Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:So many ways to combat this... (Score 1) 139

Hey, we're Americans, not some kind of progressive island nation with 10 million people. We're a huge moving ship of 300 million and it takes time to change things, chip + signature is a huge step in the right direction. Why? Most of the scams involving purchases with stolen credit cards involve "carding", or simply stealing the magnetic strip data and reusing it online and on duplicated cards.

The chip eliminates this as the chip can't be skimmed in practice. The big credit card folks (EMV) would love to have you typing a PIN as a second factor, but realistically the chip alone will dramatically reduce credit card fraud. It's really going to be important after Oct 1st for retailers to support chip cards (Many readers now ask you to insert the chip portion of the card in the reader after a magnetic swipe...

Things like Apple Pay and (soon?) Android pay help with this as well, as skimming a tokenized version of your card is nearly impossible and not reusable.

I recently (last week) had a Amex card compromised, the carders first tried a $1 transaction on a whatever site, it passed, then a few hours later they took the card to nordstrom and tried to buy $1000 worth of crap. The Amex app on my iPhone notified me of a "potentially fraudulent transaction" and gave me a yes/no to accept the transaction. I clicked No of course, which caused them to call me right away and cancel the card. The Amex card that was used for my Apple Pay (which I use frequently) was *not* affected (as it is a tokenized version of the card)

These carder folks use legitimate websites to "test" the card, I read about this case here: which nearly crippled this small business when thousands of "tests" for small orders came through.

For the record, I'm guessing my card was stolen at a gas station, which they are exempt from the new EMV laws until 2016 (according to the time article above)

Comment Put restrict ... noquery in your ntp.conf file (Score 4, Informative) 115

http: // Buffer overflow in ctl_putdata() References: Sec 2668 / CVE - 2014 - 9295 / VU #852879 Versions: All NTP4 releases before 4.2.8 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Date Resolved: Stable (4.2.8) 18 Dec 2014 Summary: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. Mitigation - any of: Upgrade to 4.2.8, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page. Put restrict ... noquery in your ntp.conf file, for non-trusted senders. Credit: This vulnerability was discovered by Stephen Roettger of the Google Security Team. w

Comment Re:Move to a gated community (Score 1) 611

Those reversible lanes ("suicide lanes") have been around in Phoenix since a lot longer, starting in the 1970's.

Phoenix is one of the few U.S. cities in the that realizes a) Public transportation doesn't work well in low density, post-WW2 US cities (aka, the sunbelt and west coast) and b) Grid pattern streets and excellent freeways are the only reasonable, cost effective short term strategy. What is the long term strategy? Nobody knows, except maybe to completely get rid of shitty low density cities, which will never happen. American people want their trucks and backyards, and they especially don't want to have to sit next to some poor person on public transportation.

Comment Re:Chip and PIN (Score 2) 132

The problem is that these data compromises are going to happen and that the current magnetic strip technology is laughably obsolete and insecure. Chip + PIN effectively mitigates the weakness in magnetic strip data by embedding a chip (physical, something you have) and a pin (something you know) into the transaction process, plus many other security enhancements. Current magnetic strip cards are authenticated purely by a string of digits (something you know) and are easily copied and reproduced.

Read all about it here:

Chip + pin WILL be happening in America.

NFC-based payment system may have a chance to become popular in the mean time.

Comment Pure speculation. (Score 2) 336

It could have just as easily been a packet sniffing engine on a local ISP, cellular network, data center etc. Maybe in front of Amazon? Were these all transferred through snapchat, dropbox or some other file sharing service that leverages AWS or some other cloud provider? Were any taken from those services by admins?

My point is, many of these images were *taken* with non-apple devices and *deleted* before photo stream was a thing. At this point it is likely someone got access to a darknet cache of images -- the sources are unlikely from one location, but from many many sources over many years.

LTDR; 1. Enable 2FA 2. If you upload something to the internet, assume someday someone will be able to see it and do whatever they want with it. Are you okay with that?

