"Many recent graduates are uneducated on personal finances and what financial pitfalls face newly independent individuals. This situation is exacerbated in the dropout population"
Just one of the findings.
This has to pass the Legislature and get through the current struggle to fund public education as currently ordered by a judge.
"Homeland Security Assistant Secretary Seth Stodder said the exemption would not be used in routine criminal probes, such as a counterfeiting investigation."
Yup, no fear.
They think we are this naive. Well, most of us are.
This smells of another government attack on encryption, ALL encryption. It seems governments all over are so intent on surveillance that they will break anything to get it.
And so, what could possibly go wrong with this deprioritization of encrypted traffic?
- No chance of your banking app sensing problems with traffic and either terminating or restarting sessions? I know, there are few reasons to do that, and none technically sound. Assume, for the moment, that your bank has control over how their app works. Now assume you cannot know if 'your'* government has forced them into adding in some interesting quirks. Not outright decryption or backdoors, but perhaps reducing the encryption level in response to "network load". Your ISP is in on this, with a FISA order to deprioritize well-encrypted packets. No matter the source or destination, and certainly no matter the actual network status.
- In the midst of an industry-wide effort to get everyone with a site that uses credentials to go https, this is contrary. But reversing that trend sure gives 'your'* government an opportunity to capture your credentials to all sorts of sites, from the mundane to the actually important (to you). What's the big deal? Well, if 'your'* government would like to keep tabs on your online presence, such as posts to pro-freedom sites, etc, it sure is easier if they can ascertain your identity, and having your login credentials is helpful in that effort. Why would they want to do that? Are you keeping up with US Justice Department instituting the 'Domestic Terrorism Counsel'.
Trust no one, certainly not 'your'* government.
* 'your' government isn't yours any more if it considers you the enemy.
Having to take meds that cause drowsiness when taken and horrible withdrawal when not would, if it interfered with your ability to work, be a significant detractor.
You'll be looking for work where response time is not an important consideration.
Key to being able to pass off a shimmed card is ease of use. The extra thickness of the fpga chip causes problems, and it probably needs to be welded at this point, though eventually conductive adhesives will be found. But using nonembossed cards solves some of this.
That and other contacts we wrote had all those provisions. This one added the 'assistance' rider.
No one defined 'assistance'. It's possible to forget passwords, and I did. But if I were called 3 months later and asked if I recalled the secret for the gateway router, I probably could. 6 months later.? I dunno.
Fraudsters will improve the hardware. Eventually a shim will be made that is barely visible, interposes a chip to intercept and alter messages, and the cycle continues.
Terminal makers are probably working on reducing the tolerances for card thickness to defeat this shimming.
And as cards move to non-embossed plastic, this will be a problem until all embossed cards are gone. then the slot will be thinned, and the shim will be harder to make. Possibly the cards will be shaved to permit a shim on the top. Expect such cardstock to become contraband, or someone to step up and make an unrelated card payment system to justify manufacture, avoiding the criminalization of shaved cards as the source of shimmed cards.
Possibly even trying to restrict the use of EMV-compatible connector pads.
"I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card."
I'm betting the cell phone bill was paid online. Still no real security for EMV cards online, as there is no EMV in a card-not-present transaction. It's not even track data, just the account number, expiration date, and CVV/CID. Which, if the fraudster had the CVV, means they had your card at some point or saw front and back.
I had a similarly interesting problem, my debit card was compromised and spotted making a fraudulent transaction at a supermarket. After the dust settled, I asked how the card was processed - was it swiped or the account entered manually. I could not get the bank and merchant to admit to how it was processed. My concerns were:
0. If the card was swiped then it was cloned - I had the only card, there are no others in circulation.
1. If the card was non-swiped, was it in person at the store? If so, was there an insider at the store helping, and were they investigated?
2. If it was online, did they require the CVV?
My concern was that the card was out of my possession only once in more than two weeks prior to the event. I know where. I would have been pressing that merchant for an investigation.
ps- where did you find a working-mode chip terminal two months ago in the U.S.?
And recalling this more, a half hour downtime and the ebcd, they could have cracked any account. I would never ask why. Had the client asked us, we would have quoted a fee to do so.
