And apparently I don't have the right to not fund their educational system under that shitty document either. I don't recognize the authority of documents that don't recognize all of my rights.
I fully support the RIGHT of these states to teach what they want, and even to ban the teaching of evolution. Its their lives, their children, their right.
However, I would ask that my states rights be recognized too.... the right to consider high school diplomas from their state worthless and The right to not fund their educational process at all.
I would be perfectly happy with such an arrangement.
> Essentially we want to protect people who aren't able to protect > themselves, at least while on campus.
No you don't, or if you do, then I question how much thinking you really did about this motivation you claim to have.
What are you protecting them from? It seems to me like you are trying to protect yourself from parents who would complain. I understand that but, be honest about your motivations. Filtering doesn't protect the person who is denied access to what they wanted to see.
> Would I get invasive eye surgery to get an internet-enabled HUD? Hell no. But I was severely > nearsighted all my life, legally blind without my glassses. After my CrystaLens implant (an artificial > lens implanted in the eye that focuses naturally, like a young person's eyes) I no longer need > corrective lenses, not even reading glasses, and I turned 60 this year.
With the caveat that others had already done it and the surgery had a very high success rate (or at least a very low "oops you are blind (or dead...it is surgery) now" rate....I might have an internet enabled HUD installed....
That said... my mother is about your age and sadly wasn't so lucky. Her vision was never really that correctable (I believe she was 20-50 corrected in the "good eye")... then suffered retinal detachements. Eventually they injected silicone into her "bad eye" to keep the retina together, on the idea that the other one might go, and if it does, they can restore that one as sort of "warm spare".
Of course, from dissuse (she could only see light or dark blobs from it), it atrophied and she eventually decided to have it removed for mostly cosmetic reasons.... which almost made me cry when I saw some of the more recent developments that may have been able to reuse the old nerves...and so shortly after she had them take her other eye out.
This is great to see, even for someone who lucked out and got his father's near perfect vision...my eye doctor handed me a prescription last I saw him saying "you don't really need them, its just that this instrument is really so sensitive" (he has one of those machines that images your eyes)
There have been times where we are trying to explain why one person's request will take a day to complete, while another request may take a month. But no matter how much we dumb it down, their eyes still gloss over when we attempt to explain.
reminds me of a project that went down in flames once.
I was out of work, a buddy of mine had another guy with a bit more experience than me writting web apps (I am more sysadmin with some coding skills). He had a client lined up, we had gotten through defining some requirements, but my buddy, the less technical more "sales" type, was having so much trouble understanding the complexity.
We told him, this is a multi-week project, its going to require research, coding, integration etc. We told him he shouldn't be willing to accept anything under 10k, and it really thats on the low side for what they wanted.... should be more for what we are looking at.
At our next meeting he told us he agreed to do it for 1k, and he knew we could "bang it out in a weekend".
We both walked away and left him holding the bag he just made for himself.
Yah but thats a government estimate. The people who would happily spend $10 million to build the same $400 satelite this artist built. I bet you if they took 1/10th of that money and made it a prize pool for whoever builds one first.... the prize will be a tidy profit to whoever does.
Meh I could teach you to write basic code in a day. The difference is, nobody hires people because "they know how to write code". Its about being experienced and knwoledgeable.
I could teach you to drive a car in a day too.... but, being able to drive a car and being an expert, experienced driver are two very very different things. There is a huge difference between "I can step on the gas and make it go, and bring it to a stop" and "I have been in several skids, and am adept at steering out of them" (or rather into them, if you want to split that hair).
I think they are doing a real disservice to their students if they are really leaving them with the impression that they are going to be competent or even "speak the same language" as someone who has been doing it for years.
That said, I might believe in either the ability to teach some basic coding in a day or the ability to gain exposure to some concepts and learn to communicate better with coders in a day... but... to become a competent coder? That I would need to see to believe.
That would make a lot of sense. Of course... while we are speculating... hows this one...
Perhaps there is no payload. The real action is the moles at kaspersky....
"Nope we haven't found it yet.... we have even asked the internet for help. Are you SURE there aren't any more program names/file paths we should be checking against?"
I would count that as unlikely, given the sophistication, but, its a possibility.
The really neat thing here is that.... the payload could have already gone off. Unless someone figures out the key, the chances of catching it "in the act" is pretty slim.
Its a very clever hack indeed. We always think of encryption keys as something that we make up randomly and need to be transmitted.... but this isn't even an unusual style of use.
