Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Winners and Losers In the World of Interfaces: 2013 In Review

snowraver1 Re:Why bother with the article (116 comments)

Slashdot - What's up with the no-download-necessary hentai porn sidebar ad?

about 7 months ago
top

Encrypted PIN Data Taken In Target Breach

snowraver1 Re:Why are they storing this data anyway? (213 comments)

Bah, I'm sorry...

[*ThereShouldBeAnAsteriskHere*]To my knowledge. I'd be happy/interested if someone could prove me wrong here.

about 7 months ago
top

Encrypted PIN Data Taken In Target Breach

snowraver1 Re:Why are they storing this data anyway? (213 comments)

I have been doing card processing for a living for 7 years now. The pin, of course, has to go over the wire along with the track2 data. How exactly that happens can differ greatly though. Larger merchants are more likely to use some sort of middleware processing software, and that introduces weaknesses. In many cases communication between the POS and middleware is plaintext. Scooping this data up would be trivial, but PCI mandates that unencrypted data has to be segregated off the network from non-PCI stuff. This makes things a bit trickier for an attacker.

As for Target, here's my take: This is the only information in the press release:

The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.

To help explain this, we want to provide more context on how the encryption process works. When a guest uses a debit card in our stores and enters a PIN, the PIN is encrypted at the keypad with what is known as Triple DES. Triple DES encryption is a highly secure encryption standard used broadly throughout the U.S.

If they were using "true" end-to-end encryption, there are no known attacks other than card skimmer magic*. If that was the case, there wouldn't be much of an investigation, as the facts (and scope) would be pretty clear.

That leaves a network packet monitor attack, a database related breach/attack, log file snarfing (depending on the vendor, log files can contain a LOT of data.), or something I'm not thinking of.

I find it odd that they say that pins have been pilfered, but not the card numbers. That, to me, suggests a DB related attack, and the attackers only got the pin table/columns. A list of pin numbers though, of course, is completely useless (8374 - Here's a free one) on it's own. Decrypting them should be trivial, given the limited number of possible pin numbers, even if the table was salted. But again, what would be the point. I'm guessing that the next release will say that card numbers were compromised as well.

As for the 3des part, It just doesn't make any sense. As other people have already said, 3des is symmetrical, so saying they don't have the key is impossible. My guess is that they are actually using SSL (which could then in turn negotiate a 3des key). If that is the case, then each session key would be unique, and target would never have "access" to it as it would only exist in RAM.

To my knowledge. I'd be happy/interested if someone could prove me wrong here.

about 7 months ago
top

AMD To Launch a Windows 8.1 Gaming Tablet

snowraver1 Re:Aaaaand... queue the Microsoft slamming... (119 comments)

FYI - While DEF does contain urea, it it the artificial kind, not the frosty piss kind. Also, cold temperatures ruin DEF.

about 8 months ago
top

Nearly 1 In 4 Adults Surf the Web While Driving

snowraver1 Re:I do this (365 comments)

set it to a collision that's double the actual speed they were driving while caught texting. (In other words, head-on collision with another vehicle doing the same speed

Actually, that is false. A head on collision with a vehicle of the same mass would be no different than the indestructible brick wall. Yes, when you add a second vehicle to the mix, you are doubling the amount of moving mass, but the absolute speed remains constant. In the end, the delta V is the same in both scenarios: X to 0. Now that we know that the delta V is the same, we just have to account for the deceleration rate, which is basically the same as the duration of the impact (crumple zones and all that). Since we have identical cars, they will deform at the same rate, acting as each others' brick wall. Once they collide, they would be exerting identical force on each other, so the front bumpers would remain in the same location, just like the brick wall. Since the front of your car can no longer move forward, the collision happens, and the body of your car absorbs the energy required to decelerate to 0. The energy released when two cars collide is doubled, but it is also spread over twice the area (ie, now you have 2 wrecked cars).

about 9 months ago
top

Chelyabinsk-Sized Asteroid Impacts May Be More Common Than We Thought

snowraver1 Re:Friction versus increasing pressure (50 comments)

I'm intrigued... so does friction play no part at all then? It must have some impact.

about 9 months ago
top

Autonomous Dump Trucks Are Coming To Canada's Oil Sands

snowraver1 Re:Oil Sands (165 comments)

Careful now... last time you declared war on Canada, your White House was burned to the ground.

about 9 months ago
top

Bell Canada To Collect User Data For Advertising

snowraver1 Re:If you don't like it (127 comments)

I had teksavvy for a couple weeks, but ended up having to cancel because Telus has old rickety phone lines in my area and so I could only get a high latency interleaved DSL connection. The ten savvy help desk is/was staffed by high quality personnel. It's really too bad the Telus has such shit lines...

about 9 months ago
top

Ask Author David Craddock About the Development of Diablo, Warcraft

snowraver1 Re:Speed vs. Strategy (109 comments)

I really like that question!

