pain) is eight times faster than anywhere else in the body except the eyes, and the groin is hardly the organ closest to the brain...
I agree to a point, but I think that the overall decision about FIPS vs. OSS should be based on your requirements. If you're doing business with the US federal government, for instance, there may well be a strict requirement to use something that is FIPS certified. If you're just doing a small in-house project for a start-up, OTOH, you're probably better off using TruCrypt.
In my mind, it comes down to the following tradeoff:
-If you need to know that your data is truly and safely encrypted, use FIPS. The certification is expensive ($50k for each level, IIRC), requires dedicated effort to tackle, and has been scrutinized by very smart people with a very precise goal in a very methodical manner. This makes FIPS a great deal if you need VERY strong evidence to prove to some other entity that your data is well protected.
-However, if you need to be reasonably certain that the government, the corporate who wrote the FIPS software, or any others cannot get to your data by bypassing the crypto or escrowing the keys, you may wish to take the OSS route. TruCrypt in particular is popular, has a strong and demanding user base, and has a relatively low risk of compromise, since those who program it have a vested interest in keeping the code safe.
So in short, I'd say that NIST has the upper hand when it comes to "provable" security, but OSS has the upper hand when it comes to "keeping everybody's hands out of my cookie jar". But the race is neck-and-neck; as a security professional, I would say that either one will most likely meet your needs in most situations.
I see what you mean, that makes more sense.
So let's say, for the sake of argument, that the whole keyspace is tested; i.e., that for an arbitrary key that you create you have gathered the entire range of challenge responses from a particular device and stored each. Is an addition vector an NP problem that wouldn't give up the secrets of the key itself even if all the challenge responses were known?
It would seem that it must be to serve the intended purpose. It's much more damaging to be able to spoof a particular device to other devices than to spoof a response sequence with a single devices, yes? That way you could sell a device to any user that emulates a "2007 sony model XXXXX" to any other device to decrypt the stream in real-time, versus having to buy a "2007 sony model XXXXX" to work with the theoretical gizmo. But all of that would rest on the ability of the addition vector to be reverse-engineered, which I must confess I'm ignorant about.
Ok, so help me out here. Doesn't that reduce the effective keyspace by an order of 2^16? Seems to me that would make a brute-force attack much more practical. (It doesn't matter if you set the first 16, last 16, or any arbitrary (but consistent) combination of bits to zero, it will still reduce the keyspace for all devices by the same amount.)
Of course, I don't know much about the algorithm itself, but from the blog's example, it should be simple to test the validity of any arbitrary key with any device.
Increasing the keyspace as you have suggested would actually make the codes more secure as time went on - but given that there are always going to be those initial devices with 24 instead of 40 bits, those will always be the most attractive target. And it only takes one key, one time, to build a device which can output an unencrypted stream, breaking the whole system catastrophically.
Have I got that right?
No scientists have set out to prove to Christians that their god doesn't exist.
That why I didn't write "scientists have tried to use it as evidence that there is no God" - I chose my words very carefully. I have many friends and family who are true scientists, some of whom believe in God, some of whom do not. And none of those who do not believe in God are a threat to those who do (and vice versa). Why is this? Because they are not fanatics, ipso facto.
A fanatic is, by definition: "A person marked or motivated by an extreme, unreasoning enthusiasm, as for a cause." Those who try to use evolution as proof that God does not exist often fit that description. Some scientists are fanatics. Some non-scientists are fanatics. Those who try to disprove the existence of God using evolution (which, logically, does not in any way address the issue of the existence of God) are fanatics; they are marked by an extreme, unreasoning enthusism, as for a cause - and that cause is the non-existence of God.
So no, most scientists do not try to use evolution to prove that God does not exist. It's the fanatics that do that.
Not unreasonable, just different. And that was a big part of my original point - that atheism and a belief in God are truly separate but equal belief systems, entirely and logically built on differing fundamental precepts: "There is a God", and "There is not a God".
I have seen enough Christians become atheists, and enough atheists become Christians, to know that a shift in that one precept is enough to change the entire belief structure. We as human beings, in the absence of some great traumatic force (either internal or external, though most assuredly more often external) strive to reinforce those things we already believe. We attempt to shore up our lack of understanding with what we see as solid evidence of our belief. Christians do it and so do athiests.
