Yes, wireless connections to the card are a risk
The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe. It's just a gimmick and really no faster than swiping the card. Skimming at a POS terminal - other than at a gas station or older ATM - is pretty rare (and/or ballsy) and I've personally never heard/read about it anywhere. I live in the US, so your mileage may vary elsewhere...
You cling desperately to your stupid "I'm thinking of a number" straw man because you know that I'm right. Everything that hasn't been confirmed not to be a threat is a threat. You secure your turf, survey it regularly, and build a wall in the hopes it will be good enough to deal with the threat of the unknown.
You know this, of course. Children could figure this out. You're taking this position because you seek to work against the interest of your neighbour and you don't want the task to become more difficult.
You're selfish, and it's as plain as day for all to see.
Now you're just being stupid.
Dictionary: Adj: Secret: kept from the knowledge of any but the initiated or privileged
If you have a secret that you share with just a few and keep the rest of us in the dark, that is a conspiracy, and conspiracies are a threat to peoples freedom.
Is it a number? Is it a plan to seize control over the water supply? I don't know, but you've expended extraordinary effort to keep me from knowing what it is, which means I can't assure myself that I'm secure and further implies to me that if I knew what you were doing I'd be motivated to put a stop to it.
Your secrets keep me from having access to concrete facts, and that is the reason that they represent a threat.
Now, fuck off, coward.
how can you possibly not link to an a/v demo or review of this, in the thread OR in the review???
I went looking on youtube and found a metric crapton of copies of the MS demo. I don't want to watch the publisher's demo, of course it's going to be flawless. (and quite possibly rigged) They've successfully flooded the actual honest review demos into oblivion on youtube. Anyone got a link to a review with A/V test?
Great illustration.
On my desktop, over the LAN, with caching forcibly disabled, HTTP took 5.3 seconds and was 9% slower than HTTPS.
On my mobile, over WiFi, again, with caching forcibly disabled, HTTP took 6.8 seconds and HTTPS took 10.8 seconds, 33% slower, AND instead of consumed 2 MB of data because caching couldn't be used.
On my mobile, over the cellular network, HTTP took 18 seconds, and HTTPS took 30 seconds, 69% slower, AND consumed 2 MB of data.
So, considering that mobile is huge and growing, THIS IS A DUMB IDEA.
Yeah, set up encrypted WebRTC with multiple peers from a mobile device, and see now negligible it is.
You don't know what you're talking about.
Freedom does not require you to operate in secret. If you feel the need to operate in secret, either you need to fix your culture, or you need to fix yourself.
Preventing misrepresentation is a social positive. Preserving secrecy is a social negative. Compromises have to be made, but protecting your secrets is not a noble goal in and of itself, shouldn't be necessary in a free society, and in fact represents a threat to other peoples freedom.
Did you ever see Christopher Walken in "Pulp Fiction"?
The practical effect is the same - the user is denied access to the site via an attack on the name resolution protocol. If the registrar is subpoenaed, it doesn't matter if they set the domain to resolve to a takedown notice or a NXDOMAIN result - the practical result is that anyone who doesn't have the site's IP address written down will be unable to access it.
Both hosting and registering the domain outside of the US will provide some resilience if you are doing something they don't like, though they can still block resolution for everyone who isn't using DNSSEC.
Except the effect is NOT the same. In the one case, you still end up going somewhere, and the reason is explained to you, so you have some recourse and know what happened. With the NXDOMAIN result, you have no idea what happened. And on the other side, you have a court order backed by a judge (meaning probable cause needed to be proven) versus someone (or some bot) deciding something on your site looked like it might belong to someone else.
It might not make a difference as far as immediately accessing the data located at that domain, but it makes a world of difference for the person who owns the domain, as well as anyone attempting to mitigate the issue.
I lived long enough to see cyber limbs. Now to make them specialized for specific tasks, and have quick release mechanisms.
Two words: cyber penis
Passports are easy. Just microwave the thing. Fries the chip but looks normal. "I don't know why it doesn't work,officer."
Got my passport in 2006, don't think it has RFID. My VISA card does - or did until I centered a hole punch over the chip and whacked it with a hammer. That was strangely satisfying
To hear Sony explain to its shareholders how spending tens of millions of dollars to produce and millions more to promote a movie that they now have no plans to release is a good thing.
I'm sure Sony has insurance for this sort of thing and will actually make more money from that than by releasing the movie.
So you won't mind the cable company injecting javascript to bombard you with adds _and what not_?
Cox already does this with their "browser alerts" by injecting HTML. Shows up with either HTTP or HTTPS - I had to block the source hosts at my router. Regardless of their intentions, this is, of course, unfriendly - to say the least.
Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.
Um... Secure != Trustworthy and, seriously, most web connections DO NOT NEED to be HTTPS.
Furthermore, I cannot filter HTTPS via my proxy filter (Proxomitron) to strip out annoying things, like the fucking Google sidebar and other forced "user experience" settings - which is why I use nosslsearch.google.com
You knew the job was dangerous when you took it, Fred. -- Superchicken
