Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:survival of the fittest (Score 1) 140

The bank is presumably liable for all unauthorized transactions, but can escape liability if they prove the consumer was negligent. And having an insecure machine should be considered negligente.


The bank should be able to escape liability if they prove that the damage was CAUSED BY customer's negligence. Otherwise, they might have let an employee capture all your "secure" information and sell it to the Russians, but they're not liable because it turns out you didn't download the latest WinXP patch.

Just as with a car accident, there has to be an investigation into who actually caused the problem. It's reasonable to share the blame, but I think in a case where reasonable actions on the part of the bank would have prevented the problem completely, it's also reasonable for them to be responsible. They're the professional service here. They *do* have a greater burden than their customers.

Comment Re:And how can you evaluate a bank's security? (Score 1) 140

You're not able to audit online banking code. True. But are you dumb, deaf and blind? Do you think people will remain silent when their bank refuses to cover their loss? Don't you think some media outlet would greedily gobble up the story?

Show me the bank that's been demonstrated secure by a LACK of media coverage of their failures... and I'll show you a bank that's either (a) too small to do much of anything or (b) really, really good at shutting up media.

Inductive reasoning proves nothing. Just because there's no coverage of Bank A having customers' accounts get wiped out doesn't mean that it hasn't happened and won't happen. It just means you're now subject to the media's whim as far as information goes, rather than just the bank's. And since the media doesn't have any special rights WRT getting info from the banks about their practices, you're really not a whole lot better off at all... since all you're going to see is whatever sells ad spots. (Oh, Bank A wants a 30-second spot every half hour? All we have to do is drop that story... right. I'll get right on it.)

Comment Re:No thanks, nanny bank (Score 1) 140

Great--now I've got to do paper banking, and get charged *extra* for the paper statements. Worse, if I take the money out of the account--just to move it to another company or invest it myself (because I now officially hate them)--I'm going to get nailed with a capital gains tax that will hit me like two years of rent. Taxes are the IRS' way of locking you into a bank for life.

Talk to the bank you want to move it to about a Rollover account. You don't have to pay taxes if you roll it over properly.

Comment Re:No thanks, nanny bank (Score 1) 140

The problem is that you want the bank to secure what they cannot secure: Your PC.

I do not know of a single case of bank fraud where the fraud has been in any way connected to a security breach on the bank's side, and due to my work I know of a fair lot of fraud cases. Invariably the problem was on the customer's side.

Those types of breaches aren't limited to the world of online banking, though. Someone can walk up to me with a gun while I'm at the ATM and demand I take out ALL my money and hand it over. Someone could kidnap my child outside the bank during business hours and hold him hostage until I went in and emptied my account and handed it over.

But... the banks *have* implemented security measures to make these types of "attacks" more difficult. ATMs cap the amount you can withdraw during a single transaction, and also during the entire day across multiple transactions. They have security cameras installed to make catching and prosecuting offenders easier. They have silent alarms at the teller, which they can set off if they think something's iffy about a transaction. Accounts with multiple account holders may require multiple signatures for certain transactions.

They can't secure my body or my family, but they *do* do what they can to secure the transactions I make via their branch or resources. Why should I expect different from online banking?

Comment Re:I like Bank of America's approach (Score 1) 140

Since I worked for banks with exactly this problem, I can reassure you that even if they aren't responsible for the losses, they have a very keen interest in making the whole deal secure: Cost.

You have NO idea how much money banks save by shifting the work of transfers to you, their customer. Banks shut down a lot of branches and laid off a lot of people because they don't need so many brick and mortar outlets and tellers anymore.

And this is primarily due to online banking, rather than ATMs?

Now imagine people lost faith in the security of online banking, to the point where they consider it untrustworthy enough to demand their human monkeys again to do their work.

And the banks say "Sure thing! That'll be just $5 per transaction!"

Furthermore, banks could not even easily return to brick and mortar transactions if everybody suddenly stopped using online banking, some banks are by now very dependent on online banking, to the point where they would quickly lose customers simply because there are no local branches anymore.

As others have pointed out, they'd *also* lose customers if they actually made online banking secure.

Think about it: first, they have to make things less convenient, because frankly, convenience and security are inversely proportional. That will lose them customers right off the bat.

But as several posters have pointed out, that's not enough... because people don't know how to keep themselves secure. So for a bank to actually make their customers' transactions as secure as feasible and reasonable, they would have to require everyone to pass a test or take a class before signing up for online banking. How many banks would permanently lose a lot of business if they cut off online access to their customers until they'd been certified to use online banking?

For exactly the reasons you stated, it's unlikely that banks will make online banking reasonably secure unless regulators step in. (And this is why we can't have nice things in a free market.)

Comment Re:What a surprise (Score 1) 97

Yes - Idaho is a filth-encrusted hole of pestilence and misery. You don't want to move here.

(We have to say that to keep all the Californians out.)

Gosh... I own a house in Idaho, and was planning to sell it, but maybe we should just move there!

(What's the job market like in Gooding?)

Comment Re:Ugh, horrible bad usage, batman (Score 1) 97

Idaho has 93% of spam. No.

Spam comprises 93% of emails in Idaho. Very big difference.

