Who is Dustin Curtis, and which multibillion dollar company did he found?
Exactly. The article is nothing more than a glorified facebook post by some unknown. WTF it is doing on Slashdot is anybody's guess. This is a new low.
i have an artificial ceiling on game prices. i am mentally unable to convince myself a game can be worth more than 9.99 no matter what. and even that is only for an AAA title or good flight simulator. fortunately, i've grown out of impatience long ago and don't mind buying the likes of Crysis 3 a year or 2 after release.
The other nice thing about this is that you can game on modest hardware rather than needing bleeding edge, expensive components in your rig.
Everything was, at some point in time, a novelty. That doesn't mean they are all equally useful. Even if some people took a plane to just go up and down, most people knew they could take a plane to take them from A to B quickly and efficiently. In contrast, the SS2 has been designed only to go from A to A with a short thrill ride in between.
Could SS2 be the predecessor though to a transport that goes from A to B in a short period of time where A and B are very far apart globally? Perhaps it could turn around and make the return trip the next day/week. Would there be value in a trip from Texas to Australia in under 4 hours?
You do realize that Daylight Savings Time was created by battery manufacturers in a bid to sell more 9V batteries. They have used tried and true FUD tactics to scare the sheeple into replacing the batteries in their smoke detectors unnecessarily. It worked well too. Battery sales, specifically 9V batteries, increased 38.3% the year Daylight Savings Time was introduced.
If you have an IOS device that uses fingerprint authentication, power it off before the police can seize it. When it reboots it will require the passcode before fingerprint access works.
CurrentC is not for the user's benefit. It's for the merchant's benefit so that they can avoid the fees that MC/Visa charge them for handling the transaction. I don't see anything in this deal that benefits the consumer. For example, you will no longer have any charge back protection. If the item you purchased turns out to be a brick in a box you will be at the merchant's mercy to transfer the funds back into your account at some point. Meanwhile that money is just gone.
The user interaction in the transaction flow is also hideous.If you disagree, take a look at the example transaction flow that they display on their site.
Here's how it looks like it works:
Take out your phone,
Enter your phone's password
Launch the payment app
Enter the app's PIN
Take a picture of the QR code that the register displays
I don't want to give you nightmares, but it is horrifying how little security there is on ACH transactions. The whole system relies on the ability to undo transactions to discourage fraud. All anyone needs is the routing and account numbers that are helpfully printed on your checks.
I hate to break it to you, but your average individual cannot initiate an ACH transaction and transfer money out of your account.
Still, though, this vulnerability appears to be firmly in the area of social engineering because why would I want to download an encrypted image file that requires another separate, random app to decrypt and view it?
The payload is encrypted/embedded into an image that is an asset inside the application such as a splash screen or a logo. It appears innocuous until the application runs, extracts the embedded apk and executes it. Prior to that the malicious payload is not detected by application scanners that scan the carrier apk.
1. Basically, all crypto that uses "magic constants" without a clear and complete spec of how they were reached is highly suspect. That includes most ECC crypto the NSA has done so far and is likely the reason the NSA and some vendors like RSA are pushing for the use of ECC crypto.
Very true in general. With elliptic curves, you need to use specific curves because randomly selected curves are easily compromised. Only curves with very specific properties are acceptable, but as you point out the NSA has not publicly enumerated those properties. The very same thing happened with the selection of the S boxes in DES, but in that case it turned out that the NSA recommendations did, in fact, harden the algorithm from attacks such as differential cryptanalysis, an analytical technique not publicly known a decade later. Unfortunately the recommended elliptic curves have turned out a bit differently so far and thst shift seems to echo the changing mindset of the NSA and/or the administration that it reports to.
Oddly enough, that makes my point. That "problem" was solved ages ago. Why is that we've seemed to have collectively forgot old, but excellent, solutions to common problems?
Because three week crash course dev school graduates won't have a clue what pre-emptive multitasking is.
There is at least one judge that is known to keep signed warrents [sic] there for them to take and fill out as they desire, as he can't be bothered to do his job of providing oversight.
Can TOR be used with this program to make it even harder to track?
Unfortunately not. TOR only obscures your source IP address from servers and peers that you are connecting to. It won't help for an application that is residing on your phone. You could use any number of the location spoofing frameworks that are used for testing applications to provide fake/random location data.
Could the route be just a straight line course with the wind? Pretty easy to do here.
No. As others have noted, the straight line distance between start point and end point of the race can't be greater than 50% of the total race distance.
Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.
Huh? They lie right to your face about it? Wait a minute. Who the hell are you anyway and what do you have to say about it? If it bothers you, buy yourself a mobile hotspot and STFU. At least maybe they are actually buying food/coffee/whatever and aren't just using the cafe as their personal office. What's the next complaint? That their conversations are too loud and you can't hear your conference calls?
Yeah, and the victims won't see a penny of it either. What should have happened was the Marriot charged with full refunds with interest to those they scammed. I'm quite certain they would have financial records of them.
With a punitive fine of 5x that amount to discourage such behaviour in the future.
Yes but there still has to be the right to defend yourself. If you take away the means by which I can pay lawyers, my funds, then I can't get the best legal representation.
