tag:blogger.com,1999:blog-8587336.post1365603774599048894..comments2024-03-29T00:39:31.629-07:00Comments on CONTRARY BRIN: The end of ID and credit card safety? Must e-commerce be destroyed?David Brinhttp://www.blogger.com/profile/14465315130418506525noreply@blogger.comBlogger52125tag:blogger.com,1999:blog-8587336.post-20221406082734001622013-02-15T11:01:30.173-08:002013-02-15T11:01:30.173-08:00No one is going to eliminate every possible path t...No one is going to eliminate every possible path to identity fraud, but suffering a few percentage points of fraud is intolerable when the credit companies try to foist the liability back on us.<br /><br />Fingerprint scanning isn't good enough on a large scale largely because we don't actually capture the entire fingerprint. Points on the print are captured and relationships between them are encoded. It is the reduced set that gets compared against the databases. Avoiding multiple hits requires capturing more data up front, but doing so won't help much when the database is filled with data using the older methods.<br /><br />Multi-factor identification systems are the way to go. A fingerprint is something I have. Combine that with something I know (a pin or longer passphrase) and you have two factors. I could use a smart-card with a digital cert and a pin as well and would be inclined to do that because the cert can increase in size as years go by to keep ahead of the computing power people have who would try to crack it. <br /><br />There is no reason we couldn't set up two and three factor ID systems for financial transactions and use the weaker methods for the tiniest amounts to keep things easy. Large loan docs and credit agreements might require the most authentication and the time the deal is closed while coffee purchases at the cafe might get done by waving your card at a reader.<br /><br />This stuff is solvable. It requires us to push the liability back onto the creditors, though. We shouldn't tolerate them blaming us for not verifying us.Alfred Differhttps://www.blogger.com/profile/01170159981105973192noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-35243743715893984402013-02-15T08:02:02.137-08:002013-02-15T08:02:02.137-08:00Paul451 asks "How much of that fraud comparis...Paul451 asks "How much of that fraud comparison is with consumer-level trade?", and the answer appears to be very little. <br /><br />The 5% of global costs figure applies to all sorts (but mostly corporate) fraud. The 3.4 % e-commerce fraud figure applies to consumer-based credit cards & interbank wire transfers.<br /><br />Another study ["Measuring the Cost of Cybercrime", weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf] sets the direct cybercrime costs at a pittance, arguing that defensive & indirect costs (ie. responses to cybercrime) cost society more by "an order of magnitude". As an example, the study refers to the 2010 botnet (spam) scare which earned its creators an estimated 2.7 Million dollars but cost society a disproportionate 1 Billion dollars in defensive costs.<br /><br />It follows that our social response to cyber, e-commerce & credit card fraud amounts to global hysteria because it is irrational, exaggerated & disproportionate. Globally speaking, we're just a flock of Chicken Littles who run around screaming "The sky is falling, the sky is falling" when we run into the least little setback.<br /><br />Human nature appears to be a study in the disproportionate response. <br /><br />Best.locumranchnoreply@blogger.comtag:blogger.com,1999:blog-8587336.post-36181699400968122692013-02-15T06:06:51.352-08:002013-02-15T06:06:51.352-08:00Paul, I'm going to go to bed shortly but I'...Paul, I'm going to go to bed shortly but I've been looking for a more detailed description than "pyrotechnic tear gas canister" in media reports and am yet to find one.Ianhttps://www.blogger.com/profile/01739671401151990700noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-2031758649250806752013-02-15T05:37:41.116-08:002013-02-15T05:37:41.116-08:00Ian,
The canisters in question contain 68% thermit...Ian,<br />The canisters in question contain 68% thermite, 29% barium nitrate, sulfur and a binder. Military surplus that was donated to the various police forces after 9/11. The military call it an "incendiary grenade".<br /><br />The sheriff even mentioned the model number when he listed the types of "tear-gas cannisters" used.<br /><br />Video of some Marines goofing around with one: <a href="http://www.youtube.com/watch?v=oiRJj2oRWnM" rel="nofollow">http://www.youtube.com/watch?v=oiRJj2oRWnM</a><br /><br />No one can confuse a dedicated incendiary device with tear gas or a smoke bomb.Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-49467609774337667782013-02-15T05:11:59.550-08:002013-02-15T05:11:59.550-08:00Reports of widespread panic. I laughed at the igno...Reports of widespread panic. I laughed at the ignorant backwoods yokels... and then...<br /><br /><a href="http://www.youtube.com/watch?v=b0cRHsApzt8&feature=player_embedded" rel="nofollow">http://www.youtube.com/watch?v=b0cRHsApzt8&feature=player_embedded</a><br /><br />Yeah. That.Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-80141937609168401992013-02-15T05:05:50.440-08:002013-02-15T05:05:50.440-08:00Paul,