This is kind of like... taking some shared knwoledge, using it to make a key, then sending the encrypted data to someone, giving them a riddle only they can solve.
"The key is the date we first met, plus the date you left your first job, plus the name of the resteraunt we went to after your mothers funeral".
Except...its based on system configs. I have to wonder with path elements and program files how well balanced they are between identification of the specific machine(s) they want, against the possibility those configs will change before the payload goes off.
Well that assumes they knew better. I am talking about people who "hadn't smoked pot since I was your age". The one I am specifically thinking the most of went to her doctor. The doctor never gave her the option of pot.... she tried it on her own after doing some research to find something other than what she was on...because the side effects were so bad.
Not just side effects, but the fact that when she complained of the side effects, they prescribed her powerful benzos (which are highly addictive with really nasty withdrawls).
> Do you really believe that? it's driven up costs, and as someone that believes in economics it > has therefore lowered abuse.
How fucking scientific. Maybe I believe in pink unicorns.
You are wrong, not because economics is wrong, but because you are applying it in a simplistic manner, looking at only one part of a much larger issue. Its not just a matter of cost or cost going up. These are not apples to apples comparisons by any stretch of the imagination.
Whats gone up? well cost yes, but so has potency and purity. Do you ever hear of opium smokers doing anything?
Partially its because you can't get opium. You can certainly get heroin. And the price of heroin has gone up, but, its far more potent, its in a pure form (not counting any cut) and often injected. Its very strong, much stronger than the smoked opium that has been all but removed from the market.
Crystal meth. Similar. All other, safer, less potent stimulents are relegated to obscurity, shut out of the market. What remains is very potent and pure...and I don't mean pure in the "FDA regulations make sure everything on the label is actually whats in there" pure... I mean "Holy crap that stuff is over 90% methamphetamine, you better be careful".
Not to mention.... Ive known a few users of a few drugs.... most people don't just "do anything". I know more than a few people who only ever smoked pot a handful of times because they didn't like how it made them feel or otherwise didn't enjoy it (which is how I have come to feel about alcohol actually... I don't refuse to drink as a rule, but its been a while since I even accepted a beer offered)
A rather common model, amongst those who look at these issues, is the "Self medication" model, which looks at a large amount of drug use as little more than habbits that self medicate for other conditions (normally with the assumption that this is a bad thing, I tend to question whether its not often more effective than most think, I know people who have eliminated prescription drugs with some nasty side effects in favor of a little pot before bed.... and several others with other conditions).
I think part of the issue here is that you are forgetting that peoples behavior isn't dictated by what you think is rational for them. You are not taking their real motivations into account. You are just assuming that changing one motivating factor must have the effect that you would predict, without actually looking deeper at whats really happening.
I think the other poster who pointed out that finger print readers wouldn't be hard to add, if they are already doing hidden cameras and card readers, really hit the nail on the head.
Gummy bears are fine, but realise, the "gummy bear" trick is still a lot more effort than watching a video and seeing what numbers someone hit. I would bet you could review 10s of videos in the time it would take to produce 1 good fingerprint from any of these methods.
I don't mean it will never happen. Everything will happen. Somebody WILL use a gummy bear to copy a finger print.
The thing is.... the few people doing that, whether they get caught or not, probably are not an issue. They are putting effort into single robberies. They suck, and stopping/catching them would be great but... they don't effect nearly as many people or as much money overall as a systematic skimmer.
Who cares about the one off, who maybe hits one a day or every few days, when there are people skimming 10s or 100s in a day, every day?
Or to put it another way from an old systems security discussion we had at an old job. "If we have a knowledgable attacker going after us personally, we already have bigger issues than we can deal with or prepare for in this discussion".
That is... one guy, who puts effort into a target and wants to steal from that target, he is going to find a way. Maybe he uses gummies, maybe he enlists an unknown to take it by force, maybe he does any number of things. He chooses the time, the place, the action.
However, you CAN much more easily take steps to protect yourself from the "script kiddies", or anyone who just casts a wide net and trolls for hits.... and given how the numbers work, that tends to be a good starting point....because its unlikely that any individual gets the attention of a determined, intelligent attacker.... but nearly everyone ends up running into some manner of wide net phishing attempt.
Thats a really good point, I hadn't thought of that. Perhaps the card needs the card reader? Smart card, with built in finger print reader, and using a challenge/response authentication, so that a sniffer in the middle can't just grab static data and reuse it?