You have the right to legal representation regardless of your financial standing. Do you know what they call the guy who barely passed the bar exam by one point? Your state provided legal representation.
Slashdot Mirror
Exactly. The article is nothing more than a glorified facebook post by some unknown. WTF it is doing on Slashdot is anybody's guess. This is a new low.
So, not playing isn't effective unless everyone you know also respects your not wanting to be there, and most won't, even if unintentionally.
Just to be clear, you have asked people that you know not to tag you in photos that they post and they do so anyway?
The other nice thing about this is that you can game on modest hardware rather than needing bleeding edge, expensive components in your rig.
Everything was, at some point in time, a novelty. That doesn't mean they are all equally useful. Even if some people took a plane to just go up and down, most people knew they could take a plane to take them from A to B quickly and efficiently. In contrast, the SS2 has been designed only to go from A to A with a short thrill ride in between.
Could SS2 be the predecessor though to a transport that goes from A to B in a short period of time where A and B are very far apart globally? Perhaps it could turn around and make the return trip the next day/week. Would there be value in a trip from Texas to Australia in under 4 hours?
This was the fire marshall doing his job properly and you speaking from ignorance of the matter and the situation in general.
You do realize that Daylight Savings Time was created by battery manufacturers in a bid to sell more 9V batteries. They have used tried and true FUD tactics to scare the sheeple into replacing the batteries in their smoke detectors unnecessarily. It worked well too. Battery sales, specifically 9V batteries, increased 38.3% the year Daylight Savings Time was introduced.
If you have an IOS device that uses fingerprint authentication, power it off before the police can seize it. When it reboots it will require the passcode before fingerprint access works.
My recommendation would be a directional antenna and a neighbor with an open access point.
The user interaction in the transaction flow is also hideous.If you disagree, take a look at the example transaction flow that they display on their site.
Here's how it looks like it works:
Compare that to NFC
I'm sorry but that dog won't hunt.
I don't want to give you nightmares, but it is horrifying how little security there is on ACH transactions. The whole system relies on the ability to undo transactions to discourage fraud. All anyone needs is the routing and account numbers that are helpfully printed on your checks.
I hate to break it to you, but your average individual cannot initiate an ACH transaction and transfer money out of your account.
Still, though, this vulnerability appears to be firmly in the area of social engineering because why would I want to download an encrypted image file that requires another separate, random app to decrypt and view it?
The payload is encrypted/embedded into an image that is an asset inside the application such as a splash screen or a logo. It appears innocuous until the application runs, extracts the embedded apk and executes it. Prior to that the malicious payload is not detected by application scanners that scan the carrier apk.
1. Basically, all crypto that uses "magic constants" without a clear and complete spec of how they were reached is highly suspect. That includes most ECC crypto the NSA has done so far and is likely the reason the NSA and some vendors like RSA are pushing for the use of ECC crypto.
Very true in general. With elliptic curves, you need to use specific curves because randomly selected curves are easily compromised. Only curves with very specific properties are acceptable, but as you point out the NSA has not publicly enumerated those properties. The very same thing happened with the selection of the S boxes in DES, but in that case it turned out that the NSA recommendations did, in fact, harden the algorithm from attacks such as differential cryptanalysis, an analytical technique not publicly known a decade later. Unfortunately the recommended elliptic curves have turned out a bit differently so far and thst shift seems to echo the changing mindset of the NSA and/or the administration that it reports to.
Because three week crash course dev school graduates won't have a clue what pre-emptive multitasking is.
There is at least one judge that is known to keep signed warrents [sic] there for them to take and fill out as they desire, as he can't be bothered to do his job of providing oversight.
Citation needed please.
Unfortunately not. TOR only obscures your source IP address from servers and peers that you are connecting to. It won't help for an application that is residing on your phone. You could use any number of the location spoofing frameworks that are used for testing applications to provide fake/random location data.
If you're using mod points as a dislike button, you're doing it wrong.
do these people not understand?
Why does Slashdot even have an Ask Slashdot section if none of the editors are ever going to post "Ask Slashdot" stories in it?
Could the route be just a straight line course with the wind? Pretty easy to do here.
No. As others have noted, the straight line distance between start point and end point of the race can't be greater than 50% of the total race distance.
Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.
Huh? They lie right to your face about it? Wait a minute. Who the hell are you anyway and what do you have to say about it? If it bothers you, buy yourself a mobile hotspot and STFU. At least maybe they are actually buying food/coffee/whatever and aren't just using the cafe as their personal office. What's the next complaint? That their conversations are too loud and you can't hear your conference calls?
With a punitive fine of 5x that amount to discourage such behaviour in the future.
I thought I touched that base. Meanwhile, the NSA is still the most likely source.
My personal front runner for this is the DEA, but that's just my $0.02.
Yes but there still has to be the right to defend yourself. If you take away the means by which I can pay lawyers, my funds, then I can't get the best legal representation.
You have the right to legal representation regardless of your financial standing. Do you know what they call the guy who barely passed the bar exam by one point? Your state provided legal representation.
The compromised data included names, email addresses, phone numbers, and addresses.
Holy defecation Batman! Hackerz stole a phone book!
And bodies. As atmosphere is vented it will take the crew in that compartment with it.