Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:Holy crap ... (Score 1) 66

The security difference between chip-and-signature and chip-and-PIN matters in only one case, and that is if your physical card is stolen from your wallet. Skimmers, data breaches, shoulder-surfing, all the hacking attacks won't yield the secret key inside the chip, preventing it from being counterfeited. If you don't like the security of your chip-and-signature card because you're afraid your card might be stolen, ask your bank to issue you a chip-and-PIN card instead. If your bank won't, there are plenty of other banks who will, and who will be grateful for your business.

Visa and the retailers originally figured U.S. customers would prefer chip-and-signature because it makes selling things "easy". But that's a pretty stupid attitude, because lots of people (including you and me) are wary about identity theft. Customers need to complain to their banks so that they learn we'd rather have PINs than signatures.

Overall credit card security will still remain terrible for a long time to come because static mag stripes still exist, and online card-not-present transactions still use static authentication data like CVV2 codes. What really needs to happen to actually improve security is that mag stripes and static numbers like CVV2 need to be flat-out outlawed. The recent "liability shift" is the opening salvo in the conversion, but we're probably still a decade away from actual security.

Comment Re:Works for me (Score 1) 136

Manufacturers have long made custom versions of products for specific store chains, and not just TV sets. Pots and pans, clothing, furniture, most products are available to any store that's willing to pay for them. Some stores (like Walmart) have a specific price point, so the manufacturers produce a model without the chrome-plated knobs, the low contrast screens, and use only the cheapest cloned capacitors and dubious quality power supplies.

There's a lot of marketing power in it, too. Not only do they get to offer big TVs for ridiculously low prices, it's also safe to tout benefits like a "150% price match guarantee", when they have the exclusive contract to sell that exact model.

Comment Re:What's Unusual? (Score 1) 91

This new piece of malware shows sophistication of design, but that's not unheard of. Older malware was often customized by compile time switches and definitions; this just abstracts some of that away.

Many people (i.e. journalists and managers) think of malware authors as pimple-faced script kiddies hacking in their mothers' basements. They think that large, well-designed projects require teams of skilled developers who would only do so for a fat paycheck.

What's happened now is that vulnerabilities are so profitable that the threat landscape is no longer the exclusive domain of the single hacker - criminal gangs want a piece of it. They can afford to pay team salaries to engineer a solution.

And malware authors have learned to avoid the biggest risks of getting caught. In the old days a virus writer would also be the distributor. Modern authors get paid by selling their exploit code, along with customization and support contracts, to gangs of attackers. The attackers take on the risks, the developers collect fat checks. In some cases of vertical attacks (ATM skimmers for example), the "owner" of the malware uses cryptography to encrypt the skimmed data, preventing the low-level attackers from profiting from the stolen data. The profits go to the top first, and the paychecks cascade down (assuming honor among thieves.)

So what's newsworthy here is that they believe this malware to be further evidence of a new breed of well organized criminal software developers.

Comment Re:Awww (Score 3, Interesting) 93

Because neonicotinoids are among the safest overall pesticides that have ever been developed. They very effectively target insects, but have very minor effects on mammals. The LD50 of Safari is over 2000 mg/kg of body weight in rats. They're rated category III by the EPA, which means 'slightly toxic and/or slightly irritating.'

The big problem is with bees. Neonics are supposedly 150X more lethal to bees than to any other insect genera.

The EU has already banned neonics (possibly because population density is higher and bees may be more shared than in the US); the US is dragging their feet.

Comment Re:Translation : (Score 1) 93

Actually, they've known for several years that minute quantities of neonicotinoids cause bees to 'dance' incorrectly; where the dance no longer correctly directs other bees to their discovery of nectar. The loss of food may be partly responsible for Colony Collapse Disorder. It's not surprising that this would also lead to reduced pollination.

User Journal

Journal Journal: The Moon is a Harsh Mistress while listening to Time by ELO 1

Don't know why - but I really like that combination.

I've gotten off my schedule of reading Starship Troopers and TMiaHM every year - but I did just reread The Moon is a Harsh Mistress last week-end. My wife was in Ukraine and I was kind of bored but not motivated enough to do something that took effort.

I've outgrown RAH's politics but I still love the story.

User Journal

Journal Journal: Magnet Links from Chrome in Plasma 5 3

For some reason magnet links that I clicked in Chrome were opening the Transmission client instead of Ktorrent. I remember doing something in the past related to this - though I think the issue then was that chrome didn't know how to handle them at all.

Comment Re:You can't go wrong with Slack... (Score 1) 6

It's broken now as far as browsing categories - and has been for a while. You can search for specific packages and install them/uninstall them but you can't use apper to just browse through the different types of software available. It's a known issue and I haven't heard anyone mention any ideas on when it would be fixed.

Comment Re:The thing about the "bombing ISIS positions"... (Score 1) 488

I can think of two plausible but simplistic explanations, there are no doubt more.

First, they may have been waiting for better timing. Once you drop a bomb on a building, the scum-lickers learn they've been exposed and will not return. So they want to bomb the building when it contains one or more high value targets. Knowing when a high value target is inside requires you to have an intel source observing the building (or the target) at the same time the target is in the building and you have assets in position to level it. That doesn't happen very often. But due to the attack they have to respond quickly, so they are sending a different message by killing a bunch of low value targets in a lot of locations.

The other simplistic explanation is intel gathering. Getting a spy into their organization is not easy. If you bomb a building, you are revealing to the enemy that at least one of the people who knows about the building is a spy; or that you have the capability of intercepting some kind of traffic. To preserve the secrecy of the ULTRA program that decrypted German Enigma traffic, Britain developed an elaborate process for destroying U-boats in WWII. They couldn't just fly to the location of the submarine and drop depth charges as that risked revealing the Allies ability to decrypt communications; instead, they scheduled weather-reporting planes to fly more missions in certain sectors; these weather planes would then "get lucky" and report the U-boat's position to the destroyers. Similarly, France may not want to reveal that they're triangulating cell traffic, or tapping certain phone lines, or monitoring PlayStation Call-Of-Duty chat rooms.

Either way, France is trading potential future intel gathering capabilities to send a message today that says "you are not invincible, you are not right, you are not just, you are only vermin to be exterminated." They can rebuild their intel network later.

Comment Re:if they really want revenge (Score 1) 488

Ignoring the restrictions is useful, but it provides the enemy with justification. "You say you live by this rule, but you ignore it. Therefore, we're every bit as good as you are, or you're every bit as bad as us."

Thus, black ops and deniability. Who knows; maybe Anonymous is so full of FBI moles that this is actually a government backed attack?

Comment Re:You can't go wrong with Slack... (Score 1) 6

I am using the Nvidia driver - nouveau has never worked for me with this card on this machine. And it's the only card I've ever found that fits the case - it's an Acer that's really compact. I've had it for 6 years or so and I love it - but at some point I may need to get something new. But I've never seen anything with quite the same form factor. I really like it over the big, big boxes that are normal for so many desktops.

User Journal

Journal Journal: F21 - F22 Today 6

Support for Fedora 21 is coming to an end and so I decided to upgrade to Fedora 22.

I don't run the default Fedora install, I use the KDE spin. I realize KDE isn't the primary desktop for Fedora, but until now it's been alright. I use Fedora for a lot of reasons but mostly because it is the distro I know. I know it because it is the first distro I used on a regular basis for more than just messing around. I did that because at my work we got a new server running RedHat.

"Survey says..." -- Richard Dawson, weenie, on "Family Feud"