Huge increase in complexity and cost, but, I don't know if there is a way around it for this problem set.
Well... at least in terms of shutting it down. In terms of keeping them away from your bank, it probably works very well. Why would you produce such a device if only one or two banks even use it?
Of course, that means its like the old platform/virus debate. "I use X platform because there are no viruses, or very few". "There are very few viruses for X platform because so few people use it, if more people thought like you, then the virus writters would change targets, because it would become worth it to do".
A few assumptions there, not the least of which is intelligent criminals.
That said, I think both this and the original post miss the point. I doubg jacking people's fingers for card robberies is going to happen. It requires the criminal to not only be willing to steal a card and info, but, to actually harm someone who is complying with them.... less people will be willing, especially isnce it will be a more heinous crime if they are caught.
What this really does, and I think will do well, is put a stop to wholesale theft. This doesn't foil the guy who robs you at gun point, he will ALWAYS get what he wants (even if it means you personally withdrawing the cash, and keeping your finger).
who it foils is the guy who disguises a card reader and camera to steal your stripe info and pin. Now get can get the mag stripe but the pin is your fingerprint. Can he recreate it from video? Maybe, sometimes. It wont be as fast, or easy.,..and will require him to retool to do it... it probably kills his business.
I doubt it totally kills the fraud and theft...but raises the bar on bulk theft.
> Anyone thinking that she was a positive for the GOP is also a > fucking twit. She did more damage to the GOP brand every time > she opened her dumb mouth-hole.
Um really? Do you see one of their men in the hot seat for what was the coming economic crisis? Is their man defending his record during a major recession?
Palin was a smart choice for throwing the election, when they already had a good enough candidate for their aims being run by the Dems.
The GOP has spent the past 20 years going off the deep end and pulling the dems over to their side. We have a Dem president who came out of the gate proposing the old GOP healthcare reform, even fighting them for it.
They already won. The last thing they would want is to have to take credit, it ruins their whole strategy, as they demonstrated with Bush II.
People don't seem to realize, you don't win under this system by supporting your people and compromising with likeminded people. You win by going so far to the extreme of your view, that others have to compromise with you.
Very true (also true about sunlight being a great disinfectant, at least, if you are not trying to use it through UV blocking glass:)
I remember, what a decade ago? It used to be different. You used to see anouncements that said "This vulnerability was given to so and so on date X, they worked out a patch, now here is the full vulnerability". Or "This was sent on X date, it was ignored, They ignored several warnings, here it is".
Sure sometimes someone just released a vulnerability without any of this diligence, but, it was frowned upon except in very specific circumstances (active use "in the wild" already, for example).
Then... a few years ago we had talks quashed, papers hushed up, researchers sued...
A few too many messengers get shot...and now look where we are...
I resistsed signing up for YEARS until I left a job recently. I wanted to maintain the ability to contact people...so I made an account.
So now I have slashdot, facebook, linkedin..... in decreasing order of interestingness.
Comments here, most stupidity, and most interesting. wide range, great stuff. Here, I too post anecdotes about work. Sometimes, I even post AC, just for a little extra protection on those that are about work.
On fb, seldom to never post anything work related, and few things with much thought or interest. Its not just that I know everyone there, and they all know where I work and all my other friends, but, because they are family and other social relations, its not exactly where I go if I want to talk technical, its chock full of the non-technical people I know.
Linked in....worst of all. Nearly all professional relations. Anything you say could hurt real job prospects. It seems nearly ALL communication that does happen is in private messages or on private groups. Its as exciting as a party thrown by the HR department.
Kind of a problem if you don't have a concrete floor. I mean, i do, its in the basement, but not everyone even has those, hell, some people just have a room on a non-ground floor. I know, I have rented non-ground floors to such people.
> Unless you block that with browser extensions (esp. RequestPolicy), of course.:) RequestPolicy, Noscript, AND ghostery (mostly for the info it provides)
Excellent point though. Actually facebook is the site that convinced me I needed Requestpolicy.
I have never left a job where I didn't wipe my desktop or laptop before leaving (though, most recently "wipe" meant "wipe the LUKS headers").
Firstly, wiping the OS is not damage to the machine. a company may try to argue that, but I would too. I don't see it as damage, they can always reimage...and should anyway for their own protection and the employees. Sure the employee may lose personal data to a new user but think of other possibilities... lets say I leave, and the next person to get the laptop isn't someone with my level of access... they could scour the drive and gain access to files that I had legitimate access to, but they didn't.... or maybe I trojaned the laptop before I left, and every time the new guy uses it, he is giving me access to the internal network again.
