Is Technology Taking Humans out of the Loop?
Norman
An old story comes around again. Do we rely on technocrats getting it
right and get into personal sloppy ways ignoring the fact that for the
criminally minded, new security measures are not the final solution but
just the next step in the game to be worked around?
How careful are you that nobody is peeping over your shoulder when
typing your PIN in at the supermarket or ATM. If you pay by credit card
at the restaurant, I guess there is no defence against a waiter
photocopying the payment slip with your signature and selling it on
(aren't I glad I live in a cave), but how careful are you with things
you can do something about? Before this item was included in the news
my wife was commenting that cheques have virtually disappeared as a
method of paying for things.
It is unusual for a wallet and mobile phone to be stolen at the same
time so in the days when I carried a mobile, the emergency lost card
number was a must have entry. As soon as you realise the wallet has
gone you can stop the card, you don't have to come home and search
for the number.
http://www.vnunet.com/vnunet/news/2141845/identity-technology-aid-th
Best
Jerry
A restauranteur realized that we were interested in payment mechanisms
and showed us a trick.
Pressing a certain key on the portable card entry machine actually
showed the PIN
- he said it was a standard trick for waiters to exploit this, nip out
of the back of a restaurant to a hole in the wall and make a
withdrawel.
In the UK we now have pin entry pads in most shops, the risk of
shoulder surfing is incredible.
Personally I use a credit card unless I really trust the establishment
- at least one can dispute the transaction.
The most serious risk is that someone will 'skim' your card - I've not
seen one, but heard that you can get readers that can be concealed in a
hand.
On UK card issuer (National Provincial I think) offered an option of a
photo on the credit card, the fraud rate dropped to ... zero.
Personally I would prefer simple biometrics to a PIN, for example the
ratio of the length of ones fingers is pretty much unique. That was
used successfully in some Arab state where the population could not
write.
I fully agree, the criminally minded are always several steps ahead -
or at least zero steps behind.
Partly because they don't have committees, so they can
introduce/develop new technology far faster than banks etc can
implement it.
I guess you have received plenty of 'phishing' Emails asking you to log
into their fake sites ....
Drew
creature who will dedicate himself to circumventing it. Jerry and I in
conjunction *could* probably beat almost any technology but we have no
motivation to crap on everyone. Coincidentally I have worked on the ATM
problem so am always aware of any 'add-ons' but I still ain't
immune.
The problem is not really a technological one. Though I am inclined to
slightly lefty social conscience (or perhaps because of it) the only
solution I can envisage for prevention of such anti-social behaviour is
moral education of the masses. Failing that, the final solution to get
the message home is termination of parasites. Would anyone mourn the
strung up spammer, cold-caller, car vandaliser, credit card skimmer,
phisher, identity thief etc? Bit drastic I know, and I do favour the
'correction' procedure but it'll take a generation. Here's an
interesting experiment -- leave a large denomination bank note on the
dashboard of your open top car in Monaco. Come back a couple of hours
later and it'll still be there. In Glasgow, even the car is likely to
be gone.
Best
Jerry
I've got an onboard till system for Duty Free sales.
Naturally it reads and stores credit/debit card numbers.
A couple of years ago VISA International /insisted/ that we stored the
entire track two of the plastic.
Somehow they thought that it 'proved' the card was present - which is
arrant nonsense.
Reluctantly we complied.
About six months ago they woke up to the the fact that computers were
sitting there stuffed full of archived data that could easily be
'lifted' and used to create authentic mag strips.
They then insisted that we delete the track two data within three
months.
They really are jerks.
Drew
blameless. Modem problems I think. Oh technology, ain't it wonderful.
That's quite a horrific story Jerry. Is it not illegal to store
personal information on computers without the owner's consent?
Best
Jerry
They change protocols and configurations without telling at you, then
tell you to re-install Windows
Technically, I think that the card information belongs to the credit
card issuer.
What is so dim is that in attempting to 'close' a minor loophole, they
opened a massive one.
The smart solution would have been to get us to calculate and store the
CRC of all the track 2 data to 'prove' that a magnetic track was
physically read.
Not that it guards against 'cloning'
By forcing us to store the entire Track 2 they opened up the
possibility of cloning from stored data, which means that a visiting
computer engineer could quickly copy the relevant files and have tens
of thousands of perfect 'tracks' for cloning
- true one would normally then need to reconstruct Track 1 - but since
they never see Track 1 - that is no problem - and would not be
detectable.
Drew
appropriately, after two weeks of intermittent connections. They said
"Tough" and refused to refund me and said I'd be terminated if I
was rude to them again.
As I said, 'we' have the ability to beat any system we choose. So
here's the plan. I'll get access to the ATM software and you Jerry
write a bit of code for me to insert. On a certain key combination, say
10 digits, they will feed out the contents of the safe. OK?
Best
Jerry
- however I had ISDN which does not have caller ident
- eventually I gave up
- but I could never get anyone to confirm that the problem was what I
reckoned it was
With the ATM's some programmers once did just that
- they got caught because one of them confessed
- who knows what others have done ?
Phil
An interesting point you raise. My response is much less technological,
but rather that of the human attitude.
I confess that I do trust the LED's, PIN's, pads and so forth being
installed
for the protection of both the payer and payee. I do not however trust
the
quirks associated with transferring funds over the internet. A bit
naive perhaps,
but even my own bank manager agrees with me and doesn't trust "the
system".
Start paying a bill, get a slow connection. Some people end up paying
twice, others
get hit with late fees for non-payment. Interestingly, I trust the
land-line telephone
for bill paying .. especially when the female sultry automated voice
verbalises my
receipt number! I have purchased a few odd things on E-bay. I still
only pay by
Postal Note.
