Categories
Links

The credit card that may stop, or at least hinder, on- and offline fraud

From the article:

If someone steals your card, they won’t be able to use it without your code unlocking the number and coding the strip. Since the credit card number is generated fresh for each transaction, there is no data to be stolen in the case of a hack. Citibank is now using the cards in small pilot programs, and the company is hoping to see more banks and cities using the technology.

The dynamic nature of the magnetic strip opens up a number of other applications. I saw a card that had two numbers, so you can keep your business and personal accounts on the same card. You hit a flat button next to each number to select it; a light shines showing you which account is active, and the magnetic strip is coded with that number. Change accounts, and the magnetic strip is instantly reprogrammed. Each card comes with a battery that should last three years.

Of course, this technology is being developed because the US has been so bloody slow adopting the Chip + PIN system that most other nations are adopting. While there are certainly problems with Chip + PIN it makes a lot more sense to work on, and try to resolve, those problems instead of inventing convoluted new technologies to address known-bad systems. Curious about the payment card fiascos? Check out the comments of the Ars article, you might learn a lot.

Categories
Humour

dalal30336:

liberty+justice+equality+freedom = SECURITY !

This is what ‘balancing’ security with civil liberties often looks like in practice.

Categories
Links

NSA Releases (More) Secure Version of Android

It’s code is available to third-parties, so we can check for intentional flaws in the enhancements that the NSA has integrated into the Android OS. Still not sure how comfortable I’d be using an OS designed by the folks that do a considerable amount of US SIGINT and COMINT.

Categories
Links Writing

iOS and Android OS Fragmentation

Jon Evans, over at TechCrunch:

More than two-thirds of iOS users had upgraded to iOS 5 a mere three months after its release. Anyone out there think that Ice Cream Sandwich will crack the 20% mark on Google’s platform pie chart by March? How about 10%? Anyone? Anyone? Bueller?

OS fragmentation is the single greatest problem Android faces, and it’s only going to get worse. Android’s massive success over the last year mean that there are now tens if not hundreds of millions of users whose handset manufacturers and carriers may or may not allow them to upgrade their OS someday; and the larger that number grows, the more loath app developers will become to turn their back on them. That unwillingness to use new features means Android apps will fall further and further behind their iOS equivalents, unless Google manages – via carrot stick, or both – to coerce Android carriers and manufacturers to prioritize OS upgrades.

Android fragmentation is a pain for developers and, perhaps even more worryingly, a danger for users who may not receive timely security updates. To be sure, Apple rules-the-roost when it comes to having better updated device, insofar as users tend to get their updates when they become available. Whether those updates contain needed security upgrades is another matter, of course, but Apple at least has the opportunity to improve security across their ecosystem.

Unfortunately, where Apple sees their customers as the people using the devices, Google (and RIM) both have mixed understandings of who are their customers. Google is trapped between handset manufacturers and carriers whereas RIM is largely paired with the carriers alone. Neither of these companies has a timely, direct, relationship with their end-users (save for RIM and their PlayBook, which has routine updates that bypass their mobile devices’ carrier-restrictions) and this ultimately ends up hurting those who own either companies’ mobile devices.

Categories
Videos

Data Collection, Visualized

Want to see a (small) element of how your personal information is collated by major companies around the world? Watch the video and find out.

Categories
Writing

Search Neutrality

Google’s recent decision to integrate its social services into its search product has led to (another) round of outrage. There’s some speculation that the FTC and European Commissioners could launch anti-trust investigations, on grounds that Google is leveraging their search monopoly to unfairly muscle into other markets. Many of the popular tech news and gadget blogs are in an uproar (perhaps knowing it will lead to page views), with Gizmodo proclaiming that Google’s recent action “wiped out all those years of loyalty and goodwill it had built up” because while the new Google search service is

…ostensibly meant to deliver more personalized results . .. it pulls those personalized results largely from Google services—Google+, Picasa, YouTube. Search for a restaurant, and instead of its Yelp page, the top result might be someone you know discussing it on Google Plus. Over at SearchEngineland, Danny Sullivan has compiled a series of damning examples of the ways Google’s new interface promotes Plus over relevancy. Long story short: It’s a huge step backwards.

I actually use Bing a lot – it’s the default (and sole option) for native search on my phone – and I hate it. HATE IT. It’s really an incompetent search tool at this point. Google, even after integrating social results, works far, far better. Nevertheless, I get the complaints surrounding the anti-trust issues and even agree with them, to a point.

What is that point, you might ask? Well, there has been a long-standing discussion of whether we need ‘search neutrality’ along the lines of ‘network neutrality’, on the basis that people increasingly find sites via search rather than directly plugging in URLs. Thus, Google’s new approach could be seen as constituting a violation of so-called ‘search neutrality’. So, where does the question or issue arise? It’s when we ask this: do search algorithms, or sets of search algorithms, function as networks do – are they ‘dumb’ algorithms meant to get us and data from point A to point B – or do they constitute a form of creative expression, of speech? If you see the algorithms as speech then the notion of ‘speech neutrality’ seems awkward: such neutrality would insist that individuals/corporations moderate their algorithmically-derived ‘speech’ once they reach a certain size.

Whether there are anti-trust violations from Google’s integration of their social services into search will remain to be seen. The more pressing question, however, is whether we see algorithms along the lines of speech or raw data transmission from A to B. I suspect that this question will be addressed or discussed in anti-trust cases and that is where the real action will likely take place.

Categories
Writing

Another Playbook UI Fail

Over the past years, one of the things I’ve spent an inordinate amount of time researching and writing about has been security certificates and data transport security. This is just to say: I spend time in security and know more than a lot of non-technical people.

I have no clue what the fuck this message in the Kobo application for the BlackBerry PlayBook is doing here.

To be specific: I opened the app in a wifi-dead area that was dead in the middle of no where. There was no cell service. I checked with packet sniffing applications on my computer, there were no adhoc or other wireless networks. This kind of a warning indicates that some third-party was trying to intercept encrypted messaging traffic that was destined to Kobo’s servers but gives no indication of how or why this certificate problem was raised. In effect, it’s a warning “shit’s gone back, son!” without say “because X just happened!”

Security – on all devices – should be transparent to the user. The warning above (which I’ve seen in other PlayBook apps) is useless to the end-user because it gives no guidance as to what just happened, how to address it, or even how to learn more about the issue. While I commend RIM for making certificate errors so front and centre, presenting highly technical security information to the end-user is garbage unless you also inform them what the hell just happened.

Categories
Links

Comcast’s Catch-22 Position on SOPA

As noted by the folks over at Techdirt:

Just as NBC Universal and other SOPA supporters continue to insist that DNS redirect is completely compatible with DNSSEC… Comcast (and official SOPA/PIPA supporter) has rolled out DNSSEC, urged others to roll out DNSSEC and turned off its own DNS redirect system, stating clearly that DNS redirect is incompatible with DNSSEC, if you want to keep people secure. In the end, this certainly appears to suggest thatComcast is admitting that it cannot comply with SOPA/PIPA, even as the very same company is advocating for those laws. 

 

Categories
Links

(Un)Lawful Access: Canadian Government Wants to Spy on You

A snippet:

Without presenting a single shred of evidence that Canadian police need any more power than they already have (arguable too much as it is, if Toronto’s disastrous G20 summit is any indication), you are being asked to believe that handing law enforcement agencies a blank cheque to snoop through your life is actually for your own good.

This is, of course, nonsense. Passing legislation whose only benefit is police convenience comes nowhere close to justifying the dismantling of Canadians’ privacy rights.

 

Categories
Videos

Experts Again Unlawful Access in Canada