I'm guessing that's what they meant also, but really, there's no confirmation of this theory anywhere in TFA. It's simply the most sensible interpretation of their fumbling attempt to discourse.

You want to know the real reasons Idaho is one of the most spammed states?

Higher percentage of "noob" users. Idaho came to the table pretty late, and a disproportionate number of people in Idaho don't yet know basic ways of reducing spam.

Or possibly, people in Idaho are more likely to fall for spam advertising.

I doubt it's either of these. A very low percentage of emails give much geographic information about their associated users, so even if Idaho was the Spam Sucker Capital of the Universe, the spammers wouldn't know how to target Idahoans. And I think that, even if it's true that Idaho adopted email later relative to other worldwide locales, by now it's been long enough since widespread adoption that the n00b effect is diminished to statistical insignificance.

The most likely explanation (if, in fact, the phenomenon poorly documented in this article bears any semblance to reality) is that Idaho has a lower rate of email-based commerce than other states, due to lower population density and an economy that is largely rooted in agriculture (no pun intended). A larger percentage of email is probably personal rather than professional, and personal email use patterns are more likely to engender large spam-to-useful ratios.

Comment Re:Citations appreciated. (Score 1) 459

The second technique:

"If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running. "

I don't really blame them for missing this since they probably don't use IE. And I must say I would have been tempted to classify this as an IE bug.

I would be too, since it works if you visit a website in IE, but doesn't work if you visit a website in Chrome.

What I wonder is... does the Chrome Frame counter this particular exploit? I could see it doing so by either negating the "visit in IE" requirement (by using the Chrome rendering engine) or the "Chrome not running" requirement (by running the Frame).

Comment Re:it won't be a problem because it's not in Europ (Score 1) 804

Your sea ports imports/exports for the entire US, not just you. Separate imports/exports used/made locally from those other states that use your port.

What makes you think that I'm using data that isn't taking that into account?

When you break up the US trade balance by region, you find that every region EXCEPT the one that contains California (I think it's region 9, but I could be mistaken) has a huge trade deficit. That takes into account where goods are shipped after they arrive at the ports, and where they come from before they depart from the ports. Unfortunately, my lecture notes are stored away somewhere obscure (maybe they're in the cabinet under the cable modem and router), but the percentage of goods that go through the California ports that are not from/to other states is pretty large... definitely a majority. That's not the case for any of the other large ports in the nation (such as Seattle, the one in New Jersey, etc.)

It helps that the state contains over 10% of the entire nation's population, of course.

Comment Re:There is some logic to it (Score 1) 403

I don't blame the poor for being poor. I blame the poor for staying poor unless that's what they choose to do.

Because they could... what? Go to college? Not if they couldn't get into college-track courses in high school. Not if they can't earn a scholarship. Learn a trade? Even that is expensive; during apprenticeship (such as for plumbing) you make almost no money, and it's often competitive to get into one. Just what do you suggest as the method(s) that really anyone can pull themselves up by their bootstraps? Because I have yet to learn of some path that is truly available to *everyone*, regardless of their resources.

There are plenty of opportunities for poor people to a) earn money and b) be very happy with or without that money.

Oh, wow. That's just... wow.

What's the poorest *you've* ever been? And what are these opportunities you speak of that don't require special training, a high degree of literacy and/or numeracy, or physical prowess? because some people don't have ANY of those things, or any way to get them.

More than that, there are an infinite number of opportunities for people like us to lose our place, no longer be smart, and certainly no longer have any wealth. My sister's done all three of those.

And why? Why has she? Do you ever think about that?

What people like us don't have, is the ability to work physically hard.

Sure we do (at least, a lot of us do). We're just not willing to, and we have enough acquired power (see Hobbes, or was it Rousseau?) that we don't have to.

And that's the point. Any impoverished person willing to work physically hard for people like us get paid really really really well.

You know, my housekeeper makes $90/day to come to my house every other week and clean. That comes out to more than $10/hour, but that is NOT getting paid "really, really, really well" in this area. Not only that, but she's 66 years old, and can't work as physically hard as she used to. She's never had an opportunity to save for retirement, though, and her son barely makes enough to support himself and his daughter, so she can't quit. She doesn't speak English very well (some people are good with languages, but she's not one of them), and though she's very intelligent, she's not well-educated, so there aren't many non-physical opportunities for her. She's taken some jewelry-making classes, and I pay her $10-20 to fix broken necklaces every now and then, but she doesn't have the resources to start up a full-scale jewelry business.

What do you suggest for her? What are her options to make money? She's a US citizen (if you're over 65, you're allowed to take the exam in your native language), but doesn't have much else in the way of natural or acquired power.

What about the friend of a friend who, having lost her eligibility for Medicaid when her kids moved in with their dad (because she was about to be homeless), can no longer afford her medication for bipolar disorder? She's slipped farther and farther into depression and dysfunctionality, smokes too much weed and can't be a good parent, pay her rent, or keep a job. But she also can't afford mental health care or substance abuse treatment, which aren't easy to get even if you *do* have Medicaid.

If she does lose her job, she may be able to get her insurance back, but then if she regains functionality with treatment, she could lose it again. What's your solution for her problems? What's she just not doing right? Most of her skills tend toward backstage grunt work for community theater.

Slashdot Top Deals

I'm a Lisp variable -- bind me!