The user interaction in the transaction flow is also hideous.If you disagree, take a look at the example transaction flow that they display on their site.
Here's how it looks like it works:
Compare that to NFC
I'm sorry but that dog won't hunt.
I don't want to give you nightmares, but it is horrifying how little security there is on ACH transactions. The whole system relies on the ability to undo transactions to discourage fraud. All anyone needs is the routing and account numbers that are helpfully printed on your checks.
I hate to break it to you, but your average individual cannot initiate an ACH transaction and transfer money out of your account.
Still, though, this vulnerability appears to be firmly in the area of social engineering because why would I want to download an encrypted image file that requires another separate, random app to decrypt and view it?
The payload is encrypted/embedded into an image that is an asset inside the application such as a splash screen or a logo. It appears innocuous until the application runs, extracts the embedded apk and executes it. Prior to that the malicious payload is not detected by application scanners that scan the carrier apk.
1. Basically, all crypto that uses "magic constants" without a clear and complete spec of how they were reached is highly suspect. That includes most ECC crypto the NSA has done so far and is likely the reason the NSA and some vendors like RSA are pushing for the use of ECC crypto.
Very true in general. With elliptic curves, you need to use specific curves because randomly selected curves are easily compromised. Only curves with very specific properties are acceptable, but as you point out the NSA has not publicly enumerated those properties. The very same thing happened with the selection of the S boxes in DES, but in that case it turned out that the NSA recommendations did, in fact, harden the algorithm from attacks such as differential cryptanalysis, an analytical technique not publicly known a decade later. Unfortunately the recommended elliptic curves have turned out a bit differently so far and thst shift seems to echo the changing mindset of the NSA and/or the administration that it reports to.
Oddly enough, that makes my point. That "problem" was solved ages ago. Why is that we've seemed to have collectively forgot old, but excellent, solutions to common problems?
Because three week crash course dev school graduates won't have a clue what pre-emptive multitasking is.
There is at least one judge that is known to keep signed warrents [sic] there for them to take and fill out as they desire, as he can't be bothered to do his job of providing oversight.
Citation needed please.
Can TOR be used with this program to make it even harder to track?
Unfortunately not. TOR only obscures your source IP address from servers and peers that you are connecting to. It won't help for an application that is residing on your phone. You could use any number of the location spoofing frameworks that are used for testing applications to provide fake/random location data.
Slashdot has 10 options you can moderate a comment, if you have points.
If you're using mod points as a dislike button, you're doing it wrong.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,
do these people not understand?
Could the route be just a straight line course with the wind? Pretty easy to do here.
No. As others have noted, the straight line distance between start point and end point of the race can't be greater than 50% of the total race distance.
Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.
Huh? They lie right to your face about it? Wait a minute. Who the hell are you anyway and what do you have to say about it? If it bothers you, buy yourself a mobile hotspot and STFU. At least maybe they are actually buying food/coffee/whatever and aren't just using the cafe as their personal office. What's the next complaint? That their conversations are too loud and you can't hear your conference calls?
For God's sake, stop researching for a while and begin to think!