Submission + - Net neutrality campaign to show what the Web would be like with a 'slow lane'

blottsie writes: In a move out of the anti-SOPA campaign playbook, Fight for the Future and other net neutrality activist groups have set up the Battle for the Net coalition, which plans to launch an “Internet slowdown day” later this month.

No actual traffic will be slowed down. Instead, participating sites will display embeddable modules that include a spinning “loading” symbol and information about contacting the Federal Communications Commission (FCC), the White House, and members of Congress.

Submission + - New Computer Model Predicts Impact of Yellowstone Volcano Eruption

An anonymous reader writes: Scientists from the U.S. Geological Survey (USGS) have used a program named Ash 3D to predict the impact of a Yellowstone volcano eruption, and found that cities within 300 miles from Yellowstone National Park may get covered by up to three feet of ash. From the article: "Ash3D helped the researchers understand how the previous eruptions created a widespread distribution of ash in places in the park's periphery. Aside from probing ash-distribution patterns, the Ash3D can also be used to identify potential hazards that volcanoes in Alaska may bring."

Submission + - Celebrity nude pictures leaked due to apparent iCloud hack ( 1

swinferno writes: Hundreds of nude, semi-nude, and revealing pictures of female celebrities were leaked overnight after being stolen from their private collections. Hunger Games actress Jennifer Lawrence, Kirsten Dunst, and pop star Ariana Grande were among the celebrities apparently shown in the pictures, which were posted on infamous web forum 4chan.

It's unclear how the images were obtained, but anonymous 4chan users said that they were taken from celebrities' iCloud accounts. The accounts are designed to allow iPhone, iPad, and Mac users to synchronize images, settings, calendar information, and other data between devices, but the service has been criticized for being unreliable and confusing. Earlier this year, Jennifer Lawrence herself complained about the service in an interview with MTV.

Several media contacted Apple for more information but they have not commented on this yet.

Submission + - Apple Said to Team With Visa, MasterCard on iPhone Wallet

An anonymous reader writes: Apple plans to its next iPhone into a mobile wallet through a partnership with major payment networks, banks and retailers, according a person familiar with the situation. The agreement includes Visa, MasterCard, and American Express and will be unveiled on Sept. 9 along with the next iPhone, said the person, who asked not to be identified because the talks are private. The new iPhone will make mobile payment easier by including a near-field communication chip for the first time, the person said. That advancement along with Touch ID, a fingerprint recognition reader that debuted on the most recent iPhone, will allow consumers to securely pay for items in a store with the touch of a finger.

Comment Spread out work force (Score 1) 710

Talent is usually worth paying extra for, so make your business a talent center and attract the top players. Then give them freedom to get things done and don't micro manage. Ask what isn't getting done (read: the small things, like documentation) and pay someone do to that. Grease the wheels. Allowing people to work from home *IS* a huge benefit for many people, and more importantly, lets people disconnect from the office. I tend to get way more done at home as the office is just pure interrupt driven non-sense most of the time. Technology work is difficult and frustrating, but on the bright side, can pay very well. Deal with it or don't play.

Comment It is hip to be square (Score 5, Informative) 128

For those having a hard time understanding the naming convention,

Boring: Not flashy, not exciting, not experimental, not sexy. Performs as expected.

In other words, exactly how I want my security libraries, my databases, and the other critical infrastructure that runs the planet to be described as. Boring is good. A choice between boring Plain Jane and Simple Sally? Even better. Thank you.

Comment rediculous parents to blame (Score 1) 1198

Is this a direct offshoot of our "never a loser" upbringing? I'm afraid these kids who go out on a rampage, thinking the entire time *they* are the victim, may actually be a victim of the coddled upbringing that seems to be commonplace since the 90's. I'm talking about helicopter parents who refuse to let their children get Bs, get second place (or even, god forbid, last place) in any kind of competition. Then we see them unable to understand and cope with failure later in life and blame others instead of accepting defeat. Like most people, I blame the parents. I blame them for not letting them fail. Parents should provide positive influence and basic necessities for children, then get the hell out of the way and let children grow up on their own.

Children who grow up without siblings (ie compeition for parents time) seem to be particularly narrisistic and useless when combined with overbearing and coddling parents. Those

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.