Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Just add ashtray to iPhone! (Score 1) 242

This reminds me a story of Rolls-Royce engines in India. They couldn't sell them unless "part of it is created in India". So, what they did - they created a useless metal thing and a factory in India was working hard making it. They thought it's important part of the engine. In fact, it was transported to UK, only to be melted back to metal. However, Indians believed it was a joint venture and created work places.

Comment Hardly a discovery (Score 1) 48

Sorry, but I don't see how is that news or a secret. Just like tinyurl, the ID of the url is supposed to be as short as possible, hence it is sequential.

The funny thing I found a few years ago was with tinyurl. Apparently, the first links were created by their developers, hence links like tinyurl.com/1 and so on (2,3,...a,b,c...1a,1b) belong to owners of the service and tell something about them.

Therefore link shorteners should have password protection for redirection, at least as an option. For example, as it is done in 2l.lv and similar engines. Also, links should have expiration date, like in owncloud service and limited total number of redirection.

Comment Re: Wow ... (Score 1) 419

I've never seen the bank to supply either POS software (thing that works at touchscreen-enabled device) or card payment terminal - the latter is usually supplied by a processing center company which works with many banks.

However, if that was the customer's (Apple) wish to only process the override numbers at the end of the day, then perhaps Apple is the victim, not the processing company or the bank. In fact, I don't see the "bank" in this scheme at all. It's either Apple or the processing company, which might or might not belong to the bank.

What Sharron and Temeshia (oh, these anglo-saxon names...) did to Apple and Victoria Secrets was one of many possible exploits to imperfect system of card transaction. When you are entering your PIN code using corded pin pad, the data is encrypted in transit (where "transit" is that short cable) using DES algorithm. The system consists of two parts - business rules and technology. However, it only protects itself against technology attacks.

The algorithms of higher level, the workflows of the whole process, are made to comfort the customer. Until that final moment of ultimate discomfort, which is regarded as "nonsense fantasy" during the development process. So you don't have to beat the technology if you know the business rules.

Slashdot Top Deals

He's dead, Jim.

Working...