My question would be: WC3 introduced heros and creep camps that encouraged roaming around outside the base. SC2 remained pure units (no heros). Do you think that blizzard may resurrect the hero/creep style in the future?

about 10 months ago
top

Scientists Describe Internal Clocks That Don't Follow Day and Night Cycles

snowraver1 Re:Lunar clocks? (91 comments)

Warewolfs

about 10 months ago
top

USAF Almost Nuked North Carolina In 1961 – Declassified Document

snowraver1 Re:old, really old, news (586 comments)

The point is that of 4 safeguards in place, 3 failed to properly work. That's not concerning?

about 10 months ago
top

Canadian Scientists Protest Political Sandbagging of Evidence-Based Policy

snowraver1 First sentance should read : (216 comments)

Stephen Harper and the Harper government...

He demanded it, and it should be used in all articles, not just positive ones.

about 10 months ago
top

Writing Documentation: Teach, Don't Tell

snowraver1 Re:Stack Overflow (211 comments)

Sometimes when you are out of ideas, even a wrong idea can be a help.

about a year ago
top

Writing Documentation: Teach, Don't Tell

snowraver1 Re:Source code (211 comments)

Hate to reply to myself, but I forgot /?

about a year ago
top

Writing Documentation: Teach, Don't Tell

snowraver1 Re:Source code (211 comments)

-h? Next time, use all three of these: -?, -help, --help. I'm probably not going to try throwing -h at a program without having a clue what it might do.

about a year ago
top

Writing Documentation: Teach, Don't Tell

snowraver1 Re:Documentation vs Tutorial (211 comments)

One problem I encounter all the time is what level of competence should be assumed? If I write "try ping host xyz" should I assume they can successfully pingtest something and interpret the results? For ping, yes maybe I should assume that, but what about grep? Grep isn't officially supported by the organization so...

I feel like I'm wasting my time writing instructions for simple tasks, but I also feel that I have to write as I though a monkey is the intended audience. I hate to say it, but it's the godawful truth, that there are too many people in IT that can only read-and-do.

about a year ago

Submissions

top

Chinese Hackers Target Canadian Buisnesses

snowraver1 snowraver1 writes  |  about 2 years ago

snowraver1 (1052510) writes "A leading cyber-crime expert says foreign hackers who launched a massive attack on Canadian government computers last fall also broke into the data systems of prominent Bay Street law firms and other companies to get insider information on an attempted $38-billion corporate takeover. Daniel Tobok, whose international cyber-sleuthing company was called in by a number of the firms hit by the attacks, says the hacking spree from computers in China were all connected to last year's ultimately unsuccessful takeover bid for Potash Corporation of Saskatchewan. The cyber-forensics guru with prominent clients around the world calls the assault on Canadian companies and the government "one of the biggest attacks we have ever seen.""
Link to Original Source
top

Poll Suggestion - Do you Pee in the pool?

snowraver1 snowraver1 writes  |  more than 3 years ago

snowraver1 (1052510) writes "Do you Pee in the pool?
Option 1 — Never
Option 2 — Only in public pools
Option 3 — I pee with impunity!
Option 4 — Only if Cowboy Neil is in the pool."
top

Original Xboxes getting disconnected from XBL

snowraver1 snowraver1 writes  |  more than 4 years ago

snowraver1 (1052510) writes "On April 15, 2010 Microsoft will discontinue Xbox LIVE service for original Xbox consoles and games, including Xbox 1 games playable on Xbox 360. The first step in this process will be to turn off auto-renewals for those members who only use Xbox LIVE on a v1 Xbox. According to Microsoft, this change will allow them to continue evolving the LIVE service with new features and experiences that fully harness the power of Xbox 360 and the Xbox LIVE community."
Link to Original Source
top

MS offering Core & Arcade XBOX360 users cheap

snowraver1 snowraver1 writes  |  more than 5 years ago

snowraver1 (1052510) writes "Arstechnica has an article that says Microsoft is finally holding a promotion to get all those Core and Arcade owners some storage space.

"Gamers need only to go an official Microsoft page and enter their serial number and console ID to see if they quality[sic]; it appears that only Core or Arcade units can take advantage of this promotion. This is Microsoft's answer to their promise of a "storage solution" in order to allow all gamers to take advantage of the new UI and Avatar functionality launching on November 19. That update will require 128MB of storage space, which would leave precious little space on the Arcade's included 256MB stick. "

Link to Original Source
top

Best way to crack .rar archives?

snowraver1 snowraver1 writes  |  more than 6 years ago

Snowraver1 (1052510) writes "Occationally after downloading files from the Internet I'll notice that the file downloaded is a .rar file within a .rar file. The first "layer" of raring is not password protected, but the .rar file that gets extracted from the first archive is password protected. What I'm left with is a password protected .rar file and anger. My question to everyone here is: What is the best way to crack a password protected .rar file? I have seen some crappy shareware brute force type programs, but I was thinking something more like RainbowCrack. Is there a way to extract the password hash value from the .rar archive and use RainbowCrack to crack it?"

Journals

snowraver1 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...