Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Not good enough (Score 4, Interesting) 21

That's a problem across the whole web and, at least the deletion part, happens more often than you'd think. When I've updated links on Wikipedia, I note that it not only asks for a CAPTCHA but alerts editors to the change, in case the change was malicious.

I think the motivation is good, but the implementation (as I understand it) could be better. Perhaps what is needed is to add a Wayback link alongside the original one. Does Wikipedia have a process for human review of broken links? In the cases I've found, replacement links can be found quickly for content that just moved.

Comment Not good enough (Score 2) 21

I have found many cases on Wikipedia where the links are broken but the correct content exists at a different URL. This auto-archive system would bypass that and perhaps prevent ever recognizing that the link target still exists. This is especially an issue for links to corporate and government pages where someone periodically gets the bright idea to reshuffle the web site's organization and doesn't put in permanent redirects.

Comment Re:Incentivized is not necessarily fake (Score 4, Interesting) 77

I write such reviews - both for Amazon Vine and for vendors who offer me free or discounted products. I take my reviewer role seriously and don't treat a review any differently if I paid for the item or not. I recognize that that there is a serious abuse problem - my fellow reviewers use the term "coupon queens", though these can be both male and female - and I applaud Amazon taking this position even though it means I will receive fewer items to review.

I would urge you, though, not to automatically downvote incentivized reviews. If you believe the review is genuinely not helpful, ("I haven't received it yet but I'm sure my grandson will like it, unless I sell it on eBay first..), downvote away. But there are good reviewers out there trying to help purchasers as if they had bought the item themselves. Indeed, those who paid for an item are often biased in favor of it so as to not appear foolish for having spent the money.

Comment Re: Turn it off (Score 1) 385

You misunderstand the threat. It is not that an attacker uses MITM to relay the data, though that has been demonstrated. The threat is due to the cardholder data (name, account number and expiration date) being readable in plaintext from hundreds of meters away using readily available and inexpensive equipment. This data can then be used to perform offline transactions or other identity fraud ("what are the last four digits of your credit card number..." sort of "verification" questions.)

Even just knowing the name of a cardholder passing by could be a security risk (ask in nearby hotel for the room of Jane Doe, etc.)

Comment Re:Shielding, jamming (Score 4, Interesting) 385

But consider what happened to me last year on the first day of a two-week international vacation. I got a notice from my primary card bank (Chase) that my card had been compromised and that they would cancel it and send a new one. The problem was that I was depending on this card (which has no foreign transaction fees) and I would be moving around every two days meaning that it would be difficult to get a new card to me quickly. They did offer a compromise - disable any card-not-present transactions and had me list which countries I would be in, until I could return home. I had several online purchases outstanding so I had to scramble to fix those, and even then I missed one of the countries I would be in and had my card declined twice before I figured out the problem.

I am sure this case was a leak from a merchant that stored card data insecurely, or maybe a skimmer somewhere. That card did not have RFID. We really do need to move quicker to a tokenized system. Even so, it was more than a minor annoyance to me.

Comment Re:Shielding, jamming (Score 3, Insightful) 385

Do you really think that the banks would have added a feature that makes fraud as easy as pointing an antenna at people walking past? Where are the crime waves of people draining accounts with concealed card readers?

Why yes, I do. It has been demonstrated numerous times, and is easy to reproduce on your own with inexpensive equipment. The specs are public (have you read them? I have.) Even EMV chips send your card information in plaintext - any encryption needs to be added by the terminal. You may not have read much about it as RFID cards are still uncommon in the US, but that is changing. The specs for this and EMV are more than a decade old and were designed for the banks' convenience, not your protection.

US banks have shown a singular unwillingness to invest in technology that helps their customers. In the US they fall back on "zero liability" terms that mostly shield customers from direct financial losses but then pass on the cost of billions of dollars of fraud to all consumers and merchants.

Slashdot Top Deals

Prediction is very difficult, especially of the future. - Niels Bohr

Working...