So apparently you CAN catch more (fruit) flies with vinegar than with honey?

It probably doesn't. This Secure Element+rotating CVV thing is the same as what Google Wallet uses/used, and it's just not the same technology as EMV. Similar concept from what I understand but not actually the same. EMV requires merchants to upgrade their backend infrastructure because they fundamentally aren't just passing around credit card numbers anymore, whereas this is designed to let merchants skip all that and pretend they're still charging regular credit card numbers, with the last three digits changing per transaction. One question in my mind is what happens after you made 1000 transactions: presumably the CVVs start being reused? Or perhaps if they're semi-random they start colliding before that.

At any rate, the big question is whether VISA/MC/the banks will interpret this half-assed non-EMV thing as being as secure as regular EMV. I don't see how it can be, myself, but I've never looked at this in depth. The 2015 date refers to the liability shift. It doesn't imply an actual flag day or widespread deployment of EMV. The idea is after that date whoever has the weaker technology pays for fraud. If the bank hasn't deployed EMV and the merchant has, the bank pays. Otherwise it's vice versa. But I'm not sure how that works here - banks aren't issuing iPhones to people, so when does the merchant win? If the user doesn't have an iPhone? Seems tricky.

Anyway don't expect this to work outside the USA. Not only is the tech different but it's also fundamentally useless. Contactless EMV cards are being rolled out around the world now and they're convenient because you don't have to type in the PIN for small amounts, whilst still being secure. For larger amounts, the PIN is still required. But the cards don't require batteries, can be dropped on the ground, slide inside a wallet, can't be hacked, make payments in just a second or two etc. So it's not clear why you'd want to use a phone instead of a card for this.

These things rarely if ever go to court. Sometimes there's simply no relevance because the regulators have the power to fine companies without winning a court case, and sometimes (like with NY DFS) the laws involved have such insanely high criminal penalties attached - like 20 year jail sentences - you'd have to be crazy to roll the dice instead of just paying up.

This stuff goes both ways. New York State has become notorious for trumping up charges against financial companies and draining mind-boggling sums of money directly into their own accounts. Governments are waking up to the fact that they've passed so many vague laws that basically any company can be "investigated" for breaching them, and given those governments are all heavily in debt and trying to cut back spending the temptation to go whack some foreign company and extract money from it is overwhelming. Compared to taxing their own citizens this seems like free money, plus they get to tell themselves and others that they're fighting the good fight against the evil corporations.

When you dig into the details, that's when this story unravels. But most people never do.

I wonder how many packs of mj cigarettes do the most "addicted" smokers smoke.

'cause everyone knows everclear has much higher alcohol content than beer but if you drink one shot of everclear, you won't be more drunk than after seven beers.

Seriously, I don't like coffee. I need coffee but I dislike it.
Why can't I have a glass of good caffeine-rich carrot juice?

Wait, what? Are you seriously suggesting that it's not a coverup because the coverup didn't start until people started asking questions?

wouldn't implementing such kill switches on weapons be as ineffective as DRM for copyrighted material, with undesirable side-effects for "legitimate uses" and plenty of workarounds for "illegitimate" users?

No.

Such techniques have been used to dramatic effect in vehicle immobilisers, with sharp falls in auto theft directly traceable to their deployment. Having the key fob do a handshake with the engine control computer has - when properly implemented - basically killed most auto theft with what remains being hotwiring very old cars, deliberately searching for cars that have messed up immobiliser implemenations, or just grabbing the driver and forcing them to give up the keys.

Do you know what the vulns are? Tomcat has a list of vulnerabilities on their website but they're all DoS attacks or information disclosure. It's pretty hard to write a Java app that can actually be completely taken over via the network, although I've seen one or two spectacularly dumb web server designs that allowed it anyway (e.g. url parameter names were treated as arbitrary paths through the entire apps object heirarchy using reflection, letting anyone modify any global variable by just doing a GET - no language can save you from this kind of idiocy).

Regardless of political preferences... I simply can't imagine in what form those threats could have been made. Phone call? Letter? Email? How can anyone be so [IMHO, unrealistically] stupid to mention using nuclear weapons knowing that every word in today's communications is being recorded and would be published by the opposite side?

It was made during a verbal question and answer session some days ago. You can read a transcript of the full thing, without western media's blatantly selective quoting and bias, right here. Do go read it for yourself. The press has been having a field day with taking individual sentences out of context, in many cases not even mentioning that Putin was responding to questions from Russian citizens, to make it look like he's issuing press releases about Ukraine specifically. It's the most amazingly dangerous set of selective quotations I've ever seen. In this case Putin wasn't even talking about Ukraine!

I copy/pasted the full question and answer in a post below. But you can easily find it in that page. It's a long answer to a relatively vague question that asks (amongst other things) about how Russia can avoid being drawn into large scale conflicts. So right at the start he says he doesn't want to be drawn into any large conflicts, he doesn't think it's going to happen and that he thinks nobody has any intention of starting a large scale conflict (er, he might want to re-evaluate that given the noise coming out of NATO). Then he goes on to point out that Russia can defend itself, and talks about the "nuclear deterrent" (same language as the UK uses), and then states again that it's for defence.

You can choose not to believe him if you like. But the USA and UK also have "nuclear deterrents" and their so-called Departments of Defence routinely engage in offence at the drop of a hat. We routinely see far more aggressive language coming out of the White House. So I don't think anything Putin is saying here is particularly unique or unusual.

Full transcript of this youth camp Q and A session is available here.

ROMAN SMAGIN: Good afternoon, Mr President.

