Even chips are bullshit. Why aren't CCs issuing one time tokens per a transaction - this rendering subsequent transactions useless? (Or tying the token to a retailer for subscriptions / etc)

You'd have to do better than that. If the payment terminal is compromised, an attacker could just sit there and wait for a card to be available at one of the payment terminals, then process two transactions in a row very quickly, one of which is the real one, and the other of which is an arbitrary transaction. There's a fundamental law in computing—not sure if it has a name—that goes something like this: If you cannot fully trust both endpoints of a communication channel, you cannot trust the communication channel itself. Period.

The only way to really improve the situation is to have credit cards treat the payment terminal as an untrusted network connection. Put a screen on the card itself, and require the user to push a button on the card itself to approve the transaction. Then use some form of PK crypto in the device itself to sign the transaction and send the response back to the payment processor's servers, which can then send a confirmation code to the register as proof that the transaction was accepted.

And no, I don't mean cell phones here. Cell phone payment systems certainly have the potential to be an easier way of paying for things, but security-wise, they just replace one attack target with another, without any obvious security benefit. Why? Because they're general-purpose computers that are constantly in use for other purposes like web browsing, so if they contain any security holes, the risk of them getting compromised is non-negligible.

More to the point, the risk of compromise for a cell phone is orders of magnitude higher than the risk of somebody finding a bug in a specialized card in your billfold and attacking it using nothing but NFC (because an attack on a cell phone doesn't require you to be in the same country as the victim, much less within a few feet).

And assuming all things are equal, the odds of a cell phone being compromised should be higher than the odds of a payment terminal being compromised (ignoring the "physically swap it out" risk), because the payment terminals should be segregated onto their own private network, and shouldn't be communicating with unrelated Internet servers for unrelated purposes. This does not appear to be the case in practice (as far as we know), but then again, until enough payments happen on cell phones, they won't be a high-priority target, so such comparisons may or may not really be valid.

Now it is theoretically possible to make a cell-phone-based solution as secure as a card with a screen, but the minimum requirements would be:

• A separate CPU that handles the transaction processing and signing.
• A means for that CPU to take over the display and input system in such a way that guarantees that the data shown on the screen is from that crypto chip even if the software running on the phone's main CPU is completely compromised.
• A physical light on the front panel of the device to indicate that the data on the screen is coming from the payment chip.

Anything short of that improves security only to the extent that the odds of simultaneously compromising a payment terminal and the phone that's talking to it are less than the odds of compromising one or the other, and there's a small chance that the customer might notice if the screens don't match, so an attacker really ought to compromise both of them. With that said, when there's a mass compromise of the payment systems of a major national company, it doesn't take a very high percentage of compromised cell phones before you would start seeing situations where both devices are compromised, at which point the cell phone doesn't make things appreciably more secure than a chip-and-pin system, which is, in turn, not all that much more secure than a magstripe system, whereas a mostly dumb crypto card with a screen and a pushbutton does.

There is a legal obligation to focus on profits.

No, there is a legal obligation to act based on another party's interests, not based solely on another party's financial interests. Shareholders have interests other than money—having clean drinking water for their kids, supporting cultural growth, improving the quality of education, not getting buried in lawsuits from the government when you cross a legal line (though this one arguably is financial, just over the longer term), and so on. That's why you don't see shareholders suing companies for giving money to charities, for example. A purely financial misinterpretation of the word "fiduciary" would make such donations illegal.

IMO, it's 33% of a roughly 3x larger pie.

400 kilobytes? For 30 seconds of video? That's barely a hundred kilobits per second. Are you sure that wasn't a reference movie to content at a different URL? Because that's not likely to be anything approaching what most people would call "full quality" unless the content started out as a postage-stamp-sized cell phone video....

It is a government actions, specifically this lawsuit is based on the federal anti-trust laws, which are completely unconstitutional and illegal and detrimental to the economy in every way.

You're joking, right? Antitrust laws are only detrimental to one aspect of the economy: the unregulated ability for a few individuals or corporations to make an obscene amount of money at the expense of everyone else. When a monopoly exists, it gains an incredible amount of power over the free market that is not easy to overcome. At that point, a free market no longer realistically exists without government intervention, because the ability to break into that market becomes hopelessly compromised. To the extent that free markets are generally considered to be the epitome of a good economic system these days, clearly any government intervention required to ensure that such free markets continue to exist is justified, legal, and constitutional.

I'm pretty sure the headline "ISIS attacks ISS" would confuse so many people that the world would never recover.

The solution isn't random info. It's questions you create with personal information that is memorable enough that you're remember in an instance, but only you, or a very small handful of intimate people, would know. Ie, 'Who was that girl you had a really secret crush on in grade 10?"

This is a great example of why security questions are inherently dangerous. Most people—even geeks—have no idea what makes a good security question. Cracking an account secured with this question is almost always very, very easy:

• Determine what high school the person went to.
• Iterate through all the girls who attended that school that year, providing both first-name form and a couple of first-and-last-name forms, beginning with the ones who were in your grade, then moving on to other grades. Include teachers.

