Forgot your password?
typodupeerror

Comment: Re:I am torn! (Score 1) 455

by dskoll (#46605253) Attached to: Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

Also, it is not a positive endorsement when "the civilized parts of the world" have a card system forced upon them by their governments.

That statement makes no sense at all. Where I live, my government was democratically elected. So I think it makes more sense for the government (which is accountable to us) "force" a system on us rather than merchants or payment-processors (which are accountable only to their shareholders.)

Knee-jerk anti-government sentiment is tiresome.

Comment: Re:I am torn! (Score 1) 455

by dskoll (#46603387) Attached to: Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

Who would decide the point at which security had sufficiently improved, though?

A technical committee with representation from merchants and the card companies would have to come to some sort of agreement.

Unfortunately, it would cost billions to upgrade the US's entire infrastructure to support it, and I honestly don't see anyone picking up the tab for any part of such an upgrade any time soon.

We here in Canada did it pretty quickly. Granted, we only have 10% of the population of the US, but it was still a big and worthwhile infrastructure upgrade.

The point is that if there's a security breach, the merchants are the ones who take it on the chin, not the credit card companies. That's why merchants need to get the CC companies to clean up their acts.

Comment: I am torn! (Score 2) 455

by dskoll (#46602263) Attached to: Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

I'm not particularly fond of Wal-Mart. However, as a merchant who suffers the whims of credit-card company policies, I'm really glad to see someone beating up on VISA. As another poster said, Wal-Mart might just be big enough to succeed.

I would love to see a group of large merchants get together and pick one credit card company (let's say MasterCard) and simply refuse to accept it unless security is improved. Yes, customers would complain, but if the merchants spun it correctly as trying to improve customer security and reduce identity theft, I think MasterCard would cave. Then move on to VISA.

Comment: Re:Silly suggestion (Score 1) 162

by dskoll (#46457699) Attached to: Top E-commerce Sites Fail To Protect Users From Stupid Passwords

Any password-generation algorithm that is not based on a cryptographically-secure random number generator reduces the search space and makes it easier to guess passwords.

I do not believe in "easy to remember" passwords. I believe in strong passwords, which of necessity are hard to remember, so they have to be written down and stored safely, or stored in a password keeper protected by strong encryption and as long a passphrase as you can get away with.

Comment: Our policy (Score 1) 162

by dskoll (#46457679) Attached to: Top E-commerce Sites Fail To Protect Users From Stupid Passwords

We sell software that has an accompanying account for users to download data feeds and related updates. We do not let users pick their own passwords. We give the user a randomly-generated password that he/she has to use.

There are two major benefits: If we get hacked and all the credentials are stolen, the passwords (with overwhelming probability) will not be usable on any other sites, so our users are safe. Conversely, if another web site used by our users is hacked, then (with overwhelming probability) those credentials will not work on our site.

Yes, it's a little inconvenient for our users. We tell them to write down the password on a piece of paper and keep it in their wallet.

Comment: My mother (Score 4, Insightful) 287

by dskoll (#46428997) Attached to: Ask Slashdot: Linux For Grandma?

My mother (who is a grandmother to my kids) runs Debian Wheezy with the XFCE desktop environment. The machine is fairly locked down and I've made quick-launchers for the apps she uses 99% of the time: Email, web-browsing, word-processing, music player and video player.

She's happy and I can administer the machine remotely, so I'm happy.

Comment: No (Score 5, Interesting) 572

by dskoll (#46410087) Attached to: Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

I own my company, and no... I don't do this to my employees.

I have warned people who've abused the system (I had some casual employees who spent inordinate amounts of time on Facebook, and I've had to clamp down on music downloads that could have gotten me into trouble) but I generally use HR methods rather than technological methods to take action.

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...