Forgot your password?
typodupeerror

Comment: Re:This is what my banks card is for. (Score 1) 190

by oldbamboo (#41878061) Attached to: Google Wallet May End Up Inside Your Actual Wallet

I've been working with smart card tech for almost 20 years now. I've seen the breaks and countermeasures, and am fully aware that the technology can be broken given enough effort. That's why good security designers arrange to limit the damage possible, to a value which is less than that which can be obtained by breaking it -- and we have pretty good estimates of break cost. Off-device countermeasures are critical, too, such as the risk engines already implemented by all of the credit card issuers. ID-related data should be authenticated with off-device keys, similar to the way the authentication data in passports is already secured.

Obviously nothing is perfect, which is why the security engineers who design this stuff spread the risk. But that risk spreading doesn't mean you can't put everything in one device. In fact, it really doesn't even help to have a wallet full of separate cards, because they're all in one place. And having all of your credit cards in your phone is vastly more secure than having them all in your wallet, because your wallet has no locks and the cards in it have their whole frigging card numbers printed right on their face. It's hard to get much worse security than that (because, fundamentally, credit cards are horribly insecure -- the identifier and the authenticator are the same value? Really?)

You can certainly feel free to avoid putting everything in your phone if you like. But the vast majority of people who are willing to trust the security designers will not be disappointed in the results. Not that there won't be occasional problems, there are problems with anything, but they will be less common than the ID and payment fraud we have today.

Bottom line: It will be better security, not worse. I challenge you to find a serious security researcher who knows anything about the technology and disagrees.

nice post! This is interesting stuff, I can really visualise them being a major force in retail banking? Would you trust them? You already kinda do... They win instant points for not being a bank as anyone understands it these days. And the benefit to everyone having the mark of the be... sorry - a smartphone as their wallet / purse / bag - would be cool tech for magazine covers. It will be a smash. I'm pretty convinced google are on track in the thinking displayed. And yes, I agree it is more secure than existing bank cards. Massively, I wouldn't be accepting your challenge in a hurry pal, your thinking is rock solid on this. And everyone here is petrified of their smart phone becoming a SPOF of life threatening proportions, one word - backup. Doesn't take a leap of the imagination to see this being fluid, real and useful tech, and indispensable to money as a medium at all levels of the global economy. If Google can walk "don't be evil' and unleash a bit of people power in their offering too, then they're as smart as everyone says they are...

+ - Millions of Accounts at Bailed Out UK Bank Still Suffering Unexplained Outage->

Submitted by oldbamboo
oldbamboo (936359) writes "We are now one day into a systems outage http://www.telegraph.co.uk/finance/personalfinance/consumertips/banking/9347515/Millions-of-Natwest-and-RBS-customers-left-high-and-dry.html at Nat West bank in the UK, which is owned by Royal Bank of Scotland, better known as the recipient of £45,000,000,000 worth of UK taxpayers money during the crash of 2008 after their crippling purchase of Dutch investment bank ABN AMRO.

Customer accounts are not showing updates to their balances since yesterday, and access to online banking has suffered, causing the bank to keep branches open up to 7pm on Thursday evening. ATMs do appear to be working however.

This comes after two years of aggressive cost cutting within their IT, including consolidation of infrastructure and support functions between the retail and investment banking arms, thousands of redundancies, and the aggressive 'best shoring' of critical roles to several 3rd parties in India. As of today there has still been no detailed explanation given by the bank for the failure, as yet described as a 'glitch'.

Perhaps their motto of 'helpful banking' applies to the continued ability of senior management to 'help themselves' to bonuses, while the services customers want and need are being pared to the bone.
 "

Link to Original Source

+ - Ask Slashdot: Noise in stepper motors

Submitted by astronerd
astronerd (2667879) writes "I have rebuilt the drive on my telescope using stepper motors and Easydriver. This drives the motors in a quasi-sine fashion. I am using 1/8'th microsteps to make the motor turn more smoothly. But I have a question that I hope some here might answer. When I listen to the noise the stepper makes, it seems like at some points in the "sine", the noise is significantly higher than at other points. And these points seems to come every 8 microsteps. Hence I assume it happens either at the poles or at the midpoint. In order to minimize the noise (and the vibrations), I have turned the current down to a minimum on the Easydriver. But I do not find this solution satisfying. The Easydriver uses a stepper driver that has a non-linear D/A-converter, so the torque-vector should be constant, as far as I understand.
Does anyone know whether I am doing something wrong, have misunderstood how steppers work, or if this is "just the way it is"."

+ - How is personal data handled on used or rented cars ?

Submitted by lmarvin
lmarvin (601328) writes "Dear Slashdotters,

how do you handle your car navigation or multimedia systems when selling your car ?
Or what are you doing with such systems in a rented car ?
I tend to check the navigation systems of rented cars always on where the driver before me went. Most of the time its just the usual routes like hotels, sight seeing, attractions and so on. But sometimes there are rather interesting locations that make me wonder what the driver was doing there.
Also, in this context, what are car companies doing when reselling used cars ?
Do they reset or clear every personal data before selling ?"

