So how much more life does this put into XP's support? And if W7 is going to be breaking some backwards compatibility, how far back will it support natively before you need the virtual machine?
I always thought part of the fun with these kinds of modifications was that you COULD brick it. Nerd danger, yah? While the validity of the letter is in doubt, I would say that if you really want to have Nintendo fix your warranty breaking experiments, you should ask for what their repair costs are before you start, not after. At least then you'd know to save for a 2nd Wii or whatever first.
Well, you're both wrong regarding the spirit of the post. Black Parrot is assuming that it's impossible to find a goat willing to fornicate with TWC. Let me reassure you, Black Parrot, that there are goats out there that will do the task. I'm not saying they won't feel dirty after the fact, but they do have kids to feed.
I think the only real skill the hackers will need to master is being able to get the users, tenured civil servants and their bosses, to stop being security risks. You can't just throw money at this problem thinking that good code will be the end all be all solution. Social engineering is going to remain the #1 way to get stuff done. I say #1 only because practically anybody can do it, no technical skills required at all.
Not exactly. You can do no more than visit a website and have malware load and run on a PC with no intervention.
Really? So all of those multiplatform vulnerabilities for flash and adobe didn't affect Mac? You know, when it's the application rather than the OS leading to your demise?
Interesting thought, though. How well does WINE run malware?
Essentially, this makes it impervious to viruses. Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
No computer system can withstand prolonged exposure to idiot owners. Macs are no exception. Your statement only confirms that:D
No, no, no! A proper evil overlord hideout requires liquid hot magma. A dormant volcano simply won't do.
It only appears dormant as the evil genius has been tapping it to geothermically power various projects. Should somebody in spandex or an impeccable tux come in unexpectedly...
I brought up this topic with some friends and one of them has used software to this effect. It seems to support the pre-inventoried idea in that the keys you get give random quantities of items or amounts. Assuming the key generator in the article is the same, then yes, you've been right (thanks for the conversation. Fun). This fact doesn't really change the fact that theft can occur, but does dramatically increase the possibility that you can buy a pre-used card.
As a consumer I'd rather have Apple take the loss than me. I can't imagine how you could try getting your money back without getting rolling eyes and a canned "no refunds" speech.
The serial number is the checksum used for validation. It's not "live" until it's paid for. Then it gets added to the database rather than being in the database and marked payed for. That's why the Apple cards could be forged. They basically don't know the card number exists until activation. As long as it meets the cryptographic standard set out by the vendor it's fine. If it was a strictly a basis of make one, sell one, then a key generator would be of limited use as it'd be too easy to get numbers that weren't usable. The cards weren't made yet. The approach you give will work, but is distinctly different than what the article outlines.
I think that bribes or outright theft were more likely involved than any particular technical skills. I'm guessing iTunes has it's own online store hosted in China, yes? Or at least the card presses are there, so that means the key for that region is stored on the computer involved with the printing.
Honestly, I think they are. Think of it like this. Each card key is basically an encrypted signature by Apple saying that somebody bought a card worth however much money. Somebody figured out Apple's private key and now is forging signatures so as to defraud the iTunes store. Sure, Apple can revoke the signature (and is probably doing so on the replacement generation of iTunes gift cards), but the problem is they can't invalidate the faked cards as it would cause all the legitimate, paid for, cards to be invalidated as well. One thing I didn't see in the article is if this problem is only in China or applies to other regions as well.
I'm guessing that the key was obtained by simple bribery or theft rather than actual computer skills. Somebody where the cards are printed probably got copies of the important files and sold the data to counterfeiters. I'm sure ask.slashdot.cn had a thread about the best place to sell such information was:P
Are you sure every other gift card works like that? It might just be that "I want Steve Jobs to have my baby" wasn't the best passphrase to secure the encryption.
(I'd like to see your proof on this, even if just for the sake of curiosity.)
Tracking the cards before redemption is different than tracking redeemed cards. If they track everything before shipping it out, then they have to manage one massive database for every card. Add in a second database to manage everything that's been redeemed and then make the two have to sync with each other... headaches. On the other hand, having a secret password of sorts embedded in the code and only having to verify that means you can eliminate the first database.
In security terms, yes. It is more secure to have a list of authorized numbers. It is less work to have have a "secret knock" as it were and just make sure that matches. It's like having an exclusive club where one can get in by saying "Macman sent me" versus having you make a list of everybody that can get in. The first is better for larger groups but allows for some fraud, the second is better for small groups when you can spare the time to verify.
And honestly? Those cards aren't worth anything as is. I'm guessing there's some sort of business tax advantage to having it that way. Anybody familiar with that?
Slashdot Mirror
The term "kickbacks" comes to mind :D
So how much more life does this put into XP's support? And if W7 is going to be breaking some backwards compatibility, how far back will it support natively before you need the virtual machine?
I always thought part of the fun with these kinds of modifications was that you COULD brick it. Nerd danger, yah? While the validity of the letter is in doubt, I would say that if you really want to have Nintendo fix your warranty breaking experiments, you should ask for what their repair costs are before you start, not after. At least then you'd know to save for a 2nd Wii or whatever first.
