Slashdot - What's up with the no-download-necessary hentai porn sidebar ad?

Because it's not part of ISO8583?

Bah, I'm sorry...

[*ThereShouldBeAnAsteriskHere*]To my knowledge. I'd be happy/interested if someone could prove me wrong here.

I have been doing card processing for a living for 7 years now. The pin, of course, has to go over the wire along with the track2 data. How exactly that happens can differ greatly though. Larger merchants are more likely to use some sort of middleware processing software, and that introduces weaknesses. In many cases communication between the POS and middleware is plaintext. Scooping this data up would be trivial, but PCI mandates that unencrypted data has to be segregated off the network from non-PCI stuff. This makes things a bit trickier for an attacker.

As for Target, here's my take: This is the only information in the press release:

If they were using "true" end-to-end encryption, there are no known attacks other than card skimmer magic*. If that was the case, there wouldn't be much of an investigation, as the facts (and scope) would be pretty clear.

That leaves a network packet monitor attack, a database related breach/attack, log file snarfing (depending on the vendor, log files can contain a LOT of data.), or something I'm not thinking of.

I find it odd that they say that pins have been pilfered, but not the card numbers. That, to me, suggests a DB related attack, and the attackers only got the pin table/columns. A list of pin numbers though, of course, is completely useless (8374 - Here's a free one) on it's own. Decrypting them should be trivial, given the limited number of possible pin numbers, even if the table was salted. But again, what would be the point. I'm guessing that the next release will say that card numbers were compromised as well.

As for the 3des part, It just doesn't make any sense. As other people have already said, 3des is symmetrical, so saying they don't have the key is impossible. My guess is that they are actually using SSL (which could then in turn negotiate a 3des key). If that is the case, then each session key would be unique, and target would never have "access" to it as it would only exist in RAM.

To my knowledge. I'd be happy/interested if someone could prove me wrong here.

Did you remember to correct for air resistance?

FYI - While DEF does contain urea, it it the artificial kind, not the frosty piss kind. Also, cold temperatures ruin DEF.

Actually, that is false. A head on collision with a vehicle of the same mass would be no different than the indestructible brick wall. Yes, when you add a second vehicle to the mix, you are doubling the amount of moving mass, but the absolute speed remains constant. In the end, the delta V is the same in both scenarios: X to 0. Now that we know that the delta V is the same, we just have to account for the deceleration rate, which is basically the same as the duration of the impact (crumple zones and all that). Since we have identical cars, they will deform at the same rate, acting as each others' brick wall. Once they collide, they would be exerting identical force on each other, so the front bumpers would remain in the same location, just like the brick wall. Since the front of your car can no longer move forward, the collision happens, and the body of your car absorbs the energy required to decelerate to 0. The energy released when two cars collide is doubled, but it is also spread over twice the area (ie, now you have 2 wrecked cars).

I'm intrigued... so does friction play no part at all then? It must have some impact.

Careful now... last time you declared war on Canada, your White House was burned to the ground.

I had teksavvy for a couple weeks, but ended up having to cancel because Telus has old rickety phone lines in my area and so I could only get a high latency interleaved DSL connection. The ten savvy help desk is/was staffed by high quality personnel. It's really too bad the Telus has such shit lines...

I really like that question!

My question would be: WC3 introduced heros and creep camps that encouraged roaming around outside the base. SC2 remained pure units (no heros). Do you think that blizzard may resurrect the hero/creep style in the future?

Next time, you should just buy a ups or power inverter for your car...

Warewolfs

The point is that of 4 safeguards in place, 3 failed to properly work. That's not concerning?

Stephen Harper and the Harper government...

He demanded it, and it should be used in all articles, not just positive ones.