OK, so what you're saying is that there's a challenge/response. BFD. So AMEX can verify that it's an AMEX in my wallet. They STILL didn't confirm that *I* am the customer.
RFID's can be read at a distance far greater than 2 inches (obviously, as they are used for inventory at much greater distances), so to pretend that this is secure because of challenge/response is ludicrous. Challenge me, I'll pass along the challenge to an nearby RFID, and respond with their response.
Not to mention that the RFID will blindly answer to all challenges, with responses. Calculating a private key is relatively trivial if I can define the inputs and observe the outputs. That's one of the first attacks that code-breakers will use. Simply send a few thousand challenges, observe the responses, and you have for yourself a nice mapping that can be used to discover the private key.
I walk into Wendy's and buy burgers for the next ten customers. great!!
Oh, and a thief can't steal your "REAL" credit card number, but they can duplicate your RFID, so they never NEED to steal your "REAL" credit card number.
I can create a web page that opens a window with NO menu at the top, buttons, or address bar (pop-ups do this all the time). And then I can have that web page CONTAIN a substitute menu, buttons, and address bar. In that fake address bar, I can write "www.microsoft.com", just like the sample demonstration. Simple exploit. May fool some people. May get them to enter their credit card info.
Better yet... imagine this.... set up a whole www.ammazon.com (sic) site that looks like amazon.com, by retrieving amazon's pages in real time. Then collect credit card info, and never ship the merchandise. It could "look" like amazon, and you'd never notice that you accidentally had a typo when you misspelled "ammazon"! Because "amazon" is in the address bar!
Or have I just revealed YET ANOTHER bug that Microsoft needs to fix?
Re:I think my form of encryption is better
on
RSA-576 Factored
·
· Score: 2, Insightful
It's just a task of minimizing the value to the cracker by making it take as long as possible to get the data, under the thought that it just won't be worth the time.
Why do people always assume that code-breakers will be White Guys?
The article SPECIFICALLY mentions that CARRYING a recording device into a theater, INCLUDING a cellphone is illegal!
The law, which was signed by former Gov. Gray Davis, was written to also include future technologies and could be enforced against people recording all or parts of a film with a tape recorder, handheld computer or even a cell phone.
So no matter how rediculous it is now to think of someone trying to record a movie with a cellphone using today's technology, this law makes it illegal to carry your cell phone into the theater.
The new law, which takes effect Jan. 1, allows moviegoers to make a citizen's arrest if they see someone in a theater with a recording device.
Note that all you need to do is be CARRYING a recording device such as a cell phone, and you are breaking the law. It's a dumb law. Our legislature run amuck. Terrible, terrible restriction on our freedoms.
I may hate when you carry a cell phone in a theater, but I will fight for your right to do so.
I wouldn't assume that a misbehaving system is due to slashdotting.
My buddy's hard drive HAPPENED to crash on 1/1/2000 (hey, someone's had to). He blamed it on Y2K. Maybe it was slashdotted too.
Sorry, non-Americans, when I referred to 1/1, to y'all, that would be reversed... 1/1, that is.
The CORRECT way to implement computer voting is to create a process whereby each time someone votes, the computer creates a mathematical "voting result" string of numbers, such that the voter can literally SEE their vote among the string of numbers. Then as subsequent voters vote, the "voting result" changes, such that others can see their results as well.
The algorithm (not to be confused with Al-Gore-rhythm) must allow ANYONE to tabulate the votes by examining the "voting result" string of numbers, which would be publicly posted. However, it must keep anonimity.
Each voting district's tabulations should be reflected in this "voting result" string of numbers as well. Then you could verify your own result. District supervisors could verify the counts of voters in their district (as compared to the physical counts), and Everyone could compute the winner.
It's not hard. But we need to move away from the pieces of paper idea!
If you are required to provide a social security number for some purpose, consider using 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it.
Bad news: the software platform that the simulation program is written in is suffering from a word-size overrun problem (similar to the IPv4 limits or the Y2K problem). This is called a SCO problem (Simulation Constant Overrun problem).
All the simulation software needs to be re-worked, tested, and certified.
The Lords of the Simulation will be seeking expert programmers to help with the port. If you are available, please post your resume here. (You must sign an SCO non-disclosure, of course).
Well, my "argument" (point) is that people who have been burned will likely buy Microsoft products in the future. And a lot of people have been burned.
You point out that these people haven't learned the correct lesson from their mistake - that staying with the market leader sometimes proves to be wrong. Your point attacks the logic of those burned, and not the logic of mine.
So no, I don't feel that my examples contradict my argument.
Then again, what do I know?... I'm one of those who consistently gets burned!
The reason people will buy or recommend Microsoft may stem from being burned in the past. Your age may determine how many times you were burned...
