Wow, smartcards are finally going to become standard, I had one for 2004 to 2009 and the chip was only used twice because there were essentially zero POS readers that supported the chips and the home reader for online banking required IE for an ActiveX control which I felt probably made it less secure than entering my password with an alternative browser.
IA labs made actual products similar to wii-fit and met with Nintendo to discuss making Wii accessories using their technology at about the time the 3DS was to be released. IA then found out that Nintendo made the accessories themselves, apparently "stealing the ideas" that IA presented to them. So that's not what we'd normally call a patent troll.
I agree. Based on
this article, Interactive Labs held the original patents and made products based on those patents. iA Labs acquired the patents later, then sued Nintendo with them. I think this was actually a defensive measure by Interactive Labs.
On April 2(2010), IA Labs filed suit against Nintendo in the United States District Court of Maryland. The suit claims that Nintendo has willfully infringed upon IA Labs patents with Wii Fit, Wii Fit Plus, and the Wii Balance Board, as well as the Wii Remote, Wii Nunchuk, Wii MotionPlus, Wii Wheel, and Wii Zapper. The company acquired the aforementioned patents in 2009 from Interaction Labs.
The fitness-technology company claims that the patents have been used in a number of products in the past. As detailed in the filing, Interaction Labs released the Kilowatt Sport and Exer-Station, both of which add a workout element to "any off-the-shelf video game on the PlayStation, Xbox, GameCube, or PC."
Both the patents and the products based on those patents were created by Interaction Labs. Interaction Labs held discussions with Nintendo in 2007 and 2008. iA Labs acquired the patents in 2009 and then sued Nintendo in 2010. iA Labs doesn't seem to have actually produced anything. One interesting thing to note is the following:
The suit also notes that then-Interaction Labs president and current IA Labs chief technology officer Greg Merril contacted Nintendo on a number of occasions in 2007 and 2008, through personal meetings and via e-mail. However, Merril's attempt to enter into a licensing agreement with Nintendo ultimately resulted in the publisher ceasing contact in late 2008.
One possibility is that iA Labs may have been spun off by Interactive Labs solely for the purpose of protecting the rest of Interactive Labs from an outcome like this.
No, the major credit card companies need to be sued by the entire US population for setting up the entire credit card processing system in this nation to be a sick a security joke. A plaintext number embossed on a plastic card available for every restaurant waiter to jot down? Give me a break.
Exactly right. Until those responsible for designing/implementing the system are held liable for its failure, nothing is going to change. Unfortunately the CC companies have very deep pockets and can stash a lot of legislators in them so don't expect any legislative shift in liability any time soon. Any significant change will have to come from the Judicial branch through civil suits or from the people themselves.
I wonder what would happen if everyone cut up their credit cards and just started paying cash for things? Maybe we could start with a campaign to get people to pay cash on Tuesdays? Just one day a week to get things rolling.
I think the US card companies are actually going backwards. The Amex Blue card that I got 4 years ago had an RFID chip in it. The replacement I just received upon its expiration no longer has a chip.
I got one when they first came out. It even came with a card interface to hook it up to your computer. They were trying their own thing if I recall, not EMV. They had a lot of grand plans for it, but they never actually did anything with it.
Err, sorry, not specifically the app, their actual site. Case insensitive everywhere.
Authentication is either being done on a mainframe where things tend to be case insensitive or the system has to interface with a mainframe and the lowest common denominator prevails.
I'm planning a Crowd fund to fund some more development on a side project of mine, and if I hit $100k I'd be hiring a CPA anyway, if only to see how much of the money I can keep tax free.
Unless you are planning to form a company to do this development and crowd-fund shares in this company to raise capital then these regulations have nothing to do with your plan. The summary is very vague but this has nothing to do with Kickstarter like projects.
Actually medications are very rarely banned - what usually happens is doctors just stick to prescribing the safer drugs unless they prove ineffective, in which case they switch to the riskier ones. You know, that whole "Do no harm" oath they take.
You must be seeing different doctors that I do. It seems like a lot of doctors these days prescribe whichever new drug the pharmaceutical rep is pushing this month. Even more so if the pharmaceutical company is providing a multi-day "informational" or "familiarization" conference that happens to be on a cruise ship in the Caribbean.
