18 posts • joined Thursday 6th October 2011 16:04 GMT
Re: Pic or it didn't happen!
Busted. Nicely busted, in fact. . .
"Hackers MAY be able..." "Isolated incidents of this type of fraud ['man-in-the-browser' attack] have cropped up..."
I am constantly amazed that so few techies understand how 'man-in-the-browser' attacks work. Chris 68 gets it. He mentions that "in this attack the malware is activated while the victim is logged in to their bank. It intercepts the visuals and modifies them." Condiment doesn't, if he thinks that "the only thing they can do is transfer money to one of the payees I have already set up." I hope that he reads Chris 68's subsequent reply noting that "The malware would hold the transaction and modify the page..."
As for "isolated"... Not! Read KrebsOnSecurity.com for a while, and scan some of the 80 or so articles he's written detailing count after count of this type of crime. Dunno about GB, but in the US commercial account holders are not reimbursed for losses due to fraud. Instead of fixing the problem, banks throw money at lawyers to make it more difficult for customers to sue their banker. For several years malware has circumvented all known types of 2-factor auth, including redirecting cell phone numbers to the bot-master's phones.
Krebs convinced me with his first article in 2009 that booting Linux from a Live CD or Live USB is arguably the best possible protection from all of this. But, of course, it's inconvenient so no one will bother. After using this for a bit, I love the convenience... It's the ultimate portable app, with all of your account and app settings, along with encrypted data, available from the same USB stick booted using any PC or Mac with 1.5 Gig of RAM and a USB port.
Re: Still no competition for film, then?
Not in my lifetime, especially given the film used by this little camera:
"The Gigapxl™ camera captures single exposures on film with enough resolvable detail to support scanning at resolutions up to four billion pixels."
It's business, not personal. D'Oh!
I can't recall ever getting a job through a recruiter. However, I did spend over 30 years renting nice little houses to people. Best thing that happened was being able to get quick, comprehensive credit reports.
A glance told me everything that a person left out of their written and verbal interviews, including how good they were at organizing their life, and what I might expect to see if/when something went wrong with the situation (and even how likely it was that something would go wrong).
only one problem with that. . .
aren't FB lusers supposed to include employment details in their profile?
Or is that "Linked-in" . . . dunno, 'cause I don't use either one.
Well, yeah, but. . .
"The problem is... there isn't a better solution"
Yeah, but like he said:
"Nothing worse than having to fill in a WHOLE page of data again because of a mistyped captcha."
How effing easy is it to create a web form that can REMEMBER what you just typed? And how effing stupid is it to abuse your customers by not doing that simple nicety? One of my pet peeves also. Sheesh!
Unfortunately. . .
you are still browsing from the same IP address. I would expect that correlating different data based on IP is a big part of this game. Or are you using an anonymizer?
Freedom from responsibility
Completely understandable. There is another type of freedom that many don't like: freedom of choice.
Most people don't want a lot of options--it's an effort just to get through a day without hurting themselves. Thinking abstractly to arrive at reasonable conclusions is usually not possible. Ergo, follow the herd. Be a fanboi. Ahhhh, now isn't that easier?
Perhaps Mr. Stallman doesn't fully appreciate that the second you attempt to argue with idiots you become one.
Rymes with harlott
They're seeking here, they're seeking there
Those Home Boys  are seeking everywhere
Did hack3rs p0wn us or is it a coup?
Those demmed elusive CabinCr3w 
 Homeland Security Boyos
 Apologies to Baroness Orczy
Which is *exactly* . . .
" Erm... the average user of a computer *just wants to get the job done* and does not care at all about 'all the stuff under the hood'"
. . .why Linux doesn't even have a measurable percentage of the desktop market.
As much as I enjoy the Unix / Linux environment -- and I recently switched 100% to Ubuntu -- much of it still sux! Music players are pathetic (where's MediaMonkey for Linux?!), movie players are worse, and on, and on.
"i have absolutely no idea why you've been downvoted for that. Nothing more than the bare truth, in my view..."
It's likely an anti-FUD maneuver by Adobe employees tired of being bashed for distributing such shoddy products.
"But this, of course, is correct: 'They should require an actual office visit for setting or changing the phone number used for verification.' "
Easy for you, but rather more difficult for those of us living abroad. You suggest it's appropriate that expats and workers overseas be required to spend time and money traveling simply to register the change of a phone number?
As the Web, like email before it, was never designed to be a secure environment, it's time for the banking industry to step up and take an honest look for ways to rectify the problems. Either that or banks should become liable for the "unusual transactions" to money mules which are at the heart of the fraud involving commercial accounts.
Yahoo!? What's a Yahoo!?
Oh, right... I remember: Used them for a while back in the mid '90s when they got their start in a trailer parked on a back lot of Stanford University... Then one day they decided to start using pop-up ads and I switched over to Google.