Comment: Re:No. (Score 3, Interesting) 305

by oldbamboo (#39769031) Attached to: Did Microsoft Simply Run Out of Time On Windows RT?

They could be but I'd say that's a bad bet - trying to "out Apple" Apple.

Microsoft has always had advantages in existing software compatibility and enterprise security features (say what you will - Windows Mobile had many more security features than Android or iOS for a long time). They seem to be casting off their only real differentiators in an attempt to copy the success of the iPad. This will fail spectacularly.

What nonsense. There are a whole host of Windows x86 tablets coming with full touch support and with new form factors which will be fully compatible with existing software and enterprise features of PCs.

And not to mention the fact that the author doesn't mention the enterprise features that Windows RT has. http://blogs.msdn.com/b/b8/archive/2012/04/19/managing-quot-byo-quot-pcs-in-the-enterprise-including-woa.aspx

Very telling that the author is Gregg Keizer, who was involved in the scandals with faking Windows benchmarks to drive page hits. http://www.zdnet.com/blog/btl/why-we-dont-trust-devil-mountain-software-and-neither-should-you/31024

And the submitter is CWMike, from Computer World. They know that Slashdot laps up anti-MSFT FUD and thus they use it to write drivel and get page hits from Slashdot. And judging from the comments, they're very successful in manipulating Slashdot for their own gains as they've historically with the fake benchmarks.

That's right - I need to look at this more, but you people should give MS a HELL of a lot more credit for what they are doing here. BYOD is the security nightmare du jour, ever since the iPad came out. Our security team have spent huge resources, and are still woefully under-resourced to make managing these devices day in day out remotely safe enough. The last thing you'd want to see, and the first thing you'd demand - from an info sec perspective - is that AD not be baked into this consumer oriented OS. Until Win RT is a couple years old every security team worth their salt would nix any directory / infrastructure tie up with a device which is easily lost, unhardened (at least through painful experience) and virtually an Alpha product.Yes it can be done, but the overhead is massive and most people wont have the headcount to secure bridging the two safely - and KEEPING THEM SAFE. Releasing in this form provides entry to a consumer market, and a platform which has a lot of the headache of apps installed from Lines of Business fixed through the separate publishing infrastructure (which the original article is ignorant of, or lying). Staff get their tablets. It sounds to me that MS are getting a head start on Android and iOS. Read the link the guy above posted. They have provided a tiered, clean way of getting business apps to a consumer device. It still requires security risk assessments and penetration testing of the apps (which would need hella strong authentication / 2FA for anything which holds sensitive or above data, but the lack of the 'generic' client for the enterprise directory will make this much easier to deploy and work with than if they had tied things together with AD. It means more work - but thats what it takes, unless you want your firm to get owned.

Apple

Has Apple Created the Perfect Board Game Platform? 531

Posted by kdawson
from the triple-word-score dept.
andylim writes "recombu.com is running an interesting piece about how Apple has created a 'Jumanji (board game) platform.' The 9.7-inch multi-touch screen is perfect for playing board games at home, and you could use Wi-Fi or 3G to play against other people when you're on your own. What would be really interesting is if you could pair the iPad with iPhones, 'Imagine a Scrabble iPad game that used iPhones as letter holders. You could hold up your iPhone so that no one else could see your letters and when you were ready to make a word on the Scrabble iPad board, you could slide them on to the board by flicking the word tiles off your iPhone.' Now that would be cool."
Businesses

Failed Games That Damaged Or Killed Their Companies 397

Posted by Soulskill
from the cause-or-symptom dept.
An anonymous reader writes "Develop has an excellent piece up profiling a bunch of average to awful titles that flopped so hard they harmed or sunk their studio or publisher. The list includes Haze, Enter The Matrix, Hellgate: London, Daikatana, Tabula Rasa, and — of course — Duke Nukem Forever. 'Daikatana was finally released in June 2000, over two and a half years late. Gamers weren't convinced the wait was worth it. A buggy game with sidekicks (touted as an innovation) who more often caused you hindrance than helped ... achieved an average rating of 53. By this time, Eidos is believed to have invested over $25 million in the studio. And they called it a day. Eidos closed the Dallas Ion Storm office in 2001.'"

Comment: Re:Talk about getting your facts right! (Score 1) 216

by oldbamboo (#28880231) Attached to: Tetraktys

God I love Stephenson. Just finishing Quicksilver now. And I have to say, as an inhabitant of London, his accuracy on detail and facts is astonishing. I only spotted one potential error, where he seems to infer that the Thames is not tidal, but even that was a stretch and is plausibly deniable by way of the wording used. I may just be a pedant. On Slashdot, natch!

