Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment It is called a proxy (Score 1) 572

It is very common for a company to install a proxy server that decrypts traffic to the outside and inspects with a data loss prevention type tool. Proxy servers act as MITM attacks to be effective at decrypting SSL traffic so it can be inspected.

It is not as common that you would be allowed to connect to this employers network. Network access control should be in place to prevent vendors or employees from connecting potentially malware laden computers to the internal network. At the least, if you gained access to their network, the same proxy that performs the MITM attack should also be prompting for authentication to access the Internet.


Comment Re:Better late.... (Score 1) 731

There are a lot of conversations about chip and pin and how it would apply to Target.Chip and pin was developed to help with card present fraud and reduce the potential of duplicating an entire credit card by capturing the data at the point of sale (Target), on the wire (RaceTrac skimmers, Ethernet taps) , or at the processor (Heartland). Chip and pin does require or support encryption of the card number (PAN); it is still sent in clear text to the processor and banks. In truth, chip and pin would do nothing for Target as they have host their own processor. Bad actors had control of registers and potentially their payment processing systems, obtaining enough information to make counterfeit cards. In this scenario, the only solution that would help Target would be end-to-end encryption. Encrypt at the pin pad, decrypt at the bank. Nowhere is the card number or any track data in the clear on the retailer or processor network.

Instead of spending money on chip and pin which does not address the card not present problem, banks (and retailers) should be lobbying for end-to-end encryption. Many current readers are capable of encrypting at the swipe (or chip read). If you are upgrading to support chip and pin, your new pin pad will support encryption too.


Comment DVD is my best option. (Score 1) 409

Don't have fast enough Internet connection to stream reliably.
Have 13 year old TV so no Blue-Ray player (would also need to buy new entertainment center to replace my hand built wood one).
Have basic satellite service so not much on TV (I just watch sports).
Theater is expensive and people are often inconsiderate of others so I buy the DVD movie online and watch at home.

What do you want, you moon faced assassin of joy? - Londo Molari

Comment RIP Steve Jobs, you will be missed. (Score 1) 1613

You brought is the Apple and Macintosh line of computers. You gave us digital downloads and iPods. Then you showed us iPhones and iPods to stay connected. We owe much of your day to day lives to visionaries such as yourself. I started programming on a C-64 and Apple IIe. My first professional computer was a Mac IIfx. I am raising my glass to you.



Kongregate App Pulled From Android Market 139

itwbennett writes "Last week Google took a page from Apple's book and pulled the Arcade by Kongregate app from the Android Market for violating its terms of service. In particular, the part that forbids distributing 'any Product whose primary purpose is to facilitate the distribution of Products outside of the Market.' As Kongregate's Jim Greer explained to Joystiq, the app is essentially a custom web browser that loads in a Flash game from the mobile version of Kongregate. Plus, it will cache the game so you can play offline. And this may be the feature that got it yanked, speculates Ryan Kim at GigaOm."

Comment Encrypt the data for starters (Score 1) 332

PCI (Payment Card Industry) will deal with this eventually, as traffic should be encrypted from the reader to the backoffice server or whatever brokers the transaction to the payment processor. What needs to be done is encrypt the card information at the reader at the pump, even if the information is transmitted via serial connection (out of PCI scope today). Prudent companies keep the keys to the gas pumps secure as well as do at least daily checks on the pumps (crack the box, look for skimmer).
I suspect this type of skimming is more prevalent that is getting press for.

Comment Re:Copyright BS (Score 1) 605

The answer to your question: The Berne Convention [wikipedia.org], which affixes copyright on anything written down anywhere. Really. This comment is copywritten by yours truly thanks to that rule and that fun text at the bottom of the page, and as such if I were wealthy and a complete jerk I could sue someone for infringement if someone decided to plagiarize me.

Come and get me!

Comment Including backpack... (Score 1) 767

I have the following personal items: 1 1GB Thunbdrive 1 Analog watch (takes a battery) 1 Sony Clie/PalmPilot And the following work provided items: 1 cell phone (Palm Treo 700w) 1 IBM Thinkpad r51 1 RSA SecureID token (VPN access) Since I'm on call for work, those items are generally always with me, except for trips to the store. The total of those items is over $2000.

Slashdot Top Deals

Space is to place as eternity is to time. -- Joseph Joubert