Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Just plain wrong (Score 4, Insightful) 85

There's nothing embarrassing about not wanting to go into certain places. Chances are very good any company you can think of actively excludes themselves where things don't fit their business model.

Decisions based on where to offer services are based on demographics, target market, legal landscape, logistics, potential profits and so on. Chances are senior leadership is already going to be aware of their target market and probably doesn't need to do in-depth market analysis to realize certain countries don't make sense. In other words they can dismiss a country with half a second in thought - and be right.

Now if you want something that actually is embarrassing - we can talk about their data analytics.

Comment Prototypical example (Score 3, Insightful) 352

Daylight savings is the perfect example of government's regulatory overreach interference in people's lives for theoretical gain. What is there is an increase in stress, time, money and heart attacks.

It's a concept that kills people, something studies have shown for years. Meanwhile anyone who wants an extra hour of daylight can make a personal choice and adjust their sleep schedule.


Comment games (Score 1) 615

init strings
modem connection sounds - and what they meant
DOS memory management
wiring pin outs for serial, parallel and Ethernet cables
null modem cables
IPX/SPX and how to tune the daylights out of it
dip switches

Mind you, many of the above were necessary to do things like play games with your friends. Thinking about it, I learned a lot about networking and hardware because I wanted to play games with my friends and network games were only for the brave. We would hack games that were only supposed to work at the LAN level to work online so we didn't have to haul our computers over every time we wanted to play.

Comment Re:Best feature they could get (Score 1, Flamebait) 47

They do allow hate speech and threats against other peoples lives. Twitters double standards on hate speech are well documented:


When you get to define hate speech as speech that disagree with than everything quickly becomes hate speech.

Comment Best feature they could get (Score 1, Offtopic) 47

By far the best feature that they could possibly get would be remove their political bias. Twitter routinely censors or bans views that don't match their political views. Who seriously thinks excluding a significant portion of the population is a viable business?

Unfortunately they would rather burn their own house down than be politically tolerant. Political correctness strikes again....

Comment Re:It's even easier than that (Score 1) 110

Credit card numbers that long aren't necessary. Changing how they are constructed is. Logically speaking the problem can be fixed (hashing etc.) The problem is that the infrastructure that supports it would also have to be changed and that would be a monumental undertaking. Which is why they are trying to avoid it at all costs. You also have the issue that the typical consumer is not going to tolerate an even longer number than they already have.

The unique credit card number solution has been offered by some banks already (e.g. Amex). Many payment terminals are configured to use DUKPT which creates a unique key per transaction (this is enough to take a cash register out of scope for PCI if properly configured).

You may find this interesting:

Even 2FA is broken if it is done via SMS

Comment Re:It's even easier than that (Score 1) 110

Credit card transactions are fairly well documented (I'm a big fan of DUKPT myself and that is decently documented). However the process used to generate the account and CVC2 numbers themselves is obscure and proprietary to each bank. Most banks do not have the expertise or will to properly perform this function. They count on malicious actors not looking too hard at how they do things.

Unfortunately for the banks once you figure out how to generate these numbers you have broken the primary security used to prevent the public at large from using any given key (card no's) against a very public lock (merchant website). 2FA goes a long way to prevent this!!!

Processors, banks and merchants all have the ability to mitigate this risk by putting in additional controls (geo-location, address, shopping patterns etc.) These all help reduce the risk of a given transaction. However they must balance out approving most (probably legitimate) transactions against an acceptable level of fraud. They must also balance out the overhead involved in reviewing and approving transactions.

The result is the continued use of a system that is fundamentally broken. You will see this type of fraud increase significantly until the whole system is re-engineered.

Comment Re: It's even easier than that (Score 1) 110

Every company chooses their own method of generation for this code. Some vendors use weak encryption, some might use strong encryption, some don't use encryption at all, and some issue the codes in batches. It really all comes down to the company, their risk policies and their expertise. That's why large card dumps are risky, they provide material that can be used to look for patterns. It's a bit scary how many companies have told me they secure their product with base64.

Slashdot Top Deals

Anything cut to length will be too short.