1) There are many much more insecure areas (card cloning comes to mind) which already have solutions ( http://www.magtek.com/V2/products/secure-card-reader-authenticators/bullet.asp ), and nearly 0 adoption. Why is everyone suddenly jumping on the fingerprint bandwagon?
2) There is no point in more physical security: The card issuers guarantee the safety of cardholders funds and merchants tend to be very touchy about missing funds (the traditional 30 day lag of AMEX *seriously* affects their market penetration, and there's a massive effort to do statistical fraud analysis at a high level, so truthfully a very basic security at the register is effective, because card fraud stays at a relatively fixed level (it could be even better but that would lead to more false positives and worsen the customer experience)), the cost of the round of hardware upgrades for the whole network far exceeds the cost of fraud.
3) What makes *sense* is to let consumers swipe their own cards so they can have card-present transactions from their own home, in conjunction to card profiling tech like the link above (it builds a 'fingerprint' of the iron filings suspended in your magswipe to preventing cloning).
4) This sounds like an attempt to me to reduce the number of card present transactions (which are much less expensive for the merchant) and make more money by claiming a larger percentage of the transaction and to fuel a round of upgrades at the register, much like when checks switched from magnetic ink to frontal scans (check21), which also had little to do with fraud and was mostly a internal cost reduction as well as eliminating some friction for depositors, but required widespread merchant upgrades(with those upgrades not helping the merchant at all).
5) I'm not sure how PIN security factors in here, since debit pins use an injectable encryption scheme that is performed *on* the pinpad which is injected onto it in a *tightly* controlled process. It is a completely different protocol (at least in the US).
6) There have been a number of transaction network breakins, and I for one (knowing some of the players in this space), would *never* want any kind of data on their servers that could not be reissued.
My personal experience is, if you have an idea you cannot complete yourself, it will be stolen. If the person you were working with needs to solve a problem, they will gravitate towards the best solutions they know, so theft of your best ideas is inevitable. Concentrate on being able to constantly reinventing ideas, and brainstorming new ones. If you try and hold on too tightly to your ideas, you're just dooming yourself to pain and disappointment.
If anything the headline should be "Journalist convinces managers to take support documents offline"
Are routers next?
Because if you want to talk security, you can reset the password and access *all customer data* on the most popular PC transaction software by deleting 1 config file. On every installed system up to current.
*that* is the true state of security in the finacial industry. Security consists of a chain of promises, where if something *does* happen, a chain of fines happens which obscures the impact from the consumer. The insidious reality is it is cheaper to prosecute fraudsters, pay off customers and grease the political, legislative wheels than to actually produce good software. And in an industry where cutting corners is status quo, those who don't can't possibly succeed.
This is why the focus for fraud isn't getting rid of the magnetic swipe technology portfolio, but instead to augment the backend looking for statistical anomolies, and to augment the inherently insecure swipe mechanism with shoehorned technologies (like the new magnetic signature technology), which are logistically impossible to implement nation-wide, but allow the key players to retain thier IP portfolios, investments and clout.
Our system is secure as long as we keep moving our hands and no one looks under all 3 shells at once.
J2EE is a subset of Java, not the whole thing. Any conclusions drawn about J2EE's problems are not problems which spread to J2SE or J2ME. I work in J2SE every day, I think J2EE is overly complex with very little payoff, so I use other solutions where it would be.
But a more specific statement like "PDAs have fail to capture a market which falls both within their function and price range" would somwhat accurate. I think that was more the spirit of the original question.
I own a treo 650 (which allows me have a PDA where I'd normally just have a phone), and an iPod. While the treo *can* play music, it is inferior as a music player to the iPod... not to mention, it's nice to save that space on the treo for files, photos, videos, etc.
I would suggest that the Treo 650's success has more to do with augmenting a person's phone to store personal data, send email without any cellphone cable voodoo(and squashing many of the problems of earlier iterations), than serving as a media device. I am very happy to marry these to devices through analog audio output into a single system that does basically anything I could need to do on the go (and can stand typing on an itty bitty keyboard to do so).
For any other owners of both devices, I highly recommend checking out the skullcandy Mic/headphones combo that will merge both audio channels... I am very happy with mine.
Now, I'm not saying you can't weigh cost with benefit, but to say there is *no* reason to have UDP packets whose source is unset or altered, is just not true.
I built an anonymous peer-to-peer transfer client that built a TCP network and listing channel, where a single file request built a multilink(5-9 nodes) path to the source. The reciever confirms the transfer and the sender pitches, sequenced, sender unset UDP packets. Any lost data is rerequested over the TCP channel. Thus sender anonymous transfer. I'd call that useful.
Perhaps the danger outweighs the utility, but that doesn't mean it's utility doesn't exist.
... and if you don't think it is comparable to trunk-tapping, How do you feel about the large number of illegal wiretaps that occur in current law enforcement activities, and why do you beleive this behavior will not continue with Carnivore?
MOSR has no I dea what they are talking about
on
Darwin on Crusoe?
·
· Score: 1
MOSR just stole some users' (myself included) comments and queries off of the appleinsider message board, it is a purely hypothetical discussion reacting to a rumor (which in itself is probably untrue) that there will be no G4 speed bumps until August. It's just another case of that guy spouting off nonsense.
check it out at http://forum.appleinsider.com it's under "future hardware"
Slashdot Mirror
So, having worked in this industry:
1) There are many much more insecure areas (card cloning comes to mind) which already have solutions ( http://www.magtek.com/V2/products/secure-card-reader-authenticators/bullet.asp ), and nearly 0 adoption. Why is everyone suddenly jumping on the fingerprint bandwagon?