My 13 year old daughter once admonished me for leaving my mobile 'phone
and other stuff in my car, in full view of any close passer-by. I
responded:
"Maybe I trust people".
I once shared a home with a relative and his son. I thought nothing of
leaving my cash, keys and credit card on the breakfast bench. After
all,
we are sharing the same roof. The elder suggested that I shouldn't
leave
cash lying around, as it could be an enticement to the younger. I
argued
of course that I should be able to leave my wallet in the middle of the
street without any thought that my trust in others should be
compromised.
Why should I alter my own trusting ways out of unspoken suspicion of a
thieving relative? Nothing was stolen from me, apart from a few pieces
of
pizza set aside for my dinner that night.
By securing my own valuables even from a relative, without having
the balls to actually say "I don't trust you and this is why I hide my
stuff"
only makes me the dishonest one. By openly showing trust to all, sends
the unspoken truth to them that "I trust you". Mistrust, be it in
families,
or companies is regressive and insular. Neither can promote growth.
Only
then, if the trust is abused can we come down on the abuser like a ton
of bricks. Presumption of mistrust, must surely lead to a result of
abused
trust as the mindset has been put in place.
Yet, us honest ones are branded "stupid" because we leave ourselves
open
by trusting all and sundry in the same way that we expect to be
trusted.
No, we're not stupid, we are simply and naturally honest.
Then again .. never trust a druggo.
Phil
Jerry
Generally the rule is 'never trust a stranger'
- and be very careful with your friends
Through peculiarities of cash flow, over the last ten years I have been
able to act as lender of last resort for a few friends in temporary
(but dire) scheit.
I loathe it - and refuse interest.
The last one I dug out has absconded, it is not so much the money, but
the principle that bugs me.
Polonius got it right.
Norman
stores but am always careful that nobody is able to shoulder surf. In
Belgium, the Giro system is used extensively for paying bills. My wife
uses internet banking more than me and a replica Giro form can be
brought up on the screen to be filled in and then sent electronically
to the receiving bank. I have a normal bank account and a Post Office
account and funnily the PO issues a unique transaction code which can
be traced in case of difficulty whereas the more established Bank
doesn't, so consequently I use the PO for transferring most of my
bills.
At present we are sharing our home with my wife's daughter and her
boyfriend whilst they build their own house and neither of us has a
problem leaving our wallets out of a night time, mine usually on the
lhs of the computer desk and Stefan's on the right.
On the few occasions when I have no other option than using a credit
card, Stephan has used his card and I have transferred the same amount
into his account over the internet.
Sometimes another guy I know asks from time to time, if he can use my
internet which I don't mind. I had to give him a dressing down the
other week when I found him going through Stefan's laptop which
happened to be connected to his works server and full of sensitive
information. Fortunately he didn't know how to access it but that's
not the point.
Once, I was late for a meeting in the centre of Liverpool and
couldn't find a parking place. When I eventually fond one I locked
the car and ran. When I came back about half an hour later there were
two traffic wardens standing next to it. I thought "God, what have I
done now".
"Is this your car sir" said one of them. "Yes", I cautiously
replied.
"And is that your bunch of keys hanging in the door" she continued?
It just shows how wrong preconceptions can sometimes be, and they
refused the drink I offered to buy them.
Same thing in Scotland a few years back, stayed in a B & B by Loch
Lomand, not fifteen miles outside Glasgow. I took my overnight bag out
of the car and locked up, watched by Mrs. Housewife. She said "You
can do that if it makes you feel better but we won't be locking the
front door tonight". That is the way it should be.
It has been said that trust, like respect has to be earned and not
expected. I once had a small business and you just can't go around
locking up the spanners every time you take a new employee on. I used
to say that everyone starts with five points which can go up to ten or
down to zero. I think this is what is meant by benefit of the doubting.
On the other side we had been broken into so many times I was on first
name terms with every copper in the town. Once the miscreants got in
through the only skylight out of 24 that didn't have a massive drop
underneath it; inside job or what?
I do try to be like Phil but experience has a way of making you
cautious.
Best.
Norman
light of trusting by exprience, I thought you might be interested in
this site.
http:paypalsucks.com/
Btw on a related subject, did you know that yesterday ebay announced it
has agreed to buy out Skype.
Best
Drew
social engagement. So I go on the premise of never lending more than I
can afford to lose. OK it's cost me (many) hundreds of pounds but
I've never lost a friend due to their laxity in paying me back.
Usually I've been able to write off the IOU as a wedding present or
something similar.
Don't suppose I actually trust anyone, nor though in general do I
distrust. Naive perhaps, but it cuts down on disillusionment.
I too once left car doors in the lock, right outside a plod shop! Oh
did they delight in enlightening me on the stupidity of my
carelessness. Pricks.
Theft is deplorable though, isn't it. Our charity headquarters in
Edinburgh was relieved of its computers. Sickening. As intimated
before, social training in that respect should be uppermost in
political portfolios. The mere act of being able to trust would have a
marked influence upon the well-being of society. Apparently, Liverpool
is sending a fast reaction task force to New Orleans to assist with
looting. Har har.
What a surprise that was, buying Skype. How long before someone puts in
a bid for The States. A few more massive hurricanes inspired by
Shrub's ignorant environment neglect, the side of The Canaries
finally slips off and the tsunami wipes out the Eastern Seaboard,
California gets 'the big one' and Yosemite super volcano goes off
with the biggest fart in recorded history. States will then be up for
the highest bidder, probably less than $100. God will work in
mysterious ways.
Best
Jerry
it slipped the 'experts' think that it would create a Tsunami that
would wipe out Eastern seaboard of the USA
Buying Skype for $2 billion is sheer lunacy, they only have 200
employees
- that is $10 million per employee
It is quite a good idea getting into that line of business - it would
fit well with the auction and PayPal parts of the business.