A simple re-image not only removes those possibilities, it removes the question of them. You don't even have to ask "did he trojan the box?" because you know he couldn't have. Its actually one of the reasons I was happy they revoked my root access and changed passwords as soon as it was known that I was leaving at one of my previous jobs... no need to worry that I might do something... no need for me to worry about being accused. (and a couple of weeks of what amounted to vacation as I couldn't do much....bonus)
Secondly, As for notes and other data.... a desktop or laptop hard drive is not really the appropriate medium for that anyway. They can break. They should have provided a place to store those seperately. i would say they may want backups too but, thats kind of besides the point, if your only real long term storage of important docs and notes is "in the backups" then you have bigger issues.
Thirdly, I have had to dig through an ex-employees home directory on multiple occasions in hopes of finding notes or files that were needed at the time. I can't recall it actually resulting in anything useful. I am sure it does once in a while but, not when I have been involved.
That is, unless he is planning to use the Basic Instinct Defense "What, do you think I am stupid enough to publish details of how a murder could be committed, by anyone, using these devices, and then do it myself?"
Though, if he tries it, I hope he remembers, the short white dress and no underwear is key to making it work.
And to what standard? The stated threat of it? The stated fantasy of it? Or just the worry of it? At which point do you risk the secrecy of the scope of the program?
remember we are talking about a crime, before it happens, without the benfit of hindsight.
How many "tips" do you think such a program would produce before it caught one? Thats the real issue...a tip may save a life, it may do nothing at all. A tip on one person, chances are does nothing useful.... so at what certainty does it become enough?
Where do I have accounts? Do you know? You can guess, and probably get several of them...but not all of them. Not the ones even I have forgotten about. Hell, you don't even know what other usernames I use when the one I have here isn't available (hint: This one isn't actually my first choice)
On the other hand, if I use an SSO service, and you get that.... depending on how you get it, it could be very bad. The SSO service could, concievably have info on every service that I have ever used through it. You could log on to sites I haven't been on in years and start using my name to spout whatever you want....
Imagine that.... you go to some power tools website to ask a question about your new drill. You get the info you need, never go back. Then two years later, some guy who 0wn3d the SSO server hands a password list to his buddies....and a few months later you now have an extensive library of incendiary posts about minorities and gays in your name.
Could it happen other ways? Sure, but.... talk about making it easy to do widespread damage. Oh now I am locked out of ALL of my accounts...spiffy. Oh you just initiated phishing attacks using my otherwise legitimate accounts on 50 different websites... score.
Oh was one of those accounts the one where you posted messages in a online support group for other people with HIV or some other stigmatizing medical condition? Ooops, looks like the links to all your posts just got posted on your FB wall.... have fun.
Go buy my mortgage (sorry no lien on my car), then ask if you can have the keys to my house, see how far that gets you. It will get you told off, shown the bird, and possibly even mooned at that point...what it isn't going to get you, is any keys from me.
More than that.... what do they need the information for? My employer signs my paychecks, few things hold more sway over my life. Do you think that means I emailed my boss my facebook password so he could poke around and see what I am up to in my personal life? No!
The more of such a relationship I have with them, the MORE I feel I want my personal data protected. What if I am gay and they hate homosexuals? What if I am straight and they hate straight people? Maybe they don't like something my wife had to say? Point is, if I have to worry that they might make discriminatory decisions against me, then its best that they don't have information that can be used to make such decisions. Better that they keep a racist on staff who doesn't know the race of the people whose accounts he deals with than find out the hard and long way that I am one of the people he hates.
Rememeber, anything can become illegal/considered imoral/irrationally disliked by any number of people at any time....and if you aren't ever saying or doing anything that couldn't be taken thr wrong way, or expose you to discrimination, then you just are not very interesting...and thats the last thing we should be encouraging as a society.
I have a FB account, but, since when do I trust them to know every single website I go to? You know how many non-FB websites I have EVER logged into with my FB account? 0. Exactly 0.
As far as I can tell, the only reason they offer SSO is so they have yet more info to aggregate and sell. I don't use FB login for the same reason I don't allow my web browser (via requestpolicy) to connect to facebook at all when loading non-facebook sites.
FB doesn't need to know where I go to stream music, it doesn't need to know where I read my news or post my comments, it doesn't need to know jack shit other than what I post on my wall, on facebook.