:D
Well, you're both wrong regarding the spirit of the post. Black Parrot is assuming that it's impossible to find a goat willing to fornicate with TWC. Let me reassure you, Black Parrot, that there are goats out there that will do the task. I'm not saying they won't feel dirty after the fact, but they do have kids to feed.
I think the only real skill the hackers will need to master is being able to get the users, tenured civil servants and their bosses, to stop being security risks. You can't just throw money at this problem thinking that good code will be the end all be all solution. Social engineering is going to remain the #1 way to get stuff done. I say #1 only because practically anybody can do it, no technical skills required at all.
Not exactly. You can do no more than visit a website and have malware load and run on a PC with no intervention.
Really? So all of those multiplatform vulnerabilities for flash and adobe didn't affect Mac? You know, when it's the application rather than the OS leading to your demise?
Interesting thought, though. How well does WINE run malware?
But getting it off a torrent makes you a l337 ninja haxor.
Essentially, this makes it impervious to viruses. Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
No computer system can withstand prolonged exposure to idiot owners. Macs are no exception. Your statement only confirms that :D
... that somebody didn't do it the old fashion way and post that the website host said bad things about Steve Jobs?
If you can only notice how the game looks, the game isn't fun enough.
Great math, but the quote said +/- 80, as in cubic kilometers, not percent.
The internet is only about 2TB once you've removed all the redundant copies of 2g1c and goatse.cx.
Probably some big fish.
They're going to be getting some interesting job applicants, aren't they?
No, no, no! A proper evil overlord hideout requires liquid hot magma. A dormant volcano simply won't do.
It only appears dormant as the evil genius has been tapping it to geothermically power various projects. Should somebody in spandex or an impeccable tux come in unexpectedly...
A games company called Virtual Heroes Inc. developed Pamoja Mtaani, which targets 15 to 19-year-olds .
Why does this seem like something the same people protesting Sexual Education in our American schools, to kids EXACTLY the same age, would support?
I brought up this topic with some friends and one of them has used software to this effect. It seems to support the pre-inventoried idea in that the keys you get give random quantities of items or amounts. Assuming the key generator in the article is the same, then yes, you've been right (thanks for the conversation. Fun). This fact doesn't really change the fact that theft can occur, but does dramatically increase the possibility that you can buy a pre-used card.
As a consumer I'd rather have Apple take the loss than me. I can't imagine how you could try getting your money back without getting rolling eyes and a canned "no refunds" speech.
The serial number is the checksum used for validation. It's not "live" until it's paid for. Then it gets added to the database rather than being in the database and marked payed for. That's why the Apple cards could be forged. They basically don't know the card number exists until activation. As long as it meets the cryptographic standard set out by the vendor it's fine. If it was a strictly a basis of make one, sell one, then a key generator would be of limited use as it'd be too easy to get numbers that weren't usable. The cards weren't made yet. The approach you give will work, but is distinctly different than what the article outlines.
I think that bribes or outright theft were more likely involved than any particular technical skills. I'm guessing iTunes has it's own online store hosted in China, yes? Or at least the card presses are there, so that means the key for that region is stored on the computer involved with the printing.
Honestly, I think they are. Think of it like this. Each card key is basically an encrypted signature by Apple saying that somebody bought a card worth however much money. Somebody figured out Apple's private key and now is forging signatures so as to defraud the iTunes store. Sure, Apple can revoke the signature (and is probably doing so on the replacement generation of iTunes gift cards), but the problem is they can't invalidate the faked cards as it would cause all the legitimate, paid for, cards to be invalidated as well. One thing I didn't see in the article is if this problem is only in China or applies to other regions as well.
:P
I'm guessing that the key was obtained by simple bribery or theft rather than actual computer skills. Somebody where the cards are printed probably got copies of the important files and sold the data to counterfeiters. I'm sure ask.slashdot.cn had a thread about the best place to sell such information was
Are you sure every other gift card works like that? It might just be that "I want Steve Jobs to have my baby" wasn't the best passphrase to secure the encryption.
(I'd like to see your proof on this, even if just for the sake of curiosity.)
I'm sure that there are corrupt retailers that'll activate counterfeit cards for a nominal fee too.
Thank god the pharmaceutical companies gave us child-proof bottles. See how it lead to innovations elsewhere?
Tracking the cards before redemption is different than tracking redeemed cards. If they track everything before shipping it out, then they have to manage one massive database for every card. Add in a second database to manage everything that's been redeemed and then make the two have to sync with each other... headaches. On the other hand, having a secret password of sorts embedded in the code and only having to verify that means you can eliminate the first database.
In security terms, yes. It is more secure to have a list of authorized numbers. It is less work to have have a "secret knock" as it were and just make sure that matches. It's like having an exclusive club where one can get in by saying "Macman sent me" versus having you make a list of everybody that can get in. The first is better for larger groups but allows for some fraud, the second is better for small groups when you can spare the time to verify.
And honestly? Those cards aren't worth anything as is. I'm guessing there's some sort of business tax advantage to having it that way. Anybody familiar with that?