|
My father made me read Stoll's book "Silicon Snake Oil" because he also thought the internet was a dumb fadWikipedia posted:In Silicon Snake Oil and an accompanying article, The Internet? Bah!, in Newsweek Stoll called the prospect of e-commerce "baloney," and raised questions about the influence of the Internet on future society and whether it would be beneficial. Along the way, he made various predictions, e.g. about e-commerce (calling it nonviable due to a lack of personal contact and secure online funds transfers), the future of printed news publications ("no online database will replace your daily newspaper") and the cost of digitizing books would be too expensive since only 200 books had been digitized at the time more https://www.newsweek.com/clifford-stoll-why-web-wont-be-nirvana-185306 Stoll posted:Visionaries see a future of telecommuting workers, interactive libraries and multimedia classrooms. They speak of electronic town meetings and virtual communities. Commerce and business will shift from offices and malls to networks and modems. And the freedom of digital networks will make government more democratic. lol
|
# ? Dec 20, 2019 00:55 |
|
|
# ? May 27, 2024 18:56 |
|
quote:And the freedom of digital networks will make government more democratic. Well, he was right about this at least.
|
# ? Dec 20, 2019 01:07 |
|
DrPossum posted:My father made me read Stoll's book "Silicon Snake Oil" because he also thought the internet was a dumb fad https://www.youtube.com/watch?v=IRNp5a2joBo
|
# ? Dec 20, 2019 01:13 |
|
i mean he's right the internet sucks
|
# ? Dec 20, 2019 01:15 |
|
also if you want more old cliff stoll, here's CLIFF STOLL, NEW-AGE DETECTIVE, TONIGHT ON NOVA https://www.youtube.com/watch?v=hTx9h3Sm29I
|
# ? Dec 20, 2019 01:16 |
|
https://www.theguardian.com/world/2019/dec/02/china-brings-in-mandatory-facial-recognition-for-mobile-phone-usersquote:All mobile phone users in China registering new SIM cards must submit to facial recognition scans, according to a new rule that went into effect across the country on Sunday. whoa I missed this one
|
# ? Dec 20, 2019 01:44 |
|
Methanar posted:https://www.theguardian.com/world/2019/dec/02/china-brings-in-mandatory-facial-recognition-for-mobile-phone-users unpacked robinhood posted:Hanalytics
|
# ? Dec 20, 2019 02:14 |
|
wuwo https://www.zdnet.com/article/wawa-says-pos-malware-incident-impacts-potentially-all-locations/
|
# ? Dec 20, 2019 02:16 |
|
They should at least ban all use of magnetic stripe cards/readers and give people different numbers to use online that aren't printed or encoded in the cards. It's dumb that despite all the effort to switch to chip cards it's still possible to steal the data to use however its being used.
|
# ? Dec 20, 2019 02:21 |
|
mystes posted:They should at least ban all use of magnetic stripe cards/readers and give people different numbers to use online that aren't printed or encoded in the cards. It's dumb that despite all the effort to switch to chip cards it's still possible to steal the data to use however its being used. my bank used to have a feature where you could generate a cc number with arbitrary expiration and credit limit for use online, and i wrote one of the generated numbers onto a blank card and used it at a gas station just for kicks once. they dumped it a few months ago which was kind of annoying but on the other hand, the generator required flash so on the whole i may be better off.
|
# ? Dec 20, 2019 02:30 |
|
Midjack posted:my bank used to have a feature where you could generate a cc number with arbitrary expiration and credit limit for use online, and i wrote one of the generated numbers onto a blank card and used it at a gas station just for kicks once. they dumped it a few months ago which was kind of annoying but on the other hand, the generator required flash so on the whole i may be better off. It would be nice if we could use different numbers for each transaction or something like TOTP codes instead of the static CCV but I was literally just talking about one separate, static card number for internet transactions so that it's at least impossible for someone to copy your number from the physical card. mystes fucked around with this message at 02:44 on Dec 20, 2019 |
# ? Dec 20, 2019 02:40 |
|
mystes posted:Capital One apparently still has something like this but it's a browser extension with a "virtual assistant" that will offer to generate the numbers when you're on a check out page and no way in hell am I going to install that. iirc there’s something in the pci spec that requires a human readable number on the card for offline processing (power outage at grocery store or similar). been a while since i had to mess with payment cards so i may be wrong.
