Forgot your password?
typodupeerror

Comment: I'm happy to see (Score 2, Funny) 137

by ltning (#32085672) Attached to: "Digital Universe" Enters the Zettabyte Era

That we have all become good citizens, backing up all our data. I presume the data recovery firms are all panicking now that all their potebtial customers have backups of everything, and thus no longer need their services.

Not bad to have a global backup ratio of >1:1

Personally I use RAIM (Redundant Array of Instant Messages) to back up all my important notes and communications. It only works as long as all my friends log everything too, of course.

Comment: Article and "research" bad.. (Score 1) 243

by ltning (#30940038) Attached to: Why "Verified By Visa" System Is Insecure

The researchers, and the article writers, completely fail to understand that 3-D Secure simply defines the interfaces between the three domains in the security model. The actual authentication model used is chosen and implemented by the card issuer. If the card issuer would decide it wants to use passphrase+OTP in a separate window (for URL validation), it could do so. In fact, outside of the US, many do. In Norway, for instance, online payments are usually verified through something akin to a "national electronic ID", which despite its flaws goes way above and beyond simple passwords.

The article is so full of factual mistakes and displays such a complete lack of knowledge and understanding it's not even funny.

Comment: Re:Happens in Germany too.. (Score 1) 310

by ltning (#28992087) Attached to: Bell Starts Hijacking NX Domain Queries

They SO do .. but it might be for certain T-DSL products only; I have no idea. I've seen it in action at two different homes in southern Germany (Bavaria). My "samplings" are from the latter half of July 2009.

I don't have proof, and I cannot produce proof as I'm not in Germany at the moment.

I guess you'll just have to take my word for it, eh? Or offer alternative suggestions as to what I've seen.

Comment: Re:All well and good (Score 1) 304

by ltning (#28917809) Attached to: Panel Recommends Space Science, Not Stunts

I couldn't disagree more.
Curiosity and Creativity are the two most outstanding qualities of human beings, and neither can flourish without the other.

Why should painters paint? Musicians compose and play? They shouldn't, following your logic. They do so because they can, and the rest of us are left to enjoy the fact that they do.

I think it is of *vital* importance that we explore and research for its own sake, and not only with specific purposes in mind. Fundamental research is the most important research we do, and for it to carry any meaning, it MUST be free of expectations and purpose. Whatever comes out of it can only be seen as a bonus, not taken for granted. Those bonuses will pay off, as they always have.

Privacy

+ - Sir Tim Berners-Lee to attend Privacy Debate-> 1

Submitted by
AlexanderHanff
AlexanderHanff writes "On 11th March Sir Tim Berners-Lee along with other prominent guests will attend a House of Lords Round Table Event in the UK to discuss the use of Deep Packet Inspection for Behavioural Advertising. The European Commission have continued to press the UK public authorities on their inaction against covert trials of Phorms technology in 2006/2007 and have stated they may be forced to take action against the UK government if they do not enforce UK privacy laws. This is a big step for the campaign against such intrusive technology and it is set to be a very interesting day."
Link to Original Source

Comment: Re:Why not proper authentcation? (Score 1) 302

by ltning (#24533395) Attached to: Net Shoppers Bullied Into "Verified By Visa" Program

First mention I've seen of 3-D secure here. Good research.
Anyway: Visa does not impose the authentication method on the issuers; the issuers can do this in any way they prefer (within certain limits). Some use "web shopping passwords", some use one-time passwords, some use a SMS or email solution, some tie it into the online banking security platform, some use national ID.

Also, many of the current gripes with 3DS are being worked on; for instance the iFrame/domainname issues.

Keep in mind that 3DS (VbV/MCSC) does NOT entail any other kind of fraud screening (name matching, etc.); it is an authentication system ONLY. And, for the time being and for most card products, if your card is not enrolled by your issuer (voluntary or not) you won't be asked to authenticate, though you will sometimes be redirected to a component of the 3DS chain to check your enrollment status.

For the merchant, it's simple: Attempt to authenticate, and liability for fraud is shifted to the issuer. Card not enrolled? Not your problem. Card enrolled? Authorize if authentication OK, otherwise don't.

But as many have said: This is not primarily done for the cardholder. It's for merchants (lower risk -> more/happier merchants), banks (lower risk -> lower cost, more merchants -> profit!) and the card companies (Visa/MC, less fraud -> less brand damage -> more shopping -> profit!).

Your own mileage may vary.

Working...