Slashdot Mirror
And apparently I don't have the right to not fund their educational system under that shitty document either. I don't recognize the authority of documents that don't recognize all of my rights.
I fully support the RIGHT of these states to teach what they want, and even to ban the teaching of evolution. Its their lives, their children, their right.
However, I would ask that my states rights be recognized too.... the right to consider high school diplomas from their state worthless and The right to not fund their educational process at all.
I would be perfectly happy with such an arrangement.
> Essentially we want to protect people who aren't able to protect > themselves, at least while on campus.
No you don't, or if you do, then I question how much thinking you really did about this motivation you claim to have.
What are you protecting them from? It seems to me like you are trying to protect yourself from parents who would complain. I understand that but, be honest about your motivations. Filtering doesn't protect the person who is denied access to what they wanted to see.
> Would I get invasive eye surgery to get an internet-enabled HUD? Hell no. But I was severely
> nearsighted all my life, legally blind without my glassses. After my CrystaLens implant (an artificial
> lens implanted in the eye that focuses naturally, like a young person's eyes) I no longer need
> corrective lenses, not even reading glasses, and I turned 60 this year.
With the caveat that others had already done it and the surgery had a very high success rate (or at least a very low "oops you are blind (or dead...it is surgery) now" rate....I might have an internet enabled HUD installed....
That said... my mother is about your age and sadly wasn't so lucky. Her vision was never really that correctable (I believe she was 20-50 corrected in the "good eye")... then suffered retinal detachements. Eventually they injected silicone into her "bad eye" to keep the retina together, on the idea that the other one might go, and if it does, they can restore that one as sort of "warm spare".
Of course, from dissuse (she could only see light or dark blobs from it), it atrophied and she eventually decided to have it removed for mostly cosmetic reasons.... which almost made me cry when I saw some of the more recent developments that may have been able to reuse the old nerves...and so shortly after she had them take her other eye out.
This is great to see, even for someone who lucked out and got his father's near perfect vision...my eye doctor handed me a prescription last I saw him saying "you don't really need them, its just that this instrument is really so sensitive" (he has one of those machines that images your eyes)
reminds me of a project that went down in flames once.
I was out of work, a buddy of mine had another guy with a bit more experience than me writting web apps (I am more sysadmin with some coding skills). He had a client lined up, we had gotten through defining some requirements, but my buddy, the less technical more "sales" type, was having so much trouble understanding the complexity.
We told him, this is a multi-week project, its going to require research, coding, integration etc. We told him he shouldn't be willing to accept anything under 10k, and it really thats on the low side for what they wanted.... should be more for what we are looking at.
At our next meeting he told us he agreed to do it for 1k, and he knew we could "bang it out in a weekend".
We both walked away and left him holding the bag he just made for himself.
Yah but thats a government estimate. The people who would happily spend $10 million to build the same $400 satelite this artist built. I bet you if they took 1/10th of that money and made it a prize pool for whoever builds one first.... the prize will be a tidy profit to whoever does.
Meh I could teach you to write basic code in a day. The difference is, nobody hires people because "they know how to write code". Its about being experienced and knwoledgeable.
I could teach you to drive a car in a day too.... but, being able to drive a car and being an expert, experienced driver are two very very different things. There is a huge difference between "I can step on the gas and make it go, and bring it to a stop" and "I have been in several skids, and am adept at steering out of them" (or rather into them, if you want to split that hair).
I think they are doing a real disservice to their students if they are really leaving them with the impression that they are going to be competent or even "speak the same language" as someone who has been doing it for years.
That said, I might believe in either the ability to teach some basic coding in a day or the ability to gain exposure to some concepts and learn to communicate better with coders in a day... but... to become a competent coder? That I would need to see to believe.
That would make a lot of sense. Of course... while we are speculating... hows this one...
Perhaps there is no payload. The real action is the moles at kaspersky....
"Nope we haven't found it yet.... we have even asked the internet for help. Are you SURE there aren't any more program names/file paths we should be checking against?"
I would count that as unlikely, given the sophistication, but, its a possibility.
The really neat thing here is that.... the payload could have already gone off. Unless someone figures out the key, the chances of catching it "in the act" is pretty slim.
Its a very clever hack indeed. We always think of encryption keys as something that we make up randomly and need to be transmitted.... but this isn't even an unusual style of use.
This is kind of like... taking some shared knwoledge, using it to make a key, then sending the encrypted data to someone, giving them a riddle only they can solve.
