Your average home user doesn't reinstall anything, and for many reasons.

Even if he or she wanted to, they won't have a viable consumer OS installation disk anymore. They get the "System Recovery Disk" with their new purchase, and it's likely filled with the same Lenovo image that was used to bundle the malware in the first place.

I'm pretty sure that the people who've already been impacted are enough to bring a class action suit; eliminating a few more plaintiffs won't change much.

Cameras and license plate readers, and Bluetooth readers, have already automated the data capture of your travels and no longer require you to voluntarily participate by running a state-provided transponder.

You're in a public place, in a publicly licensed vehicle, on a public road, and technology means that data is now a matter of public record. Welcome home, Winston Smith.

"In Soviet Russia, 3D printers print you!"
Turns out that's the headline, not the punchline.

Nobody took computer security seriously back in 2001. Things have changed a lot since then. For example, if you were to contact that same bank with the same information today, they would likely know better and would now contact the FBI and have you arrested on charges of violating the Computer Fraud and Abuse Act.

Actually, contacting the FBI might not be a bad choice for the story submitter. They would probably be very interested in working with that bank to shut this problem down quickly.

OH MY GOD, THE HYPERBOLIC FUEL IS SO UNSTABLE! It will lead to the explosions of every satellite in orbit! And it's so acidic it will eat through the fuel tanks, dripping killer toxic acid rain onto every surface on earth!! The world will end!

Or, perhaps, your device auto-corrected hypergolic, which is to say a chemical combination that self-ignites when the two substances are brought into contact with each other?

That's the change: they've come to the realization that they can't lock developers down to anything, at least not like they used to. I think it's long past due, but that's from an outsider's perspective where it's easier to see the whole landscape, not just focus what goes on in Redmond.

Microsoft is a very different company than they were under Gates or the Sweat-hog. They long ago figured out that their cash cows were kind of fragile, and they more recently figured out that they alienated a lot of developers. They are now trying to find ways to woo developers to any of their product families, not just to Windows. And they've done some great work on a lot of software engineering fronts, including secure development, powerful tools, integrations, and are even dabbling in open source,

My point was that DDT was the first large scale agricultural pesticide that was engineered specifically to be less toxic to humans. You could use cyanide gas on a field, but your farm hands or animals would die if they wandered into the cloud. That meant a farmer wouldn't apply those kinds of poisons except in severe infestations.

DDT made the application and use of pesticides measurably safer, and led the way to routine applications of pesticides on all kinds of crops. Today's pesticides can be deployed on a schedule as a preventative measure to ensure reliable crop yields, and not just applied on an as-needed basis. For that matter, GMO crops are now engineered to express all kinds of toxins throughout the plants, with the plants' own cells serving as microscopic pesticide factories from germination through harvest.

As I recall, the agricultural pesticide industry was initially derived from the chemical weapons industry, not the other way around. Poisons had been known for centuries, but weren't widely applied as they were toxic to both humans and pests. Large scale agricultural applications of pesticides began with DDT, which wasn't developed until 1939.

The second you approve of a policy that restricts action X based on moral grounds, you have defined a vulnerability that a less ethical enemy will exploit.

Furthermore, when you're in a war, it's chaos. Bad stuff happens. Collateral damage happens. You certainly don't plan to inflict 1000 civilian casualties, but you can predict that in a city of 1 million people undergoing an all out conflagration, there will statistically be civilians killed, displaced, wounded, orphaned, starving, etc. You don't stop a war just because you're better at math.

War also isn't the first choice of a rational society. Diplomacy, negotiations, sanctions, pressure, demonstrations, all these kinds of activities are intended to solve the problem before it degenerates into war. But there is always another side, and if it degenerates to war, it's because at least one side was acting in bad faith. ISIL isn't even acting as a rational society. They don't negotiate - they enter an area, kidnap and rape the girls and take them forcibly as wives, and kill, conscript, or indenture the males. They use civilians as human shields, betting that an opposing force won't bomb their headquarters if they have them located in a schoolhouse full of children.

An outside society can do two things: allow the continued expansion of slavery and genocide, or attempt to stop it. If non-military resolutions fail, what would you have them do? "Sorry, you can't fight those insurgents because they duct-tape kidnapped children to the front of their vehicles." "Right, we'll just let them continue on their homicidal path because we can't place those children at risk."

It's not like anyone in the West wants civilian casualties. The moral high ground may not be perfect, and it may not be absolutely 100% civilian casualty free, but you can't claim a millimeter of moral high ground if you let the atrocities continue unchecked.

Chillax. It's just a reference to the plot of a science fiction movie that's quite popular with nerds.

What if a drug to control aggression was developed and it was introduced into the atmosphere? It would impact everyone equally, with no opt-out.

I can't see a downside.

This problem was addressed in v4.3 of the protocol. Also note that this particular problem only enabled theft from the store by a dishonest customer, but it does not enable the large scale skimming or cloning attacks that have been the subject of headline news.

A fake card can't lie about the PIN because it doesn't have the key needed to sign the packets the card sends to the merchant's terminal. The merchant terminal has a bunch of certificates in it and authenticates the messages coming from the card. In this specific attack, Ross' team discovered the message that said "Transaction Approved!" coming from the card in an offline sale was unsigned, so they had their tampered card send the same unsigned "Transaction Approved!" message at the right time in the protocol. The change to V4.3 (or was it 4.2?) fixed this problem, so it should not be an issue for the US market.

Ross likes to get EMV flaws in the news. While this benefits us all in that the protocol's security is tightened each time a flaw is uncovered, poor news reporting and the claims repeated by ignorant people (and fomented by organizations who don't want to see EMV succeed) are causing counterproductive hysteria. On one hand, EMV is a complex mess that was made worse by all the compromises stuffed in there by competing interests (banks, card associations, terminal manufacturers, card manufacturers, merchants, and payment processors), but on the other hand it's converged onto a remarkably secure solution to a problem that has plagued the industry for over 20 years.

The real crime here is that all the competing interests have resulted in foot-dragging by all the players who see changing over to EMV as too expensive, too hard, too risky; worse are the disruptive elements delivered by those who see EMV as a threat to their current business model. For example, EMV yields a system so secure the merchant's terminals are no longer the weak link, so why should merchants pay for expensive secure terminals? This makes companies like VeriFone nervous, because they'll soon be trying to peddle devices that only serve to secure the merchant's interest, not the cardholders or the banks. The PCI assessors are also finding ways to whip up hysteria and make bank now, because EMV will ultimately render their services unnecessary, too. Meanwhile, the completely non-secured mag stripes continue to deliver fraud around the globe, and the fraud won't stop until the mag stripes are dead and buried.

Chip and PIN is now relatively secure. The cases that Ross Anderson has exploited generally don't scale beyond a single hacked card. The notable exception was a particularly crappy ATM, with a non-random random number generator. But hacks on the scale of Home Depot and Target will not be possible on EMV transactions. (Card-Not-Present transactions, such as any online transactions, will continue to be at risk).