Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:How serious is this? How exploitable is it? (Score 1) 257

>What else would you use to encrypt 8-byte long sequence.

I would establish a secured session using authenticated key agreement and use that session to carry all the traffic.
If the PCI pixies forbid me from having a secured session, I would randomize it with nonces to achieve what the PAN does without the additional key.

But crypto protocol design is not a solo sport. You do it with a group like minded of cryptographers and implementers so you get it right.

I read the PCI specs once. It was like they wrote a set of thousands of statements and then randomized the order. They are still true, but the structure and purpose it lost.

Comment Re:How serious is this? How exploitable is it? (Score 1) 257

Of course, I bothered to look at at least one version of the PCI DSS spec:

This means all CDE data must be encrypted as suggested in PCI DSS
Requirement 4.1. Section 4.4 described Layer 2 specific wireless encryption protocols such as
AES that is used within WPA2 to provide confidentiality and integrity at the wireless link layer.
Higher layer encryption methods such as SSL/TLS and IPSEC and could be used to provide endto-end
cryptographic protection of card-holder data.

So it *looks* like it may have considered WPA-2 built in encryption sufficient, but 'recommended' TLS/IPSEC.... So contrary to common sense there could be implementations with weakness...

Yet the shiny new PCI-DSS compliant card payment machine we got recently for the store had a sticker on the bottom proudly proclaiming it used triple DES. I shit you not.

Comment Re:How serious is this? How exploitable is it? (Score 1) 257

Didn't catch the part about GCMP, hopefully for once sluggish wifi implementations being behind the curves mean most are using CCMP.

TKIP should already not be in use for many reasons.

CCMP always had higher security bounds than GCMP. GCMP exists for speed only because it is parallelizable and GCM was initially introduced for ethernet linksec as a workaround for the OCB patents. There is still no compelling reason for GCMP in 802.11. Modern logic is perfectly capable of keeping up with CCMP.

Comment Re:Itâ(TM)s about price fixing the key market (Score 1) 60

I need a new key made for my Late-ish model Subaru and they say itâ(TM)s $350 just for a key. When I demanded to speak to the manager of the parts and service depot and demanded an explanation they only would say âoeitâ(TM)s more secure than the $2.25 key copy you got with your last car at the hardware store.

Clearly thatâ(TM)s not true at all. Can we somehow sue them for price fixing the key market?

Probably, yes. The replacement key thing is a total shakedown. At least you can clone it now.

Comment Re: So (Score 1) 319

We don't define freedom the same in the US as they do in Europe. To the US freedom is not having the government restrict you. To Europeans, it means the freedom from having to worry about their economic status (socialism, basically.) Please don't try to equate the two.

I've lived in both places. I assure you the US government restricts its subjects just as much, and in many cases more than European governments restrict theirs.

Comment Re:So (Score 1) 319

They have tens of thousands of employees. TFS says they fired hundred of workers. That's a 1 percent-ish firing.

After a period of rapid hiring, you need a firing to get rid of the mistakes.

This sounds like corporate house cleaning.

Comment Re:What happens (Score 1) 349

I think the real world will be different. These cars will never be clean, be full of graffiti and other stuff like baby poo, animal shit and germs, unless they are cleaned after every trip, which makes them much more expensive.

The nice clean ones will be a little more expensive than most people can comfortably afford, like business class is today.

Comment Re:This won't make family happy. (Score 1) 255

Not when first encountered it. It was all or nothing. And the toolbar is hidden! WTF?

That and the replacement didn't do the basic thing that WMP did, which was index all the music on my network drive and make it available to browse and place. Maybe it does. Maybe its in a hidden menu somewhere. I remember it trying to sell me stuff FFS.

Music playing software was way ahead of cell phones with dissapearing headphone jacks in terms of technology that gets worse over time.

Slashdot Top Deals

I have a very small mind and must live with it. -- E. Dijkstra