Real world examples:
"We need to recommend Mac's. Apple was THE FIRST SERIOUS PC, and Mac was the first GUI. It is far superior to anything running on the PC." (1987)
"Novell has 80% of the Network Operating System market. Go with the defacto standard; the industry leader." (1992)
"The Netscape team INVENTED browsing. Deploy Netscape Communicator to the desktop. Their browser and mail client will continue to dominate the desktop." (1996)
"The ONLY serious competitor in palmtop computing is the Palm Pilot. Why consider anything else?" (1998)
You can say it again and again for Apache (market leader, practically invented the market), Java (re-invented the concept of write-once-run-anywhere), home gaming systems, and forty other technologies.
The bottom line is that you better have a GREAT reason to bet against "Dollar Bill". He knows that there's more to the market than superior products (in fact, product superiority is probably low on Microsoft's strategic list, behind good marketing, product interoperability, and spreading Fear, Uncertainty and Doubt).
I think Microsoft's here to stay as long as Bill's driving the ship. Why bet my business by betting AGAINST Gates?
me: But it's hard to argue with a platform that wants MORE freedom
Perhaps if I said "more freedom than we currently have" you wouldn't have lept to the "100% freedom is bad" argument. I am not proposing anarchy. I am saying that our liberties are being eliminated with every law, and it's gone too far.
Please allow me to use your extreme logic back on you:
I'd assume that even as a Centrist you'd agree that if all freedoms were removed, then you'd advocate "MORE freedom". As I said in my original post, "MORE freedom" is what I am advocating, not 100% freedom.
Sounds like you think I should vote for whom I think is the best candidate, regardless of whether I think they can win. I have thought that in the past.
Consider this: Suppose I believe that I am a better candidate than every candidate on the ballot. Using the above logic, I should write in my own name as a write-in candidate. Then I would get one vote - meaning (in my book) that I wasted my vote.
Seems to me that our system (in the USA) encourages each voter to evaluate the candidates who have a reasonable chance of winning, and choosing the better of those. And if there is only one candidate who, in the estimation of the voter, has a chance of winning, THEN he should vote his conscience and try to prop up a third-party. (At least that's my strategy.)
The more I think about it, the more screwed up this system seems to be! (Interestingly, the Free State Project that I mentioned earlier, proposes a voting method that ranks choices. Please don't think of me as a spokesman for the Free State Project - I just found out about it myself on Slashdot several days ago, and I find it intriguing.)
Like I said "pro-drug perception". While I am not a drug user, if I mentioned to my parents that I was Libertarian, and then I joined the party and marched along side of them, I would likely be classified by them as pro-drug.
I think my parents would think I was pro-drug and doing drugs - when really all I am is Pro-freedom on most issues. The drug issue is a little more complicated.
What I am trying to express is that I don't want to be lumped in with all the druggies, just because we both believe in freedom!
Slashdot Mirror
Wasn't this already discussed?
READ THE RFID SPECIFICATION.
OK, so what you're saying is that there's a challenge/response. BFD. So AMEX can verify that it's an AMEX in my wallet. They STILL didn't confirm that *I* am the customer.
RFID's can be read at a distance far greater than 2 inches (obviously, as they are used for inventory at much greater distances), so to pretend that this is secure because of challenge/response is ludicrous. Challenge me, I'll pass along the challenge to an nearby RFID, and respond with their response.
Not to mention that the RFID will blindly answer to all challenges, with responses. Calculating a private key is relatively trivial if I can define the inputs and observe the outputs. That's one of the first attacks that code-breakers will use. Simply send a few thousand challenges, observe the responses, and you have for yourself a nice mapping that can be used to discover the private key.
Good scheme, Sherlock.
I walk into Wendy's and buy burgers for the next ten customers. great!!
Oh, and a thief can't steal your "REAL" credit card number, but they can duplicate your RFID, so they never NEED to steal your "REAL" credit card number.
This needs serious work!
I can create a web page that opens a window with NO menu at the top, buttons, or address bar (pop-ups do this all the time). And then I can have that web page CONTAIN a substitute menu, buttons, and address bar. In that fake address bar, I can write "www.microsoft.com", just like the sample demonstration. Simple exploit. May fool some people. May get them to enter their credit card info.
Better yet... imagine this.... set up a whole www.ammazon.com (sic) site that looks like amazon.com, by retrieving amazon's pages in real time. Then collect credit card info, and never ship the merchandise. It could "look" like amazon, and you'd never notice that you accidentally had a typo when you misspelled "ammazon"! Because "amazon" is in the address bar!
Or have I just revealed YET ANOTHER bug that Microsoft needs to fix?
Why do people always assume that code-breakers will be White Guys?
The law, which was signed by former Gov. Gray Davis, was written to also include future technologies and could be enforced against people recording all or parts of a film with a tape recorder, handheld computer or even a cell phone.
So no matter how rediculous it is now to think of someone trying to record a movie with a cellphone using today's technology, this law makes it illegal to carry your cell phone into the theater.
The new law, which takes effect Jan. 1, allows moviegoers to make a citizen's arrest if they see someone in a theater with a recording device.
Note that all you need to do is be CARRYING a recording device such as a cell phone, and you are breaking the law. It's a dumb law. Our legislature run amuck. Terrible, terrible restriction on our freedoms.
I may hate when you carry a cell phone in a theater, but I will fight for your right to do so.