(I should indicate that I'm using Christians as a nominative pronoun to include all those who believe in a supernatural deity of some sort.)
I can tell you with certainty, based on my own empirical observations, that if you were able, for a month, to honestly believe in the premise that there IS a God, that you would see overwhelming evidence of His existence during that period. It's a very difficult exercise, requires a great deal of thought, and will stretch your brain to nearly the breaking point, but it works. Change that simple precept and accept that there is a God, and you will find Him.
That goes for all the Christians, too. Believe honestly that there is no God, and you'll see all sorts of evidence that He does NOT exist.
Both are very valid viewpoints, and have entirely self-consistent logic systems, though each seems entirely incongruous to the other, because of the difference in precepts.
And this brings me back to my original point in the GGP - as long as atheists and Christians will not accept the other view as a valid one, this argument will continue. Once, it was heliocentrism vs. terracentrism. Today, it's evolution vs. ID. Tomorrow it will be something else. But the fundamental difference, that refusal to accept that both are valid views, will be the catalyst for animosity and war for millenia to come, just as it is today.
"42" Jokes aside, one day, science will be able to answer anything.
Ok, time to jump in here again. I agree that science is capable of answering a lot of questions, including some that to us seem unanswerable. But there are limits - real, logical, provable limits - to what science is able to even address, much less answer.
You can start by reading Gödel's work. He has proven, logically, that there are some things which are unprovable. (Think about that for a minute, it's an amazing concept.) This means that in science and mathematics there will always be some axioms - those things which we know intuitively are true, but which we are unable, by the laws of the systems by which we are constrained, to prove. Don't confuse this with our current abilities, but rather understand that these are the fundamental properties of logic systems. And without stepping outside of those systems, we will never be able to prove what a '+' is, or why the commutative property is what it is, or why a quotient works the way it does. These are axiomatic, and Gödel proves that no matter what, there will always be axioms.
This leads us to realize, in short, that for all science will ever be able to tell us, it will never - by its own constitution - be able to tell us why. It simply isn't part of the nature of logic. And it's also why it is a logical fallacy to think that science, in any form, can replace any fundamental philosophy, even those philosophies we call religions.
In the past, we as humans have applied philosophy to the question of "how" wherever we have lacked science. (Cf. Plato, DesCarte, Nietzsche.) And the more science has answered "how", the less philosophy has needed to answer "how". But science cannot answer "why", and so even when all the "how"s have been answered, we will still have philosophy to answer "why". And the best part is that is the truest, purest form of philosophy there can be, unencumbered and undiluted by any "how".
I hold firmly to the idea that a civilization is only advanced to the point where its average person (or a group of average people) can recreate a concept.
That said, the problem - since the beginning - with Evolution is that fanatics have tried to use it as evidence that there is no God. ID is a social manifestation of Newton's Third Law, where the fanatics on the other side are trying to prove there is.
I have yet to see any evidence whatsoever that ID vs. Evolution is anything but a religious debate. Evolution may be sound scientific principle, and ID may not be - but it doesn't matter a whit, because this debate isn't about science. It's about whether or not there is a God.
This seems a horrendous misapplication of intelligence and faith to me. There should be no debate - Evolution is not inconsistent with the existence of God. If everyone treated it that way, there would be no need for ID.
I disagree. No one is going to bother porting games to OSX for PowerPCs, but I think there will be a great market for OSX-native games on OSX/Intel. Now that it only requires a recompile instead of a complete subsystem rewrite for a lot of code, it should be much easier to port to OSX.
There are also many people who will be buying Intel Macs who won't want to take the time, money, or effort to install XP - they will be a major reason for companies to port games to OSX.
And the best substitute, without a doubt, is to get there as fast as you can and stay until you can speak like a nihonjin.
Seriously, full immersion is really the only way to get a true mastery of a language.
Barring that, the very next best thing is to get a Japanese girlfriend (one who was born and raised there and came here after the age of 12 or so) and get her to tell you as much as possible. (This was advice given to me by a couple of retired NSA guys about learning Korean, though it works for any language.)
