Feeds

* Posts by Eugene Crosser

182 posts • joined 20 Oct 2007

Page:

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Eugene Crosser

relative difficulty

the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.

This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).

Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.

2
0

Crims zapped mobes, slabs we collared for evidence, wail cops

Eugene Crosser
Boffin

Faraday cage will not help

Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.

2
4

Bash bug flung against NAS boxes

Eugene Crosser

Miscreants will be hard pressed to find bash on embedded systems

- they usually run busybox(/ash) or some other "lesser" shell.

"Real" servers, and especially hosted VMs that boot from pre-built system images are probably more lucrative.

0
1

Kenyan court case could sound death knell for mobile money

Eugene Crosser

Does it promotes or prevents competition?

Let me get it straight.

  • Vodafone has introduced "mobile money", with great success.
  • Some local bank(s) decided to introduce their own mobile money, to compete with Vodafone.
  • Vodafone tried to prevent banks from doing that, on the pretext that the technology proposed by banks weakens the security of the SIM.
  • Court gave the bank(s) green light, so both parties can now compete for the customer.
  • There is no sign (so far) of the banks trying to outlaw Vodafone's service.
What I am missing, when I think that this is good news?

7
1

Unchanging Unicorn: Don't be disappointed with Ubuntu 14.10, be happy

Eugene Crosser

Cinnamon

on utopic, is apparently available in the 'universe', i.e. it is again a part of official Ubuntu.

(mate vs. cinnamon is a matter of personal preference, mate being a "resurrected gnome 2", and cinnamon - "reversed gnome 3".)

5
0

Plucky Playmonaut parties as LOHAN hits Kickstarter goal

Eugene Crosser
Pint

Masterly done!

Meeting the goal with just two days margin is very... precise! Cheers!

0
0

Murdoch to Europe: Inflict MORE PAIN on Google, please

Eugene Crosser

Re: Dear Google, please!

Right! I mean, do we have to wait FIVE YEARS for this bore to be killed at last?

5
0

Bonking with Apple has POUNDED mobe operators' wallets

Eugene Crosser

Re: I don't like it.

I'm not convinced about NFC payments though (via card or mobile) how is this safer than Chip and PIN?

NFC payments are not safer than EMV (known in Britain as "chip and pin"). Cards use basically the same messaging protocol over the wires and over radio. NFC is equally safe, but more convenient.

0
0
Eugene Crosser

boost or death

"The mobile payments world has hailed Apple Pay as the start of the mobile payments revolution, something which happens about as often as Voyager 1 “leaves the solar system”, but it could be the death of the technology. Apple Pay is (surprise!) an Apple-only system and doesn’t offer any way in for the operators.

On the NFC side, Apple Pay is standard EMV over NFC, like the bank-issued contactless cards. And like Google Wallet. If proliferation of Apple Pay makes the merchants rise their collective back-side from the chair and upgrade POS terminals, that will be a boost for all other NFC payment systems.

3
0

Leak of '5 MEELLLION Gmail passwords' creates security flap

Eugene Crosser

And here is why they did it:

  • Dump purported leaked passwords (but really just junk), publicise the move.
  • People hear about it, and rush to update their passwords.
  • Run DNS poisoning attack against mail relays
  • Intercept password reset links, and use them to hijack accounts
  • Profit!

5
0

Why has the web gone to hell? Market chaos and HUMAN NATURE

Eugene Crosser

Re: On what planet does The Guardian recruit?

I will concede that revenge porn is new

The idea is not: http://en.wikipedia.org/wiki/Nunc_Dimittis_%28short_story%29

... Not that I disagree with the rest

0
0

Super Cali signs a kill-switch, campaigners say it's atrocious

Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Well, it is much easier to protect IMEI against reflashing than the OS image.

0
0
Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?

Both the argument and counterargument in this debate are just stupid.

2
0

LOHAN Kickstarter bid IS GO: Back our Vulture 2 spaceplane launch

Eugene Crosser

typo

Just a nitpick: it says "Ad Adstra Tabernamque" near the bottom of the kickstarter page.

0
0

LOHAN packs bags for SPACEPORT AMERICA!

Eugene Crosser

Re: Post-Lohan...

Even if you where able to get to 160 km altitude by balloon you'd only save 20% in delta-v. 7.8×10³ m/s is quite a lot to gain...

But, hell, that would be something!

0
0

New twist as rogue antivirus enters death throes

Eugene Crosser

Re: Spelling

I guess it was (semi?)deliberate. But I wish they hadn't done it. It's pain enough to see in reddit comments.

0
0

Linux kernel devs made to finger their dongles before contributing code

Eugene Crosser
Thumb Up

Good for them, and for Yubico

Yubikey is much more convenient to use than traditional TOTP tokens (or google authenticator on the phone) where you have to type in the the code from the token's display. Good publicity for Yubico, too.

2
0

BitTorrent launches decentralised crypto-fied chat app

Eugene Crosser
Headmaster

Targeted vs. opportunistic

The stance "if you are a target then this technology won't help you" is red herring.

Of course it will not. If you are targeted then (presumably) you know what you are doing, and know how to protect yourself.

