Slashdot Mirror


User: Nursie

Nursie's activity in the archive.

Stories
0
Comments
4,686
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,686

  1. Re:Any advancement? on Credit Card Security Standard Issued · · Score: 1

    "Could people stop talking about Europe as if it was one place."

    "When making online purchases it works the same all over the world"

    Head asplode with irony!

    Evidently not - a lot of places in the UK are now using Verified by Visa, a system that takes you off the vendor site to Visa (or your card issuer's) site to enter a password, so that they can authorise (or not) the transaction based on that.

  2. Re:Any advancement? on Credit Card Security Standard Issued · · Score: 1

    GSM/Sim cards and EMV credit cards are a different game. On the better (more modern) cards there is a cryptographic processor with its own set of private keys, that cannot be read off, that perform various authentication operations.

    I used to work in EMV and I know what you can do with custom programmable cards and card reader/writers. Unless you have the card private key you cannot clone them.

    "Maybe in the USA you have those authentication and authorisation features"

    I thought we were talking about why smart cards were good and how the USA should adopt them. Maybe in the USA YOU don't have those features! :)
    I'm British and in London. Everywhere takes EMV now and PIN is part of every transaction. You're right that online the "Verified by Visa" support is lacking from a lot of places.

    The technology is *mostly* there, but as I say - it's got gaping holes as long as somewhere in the world there is a merchant or bank that will take a card with a signature and magnetic strip. That and getting better roll-out of online protections.

  3. Re:Any advancement? on Credit Card Security Standard Issued · · Score: 2, Informative

    *very very very hard way to physically clone a CC/DC;

    Done. Chip and Pin (or EMV as it should be known) makes it pretty impossible without an electron microscope.

    * very very very strong encryption in communication;

    Done. EMV cards use RSA to encrypt comms between themselves and the bank. Nobody else gets to read it. Online purchases are down to your e-tailer and their setup. Check your browser security bar.

    * user-changeable authentication and authorisation, so it won't be enough to have just a copy of the data printed on the CC sides to make a purchase on internet.

    You can easily change your PIN in a lot of places with EMV, and for online purchases there are now a lot of places using the "Verified by Visa" (or similar mastercard initiative) to take you through authentication directly with your card issuer, with a user-set password, before the transaction can take place.

    The main problem with ALL of this is back compatibility and legacy systems. The moment you introduce all this good stuff but then say "but if it's not available then fall back to unverified, unencrypted, magnetic processing" then you've introduced the capacity for major fraud again.

  4. Re:But when will consumers see additional security on Credit Card Security Standard Issued · · Score: 3, Interesting

    "Credit card companies and banks make money from fraud."

    Not in the UK they don't. Oh sure, they probably have it insured, but until recently the liability for loss (where they couldn't prove the merchant or customer was complicit and don't catch anyone) was all theirs. This is because they supply the tech, they mandate the schemes, they set the standards.

    EMV goes some way to what you want, there is encrypted information sent between the card and the issuing bank that nobody else can read, but is dependant upon PIN. The biggest hole in the scheme is that you are still allowed to fall back to magnetic strip transactions in some places. They tend to be where the fraud is done now.

  5. Re:But when will consumers see additional security on Credit Card Security Standard Issued · · Score: 1

    I'm not convinced RFID makes much sense really.

    With chip'n'pin there is cryptographic processing going on on the card to verify it's not being lied to by the shop or the bank. With RFID.... a number gets returned. Not so useful.

    If you're referring to wireless EMV (or similar) then that's different, but is usually still going to be in card form.

  6. Re:One of the most widely used languages? on C# In-Depth · · Score: 1

    Have you noticed it's really difficult to search for jobs in plain old C?

  7. Re:a bunch of questions on C# In-Depth · · Score: 1

    It may once have been, but it's sitting down at number 20 on the sources I've seen.

  8. Re:a bunch of questions on C# In-Depth · · Score: 1

    It's not old stats - http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html

    Bang up to date in fact. The thing is that the world of production quality programming is very different to either the slashdot community (always excited over the next Big Thing(TM)) or university (very forward looking, though giving a grounding in current tech).

    The world of industry is slow. It's also a hell of a lot bigger than just microsoft windows.

  9. Re:Finances & Conflict on Blizzard Awarded $6M Damages From MMOGlider · · Score: 1

    Except that in an RTS the struggle to gain money is part of the game that makes the rest a struggle and rewarding, whereas in WoW it seems like it's the whole game, and you're gonna get beaten by people who can dedicate more hours to it than is sane.

  10. Re:One of the most widely used languages? on C# In-Depth · · Score: 1

    "No, but it is up there with them "

    I'm afraid it's not really. They are the top three languages. C# comes in at number 8, after Perl, PHP, Python and VB

  11. Re:a bunch of questions on C# In-Depth · · Score: 5, Informative

    8th most widely used.

    After Java, C, C++, Visual Basic, Python, Perl and PHP. It just beats out javascript, below that you get into the obscure languages.

  12. Re:C# is not the most widely used comp language on C# In-Depth · · Score: 2, Informative

    Apparently Java is the top dog today.

    My personal favourite, good 'ol C is in second place. C# was in at number 8, and seems actually to be on the decline.