I like the part where the article's headline specifically calls out the Chinese sourced magnets even though in three of the four violations cited the magnets came from Japan, not China.
Given what we have seen so far there are probably so many weaknesses in this application that the NSA barely even noticed the loss of this one. Since it didn't give them access to the content it was a minor exploit at best. A more likely response is:
To: security@snapchat.com
From: NSAops@nsa.gov
Subject: Latest Snapchat security update
Thanks for not really taking this seriously and just saying that you'll pay more attention next time when someone tells you that you have a issue. We were concerned that you might go back and find the really serious exploits we are using to capture all of the content that flows through your system. No worries then.
No, but it's correlation, not direct causation. The rapid development common to startups often leads to poor security. Approaches like "if someone can access our machines, we have much bigger problems" lead to storing passwords in plain text, sharing accounts, making the "root" password "root", storing mysql passwords on the monitoring server, and other unfortunate errors. Another month making a project secure, really reviewing the vulnerabilities and updating core components, is time to market being lost. So it's very rare in the early "get market growth first before someone else can outgrow us and capture the market" phase.
I agree, but the rapid development life-cycle is not solely responsible. Even in this day and age, most developers still don't have a good working knowledge of application security. I feel like this is a systemic issue with the education process. Across the teaching spectrum from post-secondary education to "teach yourself" books to boot camp instruction, application security is barely given a mention. Most of the developers that I have hired that did know something about it came from larger development shops that taught application security in house, sent their developers to additional training or they learned it from their mentor. At least with a basic understanding of application security you have a second "hat" that you can put on and look at the application design from a different perspective. You have to be able to look at your application and ask yourself how you could exploit or break it. If you can't, hire or contract someone who can.
Why oh why must things like this be news? Correct response to a security problem. Too bad it wasn't fast enough to avoid exploitation.
It was not the correct response. They just "hand waved" it off when they were informed of the issue, basically saying that they knew better than the researches that found the exploit. Turns out that they were wrong and paid the price.
"Snapchat also said researchers could email the firm at security@snapchat.com for any vulnerability discoveries. 'We want to make sure that security experts can get a hold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com,' Snapchat said."
I think it's a little too late to be closing the barn door now. The horses are all long gone. They had a major security breach and their chances of a sale or IPO have gone swirling down the toilet. The top Google search results will return news of this hack for years to come.
Unfortunately in this day and age of web application development the security aspects of many projects seem to be an afterthought if they are considered at all. Personally I hope that they and other developers learn from this and begin being more proactive in their security considerations, but I doubt it.
Sometimes I wonder if I will one day be answering the question, "Where were you when the Constitution and Bill of Rights were permanently suspended?"
It's more of a "how do you boil a frog?" type of gradual decay. The question will be more of "Where were you when you realized that they had suspended the last of the Bill of Rights and the Constitution?". In either case the answer will likely be on the day that they come for you.
The FBI couldnt find their ass with both hands and a map
We need the FBI to complicate matters
If the NSA can rationalize what they do, the CIA can as well.
We could throw in a few other 3 letter agencies for a complete Keystone Cop scenario.
Keep em all busy.
Make them line item accountable to the GAO. That should royally screw them all.
Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.
Every tech company works with the NSA. I don't need proof, because it's the only safe assumption to make. If any tech company isn't happy about that, the onus is on them to prove that they don't.
And since you can't prove a negative, your self sustaining paranoia will remain steadfastly intact. Might want to loosen your tin foil hat a bit. It's cutting off circulation to one or more organs.
The problem is, what happens when most of the crowd at Slashdot is comprised of AI blog bots?
You say that like it hasn't already happened. Many of the blog bots just happen to be organic in nature at the moment but most could be replaced by a short shell script.
"He's revealing how we acquire this information. It will take years, if not decades, for us to return to the position that we had prior to his disclosures."
Hopefully the revelations about what they have been up to will be enough to prevent them from ever being able to "eturn to the position that we had prior to his disclosures".
Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.
Slashdot Mirror
Your phone is borken if you don't get calls from Rachel at cardholder services.
I thought it was "Peggy".
Experience is learning from mistakes you make
I thought experience was something that you get right after you need it.
Wow, smartcards are finally going to become standard, I had one for 2004 to 2009 and the chip was only used twice because there were essentially zero POS readers that supported the chips and the home reader for online banking required IE for an ActiveX control which I felt probably made it less secure than entering my password with an alternative browser.
