Forgot your password?
typodupeerror

Comment: Re:Seemed pretty obvious this was the case (Score 1) 311

by John3 (#47819057) Attached to: Apple Denies Systems Breach In Photo Leak

I forgot to also mention two-factor authentication. The downside of all this is if the phone is lost/damaged then you may not be able to access your passwords.

But of course, none of these celebrities have time for this. Technology has enabled them to do things that were competently handled by manager and agents in the past.

Comment: Re:Seemed pretty obvious this was the case (Score 1) 311

by John3 (#47818455) Attached to: Apple Denies Systems Breach In Photo Leak

A strong password CAN be easily remembered. How about remembering 10 and 11?
"Ten!!!!!!!!!!!"
That's 10 and eleven "!" characters.
https://howsecureismypassword....

Length is really the primary consideration and once you get to 10+ characters the repetition isn't necessarily an issue.

But to your point about the cloud, I agree. I truly despise how all the vendors (Google, Apple, Microsoft among others) are driving data to cloud storage. It's so difficult just to save a file to the local device...every other prompt is trying to get you to save to their server farm.

Comment: Re:Does this office need Congressional approval? (Score 1) 117

by John3 (#47793125) Attached to: Google's Megan Smith Would Be First US CTO Worthy of the Title

but no one of relevancy is going to throw themselves under the bus to stop a Googler from getting a CTO position during an election cycle that the Republicans hope to win the majority in.

They don't just throw themselves under the bus, they pile up in front of it. It whips the base into a feeding frenzy.

Comment: Re:Does this office need Congressional approval? (Score 1) 117

by John3 (#47793013) Attached to: Google's Megan Smith Would Be First US CTO Worthy of the Title
It's cute how you are surprised there are people in the US that would 100% vote against a gay person no matter how qualified they were. Me pointing it out has no bearing on the discussion, because those who are opposed to the "gay lifestyle" are likely already mounting a campaign against her. They didn't me to make this observation.

Comment: Does this office need Congressional approval? (Score 0) 117

by John3 (#47792589) Attached to: Google's Megan Smith Would Be First US CTO Worthy of the Title

Because while she is quite qualified for the position I can bet that some in Congress will not only have an issue with her gender but also her sexual orientation.

Note that I do not believe this should be an issue at all, but reality is often different from what we would hope.

Comment: Re:Exploited procedural loophole (Score 1) 419

by John3 (#47559899) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States
Occasionally the merchant services provider will ask to speak with the customer, and they also will contact the issuing bank. However, the entire call is handled over the initial call that was made to the merchant services provider. Once the merchant services provider speaks with the customer the retail clerk gets the phone back and it is at that point that the merchant services provider gives the clerk an approval code to use.

Note that for American Express and Discover the retail store calls their processing center directly. That's because they handle their approval system and they will frequently speak with the customer to verify security details. But the Amex number for merchants is an entirely different number than the one on the cards themselves, and the retail clerk initiates the call and speaks with the representative.

Comment: Re:Exploited procedural loophole (Score 3, Informative) 419

by John3 (#47558163) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

A simple work around is to alter the phone number on the card to a number you control.

Then the retailer could call the number receive the code from your accomplice and provide a valid false code.

The retailer doesn't call the number on the card, the retailer call's the merchant service center. For example, customer has a Chase Mastercard and when Apple tries to post a transaction the card receives a decline. Apple would never call Chase, but instead calls their provider (which at my store is First Data Merchant Services). Apple's provider in turn electronically contacts Chase and then provides an approval code back to the clerk. The customer (or scammer) never has an opportunity to change the phone number unless they physically get behind the checkout counter and overwrite the numbers that are posted for the retail clerks to use. So it doesn't matter what phone number is on the card, that number is for the customer's use and not for the merchant's use.

Comment: Exploited procedural loophole (Score 5, Informative) 419

by John3 (#47557861) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States
Based on TFA this scam has been done before to other retailers. When a merchant receives a "decline" they can optionally call the bankcard processor to obtain a verbal authorization code. The merchant can then "force" the sale to go through using the authorization code they received over the phone. The two huge procedural holes that Apple (and the other retailers) left open are:

1: The clerk is the one that should be calling for an approval code, and the call is made not to the cardholder's bank but rather to the bank that processes the cards for the retail store. It doesn't matter what the customer's bank says (or in this case the fake bank) since the approval/authorization code must come from the retailer's bankcard processor.

2: At my store a manager override is required to "force" a bankcard approval. So even if the clerk makes the call and gets a voice approval code a manager/owner must also provide a password to allow the approval to go through. Apparently Apple has no such security check in place and clerks tan type a manual code into the POS system to force the sale to go through.

Amazingly simple scam, but also amazingly simple to prevent if the stores involved had even rudimentary procedures in place.

You know, the difference between this company and the Titanic is that the Titanic had paying customers.

Working...