Friday, April 29, 2016

Why is there so much credit card fraud, part 2

Stores can't upgrade to newer, safer equipment because it hasn't been certified.  The banks own the certification companies, and there's no incentive to hurry certification because the stores are (since October 2015) 100% liable for all fraud.
Avi Kaner, a co-owner of the Morton Williams supermarket chain in New York, has spent about $700,000 to update the payment terminals at his stores.
Trouble is, he cannot turn them on.
The new terminals can accept credit and debit cards with embedded digital chips, a security feature intended to reduce the number of fraudulent purchases.
But before the payment systems can work, they must be certified, a process that Mr. Kaner and many retailers around the country are waiting to happen. In the case of Morton Williams, the holdup has lasted several months.
The cost of waiting, retailers say, is piling up.
And so the stores are suing:
Payment processors “don’t have any incentive to hurry the certification along,” said Patrick J. Coughlin, a lawyer for retailers in a recent lawsuit that accuses the major card networks of deliberately creating impossible requirements for merchants. “They’re not the ones paying the fraud charges.”
The whole thing is a mess.

Thursday, April 28, 2016

Why is there so much credit card fraud?

Because implementing the new security technologies can cost a lot more than the fraud loss.  From the comments at Brian Kreb's blog:
I can tell you first hand why so many retailers haven’t implemented EMV: cost. We did the analysis, and our fraud per year number is way below the implementation costs – and I mean WAY below. So our position has been not to spend the money to implement EMV, and eat the fraud costs because of it, as that is a much smaller number. For other retailers that is going to be a different cost benefit analysis, but if you don’t sell reloadable gift cards (or implement a policy like this one to not allow buying with a CC), and you don’t sell high dollar items that are easy to flip for cash, it isn’t worth the cost.
The implementation costs for EMV, much like E2E encryption, are ridiculous. You have a recurring licensing fee from the manufacturer of the PIN pad devices for each device, and that is IF you already have hardware to support EMV, which for many retailers isn’t the case. Or you have older hardware that does support EMV, but the hardware is already maxed out and you would have to remove 1 feature from the hardware just to accommodate EMV. If a retailer has to replace the hardware, you are talking about anywhere from $200-$1000 per lane per store in hardware alone, not counting the costs to send out someone to replace them all. Even if you have all the hardware in-place, and can eat the EMV feature license cost, you still have to spend the money with your POS integration partner to do all the POS software work to even handle EMV, since the transaction occurs in a different way, and completely different data is sent to and from the POS. As is the case anytime you are working with a vendor on software customization, the integration costs are nothing to sneeze at.
If you think not in terms of security, but rather in terms of managing risk, this makes perfect sense.  It doesn't make sense to pay $100 to stop $20 of fraud.  Now what this particular store does is different than what other stores do, but this is the right way to look at the problem.

Apparently, you can't fix that with Duct Tape



The public wants privacy

How do we know?  Congress knows:
In a rare display of bipartisanship the US House of Representatives has passed the Email Privacy Act(EPA) in a 419-0 vote. 
The legislation updates the antiquated 1986 Electronic Communications Privacy Act (ECPA) and closes an important privacy loophole. Under ECPA the police could examine any email that had been read or that was more than 180 days old with only a subpoena, whereas under the EPA they would need a warrant obtained from a judge.
Is this a fig leaf?  Probably.  Will this change much?  Unlikely.

But Congress knows that people are unhappy with police snooping.  They know it to the degree that not a single vote was cast against this.

What hath NSA wrought ...

Wednesday, April 27, 2016

I could go with this

(via)

Lego wars

Get ready to rumble!
A Lego-mad fisherman spent three years building the world's biggest model of a US warship - only to find an American rival had beaten him by inches. Jim McDonough painstakingly built a 24ft scale model of the 890ft USS Missouri with thousands of toy bricks in Redford, near Arbroath in Angus. When he embarked on the model in his garage three years ago, his research told him it was going to be the biggest Lego ship in the world. 
Here's a picture of Our Hero with his creation:


Alas, it was not to be:
But it seems his effort was in vain - after he was been pipped at the post by Minneapolis-based enthusiast Dan Siskind, whose creation is 25.5ft long.
Mr Siskind used more than one million Lego bricks to recreate the 1:35 scale of the USS Missouri.
Here's the undisputed world champion Lego battleship:


Pretty cool, in a scary sort of way.

Unhappy spy chief is unhappy

Awww:
THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.
“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.
I've been saying for quite some time that the grotesquely promiscuous spying by the Intelligence Community - spying aimed at the innocent civilian population - is having a big, negative impact on the commercial Internet security industry.

And why hasn't General Clapper been imprisoned for perjury to Congress?

The NSA has really messed this up, and that toothpaste isn't going back into the tube.

Tuesday, April 26, 2016

Thanks, just water for me ...


Your team's odds of winning the World Series

Interesting on-going analysis at 538.com.  They update it after each game.

The Braves look awful, but you don't need 50,000 simulations to tell you that.  The Red Sox look better than I would give them - their starting rotation has a bunch of question marks.

Update of the Queen Of The World

The crazy strong antibiotics seem to be doing some good, although the pneumonia will take some time to kick.  She wanted me to thank all y'all that left best wishes.

Monday, April 25, 2016

Bloat

It is said that code will expand to fill the available memory.  It looks like it will also expand to fill the available network bandwidth:
The average web page is now roughly the same size as the full install image for the classic DOS game Doom, apparently. 
This is according to Ronan Cremin, a lead engineer with Afilias Technologies and dotMobi's representative for the W3C (World Wide Web Consortium). 
Cremin points to data from the HTTP Archive showing that, at 2.3MB, the average page is now the same size as the original DOS install of the id Software mega-hit.
I remember back in the '80s, working on a minicomputer that had a real-time OS.  The biggest you could gen the kernel was 64KB.  Punks these days don't no programming ...

Remember the Playground?

Here's 11 things you don't see on the playground any more.

I remember really long slides. When you were little, just climbing the ladder was a daunting affair. Really, even then, would my mother have let a 5 year old climb an extension ladder and step up onto the roof? But it was on the playground and no one considered it.

Teeter-totters. 'Nuff said.

Monkey bars and jungle gyms. I never broke an arm or a collarbone, but I was there when it happened.

The most unusual thing I have seen for kids to play on was in Beaufort, S.C. There was a small park on Pigeon Point that had an old fighter jet sitting on it's landing gear. The tires were flat. The canopy was open. You could climb on it, up in the engine cavity or over the wings, sit in the cockpit, it was just there, all sharp edges and oxidation.

I was an adult, working on F-4s, and lived just down the street. I would walk around it, look at things, wonder what year it had taken it's last flight, and who the guys were that had last safety wired a bolt in place.

It was an FJ-2 Fury and the base eventually took the plane back and fixed it up . It is on a pedestal outside the gate at MCAS Beaufort. Kids don't play on it anymore.


What's your memories of playgrounds?

Sunday, April 24, 2016

Saturday, April 23, 2016