I wouldn't assume that a misbehaving system is due to slashdotting. My buddy's hard drive HAPPENED to crash on 1/1/2000 (hey, someone's had to). He blamed it on Y2K. Maybe it was slashdotted too. Sorry, non-Americans, when I referred to 1/1, to y'all, that would be reversed... 1/1, that is.
Ein Volk, Ein Reich, Ein Fuhrer - Adolf Hitler
And as we go from one generation of CPUs to another, the heat dissipated by these chips doubles as well.
The algorithm (not to be confused with Al-Gore-rhythm) must allow ANYONE to tabulate the votes by examining the "voting result" string of numbers, which would be publicly posted. However, it must keep anonimity.
Each voting district's tabulations should be reflected in this "voting result" string of numbers as well. Then you could verify your own result. District supervisors could verify the counts of voters in their district (as compared to the physical counts), and Everyone could compute the winner.
It's not hard. But we need to move away from the pieces of paper idea!
Register for free here!
Here are some more articles about the infamous number: Social Security Administration, Snopes Urban Legends (True Story), Wikipedia (whole list of invalidated numbers). Interesting stuff for a Karma whore like me! :)
If you are required to provide a social security number for some purpose, consider using 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it.
See this page.
I don't see the power or water companies giving away the time of day.
In my city, the Time and Temperature phone number IS sponsored by the power company.
All the simulation software needs to be re-worked, tested, and certified.
The Lords of the Simulation will be seeking expert programmers to help with the port. If you are available, please post your resume here. (You must sign an SCO non-disclosure, of course).
All work must be completed by 2012. Please help!
Baseless suits are worth just as much whether you sue for a million or a billion!
Yeah, but... How many library of congresses is this?
just think: "I installed this software to stop my computer from broadcasting an IP address (whatever that is), and it continues to do so."
If you try this at home, please document your efforts at this site.
You point out that these people haven't learned the correct lesson from their mistake - that staying with the market leader sometimes proves to be wrong. Your point attacks the logic of those burned, and not the logic of mine.
So no, I don't feel that my examples contradict my argument.
Then again, what do I know? ... I'm one of those who consistently gets burned!
Real world examples:
"We need to recommend Mac's. Apple was THE FIRST SERIOUS PC, and Mac was the first GUI. It is far superior to anything running on the PC." (1987)
"Novell has 80% of the Network Operating System market. Go with the defacto standard; the industry leader." (1992)
"The Netscape team INVENTED browsing. Deploy Netscape Communicator to the desktop. Their browser and mail client will continue to dominate the desktop." (1996)
"The ONLY serious competitor in palmtop computing is the Palm Pilot. Why consider anything else?" (1998)
You can say it again and again for Apache (market leader, practically invented the market), Java (re-invented the concept of write-once-run-anywhere), home gaming systems, and forty other technologies.
The bottom line is that you better have a GREAT reason to bet against "Dollar Bill". He knows that there's more to the market than superior products (in fact, product superiority is probably low on Microsoft's strategic list, behind good marketing, product interoperability, and spreading Fear, Uncertainty and Doubt).
I think Microsoft's here to stay as long as Bill's driving the ship. Why bet my business by betting AGAINST Gates?
It's collage, as was articulately expressed by the guy with no spellchecker.
Interestingly enough, a collage (according to dictionary.com) is: "A work, such as a literary piece, composed of both borrowed and original material."
So if you go to college, you need to do your own work. But if you go to collage, you can "borrow" work.
Thanks. Now, do you mind joining me when I try to explain that to my parents or kids? :)
Perhaps if I said "more freedom than we currently have" you wouldn't have lept to the "100% freedom is bad" argument. I am not proposing anarchy. I am saying that our liberties are being eliminated with every law, and it's gone too far.
Please allow me to use your extreme logic back on you:
I'd assume that even as a Centrist you'd agree that if all freedoms were removed, then you'd advocate "MORE freedom". As I said in my original post, "MORE freedom" is what I am advocating, not 100% freedom.
What do you think? Am I a master-de-bater?
Consider this: Suppose I believe that I am a better candidate than every candidate on the ballot. Using the above logic, I should write in my own name as a write-in candidate. Then I would get one vote - meaning (in my book) that I wasted my vote.
Seems to me that our system (in the USA) encourages each voter to evaluate the candidates who have a reasonable chance of winning, and choosing the better of those. And if there is only one candidate who, in the estimation of the voter, has a chance of winning, THEN he should vote his conscience and try to prop up a third-party. (At least that's my strategy.)
The more I think about it, the more screwed up this system seems to be! (Interestingly, the Free State Project that I mentioned earlier, proposes a voting method that ranks choices. Please don't think of me as a spokesman for the Free State Project - I just found out about it myself on Slashdot several days ago, and I find it intriguing.)
I think my parents would think I was pro-drug and doing drugs - when really all I am is Pro-freedom on most issues. The drug issue is a little more complicated.
What I am trying to express is that I don't want to be lumped in with all the druggies, just because we both believe in freedom!