"The key is the date we first met, plus the date you left your first job, plus the name of the resteraunt we went to after your mothers funeral".
Except...its based on system configs. I have to wonder with path elements and program files how well balanced they are between identification of the specific machine(s) they want, against the possibility those configs will change before the payload goes off.
Well that assumes they knew better. I am talking about people who "hadn't smoked pot since I was your age". The one I am specifically thinking the most of went to her doctor. The doctor never gave her the option of pot.... she tried it on her own after doing some research to find something other than what she was on...because the side effects were so bad.
Not just side effects, but the fact that when she complained of the side effects, they prescribed her powerful benzos (which are highly addictive with really nasty withdrawls).
> Do you really believe that? it's driven up costs, and as someone that believes in economics it
> has therefore lowered abuse.
How fucking scientific. Maybe I believe in pink unicorns.
You are wrong, not because economics is wrong, but because you are applying it in a simplistic manner, looking at only one part of a much larger issue. Its not just a matter of cost or cost going up. These are not apples to apples comparisons by any stretch of the imagination.
Whats gone up? well cost yes, but so has potency and purity. Do you ever hear of opium smokers doing anything?
Partially its because you can't get opium. You can certainly get heroin. And the price of heroin has gone up, but, its far more potent, its in a pure form (not counting any cut) and often injected. Its very strong, much stronger than the smoked opium that has been all but removed from the market.
Crystal meth. Similar. All other, safer, less potent stimulents are relegated to obscurity, shut out of the market. What remains is very potent and pure...and I don't mean pure in the "FDA regulations make sure everything on the label is actually whats in there" pure... I mean "Holy crap that stuff is over 90% methamphetamine, you better be careful".
Not to mention.... Ive known a few users of a few drugs.... most people don't just "do anything". I know more than a few people who only ever smoked pot a handful of times because they didn't like how it made them feel or otherwise didn't enjoy it (which is how I have come to feel about alcohol actually... I don't refuse to drink as a rule, but its been a while since I even accepted a beer offered)
A rather common model, amongst those who look at these issues, is the "Self medication" model, which looks at a large amount of drug use as little more than habbits that self medicate for other conditions (normally with the assumption that this is a bad thing, I tend to question whether its not often more effective than most think, I know people who have eliminated prescription drugs with some nasty side effects in favor of a little pot before bed.... and several others with other conditions).
I think part of the issue here is that you are forgetting that peoples behavior isn't dictated by what you think is rational for them. You are not taking their real motivations into account. You are just assuming that changing one motivating factor must have the effect that you would predict, without actually looking deeper at whats really happening.
I think the other poster who pointed out that finger print readers wouldn't be hard to add, if they are already doing hidden cameras and card readers, really hit the nail on the head.
Gummy bears are fine, but realise, the "gummy bear" trick is still a lot more effort than watching a video and seeing what numbers someone hit. I would bet you could review 10s of videos in the time it would take to produce 1 good fingerprint from any of these methods.
I don't mean it will never happen. Everything will happen. Somebody WILL use a gummy bear to copy a finger print.
The thing is.... the few people doing that, whether they get caught or not, probably are not an issue. They are putting effort into single robberies. They suck, and stopping/catching them would be great but... they don't effect nearly as many people or as much money overall as a systematic skimmer.
Who cares about the one off, who maybe hits one a day or every few days, when there are people skimming 10s or 100s in a day, every day?
Or to put it another way from an old systems security discussion we had at an old job. "If we have a knowledgable attacker going after us personally, we already have bigger issues than we can deal with or prepare for in this discussion".
That is... one guy, who puts effort into a target and wants to steal from that target, he is going to find a way. Maybe he uses gummies, maybe he enlists an unknown to take it by force, maybe he does any number of things. He chooses the time, the place, the action.
However, you CAN much more easily take steps to protect yourself from the "script kiddies", or anyone who just casts a wide net and trolls for hits.... and given how the numbers work, that tends to be a good starting point....because its unlikely that any individual gets the attention of a determined, intelligent attacker.... but nearly everyone ends up running into some manner of wide net phishing attempt.
Thats a really good point, I hadn't thought of that. Perhaps the card needs the card reader? Smart card, with built in finger print reader, and using a challenge/response authentication, so that a sniffer in the middle can't just grab static data and reuse it?
Huge increase in complexity and cost, but, I don't know if there is a way around it for this problem set.