Indeed. That didn't stop them from trying, though - prior to the introduction of computers, Chinese typewriters for a long time had more than 2,000 individual characters on their keyboards. Take a look here:[http://www.msm.cam.ac.uk/phase-trans/2004/HI T4/HIT4-Images/25.jpg%5D and here: [http://acc6.its.brooklyn.cuny.edu/~phalsall/texts /chinlng2.html%5D (at the bottom of the page).
Interestingly, the typists still had to stop and manually write in about every 10th character.
Gotta give them points for tenacity, if nothing else.
...where is my flying car??!?
Nicely dramatic. But instead of just writing witty retorts, try to think it through.
There's a huge difference between a soup-to-nuts manufacturer that's completely under the control of a foreign government (remember, there is no true private enterprise under Communism) and a component supplier which provides individual pieces which must be incorporated into others' designs.
It's much more difficult (and therefore more risky) for a component manufacturer to try to target government users than it is for a whole system manufacturer with direct GSA contracts.
Remember that the U.S. Government does not usually buy crypto that has been produced overseas, and just put the brakes on the Snort acquisition. This sort of selective purchasing is not without precedent or reason. And until the government has finished their inquisition, it's very reasonable for them not to buy from Lenovo.
Absolutely! This is what the counterintelligence agencies DO!
Seriously, who would be surprised if a Chinese company (remember the Chinese? They're still Communists!!) was encouraged to spy on U.S. Government agencies? To think otherwise is, IMO, incredibly naïve.
Personally, I think Lenovo ought to be barred from selling hardware to the U.S. Government altogether. It's simply not worth the security risk.
Sadly, that's not an iPod-specific phenomenon. (Phenomenon, do-doo do-doo-do, phenomenon, do-doo do-doo!) It generally happens when Bono sings anthing post-Joshua Tree.
Same thing happens with the Red Hot Chili Peppers and anything after "Give it Away".
Now if Apple could fix that with a firmware update, I'd be impressed.
You know you're bored at work when you're debating on Slashdot about the plural form of "Lego".
;-)
Hmm, I think you misspelled "anal".
Doesn't take much. Just a little integrity.
Riiiight. You know as well as I do that for most major corporations, a "little" integrity isn't much in the same way that a "little" neutron star isn't heavy.
That's true to a point. They don't take any direct losses, as far as I know. They are keenly aware, however, that if it gets too painful for the merchants, they will stop accepting VISA, and their market (and revenue) will dry up overnight. That's half the impetus behind the VISA PCI reviews and audits that are sweeping the industry now (the other half being increased customer warm fuzzies). Fewer transactions == less revenue. VISA is literally playing both ends against the center to maximize the number of and value of transactions.
Dear Mr. DigitalDC,
My esteemed uncle, the Grand Vizier of the Carribean National Bank, Doctor Moroawe mBasse, has just passed away, leaving me, some property. I have a nice little island in the Carribean that I need to turn into cash immediately, and I will sell it to you for just $150.00 American. Just send me your bank account login information and Iwill send to you the title right away.
Regards,
Mr. Tamuk Nagalanucha
To put it simply: it isn't painful enough.
VISA actually requires that merchants, in some circumstances, NOT challenge the person using the card. (Have tou noticed that many merchants won't even ask for a signature for purchases below a set limit now?) Why? Because the cost of turning away potential sales - including fraudulent ones - is many multiples of VISA's cost of lost revenue due to fraudulent activity and theft.
What's more is that merchants, not the credit card issuers or underwriting banks, are the ones ultimately responsible for more than 90% of chargebacks. So if the merchant sells a product to someone using a fake card, and the rightful owner of that card challenges it, the merchant takes the loss, not VISA. So for the most part there's really not a direct reason for VISA to curb fraudulent activity at all.
So security in this case actually leads to loss of sales, and therefore loss of revenue for VISA. The customer is indemnified, VISA and the banks are insulated, and the merchant gets screwed - until they raise their prices to make up for the loss. And even then, it's the customer who bears the ultimate financial burden. IOW, VISA has every incentive to make it easier for people to use their cards, even if that means more identity theft.