Had you read my notes, you would know I agreed to assist. Yes, passwords should have been changed. But the agreement was the agreement. Their complaint was that I didn't actually have any useful info, and their attitude was inappropriate.
In hindsight the first replacement was probably sacked, though neither would admit it. The emergency replacement either hosed something up or had no working though with their predecessor. I thought I had an excellent relationship with the client, but they were difficult.
A client signed a contract for services with my employer, and included a clause that I would be available even if I left their employment, binding me to be available to provide information, specifically passwords, but also any information I 'developed, maintained' blahblahblah related to the design and administration of their systems,
And they let the contract end at the end of the first term, moving to another provider. I answered a lot of questions during and after the handover. No problem, ethical and professional behavior I would have engaged in even without a specific contractual obligation, if the former client made the request.
Then more than a year later, and after I had left that employer and moved to another state, I was contacted by the current provider. They were frantic to recover an administrator password for a server, change the technical and administrative contacts for the client's domain, and locate backup tapes for the system from a year before, did I happen to have any?
Well, sadly;
0. The current servers were all Windows Server 2003, upgrades from Server 2000. I left the system with NetWare 5.1 servers. I never knew the Windows Administrator passwords.
1. The backups they were looking for were, sadly, Windows Server backups. I didn't 'happen to have any'.
2. Very soon (days) after this call, I was contacted by an attorney explaining that they would sue me for the information. I explained as best I could what I had, and assured him that I would countersue for expenses, and that I had no useful information for them.
3. I started getting more calls from this former client begging me to relinquish the domain. I directed them to the current records, where my name and contact no longer appeared. I was powerless. They contacted my former employer, now out of business, and he thankfully dismissed them.
4. Finally I got a really official-looking letter from the attorney threatening me with all manner of unpleasantness.I am bless to have a dear friend who is an accomplished attorney, retired, and he gave it a cursory look and assured me that it was pure bluster. He even encouraged me to respond with some key phrases that would give that attorney the right way to tell their client to let up.
5. And I found that the former client somehow managed to file a professional lien against my name. I'm not a licensed professional, engineer, or bound by any fiduciary duty other than ethics and a contract that was long lapsed and had actually been fulfilled. This took three years to remove, and ultimately resulted in censure for the attorney involved, little bits of bad press for the client and their current provider, and a lot of questions from my friends, family, employer, and reporters thinking there was a story there. I tried to keep it quiet. My former employer still doesn't know, and I wouldn't bother him.
In hindsight, I should have responded to the initial requests with all the info I had, and then, if approached, refused and threatened action if they persisted in asking me questions I could not answer.
If I were in the OP's position, I would sign. It's not like they could take my severance, and goodwill is either worthless or priceless. Even if they started calling me at all hours, I can fake a disconnect and ignore their calls until the next morning.
But 2 years is a long time. 6 months is reasonable, perhaps.
Ultimately, we often have to work for real jerks. A paycheck overrules pride when you have responsibilities..
And the police never disagree with a corporation's accusation of shoplifting?
In some countries, corporations hire private security to protect their goods.Not surprisingly, in countries where the government claims it serves the people, not the corporations. And serves neither.
Slashdot Mirror
*whoosh*
This happens in private industry. Such is not exclusive to the military or government.
And yes, I've witnessed it, from inside and out. In private industry, government, and military. The NMCI was particularly affected by this.
Yeah, the TVA sure didn't convince them.
Nor did the streetlights, or the Grand Ol Opry, or WSM. Admittedly, they may have been using battery radios in the hills.
And certainly the plywood is ruined.
Try reading slower. If you have to move your lips, that's ok.
Alternatively, graduate 9th grade. Even by today's standards, that should be enough.
The Arizona Board of Education just voted to recommend abandoning Common Core ("College and Career Read Standards" in Arizona).
A big complaint was the number of tests required, time lost to testing, expenses, and the inconsistent implementation of automated testing.
Also, the material wasn't meeting student needs, for instance, from the AZ Kids Can’t Afford to Wait! 2015 report:
"Many recent graduates are uneducated on personal finances and what financial pitfalls face newly
independent individuals. This situation is exacerbated in the dropout population"
Just one of the findings.