Well... at least in terms of shutting it down. In terms of keeping them away from your bank, it probably works very well. Why would you produce such a device if only one or two banks even use it?
Of course, that means its like the old platform/virus debate. "I use X platform because there are no viruses, or very few". "There are very few viruses for X platform because so few people use it, if more people thought like you, then the virus writters would change targets, because it would become worth it to do".
A few assumptions there, not the least of which is intelligent criminals.
That said, I think both this and the original post miss the point. I doubg jacking people's fingers for card robberies is going to happen. It requires the criminal to not only be willing to steal a card and info, but, to actually harm someone who is complying with them.... less people will be willing, especially isnce it will be a more heinous crime if they are caught.
What this really does, and I think will do well, is put a stop to wholesale theft. This doesn't foil the guy who robs you at gun point, he will ALWAYS get what he wants (even if it means you personally withdrawing the cash, and keeping your finger).
who it foils is the guy who disguises a card reader and camera to steal your stripe info and pin. Now get can get the mag stripe but the pin is your fingerprint. Can he recreate it from video? Maybe, sometimes. It wont be as fast, or easy.,..and will require him to retool to do it... it probably kills his business.
I doubt it totally kills the fraud and theft...but raises the bar on bulk theft.
> Anyone thinking that she was a positive for the GOP is also a
> fucking twit. She did more damage to the GOP brand every time
> she opened her dumb mouth-hole.
Um really? Do you see one of their men in the hot seat for what was the coming economic crisis? Is their man defending his record during a major recession?
Palin was a smart choice for throwing the election, when they already had a good enough candidate for their aims being run by the Dems.
The GOP has spent the past 20 years going off the deep end and pulling the dems over to their side. We have a Dem president who came out of the gate proposing the old GOP healthcare reform, even fighting them for it.
They already won. The last thing they would want is to have to take credit, it ruins their whole strategy, as they demonstrated with Bush II.
People don't seem to realize, you don't win under this system by supporting your people and compromising with likeminded people. You win by going so far to the extreme of your view, that others have to compromise with you.
Very true (also true about sunlight being a great disinfectant, at least, if you are not trying to use it through UV blocking glass :)
I remember, what a decade ago? It used to be different. You used to see anouncements that said "This vulnerability was given to so and so on date X, they worked out a patch, now here is the full vulnerability". Or "This was sent on X date, it was ignored, They ignored several warnings, here it is".
Sure sometimes someone just released a vulnerability without any of this diligence, but, it was frowned upon except in very specific circumstances (active use "in the wild" already, for example).
Then... a few years ago we had talks quashed, papers hushed up, researchers sued...
A few too many messengers get shot...and now look where we are...
Case in point: Linkedin.
I resistsed signing up for YEARS until I left a job recently. I wanted to maintain the ability to contact people...so I made an account.
So now I have slashdot, facebook, linkedin..... in decreasing order of interestingness.
Comments here, most stupidity, and most interesting. wide range, great stuff. Here, I too post anecdotes about work. Sometimes, I even post AC, just for a little extra protection on those that are about work.
On fb, seldom to never post anything work related, and few things with much thought or interest. Its not just that I know everyone there, and they all know where I work and all my other friends, but, because they are family and other social relations, its not exactly where I go if I want to talk technical, its chock full of the non-technical people I know.
Linked in....worst of all. Nearly all professional relations. Anything you say could hurt real job prospects. It seems nearly ALL communication that does happen is in private messages or on private groups. Its as exciting as a party thrown by the HR department.
Kind of a problem if you don't have a concrete floor. I mean, i do, its in the basement, but not everyone even has those, hell, some people just have a room on a non-ground floor. I know, I have rented non-ground floors to such people.
> Unless you block that with browser extensions (esp. RequestPolicy), of course. :) RequestPolicy, Noscript, AND ghostery (mostly for the info it provides)
Excellent point though. Actually facebook is the site that convinced me I needed Requestpolicy.
I have never left a job where I didn't wipe my desktop or laptop before leaving (though, most recently "wipe" meant "wipe the LUKS headers").
Firstly, wiping the OS is not damage to the machine. a company may try to argue that, but I would too. I don't see it as damage, they can always reimage...and should anyway for their own protection and the employees. Sure the employee may lose personal data to a new user but think of other possibilities... lets say I leave, and the next person to get the laptop isn't someone with my level of access... they could scour the drive and gain access to files that I had legitimate access to, but they didn't.... or maybe I trojaned the laptop before I left, and every time the new guy uses it, he is giving me access to the internal network again.