I am Roman Smagin from Novosibirsk Teacher Training University.

It’s no secret to anyone that history tends to repeat itself. Historical events seem to unfold according to a cyclical theory. Over these last two years we have remembered and celebrated the historic choices that Russia made at important moments for our country’s destiny, such as in 1612, 1812, and 1914.

In this context, I want to ask you what view you take of the cyclical nature of history as we can see it in Russia. Also, I want to ask you about your view of historical memory, how it helps us, how it can help to preserve Russia’s political influence on the international stage, contribute to our society’s development, and not let Russia be drawn into a new open global conflict.

Thank you.

VLADIMIR PUTIN: Historical memory is a very important part of our culture, history and present. Of course, we must draw on our historical experience and historical memory as we look towards the future. I can therefore say straight away that Russia is certainly not about to let itself be drawn into any large-scale conflicts. We do not want this and will not let this happen.

Naturally, we need to be ready to respond to any aggression against Russia. Our partners, no matter what the situation in their countries and the foreign policy ideas they follow, always need to be aware that it is better not to enter into any potential armed conflict against us. Fortunately though, I don’t think anyone has the intention today of trying to start a large-scale conflict against Russia.

Let me remind you that Russia is one of the world’s biggest nuclear powers. These are not just words – this is the reality. What’s more, we are strengthening our nuclear deterrent capability and developing our armed forces. They have become more compact and effective and are becoming more modern in terms of the weapons at their disposal. We are continuing this work to build up our potential and will keep doing so, not in order to threaten anyone, but so as to be able to feel safe, ensure our security and be able to carry out our economic and social development plans.

As far as cycles are concerned, yes, I think that the world’s development does go in cycles. This has pretty much been proven as far as the economy is concerned. There are economists here and they can no doubt explain it better than I can, but there are various cycles in the economy, small waves, large waves and so on, and any country’s development depends on the state of the economy. This is why economic growth and the transition from one technological level to another always have an impact on people’s lives and prosperity and on the social and political situation.

Just look, for example, at the way demand is growing in the European countries, and how hard it is to keep up with this constantly growing demand even at today’s level of technological development. This is a sign that there is a need for something else, that we must compensate somewhere for what we are not managing to achieve with the help of foreign policy and defence policy.

I hope very much that not just Russia’s historical memory but that all of humanity will prompt us to search for peaceful solutions to the various conflicts that are currently unfolding and that will arise in the future. We support political dialogue and the search for compromise.

You mean these satellite images? The ones that have the following quotes attached to them?

At a press conference on Thursday, August 28, Dutch Brig. Gen. Nico Tak, a senior NATO commander, revealed satellite images of what NATO says are Russian combat forces engaged in military operations in or near Ukrainian territory. NATO said this image shows Russian self-propelled artillery units set up in firing positions near Krasnodon, in eastern Ukraine.

This is an extremely misleading way to phrase things. Krasnodon is not just "in eastern Ukraine". It's right on the border. So being near it can also mean in Russia. The above comments from NATO mean nothing, assuming CNN is reporting them accurately. What about the others .... hmm let's see.

Image 2 is from inside Russia and they say so. Image 3 is also in Russia. Image 5 is captioned twice, once with "Russian self propelled artillery unit inside Ukraine" and again, but this time it's again "near Krasnodon", which is practically in Russia. If there's an obviously demarcated border in this area it's hard to see based on the Google satellite images. The last image doesn't even claim to be of anything in particular, the caption is merely summarising story in general.

Both Russian and Ukranian troops appear to regularly cross the border without realising it - there have been repeated reports of Ukrainian forces entering Russia and then being redirected back across the border, with no obvious blowback. Given these things, and the fact that western media is in full-blown propaganda mode and not even hiding it, I'm going to want way stronger evidence than this.

But honestly, even if Russia did invade, this would merely make it on par with the USA and UK, both countries that practically revel in invading other countries and wading into other countries civil wars. So a part of me couldn't get too excited even if it did happen. It's definitely NOT worth a serious, major conflict between Russia and the west.

Yes, but the tanks and artillery the "separatists" keep popping up with are coming from somewhere. At this late stage in the game, they certainly aren't Ukrainian remnants that the separatists have captured in those Ukrainian territories - those were used and destroyed many months ago.

Really? I was reading in the Guardian (which has proven itself to be woefully biased in the past few months) that the separatists were surrounding and capturing Ukranian army units just last week. What's more, in the past days we've been reading about waves of deserters from the Ukrainian army. Nobody is claiming the separatists are armed only with stuff they got months ago. They're claiming, and so is Kiev, that they've been able to obtain large quantities of arms from the fleeing, conscript-based Ukrainian army.

Meanwhile Poroshenko is trying to claim that there's an Russian army rolling around in his country ...... yet so far nobody has been able to actually find it. An entire army! Over 1000 soldiers and 100 tanks! Such a unit requires support vehicles, a tent town, supply lines .... so where is it? Maybe it's sort of like invasion by aid convoy.

NFC payment cards in Australia/Europe cryptographically sign a challenge from the terminal, using basically standard crypto. It's EMV all the way. In-person magstripe payments are carefully controlled and risk analysed to ensure they only occur if, for example, the card is broken - or outright banned.

NFC payments in the USA involve the phone sending regular magstripe data to the terminal, with only the CVC code being some kind of cryptographic derivative - a three digit number (less than 1000). The reason for this crazy setup is so merchants don't have to update their backend/PoS systems that still expect magstripe data. There is no plan to perform a complete upgrade thus old style transactions cannot be phased out. It's a dramatically less secure system.