This has to pass the Legislature and get through the current struggle to fund public education as currently ordered by a judge.
"Homeland Security Assistant Secretary Seth Stodder said the exemption would not be used in routine criminal probes, such as a counterfeiting investigation."
Yup, no fear.
They think we are this naive. Well, most of us are.
Contractors used to get prosecuted for intentionally subverting regulations to avoid oversight.
Times certainly have changed.
This smells of another government attack on encryption, ALL encryption. It seems governments all over are so intent on surveillance that they will break anything to get it.
And so, what could possibly go wrong with this deprioritization of encrypted traffic?
- No chance of your banking app sensing problems with traffic and either terminating or restarting sessions? I know, there are few reasons to do that, and none technically sound. Assume, for the moment, that your bank has control over how their app works. Now assume you cannot know if 'your'* government has forced them into adding in some interesting quirks. Not outright decryption or backdoors, but perhaps reducing the encryption level in response to "network load". Your ISP is in on this, with a FISA order to deprioritize well-encrypted packets. No matter the source or destination, and certainly no matter the actual network status.
- In the midst of an industry-wide effort to get everyone with a site that uses credentials to go https, this is contrary. But reversing that trend sure gives 'your'* government an opportunity to capture your credentials to all sorts of sites, from the mundane to the actually important (to you). What's the big deal? Well, if 'your'* government would like to keep tabs on your online presence, such as posts to pro-freedom sites, etc, it sure is easier if they can ascertain your identity, and having your login credentials is helpful in that effort. Why would they want to do that? Are you keeping up with US Justice Department instituting the 'Domestic Terrorism Counsel'.
Trust no one, certainly not 'your'* government.
* 'your' government isn't yours any more if it considers you the enemy.
Unless you're testing during holidays, off-hours, when key personnel are unavailable, you know, vulnerable times.
All that can be planned for.
Having to take meds that cause drowsiness when taken and horrible withdrawal when not would, if it interfered with your ability to work, be a significant detractor.
You'll be looking for work where response time is not an important consideration.
Key to being able to pass off a shimmed card is ease of use. The extra thickness of the fpga chip causes problems, and it probably needs to be welded at this point, though eventually conductive adhesives will be found. But using nonembossed cards solves some of this.
The terminal makers are in a bind her.
Not going to happen. 3DSecure, etc are sufficient, but few merchants in the US bother. Too much friction .
Walmart stores here had slots in may, dead until September 28.
That and other contacts we wrote had all those provisions. This one added the 'assistance' rider.
No one defined 'assistance'. It's possible to forget passwords, and I did. But if I were called 3 months later and asked if I recalled the secret for the gateway router, I probably could. 6 months later.? I dunno.
Fraudsters will improve the hardware. Eventually a shim will be made that is barely visible, interposes a chip to intercept and alter messages, and the cycle continues.
Terminal makers are probably working on reducing the tolerances for card thickness to defeat this shimming.
And as cards move to non-embossed plastic, this will be a problem until all embossed cards are gone. then the slot will be thinned, and the shim will be harder to make. Possibly the cards will be shaved to permit a shim on the top. Expect such cardstock to become contraband, or someone to step up and make an unrelated card payment system to justify manufacture, avoiding the criminalization of shaved cards as the source of shimmed cards.
Possibly even trying to restrict the use of EMV-compatible connector pads.
All futile.
"I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card."
I'm betting the cell phone bill was paid online. Still no real security for EMV cards online, as there is no EMV in a card-not-present transaction. It's not even track data, just the account number, expiration date, and CVV/CID. Which, if the fraudster had the CVV, means they had your card at some point or saw front and back.
I had a similarly interesting problem, my debit card was compromised and spotted making a fraudulent transaction at a supermarket. After the dust settled, I asked how the card was processed - was it swiped or the account entered manually. I could not get the bank and merchant to admit to how it was processed. My concerns were:
0. If the card was swiped then it was cloned - I had the only card, there are no others in circulation.
1. If the card was non-swiped, was it in person at the store? If so, was there an insider at the store helping, and were they investigated?
