This close vs. open source security issue reminds me of crypto stuff. In crypto world it is good custom to assume that your crypto algo is known and you cannot rely just on fact that nodoby knows which algo exactly you are using.
IMHO the same with closed source - people doesn't see the source code but they can try to reverse engineer the code and even steal the code - in this case all your security goes down the tubes. Remember Morris worm - Morris discovered buffer overflow bug in UNIX sendmail by reading the closed source he had access in DEC and wrote an exploit.
Such things will happen time to time and you will see how many new viruses for Win2K will appear shortly after this leak.
Imagine - crooks don,t need men behing the counter to steal mag stripe data for them, all they need is just a sort-of-wireless-POS (assuming protocol is known or reverse engineered) to get your card data.
I think I'd stick to my old-fashined EMV chip card.
Slashdot Mirror
This close vs. open source security issue reminds me of crypto stuff. In crypto world it is good custom to assume that your crypto algo is known and you cannot rely just on fact that nodoby knows which algo exactly you are using.
IMHO the same with closed source - people doesn't see the source code but they can try to reverse engineer the code and even steal the code - in this case all your security goes down the tubes. Remember Morris worm - Morris discovered buffer overflow bug in UNIX sendmail by reading the closed source he had access in DEC and wrote an exploit.
Such things will happen time to time and you will see how many new viruses for Win2K will appear shortly after this leak.
No sig is a good sig.
Paying big bucks (euros in this case) makes one immune from GPL infringment claims. What the shame ...
Imagine - crooks don,t need men behing the counter to steal mag stripe data for them, all they need is just a sort-of-wireless-POS (assuming protocol is known or reverse engineered) to get your card data. I think I'd stick to my old-fashined EMV chip card.