A simple re-image not only removes those possibilities, it removes the question of them. You don't even have to ask "did he trojan the box?" because you know he couldn't have. Its actually one of the reasons I was happy they revoked my root access and changed passwords as soon as it was known that I was leaving at one of my previous jobs... no need to worry that I might do something... no need for me to worry about being accused. (and a couple of weeks of what amounted to vacation as I couldn't do much....bonus)
Secondly, As for notes and other data.... a desktop or laptop hard drive is not really the appropriate medium for that anyway. They can break. They should have provided a place to store those seperately. i would say they may want backups too but, thats kind of besides the point, if your only real long term storage of important docs and notes is "in the backups" then you have bigger issues.
Thirdly, I have had to dig through an ex-employees home directory on multiple occasions in hopes of finding notes or files that were needed at the time. I can't recall it actually resulting in anything useful. I am sure it does once in a while but, not when I have been involved.
That is, unless he is planning to use the Basic Instinct Defense "What, do you think I am stupid enough to publish details of how a murder could be committed, by anyone, using these devices, and then do it myself?"
Though, if he tries it, I hope he remembers, the short white dress and no underwear is key to making it work.
And to what standard? The stated threat of it? The stated fantasy of it? Or just the worry of it? At which point do you risk the secrecy of the scope of the program?
remember we are talking about a crime, before it happens, without the benfit of hindsight.
How many "tips" do you think such a program would produce before it caught one? Thats the real issue...a tip may save a life, it may do nothing at all. A tip on one person, chances are does nothing useful.... so at what certainty does it become enough?
Not as bad.
Where do I have accounts? Do you know? You can guess, and probably get several of them...but not all of them. Not the ones even I have forgotten about. Hell, you don't even know what other usernames I use when the one I have here isn't available (hint: This one isn't actually my first choice)
On the other hand, if I use an SSO service, and you get that.... depending on how you get it, it could be very bad. The SSO service could, concievably have info on every service that I have ever used through it. You could log on to sites I haven't been on in years and start using my name to spout whatever you want....
Imagine that.... you go to some power tools website to ask a question about your new drill. You get the info you need, never go back. Then two years later, some guy who 0wn3d the SSO server hands a password list to his buddies....and a few months later you now have an extensive library of incendiary posts about minorities and gays in your name.
Could it happen other ways? Sure, but.... talk about making it easy to do widespread damage. Oh now I am locked out of ALL of my accounts...spiffy. Oh you just initiated phishing attacks using my otherwise legitimate accounts on 50 different websites... score.
Oh was one of those accounts the one where you posted messages in a online support group for other people with HIV or some other stigmatizing medical condition? Ooops, looks like the links to all your posts just got posted on your FB wall.... have fun.
Go buy my mortgage (sorry no lien on my car), then ask if you can have the keys to my house, see how far that gets you. It will get you told off, shown the bird, and possibly even mooned at that point...what it isn't going to get you, is any keys from me.
More than that.... what do they need the information for? My employer signs my paychecks, few things hold more sway over my life. Do you think that means I emailed my boss my facebook password so he could poke around and see what I am up to in my personal life? No!
The more of such a relationship I have with them, the MORE I feel I want my personal data protected. What if I am gay and they hate homosexuals? What if I am straight and they hate straight people? Maybe they don't like something my wife had to say? Point is, if I have to worry that they might make discriminatory decisions against me, then its best that they don't have information that can be used to make such decisions. Better that they keep a racist on staff who doesn't know the race of the people whose accounts he deals with than find out the hard and long way that I am one of the people he hates.
Rememeber, anything can become illegal/considered imoral/irrationally disliked by any number of people at any time....and if you aren't ever saying or doing anything that couldn't be taken thr wrong way, or expose you to discrimination, then you just are not very interesting...and thats the last thing we should be encouraging as a society.
Yes. Exactly. All the SSO I need.
I have a FB account, but, since when do I trust them to know every single website I go to? You know how many non-FB websites I have EVER logged into with my FB account? 0. Exactly 0.
As far as I can tell, the only reason they offer SSO is so they have yet more info to aggregate and sell. I don't use FB login for the same reason I don't allow my web browser (via requestpolicy) to connect to facebook at all when loading non-facebook sites.
FB doesn't need to know where I go to stream music, it doesn't need to know where I read my news or post my comments, it doesn't need to know jack shit other than what I post on my wall, on facebook.