CS , the most common form of tear gas,is ac...Paul,<br /><br />CS , the most common form of tear gas,is actually a solid at room temperature<br /><br />In order to produce an aerosol, CS gas grenades either contain a mixture of CS and a flammable substance that's set on fire or a solution of CS in an organic solvent that's aerosolized by an explosive charge.<br /><br />Either way there's a risk of fire.<br /><br />Smoke grenades typically contain a mix of white Phosphorus and a colored dye. Same story.<br /><br />This has been the case as long as tear gas has been in use for crowd control.<br /><br />So it's not new and its not a conspiracy.Ianhttps://www.blogger.com/profile/01739671401151990700noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-22277587125139846382013-02-15T04:27:12.164-08:002013-02-15T04:27:12.164-08:00Small meteor fireball exploded over northern Russi...Small meteor fireball exploded over northern Russian towns. Reports of 500 injured, pictures of buildings damaged.Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-4546299203922896072013-02-15T03:55:11.173-08:002013-02-15T03:55:11.173-08:00Lockheed Martin is teaming up with Sierra Nevada t...Lockheed Martin is teaming up with Sierra Nevada to back their Dream Chaser spaceplane project.<br /><br />http://www.foxnews.com/science/2013/02/14/race-for-taxis-lifeboats-and-beyond-in-space/Ianhttps://www.blogger.com/profile/01739671401151990700noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-15878315242762048572013-02-15T01:58:08.220-08:002013-02-15T01:58:08.220-08:00Locumranch,
How much of that fraud comparison is w...Locumranch,<br />How much of that fraud comparison is with consumer-level trade?Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-72456898325615209612013-02-15T01:49:47.563-08:002013-02-15T01:49:47.563-08:00Anonymous,
Re: Kidnapping/thumb-cutting car-jack.
...Anonymous,<br />Re: Kidnapping/thumb-cutting car-jack.<br />Dumb security. Common sense says you let the car start and drive away, while sending a silent GPS-alert to the security-company and/or police, then cut out the immobiliser somewhere very public. (Ideally, you use it to track and trap the thieves, if police are on the ball.)Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-73401269787978765492013-02-15T01:09:10.900-08:002013-02-15T01:09:10.900-08:00Systems don't need to be 100% effective - peop...Systems don't need to be 100% effective - people have been writing bad checks, for example, for centuries.<br /><br />They just have to be effective enough to deter most of the crooks, most of the time.<br /><br />Yes, a thief could, for example, steal your credit card and mobile phone, hack a computer system to discover your pin and then somehow work out the pin to unlock your phone in order to respond to the SMS with the second password they need to get a credit card transaction approved.<br /><br />Or, seeing as they've gone to the trouble of stealing your credit card and phone. They could just use the card to buy stuff (electing to sign rather than use a PIN) and then return it for a cash refund and then sell your phone.Ianhttps://www.blogger.com/profile/01739671401151990700noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-69227926663843910382013-02-14T22:25:05.230-08:002013-02-14T22:25:05.230-08:00inneresting comments Been busy training the new iM...inneresting comments Been busy training the new iMac... but appreciate the interesting and somewhat scary insights...<br /><br />will report more soon<br /><br />David Brinhttps://www.blogger.com/profile/14465315130418506525noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-78308697969710257672013-02-14T21:55:50.377-08:002013-02-14T21:55:50.377-08:00Whole topic is a bit of a probability fallacy, amo...Whole topic is a bit of a probability fallacy, amounting to less than or equal to 5% of total global commerce.<br /><br />The 2012 Report to Nations estimated that global fraud amounted to 5% of total global economic expenditures: www.acfe.com/uploadedFiles/ACFE.../2012-report-to-nations.pdf<br /><br />Additional sources estimate that E-commerce fraud accounted for approximately 3.4 % of total E-commerce traffic: www.rsa.com/products/EDS/.../11783_WP_eCOMM_0712.pdf<br /><br />That means that e-commerce is ONLY 95 to 97% safe. How horrifying !!! Let's abandon E-commerce as a lost cause !<br /><br />Best.locumranchnoreply@blogger.comtag:blogger.com,1999:blog-8587336.post-7680703779561697652013-02-14T16:43:41.470-08:002013-02-14T16:43:41.470-08:00I dunno about fingerprints as ID. Not without a wa...I dunno about fingerprints as ID. Not without a way of verifying that they are still attached to a living finger:<br /><br />"The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.