The point of technology similar to this is to thwart NSA-style opportunistic eavesdropping rather than CIA-style targeted operations. As long as it works - job done.

1
0

OpenWRT gets native IPv6 slurping in major refresh

Eugene Crosser
Thumb Down

Come on!

OpenWRT has native ipv6 support, as well as support for a number of tunnel brokers, for I don't remember since when. I have ipv6 on my home system with Kamikaze up and running for several years.

0
0

Judge says there's no such thing as a 'Patent Troll'

Eugene Crosser

Surely a typo?

“without unduly prejudicing GPNE or confusing the jury.”

Otherwise, I agree with those who pointed out that "patent troll"/"nonpracticing entity" is a distraction. "Real" company using patents to prevent competition is no lesser evil than a troll collecting patent rent.

0
0

We're ALL Winston Smith now - and our common enemy is the Big Brother State

Eugene Crosser

Bravo, but..

Thanks Mr. Worstall for spelling the word of reason! Data gathering in the interest of commerce has indeed quite different implications from data gathering in the interest of the state.

But, monopolization of commercial data gathering greatly simplifies state data gathering, and for this reason is dangerous. I share the view that we'd be better off if more of our Net life happened in distributed systems (similar to email) and less - in centralized (similar to Facebook).

1
1

CERN and MIT chaps' secure webmail stalled by stampede of users

Eugene Crosser

Cameras for hacks: Idiot-proof suggestions invited

Eugene Crosser

Canon

is to my experience the best in the class that you describe. I've been using IXUS 80is for several years, recently replaced by Powershot SX280hs. The picture quality is quite good for the size/price, looks very decent on a 30x40 cm print. And especially ixus is quite sturdy.

0
0

Crap flap-app flap chap yaps: Yes, FLAPPY BIRD is comin' back

Eugene Crosser

Anybody remembers SFCave

or its knockoffs? They've been here, like, forever. I remember playing on Palm Tungsten. Admittedly, the ribbon that you had to direct through the tunnel did not flap its wings, though. Sunflat is still alive, though I am not sure that there weren't any earlier versions.

(I want an icon of a man with long grey beard)

0
0

Roll up, roll up for the Commentards' Ball

Eugene Crosser
Pint

I will tele-toast from 2500 km away

cheers!

0
0

Netflix coughs up to cruise on Comcast

Eugene Crosser

Re: It's all about balance of payments

That's right, paying per Gb (or having capped tiers, like I have from my provider) is the way. The consumer should pay fair price for the service. That is capitalism.

By the way, the top tier, 100Mbit symmetric without caps costs under $30/mo where I live. Admittedly, we have multi-story buildings, so providing the last mile is cheaper per user than in the US.

0
2
Eugene Crosser
Flame

Do they call it free market?

Suppose I am a customer of Comcast's rival, let's call it "YMission". And I pay subscription to Netflix. It means that part of my money goes to help the rival of my provider, who does nothing for me. Why is it legal?

That is not to say, the content providers create the market for the ISPs, making the customers want to have Internet access. If anything, its the ISPs who owe to the Netflixes.

This does not look like capitalism at all.

4
1

The perfect fantasy flick for the online Valentine you've never met: Her

Eugene Crosser
Paris Hilton

Not only that

http://en.wikipedia.org/wiki/Simone_%282002_film%29

4
0

Cicada 3301: The web's toughest and most creepy crypto-puzzle is BACK

Eugene Crosser
Pint

There are not many people in the world who can pull this off

and most of them know each other, I think. Their effort just might be sponsored by an organisation for which some of them work, but I think it's more likely that they decided to do it for fun, to amuse themselves and to recruit like-minded people into their circle.

1
1

Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault

Eugene Crosser

Wait,

do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!

An that application is closed source, developed by a Russian company owned by a guy alleged to have ties with Russian secret service? And famous for advocating for compulsory real identity on the Internet?

Uh-oh...

14
2

Vladimir PUTIN officially HARDER than CHUCK NORRIS

Eugene Crosser

Please, please, Please let us see the match!

goes to fetch popcorn

4
0

How Google paved the way for NSA's intercepts - just as The Register predicted 9 YEARS AGO

Eugene Crosser

Re: I expect to get a zillion downvotes but...

"the NSA probably are after something is flagged it will inevitably end up at the hands of another person who has not been given explicit permission to read your email"

Just as a thought experiment, imagine that NSA establishes an automated system that scans emails, searches for specific signals, and notifies human operators that the people involved are suspect. Without presenting actual emails to the human operators. According to your line of thought, that would be acceptable, no? Human-free system at Google learns something from users' email and make decisions about advertising tactics. Human-free system at NSA learns something from users' email and makes decisions about investigatory tactics. I don't see much difference.

8
1

Vulture 2 paintjob: Kim Jong-un battles flag-waving Brits

Eugene Crosser

On a second thought,

forget bikini.

Bring Ariadne to Spain for a quick holiday, and let her do the job herself!

3
0
Eugene Crosser
Thumb Up

+1 David Stockman's

because it is:

- reminiscent of a bikini

- is red+white+blue as Union Jack

- has the Vulture logo (and in the right place too!)