Better than 95% of of the time, this will result in a successful compromise of the user's account. And if you branch out from there into organizations that the person was in, churches, etc., you'll rapidly approach 100% coverage. And of course if someone really knew you or your crush back in 10th grade, it probably wasn't nearly as much of a secret as you thought it was, which could mean that it won't take many tries at all.

To be fair, unless you're someone famous or there's a significant financial incentive to do so, it probably wouldn't be worth someone's time to type in the names of all the several hundred girls who attended your school, but once you have that information in electronic form, it would probably take a matter of seconds to crack such a security question in the absence of mechanisms to prevent repeat guessing. And even those mechanisms only slow down the process.

Do you mean Yorkshire Pudding Purple Monkey Dishwasher or her sister, Idaho Potato Purple Monkey Dishwasher?

A cell phone is not a second factor, or at least not a meaningful one. If somebody hacks your phone to install a keylogger, they'll be able to convince any software running on your phone to do their bidding as well. Either you trust the device or you don't. If you do, you don't need a second factor. If you don't, then all bets are off.

For a reasonably strong second factor, you need a device that has basically no network connectivity whatsoever, like a CryptoCard token. And even then, you're potentially at the mercy of man-in-the-middle attacks stealing your credential, using it elsewhere, and temporarily providing bogus credential to the site that's requesting authentication, thus forcing you to generate another new number and concealing the fact that it just hijacked your second factor....

For a truly strong second factor, you need a device that communicates using a dog-simple protocol, does nothing more than verifying the signature on a signed authentication request, displaying the signer's identity on a screen, waiting for the user to approve the transaction, signing the request with its own private key, and sending it back as the response. And even that isn't without its security risks.

I'm unconvinced that an attack based on manipulating the secret questions is not Apple's fault. As others have pointed out, this is useless for celebrities whose lives are relatively public. Birthplace, pet names, mother's maiden name, etc. are the kind of things that are relatively easily collected from fluff interviews. For non-celebrities, such information may only require a personal meeting.

Yes. The mere existence of security questions is a fundamental security hole—doubly so when users are forced to provide answers to those questions. Users have only two choices:

• Answer truthfully, which catastrophically weakens security on their account, because quite frankly, everybody on my Facebook friends list knows the answers to about half of those questions; anything that I'm guaranteed to remember is also something that anyone I know also knows.
• Make up answers, which is now a secret piece of information that is no better than a password, and no more likely to be remembered, but still weakens security by virtue of the fact that there are now five or six of those secret answers that magically unlock the account, rather than just one.

IMO, not only should security questions not be required, they should not even be an option, precisely because most people don't understand enough about security to recognize just how horribly dangerous it is to answer the questions truthfully, leading to unfortunate incidents like these.

As far as I'm concerned, there are only three safe ways to allow a user to regain access to accounts without knowing the password:

1. Callback/email-back to a registered phone number or email address.
2. Presenting proof of death along with proof of executorship.
3. Presenting multiple forms of ID, either in person or with a combination of fax/email and video chat. Ideally, one of these forms of ID should be a photo ID, and the other should be a credit card (the physical card or a photocopy thereof, not just the number). The company should charge a $1 fee, both to discourage people from forgetting their password repeatedly and to ensure that the credit card was not stolen and used to impersonate the account holder. If the password was changed by someone else, the fee could be refunded after it goes through. Then, the company should provide a temporary password to the user, lock the account, and wait for the charge to go through before unlocking it again.

And users should have the option of disabling the first one, precisely because some of those external accounts may require security questions, and thus may be easier to compromise, allowing a springboard attack.

Definitely not true. Backwards, in fact. POP defaults to removing messages from the server and must be explicitly configured to leave the messages on the server. IMAP leaves them on the server by default, and IIRC, most IMAP clients don't even provide the option of removing messages from the server until you delete them.

Dead animals and a cave wall.

That's a pretty scary abuse of power. By Canada. Diverting the plane to Canada was okay, because the U.S. has jurisdiction over what air traffic may enter its airspace. However, the Canadian government had no legitimate legal right to arrest any person so diverted, because as a passenger on an international flight, he did not legally enter Canada, and a landing forced by the inability to reach your destination due to circumstances beyond the pilot's control constitutes an emergency landing, which is subject to various legal protections in all civilized countries.

Unfortunately, I've read that the Canadian government did a lot of that sort of thing for international passengers diverted on 9/11, too. Apparently Canada has little respect for international law regarding air travel—specifically, Articles 5 and 25 of the Chicago Convention (of which Canada was originally a signatory, but later withdrew from).

What the U.S. did was rather bizarre, but legal. What Canada did was unconscionable. Want to ensure that this never happens again? Write your MPs and demand that Canada re-sign the International Air Services Transit Agreement (IASTA).

The criteria themselves should not be secret. The details of what actions meet the criteria might be. Of course, once a person is dead, there's likely no reason to keep that person's details secret. So they should disclose the way that the guy who was fighting against us in Iraq got on the no-fly list. Wait, what? He wasn't on the list? Seriously? Then what the f*** good is it?

I'm pretty sure the last time the news media was competent at holding the federal government responsible was under Nixon. Since then, they've only held individuals accountable for their sex lives... because sex sells papers.