2) There is no point in more physical security: The card issuers guarantee the safety of cardholders funds and merchants tend to be very touchy about missing funds (the traditional 30 day lag of AMEX *seriously* affects their market penetration, and there's a massive effort to do statistical fraud analysis at a high level, so truthfully a very basic security at the register is effective, because card fraud stays at a relatively fixed level (it could be even better but that would lead to more false positives and worsen the customer experience)), the cost of the round of hardware upgrades for the whole network far exceeds the cost of fraud.
3) What makes *sense* is to let consumers swipe their own cards so they can have card-present transactions from their own home, in conjunction to card profiling tech like the link above (it builds a 'fingerprint' of the iron filings suspended in your magswipe to preventing cloning).
4) This sounds like an attempt to me to reduce the number of card present transactions (which are much less expensive for the merchant) and make more money by claiming a larger percentage of the transaction and to fuel a round of upgrades at the register, much like when checks switched from magnetic ink to frontal scans (check21), which also had little to do with fraud and was mostly a internal cost reduction as well as eliminating some friction for depositors, but required widespread merchant upgrades(with those upgrades not helping the merchant at all).
5) I'm not sure how PIN security factors in here, since debit pins use an injectable encryption scheme that is performed *on* the pinpad which is injected onto it in a *tightly* controlled process. It is a completely different protocol (at least in the US).
6) There have been a number of transaction network breakins, and I for one (knowing some of the players in this space), would *never* want any kind of data on their servers that could not be reissued.
My personal experience is, if you have an idea you cannot complete yourself, it will be stolen. If the person you were working with needs to solve a problem, they will gravitate towards the best solutions they know, so theft of your best ideas is inevitable. Concentrate on being able to constantly reinventing ideas, and brainstorming new ones. If you try and hold on too tightly to your ideas, you're just dooming yourself to pain and disappointment.
If anything the headline should be "Journalist convinces managers to take support documents offline"
Are routers next?
Because if you want to talk security, you can reset the password and access *all customer data* on the most popular PC transaction software by deleting 1 config file. On every installed system up to current.
*that* is the true state of security in the finacial industry. Security consists of a chain of promises, where if something *does* happen, a chain of fines happens which obscures the impact from the consumer. The insidious reality is it is cheaper to prosecute fraudsters, pay off customers and grease the political, legislative wheels than to actually produce good software. And in an industry where cutting corners is status quo, those who don't can't possibly succeed.
This is why the focus for fraud isn't getting rid of the magnetic swipe technology portfolio, but instead to augment the backend looking for statistical anomolies, and to augment the inherently insecure swipe mechanism with shoehorned technologies (like the new magnetic signature technology), which are logistically impossible to implement nation-wide, but allow the key players to retain thier IP portfolios, investments and clout.
Our system is secure as long as we keep moving our hands and no one looks under all 3 shells at once.
J2EE is a subset of Java, not the whole thing. Any conclusions drawn about J2EE's problems are not problems which spread to J2SE or J2ME. I work in J2SE every day, I think J2EE is overly complex with very little payoff, so I use other solutions where it would be.
J2EE is dying, long live Java
But a more specific statement like "PDAs have fail to capture a market which falls both within their function and price range" would somwhat accurate. I think that was more the spirit of the original question.
I own a treo 650 (which allows me have a PDA where I'd normally just have a phone), and an iPod. While the treo *can* play music, it is inferior as a music player to the iPod... not to mention, it's nice to save that space on the treo for files, photos, videos, etc.
I would suggest that the Treo 650's success has more to do with augmenting a person's phone to store personal data, send email without any cellphone cable voodoo(and squashing many of the problems of earlier iterations), than serving as a media device. I am very happy to marry these to devices through analog audio output into a single system that does basically anything I could need to do on the go (and can stand typing on an itty bitty keyboard to do so).
For any other owners of both devices, I highly recommend checking out the skullcandy Mic/headphones combo that will merge both audio channels... I am very happy with mine.
Now, I'm not saying you can't weigh cost with benefit, but to say there is *no* reason to have UDP packets whose source is unset or altered, is just not true.
I built an anonymous peer-to-peer transfer client that built a TCP network and listing channel, where a single file request built a multilink(5-9 nodes) path to the source. The reciever confirms the transfer and the sender pitches, sequenced, sender unset UDP packets. Any lost data is rerequested over the TCP channel. Thus sender anonymous transfer. I'd call that useful.
Perhaps the danger outweighs the utility, but that doesn't mean it's utility doesn't exist.
... and if you don't think it is comparable to trunk-tapping, How do you feel about the large number of illegal wiretaps that occur in current law enforcement activities, and why do you beleive this behavior will not continue with Carnivore?
MOSR just stole some users' (myself included) comments and queries off of the appleinsider message board, it is a purely hypothetical discussion reacting to a rumor (which in itself is probably untrue) that there will be no G4 speed bumps until August. It's just another case of that guy spouting off nonsense.
check it out at http://forum.appleinsider.com
it's under "future hardware"