  13. Re:Natural device? on Removing CO2 From the Air Efficiently · · Score: 1

    Sure about that?

    I'm pretty sure a lot of it becomes soil and bits of other trees and stuff. It's not like trees evaporate the moment they die!

  14. Re:Enough already with this "the cloud" BS on Sending Excess Load To the Cloud? · · Score: 1

    My apologies if I've offended, it's just that use of buzzwords annoys me. I've looked at Xen, and VMWare and they're great products, but this is really no different from "Virtual Datacentre" or Virtual Hosting.

    Cloud is an annoying term that actually obscures what's going on, and what's going on is already well understood.

    Much like "Web 2.0", imho. Meaningless on its own, describing things that are already in place and, despite having slowly evolved to the present state with no overt revolutions, seem to suddenly need a new name.

  15. Re:Enough already with this "the cloud" BS on Sending Excess Load To the Cloud? · · Score: 1

    Sounds pretty cool. It seems that Mosix relies on multi-process programming to acheive scalability for any particular application. That's fine (there are lots of ways of doing it and distributed/parallel programming is not as hard as people make out), but it's not the sort of magic that the cloud seems to be touting.

  16. Re:The C word on Sending Excess Load To the Cloud? · · Score: 1

    I strongly agree.

    It's a really annoying buzzword that seems to cover everything from VMWare to mainframes, to Beowulf clusters, SAN technology....

    What is the fscking cloud?

    Also, are all the offerings he mentions targeted at people running web applications anyway?

  17. Re:Enough already with this "the cloud" BS on Sending Excess Load To the Cloud? · · Score: 2, Insightful

    Data availability - Data replication across multiple sites. Not new.
    Data portability - How is this new. And please don't try to pretend that the use of IMAP by GMail is in any way innovative.

    Resource expandability/shrinkability - This just isn't available outside of the mainframe world. Unless you've written software for some sort of funky cluster thing (unlikely) then the cloud is something like VMWare ESX, and the maximum expansion you're ever going to get is to the size/capabilities of a single one of the racks. AFAIK it's not possible at this time to have a single OS image (of a standard OS you program normally for) across multiple x86 machines.

  18. Re:Lack of Advancement, Lack of Experience on The Stigma of a Tech Support Background · · Score: 1

    The support taint is this -

    He got a degree in computer engineering and then sat in first line support for HOW LONG?

    I'd have moved city to find a better job by now.

  19. Re:Anyone remember audio+data CDs? on PC Historian Finds Puzzling Game Diskette Image · · Score: 1

    Fair enough, it's likely a generational thing - I'm 30 and I shouldn't be old enough to say that though.

    I buy CDs, rip them and then file 'em away, using various computers and portable players to listen to them. I think that's what most of my friends do too.

    I wouldn't call CDs obsolete, I'd call them a good archive format, though these days quite a bulky one.

  20. Re:Anyone remember audio+data CDs? on PC Historian Finds Puzzling Game Diskette Image · · Score: 1

    Umm, they're still quite common. Lots of music is put out with extra stuff (video or DRM) on data tracks at the end. Usually this uses the CD extra format which puts data at the end in a separate (but linked) session.

    The CDROM + audio thing has audio starting with track 2 and is good , but not quite as good because if you put it into a CD player it'll try to play the first track as music and make bad noises.

  21. Re:Not really that hard... on PC Historian Finds Puzzling Game Diskette Image · · Score: 3, Informative

    I thought C64 floppy drives were notoriously hard to emulate because the drive was programmable and the disc often contained a program made to read its own content?

    In which case you could pretty much do what you wanted, loader-program location excepted.

  22. Re:Crypto without a "zeroize" button. on Council Sells Security Hole On Ebay · · Score: 1

    Actually, Cisco reported that they provide extensive instructions on exactly how to do thi sort of thing, and that the blame lies squarely with whatever admin just gave it away.

  23. Re:excuse me??? on Council Sells Security Hole On Ebay · · Score: 4, Insightful

    Actually, I'm suprised that this so-called "Security Expert" plugged it into his network and allowed it to do that without first looking at what went on when he started it up in isolation.

  24. Re:Anyone prefer this to the stock firmware? on After 3 Years, Rockbox 3.0 Released · · Score: 1

    "No it doesn't. All the metadata is embedded in the files, so if you can hack the hash-table, you can certainly deal with repopulating the fs data from the metadata."

    Why the hell would I bother with writing a program to do that? I could just plug a none-mangled device into any other computer and use drag and drop with file names intact. Metadata be damned.

    I'm sorry, but iPod and iTunes do not only not give me what I have already without them, but make life more difficult to do what I want to do. It may not be what everyone wants (or is capable of), but it would not only not add anything to the ease of use of my music collection, but take serious work to get back to where I am without it.

    No thanks.

  25. Re:Anyone prefer this to the stock firmware? on After 3 Years, Rockbox 3.0 Released · · Score: 1

    I care if the files are mangled, because then you can't plug into another computer and drag/drop the files back onto there from what is effectively an external hard drive.

    "Or put another way, to argue about the iPod 'mangling' is the same as arguing about how a FS "obscures" the underlying data... Duh!"

      No, it's not, see above, it limits what you can do with your files.