<br /><br />But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner's fingerprint to disarm it.<br /><br />They stripped Mr Kumaran naked and left him by the side of the road - but not before cutting off the end of his index finger with a machete."<br /><br />http://news.bbc.co.uk/2/hi/world/asia-pacific/4396831.stmAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8587336.post-22467490983679079022013-02-14T15:38:05.007-08:002013-02-14T15:38:05.007-08:00so many of these schemes seem devised by idiots wh...<i>so many of these schemes seem devised by idiots who would actually increase the consequences to me if someone was determined enough</i><br />Or the subdermal microchip thing. Bad guys come and cut them out. Or stick their in you and leave you to explain to the killbots you aren't the bad guy.<br /><br /><i> I mean, how are they going to put a stray thumb under the scanner without someone looking askew?</i><br /><br />They wouldn't. The Mythbusters just lifted a thumbprint off a dirty glass, then used a copy of it on the scanner. You have to work harder if people are watching, but it can be done with cosmetics and a little latex. like Mission Impossible, but much simpler.sociotardhttps://www.blogger.com/profile/11697154298087412934noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-80302168234530819292013-02-14T12:45:45.997-08:002013-02-14T12:45:45.997-08:00I still think a thumbprint scanner would work bett...I still think a thumbprint scanner would work better than credit card signatures. The technology exists already with laser scanners. And it would be more problem than it's worth for the average credit card thief to try to acquire someone's thumbprint. I mean, how are they going to put a stray thumb under the scanner without someone looking askew? ;) Not to mention you now have a criminal wanted for mutilation rather than petty theft.<br /><br />Of course, determined hackers would just insert into the system the new thumbprint, but that's a matter of system security on the bank's level, and requires far more resources than a number of credit card frauders would be able to use.<br /><br />ROb H.Acacia H.https://www.blogger.com/profile/07678539067303911329noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-54894397553157175602013-02-14T12:23:44.373-08:002013-02-14T12:23:44.373-08:00To follow up sociotard's point, there was the ...<br />To follow up sociotard's point, there was the ploy where the bad guys tear out the eyeball to gain entrance to the retinal-scan device, or now it's extract my blood to get into my workplace - so many of these schemes seem devised by idiots who would actually increase the consequences to me if someone was determined enough.<br /><br />The one in David's main article, about the back-door chips hidden in so many devices, is the one I don't like. And I think I know where much of the blur is coming from. Because a random sampling of outsourced chips could be done at fairly low cost and simply do some photo comparisons between design and the final chip. But when the plan begins to be done by outsiders, the original insiders may be hesitant to talk about it because they were doing it first. Jumperhttps://www.blogger.com/profile/11794110173836133321noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-17954308681040817542013-02-14T11:56:28.680-08:002013-02-14T11:56:28.680-08:00Remember that awesome Mythbusters episode where th...Remember that awesome Mythbusters episode where they fooled the biometric scanner with copied fingerprints?sociotardhttps://www.blogger.com/profile/11697154298087412934noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-32914145517742784862013-02-14T09:20:31.338-08:002013-02-14T09:20:31.338-08:00The original biometric ID is already falling. Fro...The original biometric ID is already falling. Frontline did a documentary about fingerprint analysis bringing up spurious accusations. It seems that while fingerprints might be unique, they are not unique enough.<br /><br />In the old days, when the Continental Op could build up a suspect list from people who had been in San Francisco, and near the Montgomery Hotel, on a particular day, then fingerprint ID could be useful to sort out the involved from the uninvolved. (Fingerprints played no part in that particular story; I just wanted names I could use and deny choosing them on purpose.)<br /><br />That's not what happens now. Prints are lifted and submitted to nationwide or worldwide databases. There's enough of a Birthday Paradox at that scale to bring all kinds of people into the net. It might even be that DNA ID could get that way, once we make it big enough.Melnoreply@blogger.comtag:blogger.com,1999:blog-8587336.post-25453404372562672712013-02-14T05:19:38.911-08:002013-02-14T05:19:38.911-08:00If anyone is curious:
https://www.youtube.com/wat...If anyone is curious:<br /><br /><a href="https://www.youtube.com/watch?v=SCdqybEfy9w" rel="nofollow">https://www.youtube.com/watch?v=SCdqybEfy9w</a><br /><br />"We're gonna go forward with the plan, with the burn... Just like we talked about... Seven burners deployed and we have a fire..."<br />Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-52839002020433938332013-02-14T04:34:55.646-08:002013-02-14T04:34:55.646-08:00Tim H,
My point wasn't whether the tactic was ...Tim H,<br />My point wasn't whether the tactic was valid, but that the police lie about it to the public, and the news media is happy to support and repeat the lie.<br /><br />There's an audio recording of the police communications during the siege. Speaking of beginning the "plan from this morning", moving in with the "burners" (slang for incendiary grenades the police got from the military after 9/11.) That the snipers heard just one shot coming from the cabin (Dorner's suicide?). The efforts to get an even burn across the building. (There are also people who have reported hearing the same thing on police scanners.)<br /><br />But... the police repeatedly called the fire an accident caused by tear gas cannisters. Bluntly stating that they would never plan to set fire to a building. And it gets repeated without challenge by the news media.<br /><br />So it's a clear tactic that must be trained for, has special equipment for, and yet is lied about because, presumably, the public isn't ready to hear about it. And the media goes along with the suppression, in the name of "operational security".Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-59456127738082403202013-02-14T03:22:36.130-08:002013-02-14T03:22:36.130-08:00Concerning police tactics, if you're dealing w... Concerning police tactics, if you're dealing with a Jimmy Lee Dykes, it's not a bad thing. Go here:<br />derfcity.com/blog/blahblahblah.html<br />Look for: "Here's to the jackbooted thugs!"Tim H.noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-82532720766725980642013-02-14T02:58:54.335-08:002013-02-14T02:58:54.335-08:00This article had a couple of command line tools yo... This article had a couple of command line tools you'll need if you go spelunking for files:<br />http://www.tech-recipes.com/rx/3104/os-x-show-hidden-files-and-folders-in-mac-os-x-finder/<br />Apple's getting a bit prude about covering the unix underpinnings, but in fairness, a user could easily rove things up badly in there, but if you've gotta' peek, try this in terminal:<br />defaults write com.apple.finder AppleShowAllFiles TRUE<br />finder will need to be restarted for this to work, to hide the clutter when you've had your peek, reenter the same command with FALSE at the end and restart finder.Tim H.noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-84418390342214711482013-02-14T01:10:09.274-08:002013-02-14T01:10:09.274-08:00It now seems to be standard police tactics now
An...<i>It now seems to be standard police tactics now</i><br /><br />And if not now, now when?Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.comtag:blogger.com,1999:blog-8587336.post-52166199306245727762013-02-14T00:33:41.738-08:002013-02-14T00:33:41.738-08:00Looking at the recent killing of former-LAPD-turne...Looking at the recent killing of former-LAPD-turned-murderer Christopher Dorner. It now seems to be standard police tactics now to run the suspect into a securable area, set snipers on all exists, send in a demolition team to open a breach in a wall/door/window, then fire incendiary grenades (aka "burners") through the gap to set the building on fire. Peppering fresh burners to ensure an even demolition of the building. If he leaves the building, he's hit by snipers, if he stays he's forced to commit suicide to avoid being burned alive. Ie, the old Hollywood image of the commander or negotiator trying to talk the suspect into surrendering via bullhorn isn't even an option any more.<br /><br />But regardless of the merits or morality of the new technique, or the actions of Dorner that led to his demise, it is interesting to see the media cooperation during the final kill. Stopping or restricting live video (which would show the breach & burn technique), consistently reporting that the police fired "tear gas" or, at most, "incendiary tear gas" whatever that means, instead of reporting what they actually saw or heard on the police scanners. Likewise, under-reports the killing of two innocents by police during the previous attempt at trapping and killing Dorner. It seems that the media supports the police's PR assumption that the public isn't ready to really understand the callousness of the new technique. (Leaving actual reporting to niche-media and anti-gov conspiracy nuts.)<br /><br />[The name rule: In this case, Dorner's story is more than just his crime. Ex-soldier, turned cop, turned whistle-blower, turned killer, turned trapped animal. This is more than the usual killer, so it's important to use his name.]<br />Paul451https://www.blogger.com/profile/12119086761190994938noreply@blogger.com