I'm a bit surprised the EU hasn't done any of this. Maybe they're more tolerant of monopolies over there.
Probably because they're afraid that the US would then ban import of random European goods (food, steel, etc) into the US. In world economy, you not only consider who is right or wrong, but also who is strongest... up to a point. Until now, drastic actions are not yet warranted, as the trial in the US seems to be heading into the right direction, and there's no point to trigger a needless economic war. However, in case the situation changed, the EU parliament would certainly examine which option would cause the lesser harm.
I heard MS (or maybe bill gates) has a major stake in one of the worlds largest satellite launching companies.
True, Micro$oft indeed has a largish stake in Measat. However, ironically Measat is right now buying some Linux based software for their digital services (high speed internet) from the largest satellite company in the World... Looks like Microsoft can't even sell their warez to their own subsidiaries.
In conclusion, without knowing the specifics of the Amex messages, if they are at all familar with what I know, it will be very secure, even on an insecure OS (if the OS is secure, then just keep all the info on the chip on the hard disk. Smartcards assume the OS is insecure). Also, I assume that they are windows only, but that could change.
As long as the keyboard connects directly to the reader, and all relevant data (not only the PIN, but also the amount and the account number where the mony should be transferred) are grabbed directly off the keyboard and not relayed through the computer or its insecure OS. If only the PIN is entered that way, a Trojan could still doctor the amount or other parameters.
Re:Attack the clear data stream, not the encrypted
on
A Matter Of Trust?
·
· Score: 1
Neat. I suppose the reader also intercepts the signal when entering the amount and destination for the funds, or else it would still be vulnerable...
Unfortunately, many other smartcard systems aren't that well protected:(
Attack the clear data stream, not the encrypted!
on
A Matter Of Trust?
·
· Score: 1
eing signed, they couldn't modify it
This is unfortunately a common fallacy. The data stream between the smartcard and the network is indeed encrypted, and thus inattackable. However, what is often forgotten is that the data stream between keyboard/mouse and the smartcard is in the clear. A smart trojan would attack that stream, and just tell the card "the user just keyed in an order to pay www.chaos.de $20, please encrypt". There's really no way to protect against that, short of putting a mini-keyboard + display on the card reader itself (it seems that the German "Geldkarte" system is mandating readers like that, but as they are expensive to produce, providers are reluctant to adopt them).
> American Express has their own solution - the "blue" card has an embedded chip, then with a reader hooked up to your PC you actually 'swipe' your own card.
What protocol does the reader use to communicate with your PC? Or is it some sekrit proprietary Winders only thingy? That would be pretty bad, because any additional security given by the chip would be negated by the need to run an insecure OS... Somebody could just Outlook you a Trojan that eavesdrops on the communications between card and PC, and Cc the data to some rogue site.
And btw, isn't "Blue Card" trademarked by Visa (a least, that's what Visa cards are called in France, and yes, the French Visa Cards do have a chip)
Now that wine-1.0 is nearing, will we finally get Lotus Notes' Detach working in wine? This has been an open issue for months now, and alas, wine-20000526 is no better:-(
On a normal day, I get a a couple of hundred hits on my DeCSS site. However, whenever some DeCSS site gets shut down somewhere, or when somebody gets arrested, or when the MPAA wins another injunction, then this number immediately jumps to a couple of thousands hits per day, until it levels off again after a week or so. Really, if the MPAA hadn't bothered, the whole thing would have been long forgotten by now, and everybody would think that CSS just meant "Customer service site" or other such nonsense...
... rather than "Flamebait". After all, it didn't make fun of Micro$hit, it did not praise Open Source (but made fun of the moderation system), and was full of typoes. So, according to its own criteria, it should be flamebait.
There's a way around that: the university only needs to put the phrase "I acknowledge that I am not under duress while signing this agreement", and they are ok. Sounds crazy? Well, then have a look at the papers that some French Grandes Écoles hand their students for signature...
"sportswear for geeks" ?
on
Boo No More
·
· Score: 3
Does anybody else have the impression that there was a slight contradiction in their target audience? What's next: A brick-and-mortar shop that tries to sell wearable computers to jocks?
Indeed, a miscreant could bend them and use them to pick a lock. It's not a bug, Micro$oft is just attempting to be make their tools very similar to their real world equivalents.
> even if Corel gets strapped for cash ( as is becoming increasingly likely) that someone is likely to step in and buy them out, simply because they are a very good deal.
... and even better: the buyer could fire management, which would solve that pesky Cowpland problem too. Maybe we'll see $40 again someday?
... it was plugged in into a multi-socket extension cord, which was plugged in back into itself. No, that luser didn't lie when he said "yes, of course it was plugged in".
> So, what if some unknown person, logged on from a public access PC (such as at a library), downloaded this stuff, then posted it, sans license, on a free website, such as geocities?
> The function of most combo boxes is unclear. Do I type my own string? Do I have to pick one from the list? Can I leave it blank? Have you ever typed a string into a combo box just to find out that the string must match from the list?