|
# ? Dec 20, 2019 03:04 |
|
DrPossum posted:My father made me read Stoll's book "Silicon Snake Oil" because he also thought the internet was a dumb fad he was 100% right about all of that though his one mistake was assuming that the old good stuff would stick around, rather than being replaced by worthless garbage no one likes
|
# ? Dec 20, 2019 03:50 |
|
Main Paineframe posted:he was 100% right about all of that though he was right about the internet becoming an open sewer of unverifiable data the part about physical retail thriving because "we need salespeople"... not so much
|
# ? Dec 20, 2019 04:06 |
|
Midjack posted:wuwo oof
|
# ? Dec 20, 2019 04:07 |
|
Midjack posted:wuwo Looking forward to memorizing my credit card number again
|
# ? Dec 20, 2019 04:32 |
|
Midjack posted:wuwo heh well it’s good that I replaced the card I use since I’ve been to wawa not because of a breach but because I put it in my mailbox because I’m dumb and thought I lost it
|
# ? Dec 20, 2019 04:51 |
|
great, nice, i go to wawa all the time. chaos reigns
|
# ? Dec 20, 2019 05:36 |
|
mystes posted:It would be nice if we could use different numbers for each transaction or something like TOTP codes instead of the static CCV this is basically what happens when you use a tokenized system like apple pay
|
# ? Dec 20, 2019 05:49 |
|
that article seems to say the malware was on the point of sale, but the actual wawa release says "servers" and then "in-store payment processing systems" which is weird also the special customer hotline they set up to answer questions is contracted out to experian, because of course experian would offer "data breach information hotline"-as-a-service also also just to further show how utterly worthless the "free year of credit monitoring" is they just put the sign-up information on their website so literally anyone can sign up regardless of if they were even a customer
|
# ? Dec 20, 2019 06:15 |
|
https://www.reddit.com/r/sysadmin/comments/eck1ob/threatened_with_firing_after_finding_security_hole/quote:So, I will try and summarize this as best I can. i like this response quote:Yes, they can fire you. I know of other companies that have a routine rule of firing anyone who brings up any security issues.
|
# ? Dec 20, 2019 06:51 |
|
Midjack posted:iirc there’s something in the pci spec that requires a human readable number on the card for offline processing (there is a fixed number, you can reveal it using the phone app, or it’s autofilled in macOS / iOS as needed. and the magstrip has it encoded)
|
# ? Dec 20, 2019 06:53 |
|
Midjack posted:iirc there’s something in the pci spec that requires a human readable number on the card for offline processing (power outage at grocery store or similar). been a while since i had to mess with payment cards so i may be wrong. FYI, PCI doesn’t have anything to do with the physical cards, it’s just about the storage of card data. There’s some ISO specs around the location/characteristics/format of the magstripe/emv chip/card number embossing. your biggest hurdle if you’re making an apple card is probably convincing mastercard to let you throw out their style guide.
|
# ? Dec 20, 2019 08:54 |
|
DrPossum posted:My father made me read Stoll's book "Silicon Snake Oil" because he also thought the internet was a dumb fad i think the guy still has a solid point about e-commerce, even if maybe he did not mean it this way... what i mean is that the personal-human aspect of the shopping experience is now neatly capitalismically optimized so that the buyer personally has a really good and comfortable experience, and the seller's personal experience involves grueling 14h days with timed piss breaks just like reading news online has bankrupted a lot of newsrooms, leaving everything in the hands of murdoch & fuckerberg. *record scratch* but getting back on the topic of security and credit card numbers... my boss was arguing the other day that it's possible to "decrypt" hashed CC information - this feels like bullshit to me, even though you can sort of argue that there really are not that many CC-CVV-expiry date combinations to brute force a hash i would expect that companies encrypt that information, but he was specifically arguing about hashed data.. maybe just confusion of the terms?