0
0

Obama to Merkel: No Americans are listening to you on this call

Eugene Crosser

half-hearted outrage

If Angela Merkel or any other European leaders are so outraged by the NSA practices, they surely ought to show some gratitude to the person who made evidence of such practices public, and give him political asylum. No?

8
0

Web-email king Mail.ru gulps $15k fine, fights govt demand to slurp data

Eugene Crosser

Because they where not the spooks

In Russia, spooks basically get everything that they want without asking anybody, under the "СОРМ" (SORM) legislation. In this case, the company stood up to a request for data that came from somebody other then spooks, i.e. financial authorities. Nothing to see here, move along!

1
0

Thousands! of! Yahoo! Mail! users! driven! crazy! by! revamp!

Eugene Crosser

Re: Reply @Rascak

Accessing yahoo mail via IMAP (and presumably POP) is free, this is how I reach it from Android.

For that matter, you can perfectly access gmail with an IMAP client too.

2
0

Tape never died, it was just resting

Eugene Crosser

Tape never died, it was just rewinding

just sayn'

3
0

Multipath TCP: Siri's new toy isn't a game-changer

Eugene Crosser

Re: TCP/IP has been multi-path from the git-go.

@jake, err, no it hadn't

Sure enough, IP has always been, and is now, multipath. TCP session, however, is defined by the quadruple of source and destination layer3 addresses, and source and destination (layer4) ports. For a host with multiple interfaces that means one TCP session can use only one interface (at least, the incoming packets can only arrive on one interface). What they are talking about here is having different packets with different pairs of source and desitnation addresses belong to a single TCP session. Standard published in January 2013: http://tools.ietf.org/html/rfc6824

24
2

NSA in new SHOCK 'can see public data' SCANDAL!

Eugene Crosser

Social network != "Social network"

Someone on reddit makes a good point:

A lot of people commenting are confused by how New York Times is using the term "social network." They're not talking about Facebook, Myspace, etc. They're talking about the NSA secretly building graphsyour real-life social network without warrants: everyone you talk to, do business with, etc.

1
0

Do you trust your waiter? Hacked bank-card reader TEXTS your info to crims

Eugene Crosser

Re: Two part PIN?

Or, you could just use chip and pin.

Compromised terminal can show on screen that it's charging $10, but in fact charge $100. The only way is to build a mini display and keypad into the card.

1
0

Torvalds: 'We're not doing Linux95 … for a few years, at least'

Eugene Crosser

Linus Torvalds let the new name be known in a Git commit

... and regretted shortly thereafter.

0
0

Mail.ru says 'да' to half a BILLION dollars, flogs its 14m Facebook shares

Eugene Crosser
Black Helicopters

Re: satisfied customer

Depends on who you prefer to be watching you - NSA or FSB. For non-Russian citizens, it might be sensible to prefer FSB. But keep in mind that here you don't have even the token judicial oversight of the FISA court - they just take what they want without asking anybody.

0
1

Cloud backups: Where's my get out of jail card?

Eugene Crosser

Encrypted backup to rescue

When the data is encrypted (and decrypted for restore) locally on your system, and exists outside only in encrypted form, then the issues of ownership and sovereignty become largely irrelevant. I personally use duplicity.

0
0

Ciseco Pi-Lite: Make a Raspberry Pi trip light fantastic with 126 LEDs

Eugene Crosser

Re: sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0

http://stackoverflow.com/questions/10134901/why-sudo-cat-gives-a-permission-denied-but-sudo-vim-works-fine

When you use shell redirection, the file is opened by the shell process, that runs under the original userid. Sudo launches the command under root userid, and if it opened the file it would be able to, but it does not, it just uses stdout that was already opened by the shell. If it could.

If the command worked, it means that the file was writeable for the original userid, and running without sudo would also work. So, sudo is either unnecessary, or does not help.

0
0
Eugene Crosser
Holmes

sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0

will not work.

Exactly why it won't is left as an exercise to the writer.

0
9

What's the most secure desktop operating system?

Eugene Crosser
Boffin

Re: OpenBSD

Having a secure OS is not enough. These days, many exploits are very high level: XSS and suchlike. They never leave the browser, so the OS has no chance do deploy its defences.

Qubes mentioned in this thread tries to address this problem by sanboxing multiple instances of the browser in separate VMs.

4
0
Eugene Crosser
Thumb Up

Re: Qubes OS

Did not try it myself, but the concept looks about as good as you could get if you need to keep your system usable.

For curious, this is the place

4
0

Snowden speaks from Moscow: 'Obama lies'

Eugene Crosser

Double speak alert

Putin said "He must stop his work aimed at harming our American partners" ("Он должен прекратить свою работу, направленную на то, чтобы наносить ущерб нашим американским партнерам"). He did not say about it being "harmful to the US" as the author of this piece interpreted it. Putin't "American partners" are not necessary the "US, the Country".

Putin probably still feels that he belongs to the "intelligence community", and perceives the US secret service establishment as his partners, so it makes sense.

4
0

Page: