Forgot your password?

typodupeerror

Comment: Re:Priority Failure. (Score 1) 338

by neokushan (#43658757) Attached to: BT Begins Customer Tests of Carrier Grade NAT

If they do this by issuing real IPv6 addresses, with CGNAT to IPv4, I actually don't have a problem with it. but using it in full IPv4 mode just makes the existing situation worse.

I don't disagree with that at all. I wish I knew what BT's plans were in this instance, but at some point CGNAT will need to be rolled out. I guess you could argue that IPv6 is less of a priority because if IPv4 addresses run out, people are screwed and ISP's need to have a solution in place - right now, IPv6 is not that solution because it only gets you on to the (rather small and limited) IPv6 internet.

Comment: Re:Priority Failure. (Score 2) 338

by neokushan (#43654705) Attached to: BT Begins Customer Tests of Carrier Grade NAT

There's more to it than NAT vs IPv6. The reality is we'll need both in the future. Say BT switched on IPv6 tomorrow and everyone in the UK got an IPv6 address - brilliant. But that's only half of the problem, they still need access to the IPv4 internet because all those servers the world over aren't IPv6 accessible yet.

Comment: Or, alternatively... (Score 3, Insightful) 211

by neokushan (#43572785) Attached to: Mitigating Password Re-Use From the Other End

If you're security conscious enough to put this fancy bit of JSON on your site, then most likely you're smart enough to not store your user's passwords in plaintext. In fact, I'd like to think you're clever enough to salt the hash of the passwords that you're storing as well.

Why am I pointing this out? Because password re-use is an issue when a password gets compromised. Passwords get compromised when they're not encrypted or hashed. So to "fix" the problem like this is all well and dandy, but it only works if every site does it and if every site hashed the bloody passwords in the first place, they wouldn't get compromised as often.

Comment: Re:Did anybody not see this coming? (Score 1) 236

by neokushan (#43545985) Attached to: Smartphone Used To Scan Data From Chip-Enabled Credit Cards

No it isn't. Well, it is to a degree but it uses the same underlying technology - the "tap to pay" (What we call "contactless") is an antenna attached to the same chip. The transaction flow is a little different but it uses all of the same methods and technology as a chip transaction.

Comment: Re:Almost useless (Score 1) 236

by neokushan (#43543915) Attached to: Smartphone Used To Scan Data From Chip-Enabled Credit Cards

Yes, read the article carefully...

The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol

The vulnerable cards have not been properly designed for a start. What's more, this doesn't affect all cards (even if the unpredictable number is guessable) due to different authorisation methods.

Comment: Re:Chip-and-pin is not secure (Score 1) 236

by neokushan (#43543903) Attached to: Smartphone Used To Scan Data From Chip-Enabled Credit Cards

Yes, this is a vulnerability in older cards that had a somewhat predictable "unpredictable number". However, it still doesn't allow you to clone a card in a meaningful way and later cards (I can't give you a timeframe as it depends entirely on your issuer, your country, etc.) aren't susceptible to such things, even when the unpredictable number is, er, predictable, due to a thing called CDA.

Comment: Re:Almost useless (Score 1) 236

by neokushan (#43543897) Attached to: Smartphone Used To Scan Data From Chip-Enabled Credit Cards

Just because the transaction is contactless does not mean that you don't still have to occasionally enter a PIN to approve of the transaction. As for the latter, there are floor and ceiling limits to both contact and contactless transactions - $1 you'd get away with, but $100 would require a much more involved process due to the terminal going online and such.

Still, you're right, the terminal could display an incorrect amount however there's literally nothing you can do against this other than watch your receipts - however this is no different than magstripe today. The chip card is still secure and this kind of fraud would be extremely easy to trace straight back to the merchant. You still wouldn't be liable.

Comment: Re:Almost useless (Score 1) 236

by neokushan (#43543885) Attached to: Smartphone Used To Scan Data From Chip-Enabled Credit Cards

That particular paper is well known and if you read it, the vulnerability lies with the terminal and the entering of the PIN. You still need the physical card there, which you cannot clone. If your card is stolen, online fraud is much more likely and dangerous than someone using a dodgy terminal (or a shim of some kind inserted into the terminal to perform a MITM attack).

Now I understand the meaning of "THE MOD SQUAD"!

Working...