|
# ? Dec 20, 2019 11:59 |
|
Penisface posted:
there are a lot less than 10^15 valid primary account numbers, and if you’re also storing like “visa ending in 4200” that’s down to less than 10^12 plus now you have a check digit adding three digits for cvv, and three for date (it’s probably really 2.1 for date) gets you to 10^18 hashcat on a g3.4xlarge can do > 10^9 sha2-256 hashes per second, so that’s 10^6 gpu seconds, or 12 GPU days, to burn through the whole gamut which is why they really want you to tokenize cards numbers instead of storing them verbatim, also when someone gets their card skimmed at a gas station it doesn’t have to invalidate stores tokens
|
# ? Dec 20, 2019 13:49 |
|
Penisface posted:i think the guy still has a solid point about e-commerce, even if maybe he did not mean it this way... Stoll had lots of good/prescient/true points, except he doubled down and went all-in on the luddite angle. I don't know if you deserve to get kudos for that.
|
# ? Dec 20, 2019 13:57 |
|
i can’t see anything about wawa and not immediately start playing pennsylvania by bloodhound gang in my head.
|
# ? Dec 20, 2019 14:54 |
|
Cocoa Crispies posted:there are a lot less than 10^15 valid primary account numbers, and if you’re also storing like “visa ending in 4200” that’s down to less than 10^12 plus now you have a check digit in reality it's even less than that. if you know the issuer of the card the first 6 (or so it varies but 6 is common) digits of the card number are per issuer. plus most (all?) card numbers will pass a Luhn check so that invalidates a lot of potential numbers.
|
# ? Dec 20, 2019 15:09 |
|
Penisface posted:i think the guy still has a solid point about e-commerce, even if maybe he did not mean it this way... i mean for upmarket physical location retailers the ~shopping experience~ is still real important and brings people in because they're boomers with money and habits so he was kinda right, he just didn't really anticipate that 80% of people don't actually care
|
# ? Dec 20, 2019 16:02 |
|
The_Franz posted:he was right about the internet becoming an open sewer of unverifiable data eh, people do go to physical retail to look at the products and sometimes even talk to the salespeople. it's just that instead of actually buying poo poo at the store, they go home and buy the cheapest Amazon result instead, without realizing that it's a fake listing and that they just bought a Chinese knockoff that'll break after three months. but they don't care because even the real thing breaks the day after its six-month warranty expires similarly, why worry about your payment information getting compromised via online shopping when all the stores have hooked their payment systems up to systems that are connected to the internet, so you're just as exposed to online thieves even if you shop in person? i think he accurately predicted that the higher-tech versions of things would be absolute poo poo. he just failed to predict that the low-tech versions would also follow that lead and get even shittier
|
# ? Dec 20, 2019 16:35 |
|
lmao https://twitter.com/SwiftOnSecurity/status/1208056834881466368
|
# ? Dec 20, 2019 17:16 |
|
|
# ? Dec 20, 2019 17:20 |
|
https://www.youtube.com/watch?v=mqzTmzyMmtU
|
# ? Dec 20, 2019 17:32 |
|
how do you make that typo, v isn’t even next to t
|
# ? Dec 20, 2019 18:01 |
|
|
# ? Dec 20, 2019 22:14 |
|
also i kinda respect the hustle of the burkinese entrepreneur who bought my email. first it was copper & sesame seeds, now its:quote:I know that this letter will be a very big surprise to you, I just came across your email contact from my personal search, I’m a business woman from Mongolia dealing with gold exportation here in Republic of Burkina Faso. I was...
|
# ? Dec 20, 2019 22:16 |
|
Shame Boy posted:that article seems to say the malware was on the point of sale, but the actual wawa release says "servers" and then "in-store payment processing systems" which is weird one thing that sticks out to me on this is neither Wawa nor the CC companies found evidence of fraudulent use of the cards. If they’ve been sitting on this for eight months or so and haven’t sold it or acted on it then what am I missing?
|
# ? Dec 20, 2019 23:14 |
|
Soricidus posted:how do you make that typo, v isn’t even next to t took a bit
|
# ? Dec 21, 2019 04:26 |
|
Mr. Nice! posted:i can’t see anything about wawa and not immediately start playing pennsylvania by bloodhound gang in my head. little gto
|
# ? Dec 21, 2019 05:20 |
|
|
# ? May 27, 2024 18:56 |
|
lmfao, I've never seen that one before. Turns out lomarf chome is pro youtube search https://www.youtube.com/watch?v=aOl2FOw_FYo
|
# ? Dec 21, 2019 11:50 |