AMEX Blue by any chance?
a hypothetical interpretation of reality meant to foster vigorous discussion of various subjects and hypothetical constructs
Really? I thought it was a "a hypothetical interpretation of reality meant to maximize the number of ad impressions garnered".
IA labs made actual products similar to wii-fit and met with Nintendo to discuss making Wii accessories using their technology at about the time the 3DS was to be released. IA then found out that Nintendo made the accessories themselves, apparently "stealing the ideas" that IA presented to them. So that's not what we'd normally call a patent troll.
I agree. Based on this article, Interactive Labs held the original patents and made products based on those patents. iA Labs acquired the patents later, then sued Nintendo with them. I think this was actually a defensive measure by Interactive Labs.
On April 2(2010), IA Labs filed suit against Nintendo in the United States District Court of Maryland. The suit claims that Nintendo has willfully infringed upon IA Labs patents with Wii Fit, Wii Fit Plus, and the Wii Balance Board, as well as the Wii Remote, Wii Nunchuk, Wii MotionPlus, Wii Wheel, and Wii Zapper. The company acquired the aforementioned patents in 2009 from Interaction Labs.
The fitness-technology company claims that the patents have been used in a number of products in the past. As detailed in the filing, Interaction Labs released the Kilowatt Sport and Exer-Station, both of which add a workout element to "any off-the-shelf video game on the PlayStation, Xbox, GameCube, or PC."
Both the patents and the products based on those patents were created by Interaction Labs. Interaction Labs held discussions with Nintendo in 2007 and 2008. iA Labs acquired the patents in 2009 and then sued Nintendo in 2010. iA Labs doesn't seem to have actually produced anything. One interesting thing to note is the following:
The suit also notes that then-Interaction Labs president and current IA Labs chief technology officer Greg Merril contacted Nintendo on a number of occasions in 2007 and 2008, through personal meetings and via e-mail. However, Merril's attempt to enter into a licensing agreement with Nintendo ultimately resulted in the publisher ceasing contact in late 2008.
One possibility is that iA Labs may have been spun off by Interactive Labs solely for the purpose of protecting the rest of Interactive Labs from an outcome like this.
No, the major credit card companies need to be sued by the entire US population for setting up the entire credit card processing system in this nation to be a sick a security joke. A plaintext number embossed on a plastic card available for every restaurant waiter to jot down? Give me a break.
Exactly right. Until those responsible for designing/implementing the system are held liable for its failure, nothing is going to change. Unfortunately the CC companies have very deep pockets and can stash a lot of legislators in them so don't expect any legislative shift in liability any time soon. Any significant change will have to come from the Judicial branch through civil suits or from the people themselves.
I wonder what would happen if everyone cut up their credit cards and just started paying cash for things? Maybe we could start with a campaign to get people to pay cash on Tuesdays? Just one day a week to get things rolling.
I think the US card companies are actually going backwards. The Amex Blue card that I got 4 years ago had an RFID chip in it. The replacement I just received upon its expiration no longer has a chip.
I got one when they first came out. It even came with a card interface to hook it up to your computer. They were trying their own thing if I recall, not EMV. They had a lot of grand plans for it, but they never actually did anything with it.
Err, sorry, not specifically the app, their actual site. Case insensitive everywhere.
Authentication is either being done on a mainframe where things tend to be case insensitive or the system has to interface with a mainframe and the lowest common denominator prevails.
Just wait until someone shoots porn with it!
If the only 2 groups that had handguns in Chicago were cops and gangs, gangs would still find a way to steal or purchase guns.
These days I don't really see a reason to list these two group separately.
Premium Interest should file a claim and get granted the domain name pinterest.com in a counter suit.
I'm planning a Crowd fund to fund some more development on a side project of mine, and if I hit $100k I'd be hiring a CPA anyway, if only to see how much of the money I can keep tax free.
Unless you are planning to form a company to do this development and crowd-fund shares in this company to raise capital then these regulations have nothing to do with your plan. The summary is very vague but this has nothing to do with Kickstarter like projects.
Actually medications are very rarely banned - what usually happens is doctors just stick to prescribing the safer drugs unless they prove ineffective, in which case they switch to the riskier ones. You know, that whole "Do no harm" oath they take.