The guy blows me away, definitely should have had a major, major bestseller by now, and am convinced that, if he can keep something down to a reasonable size, he has a mainstream success due to him some time soon.

Comment: This is a positive development (Score 1) 209

by oldbamboo (#28208197) Attached to: Should Auditors Be Liable For Certifications?
Very much in agreement.
I spent some time in IT audit for one of the Big 4, and it's always puzzled me that they can issue a draft audit point which if challenged is just taken away. If accepted, lots of monkeys have to run around at great expense clearing it. It seems a bit rich to me that there is no penalty on the auditor for this. effectively they can just rain paper with little consequence, and at potentially huge cost to the client.

Having said that, these firms are partnerships, there is always a partner very close to the work being undertaken, and it's their ass and their money and as a consequence the QA at these firms on their deliverables was exceptional in my experience.

But this is an issue, and I think that legal redress is deperately needed.

To illustrate this, I recall one audit I had to do. It was a follow on from the previous years IT audit a colleague had done for one of the two biggest banks in the country in question. One of the previous years recommendations, signed off on by the business, was the need for Network Intrusion Detection to be put in place. This was actioned, and when I got there they had had an expert working day in day out for months, with a huge budget for some very expensive network taps and headcount for monitoring. I reviewed the point, determined that they hadnt yet implemented the control as of that date, recommending that they proceed and introduce it within the coming year.

At the close out meeting one of the commercial directors ate us alive. The original point should never have been accepted. The banking industry, at that time, hadnt settled on NIDS as a requirement and host based should have been fine. Effectively our sloppy report made them piss millions up the wall for little reason.

Audit reports are clear documents, beautifully built, well evidenced. They always have work papers and test papers behind them. They are perfect candidates for for further inspection in a court of law and I have seen, first hand, instances where they have been harmful and inaccurate and should be subject to this scrutiny. If a process or test was missed off, it will show. Every time.

Yes, it's true that senior management at the bank signed off on the previous years report, but this was in good faith that my firm knew what they were talking about. They didnt, and should have been liable. Why not? Currently they get out of jail if they're right, and they get out of jail if they're wrong. And dont even get my started on the conflicts of interests I saw!

Comment: Re:Sounds like Boot Camp or Police Academy... (Score 1) 876

by oldbamboo (#26884185) Attached to: High Tech Misery In China

er, you're like Walter in Lebowski Dude.

Not everything has a literal connection with Australia, that was very much last weeks story, I hate to break it to you but, as you suspected, the world cares as much for Aus as Aus does for the world. What the hell have bushfires got to do with slave labour, you bibble?

Get a job sir.

Comment: Far Cry 2 is my game of the year for opposite (Score 1) 507

by oldbamboo (#26267187) Attached to: Avoiding Wasted Time With <em>Prince of Persia</em>
I think PoP is anodyne, and the handholding took away any feeling of risk. FC2 I love. Played on hard, just getting to the required map point is brutal but always interesting due to the savagely smart, hard to see soldiers at checkpoints, road patrols, etc. It forces you to think, proceed with caution, and engage the enemy in a real seeming way. If you get gunned down, you are going to retry, and that half hour of terrain doesnt seem boring, none of it does, because the scenery, enemies, and weaponry, are just fun to hang with.

Comment: Re:What about quality of experts? (Score 1) 164

by oldbamboo (#23149970) Attached to: The New School of Information Security
Yep,
'Experts' barely exist. I am one. And I'm not that good at all to be honest, I can barely code a 'hello world' but I've still been wheeled out countless times to point out password lengths arent up to snuff etc.
But I've got seven years experience and I know quite a lot of other things worth knowing, and I've seen some pretty sloppy practice and kicked it into touch.
Still, this book sounds cock. I mean utter cock. The review makes it sound like it is equally as worthless as me, on a bad day, trying to risk assess a three tiered app running on Websphere. They appear not to have a point, and to focus on the now dead legend of management buying the silver bullet / marketing / one stop shop is well out of date. There isn't a manager out there who is dumb enough to believe that you pay money and this crap goes away. They know it's a combination of process, people, and systems in concert that gets you out of the shit, because it's true, and because it is their language, that of business. The book sounds like a squint-eyed techie moan, from people who don't get let out of the back room to talk to the execs very much. This book sounds so far out from reality it may as well be set on the moon, and populated by Sea Monkeys. If they want to sell a new school, they could at least take the trouble to learn the 'old ' one first, instead of passing off vacuous soundbites about China and Hedgehogs or something.

German TOR Servers Seized 427

Posted by Hemos
from the sometimes-being-an-AC-is-abad dept.
mrogers writes "Servers participating in the TOR anonymizing network have been seized by public prosecutors during a child porn crackdown in Germany. TOR provides anonymity for clients and servers by redirecting traffic through a network of volunteer-operated relays; the German prosecutors may have been trying to locate an anonymous server by examining the logs of the captured relays."

"But this one goes to eleven." -- Nigel Tufnel

Working...