* Posts by dave

10 publicly visible posts • joined 31 Aug 2007

UK operation patents DVD lockdown

dave

Good enough and simple - I approve

No protection actually works - anyone who can be bothered will get a cracked version from the web.

More secure safedisc type stuff makes copies attractive, because they've not got this rubbish infecting it and are thus easier to use.

This though - it's barely protected, good enough to stop your mum who got it on her copy of womans own, but isn't complicated enough to actually cause any problems.

Who cares if you can get around the system - they're just after the low hanging fruit.

Craigslist boasts 95% drop in 'erotic services' listings

dave

Value for money policing?

It seems to me craigs list is letting the police catch criminals faster and for less - didn't the last article state over 200 convictions? That's $500 per conviction, an absolute bargain by any measure.

Is the real problem that the police don't actually want to enforce these unworkable laws but having it in a very public place like craigs list causes them political embarrasment?

Swedish police claim massive anti-piracy bust

dave

data equivalent to 16,000 movies??

What the hell does that mean?

I can have a backup server storing multiple archives that holds "data equivalent to 16,000 movies" but it's nothing more than tax returns!

If they can't actually say they found 16,000 movies I rather suspect they didn't and the 'data equivalent to" is a smoke screen.

eBay scammers work unpatched weaknesses in Firefox, IE

dave

Firefox patching?

What are Firefox patching?

Are Firefox going to block all XSS forever? That's a little extreme. Perhaps making it a security option turned off by default would be enough but I wonder how many sites use script from other domains?

If it's common enough any security option will just be ignored after the umpteenth warning.

Spooks told to get used to encrypted VoIP

dave

AES easy to crack?

I love the quotes saying AES is unsecure because the US government uses it - perhaps you'd feel better if we used a european algorithm such as Rijndael?

Merchants and punters cry foul over Verified by Visa

dave

@ Daniel B RE Tokens

"However, MasterCard SecureCode and VbV don't use this, and it seems it can't, even if I already have my OTP token in that bank"

3DSecure is simply a framework so a customer can be sent to the bank during the transaction, and the result securely sent to the retailer.

What happens on the banks servers, and how they come to decide if you passed or failed is entirely up to them - they can use tokens, or little calculator like devices or whatever they like.

VbyV password reset is childishly simple

dave

re: Tom Paine

Another reason why the banks need to publicise this - misinformation.

The whole idea of 3d secure, and why it's infinitley better than CVV, is you talk to your bank, not the e-commerce site, all the retailer does is get a link from visa, which they load into an i-frame (popups used to be common, but these days everything blocks them).

You then talk to your bank, nobody else, and when they're finished they bounce you back to a page on the retailers site.

This is why the little form you get from your bank (usually) has a greeting, something you've set before so that you know it's your bank your talking to and not a con.

Also, all banks implement their own (most UK ones seem to be through secure suite though), so Irish banks may well have better implementations - this lack of standardisation though is just another nail in the coffin.

Putin's dog gets satnav tracker collar

dave

re: you'll never frikkin' find it

I presume the system has a log, it had to move to get there so if it's turned off you assume it's stopped, or been run over.

CERT: Linux servers under 'Phalanx' attack

dave

The weak link

Makes a change from microsoft vulnerability stories - the cause is the same though, lazy admins not putting on months old patches.

I thought *nix admins were generally a bit more clued up than their microsoft colleagues though - guess not.

Facebookers bring HSBC to its knees

dave

re: Muneer

The term may mean something else in the US, but this is refering to an arranged overdraft facility - the bank has agreed in advance to give the customer a certain amount of overdraft interest free.

Most banks keep this interest free for 1-3 years after graduation, so they can get a job and pay it back.

HSBC thought they'd be clever and charge interest straight away, before they could possibly have paid it back.