This looks more like an application developer's error to me, rather than a problem with combo boxes as such. Maybe, it's because VB attracts so many novice "app developers"... But there are situations where combo-boxes are useful:
Currently, I am developing a Web-based student management system for highschools. On one screen you can define a new student (name, firstname, etc.), and select a class for him. You can select either from the existing classes, or define a new one (if this is the first student of a newly created class). A combo-box would be perfect for this kind of functionality, but unfortunately HTML forms do not have any such item (that I know of...).
As much as I hate Micro$oft (and those who know me know how much I hate them...), I must admit that combo-boxes are one of the rare sensible ideas that they had.
Slashdot Mirror
Probably because they're afraid that the US would then ban import of random European goods (food, steel, etc) into the US. In world economy, you not only consider who is right or wrong, but also who is strongest... up to a point. Until now, drastic actions are not yet warranted, as the trial in the US seems to be heading into the right direction, and there's no point to trigger a needless economic war. However, in case the situation changed, the EU parliament would certainly examine which option would cause the lesser harm.
True, Micro$oft indeed has a largish stake in Measat. However, ironically Measat is right now buying some Linux based software for their digital services (high speed internet) from the largest satellite company in the World... Looks like Microsoft can't even sell their warez to their own subsidiaries.
As long as the keyboard connects directly to the reader, and all relevant data (not only the PIN, but also the amount and the account number where the mony should be transferred) are grabbed directly off the keyboard and not relayed through the computer or its insecure OS. If only the PIN is entered that way, a Trojan could still doctor the amount or other parameters.
Unfortunately, many other smartcard systems aren't that well protected :(
This is unfortunately a common fallacy. The data stream between the smartcard and the network is indeed encrypted, and thus inattackable. However, what is often forgotten is that the data stream between keyboard/mouse and the smartcard is in the clear. A smart trojan would attack that stream, and just tell the card "the user just keyed in an order to pay www.chaos.de $20, please encrypt". There's really no way to protect against that, short of putting a mini-keyboard + display on the card reader itself (it seems that the German "Geldkarte" system is mandating readers like that, but as they are expensive to produce, providers are reluctant to adopt them).
What protocol does the reader use to communicate with your PC? Or is it some sekrit proprietary Winders only thingy? That would be pretty bad, because any additional security given by the chip would be negated by the need to run an insecure OS... Somebody could just Outlook you a Trojan that eavesdrops on the communications between card and PC, and Cc the data to some rogue site.
And btw, isn't "Blue Card" trademarked by Visa (a least, that's what Visa cards are called in France, and yes, the French Visa Cards do have a chip)
But will it swell when stroked?
Now that wine-1.0 is nearing, will we finally get Lotus Notes' Detach working in wine? This has been an open issue for months now, and alas, wine-20000526 is no better :-(
On a normal day, I get a a couple of hundred hits on my DeCSS site. However, whenever some DeCSS site gets shut down somewhere, or when somebody gets arrested, or when the MPAA wins another injunction, then this number immediately jumps to a couple of thousands hits per day, until it levels off again after a week or so. Really, if the MPAA hadn't bothered, the whole thing would have been long forgotten by now, and everybody would think that CSS just meant "Customer service site" or other such nonsense...
Just put it into the nuker for a couple of seconds, and presto: thawed mushy potato, ready to be served!
... rather than "Flamebait". After all, it didn't make fun of Micro$hit, it did not praise Open Source (but made fun of the moderation system), and was full of typoes. So, according to its own criteria, it should be flamebait.
but rather Anderson Consultants kernels.
Maybe Linus should have put an NDA around that README file. Then he would now have grounds to sue Slashdot!
after the big breakup?
There's a way around that: the university only needs to put the phrase "I acknowledge that I am not under duress while signing this agreement", and they are ok. Sounds crazy? Well, then have a look at the papers that some French Grandes Écoles hand their students for signature...
Does anybody else have the impression that there was a slight contradiction in their target audience? What's next: A brick-and-mortar shop that tries to sell wearable computers to jocks?
Indeed, a miscreant could bend them and use them to pick a lock. It's not a bug, Micro$oft is just attempting to be make their tools very similar to their real world equivalents.
... it was plugged in into a multi-socket extension cord, which was plugged in back into itself. No, that luser didn't lie when he said "yes, of course it was plugged in".
Sorry, couldn't resist ;-)
Download it here. It's unzipped, and that pesky footer on each page has been removed too. Enjoy!
... for this puppy. It's the kerbspec file unzipped and without the legal boilerplate.
You're wish has been granted: kerberos.pdf
If that silly text bothers you, check out this copy. It doesn't have the license...
This looks more like an application developer's error to me, rather than a problem with combo boxes as such. Maybe, it's because VB attracts so many novice "app developers"... But there are situations where combo-boxes are useful:
Currently, I am developing a Web-based student management system for highschools. On one screen you can define a new student (name, firstname, etc.), and select a class for him. You can select either from the existing classes, or define a new one (if this is the first student of a newly created class). A combo-box would be perfect for this kind of functionality, but unfortunately HTML forms do not have any such item (that I know of...).
As much as I hate Micro$oft (and those who know me know how much I hate them...), I must admit that combo-boxes are one of the rare sensible ideas that they had.