You must be seeing different doctors that I do. It seems like a lot of doctors these days prescribe whichever new drug the pharmaceutical rep is pushing this month. Even more so if the pharmaceutical company is providing a multi-day "informational" or "familiarization" conference that happens to be on a cruise ship in the Caribbean.
I like the part where the article's headline specifically calls out the Chinese sourced magnets even though in three of the four violations cited the magnets came from Japan, not China.
Given what we have seen so far there are probably so many weaknesses in this application that the NSA barely even noticed the loss of this one. Since it didn't give them access to the content it was a minor exploit at best. A more likely response is:
To: security@snapchat.com
From: NSAops@nsa.gov
Subject: Latest Snapchat security update
Thanks for not really taking this seriously and just saying that you'll pay more attention next time when someone tells you that you have a issue. We were concerned that you might go back and find the really serious exploits we are using to capture all of the content that flows through your system. No worries then.
Thanks.
A Concerned NSA Analyst
No, but it's correlation, not direct causation. The rapid development common to startups often leads to poor security. Approaches like "if someone can access our machines, we have much bigger problems" lead to storing passwords in plain text, sharing accounts, making the "root" password "root", storing mysql passwords on the monitoring server, and other unfortunate errors. Another month making a project secure, really reviewing the vulnerabilities and updating core components, is time to market being lost. So it's very rare in the early "get market growth first before someone else can outgrow us and capture the market" phase.
I agree, but the rapid development life-cycle is not solely responsible. Even in this day and age, most developers still don't have a good working knowledge of application security. I feel like this is a systemic issue with the education process. Across the teaching spectrum from post-secondary education to "teach yourself" books to boot camp instruction, application security is barely given a mention. Most of the developers that I have hired that did know something about it came from larger development shops that taught application security in house, sent their developers to additional training or they learned it from their mentor. At least with a basic understanding of application security you have a second "hat" that you can put on and look at the application design from a different perspective. You have to be able to look at your application and ask yourself how you could exploit or break it. If you can't, hire or contract someone who can.
Why oh why must things like this be news? Correct response to a security problem. Too bad it wasn't fast enough to avoid exploitation.
It was not the correct response. They just "hand waved" it off when they were informed of the issue, basically saying that they knew better than the researches that found the exploit. Turns out that they were wrong and paid the price.
"Snapchat also said researchers could email the firm at security@snapchat.com for any vulnerability discoveries. 'We want to make sure that security experts can get a hold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com,' Snapchat said."
I think it's a little too late to be closing the barn door now. The horses are all long gone. They had a major security breach and their chances of a sale or IPO have gone swirling down the toilet. The top Google search results will return news of this hack for years to come.
Unfortunately in this day and age of web application development the security aspects of many projects seem to be an afterthought if they are considered at all. Personally I hope that they and other developers learn from this and begin being more proactive in their security considerations, but I doubt it.
Sometimes I wonder if I will one day be answering the question, "Where were you when the Constitution and Bill of Rights were permanently suspended?"
It's more of a "how do you boil a frog?" type of gradual decay. The question will be more of "Where were you when you realized that they had suspended the last of the Bill of Rights and the Constitution?". In either case the answer will likely be on the day that they come for you.
The FBI couldnt find their ass with both hands and a map
We need the FBI to complicate matters
If the NSA can rationalize what they do, the CIA can as well.
We could throw in a few other 3 letter agencies for a complete Keystone Cop scenario.
Keep em all busy.
Make them line item accountable to the GAO. That should royally screw them all.
Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.
Every tech company works with the NSA. I don't need proof, because it's the only safe assumption to make. If any tech company isn't happy about that, the onus is on them to prove that they don't.
And since you can't prove a negative, your self sustaining paranoia will remain steadfastly intact. Might want to loosen your tin foil hat a bit. It's cutting off circulation to one or more organs.
The problem is, what happens when most of the crowd at Slashdot is comprised of AI blog bots?
You say that like it hasn't already happened. Many of the blog bots just happen to be organic in nature at the moment but most could be replaced by a short shell script.
"He's revealing how we acquire this information. It will take years, if not decades, for us to return to the position that we had prior to his disclosures."
Hopefully the revelations about what they have been up to will be enough to prevent them from ever being able to "eturn to the position that we had prior to his disclosures".
Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.