2. If it was online, did they require the CVV?
My concern was that the card was out of my possession only once in more than two weeks prior to the event. I know where. I would have been pressing that merchant for an investigation.
ps- where did you find a working-mode chip terminal two months ago in the U.S.?
And recalling this more, a half hour downtime and the ebcd, they could have cracked any account. I would never ask why. Had the client asked us, we would have quoted a fee to do so.
Had you read my notes, you would know I agreed to assist. Yes, passwords should have been changed. But the agreement was the agreement. Their complaint was that I didn't actually have any useful info, and their attitude was inappropriate.
In hindsight the first replacement was probably sacked, though neither would admit it. The emergency replacement either hosed something up or had no working though with their predecessor. I thought I had an excellent relationship with the client, but they were difficult.
A client signed a contract for services with my employer, and included a clause that I would be available even if I left their employment, binding me to be available to provide information, specifically passwords, but also any information I 'developed, maintained' blahblahblah related to the design and administration of their systems,
And they let the contract end at the end of the first term, moving to another provider. I answered a lot of questions during and after the handover. No problem, ethical and professional behavior I would have engaged in even without a specific contractual obligation, if the former client made the request.
Then more than a year later, and after I had left that employer and moved to another state, I was contacted by the current provider. They were frantic to recover an administrator password for a server, change the technical and administrative contacts for the client's domain, and locate backup tapes for the system from a year before, did I happen to have any?
Well, sadly;
0. The current servers were all Windows Server 2003, upgrades from Server 2000. I left the system with NetWare 5.1 servers. I never knew the Windows Administrator passwords.
1. The backups they were looking for were, sadly, Windows Server backups. I didn't 'happen to have any'.
2. Very soon (days) after this call, I was contacted by an attorney explaining that they would sue me for the information. I explained as best I could what I had, and assured him that I would countersue for expenses, and that I had no useful information for them.
3. I started getting more calls from this former client begging me to relinquish the domain. I directed them to the current records, where my name and contact no longer appeared. I was powerless. They contacted my former employer, now out of business, and he thankfully dismissed them.
4. Finally I got a really official-looking letter from the attorney threatening me with all manner of unpleasantness.I am bless to have a dear friend who is an accomplished attorney, retired, and he gave it a cursory look and assured me that it was pure bluster. He even encouraged me to respond with some key phrases that would give that attorney the right way to tell their client to let up.
5. And I found that the former client somehow managed to file a professional lien against my name. I'm not a licensed professional, engineer, or bound by any fiduciary duty other than ethics and a contract that was long lapsed and had actually been fulfilled. This took three years to remove, and ultimately resulted in censure for the attorney involved, little bits of bad press for the client and their current provider, and a lot of questions from my friends, family, employer, and reporters thinking there was a story there. I tried to keep it quiet. My former employer still doesn't know, and I wouldn't bother him.
In hindsight, I should have responded to the initial requests with all the info I had, and then, if approached, refused and threatened action if they persisted in asking me questions I could not answer.
If I were in the OP's position, I would sign. It's not like they could take my severance, and goodwill is either worthless or priceless. Even if they started calling me at all hours, I can fake a disconnect and ignore their calls until the next morning.
But 2 years is a long time. 6 months is reasonable, perhaps.
Ultimately, we often have to work for real jerks. A paycheck overrules pride when you have responsibilities..
And the police never disagree with a corporation's accusation of shoplifting?
In some countries, corporations hire private security to protect their goods.Not surprisingly, in countries where the government claims it serves the people, not the corporations. And serves neither.
Total BS. Pull the drapes together when you leave your mom's basement to take your yearly shower.
Which is a waste of time. She isn't going to be at the Starbucks you agreed on. More for you to spend on that Christmas gift card.
Ditto. A quick search reveals debris landed near Esperance, Australia, but no mention of anyone being injured.
I doubt anyone was. Newsweek reported people went to the town of Balladonia, but no mention of anyone being injured by falling debris.
Bravo Sierra
"I think shotguns serve a moderately useful purpose, for hunting, but even that isn't necessary in a modern society."
Are we advocating to permit only what is necessary? Of course not, right?