Whats that smell? Smells like a police state.
posted by Wetkarma | 3:23 PM
|
0 Comments
The Arc of Wetkarma
A repository of news, views and facts interesting to Wetkarma.
- Prosper - 4 month setup review
- The Oil Bubble. When Supply and Demand has no effe...
- Oops -- our bad
- The madness of crowds
- Vista fallout begins
- Vista Bugs and Solutions I've discovered
- Why Chase Bank USA Sucks
- Whats that smell? Smells like a police state.
- Hacking Online Banks
- Barack Obama on Religion and the Public Square
Subscribe to
Posts [Atom]
Thursday, July 27, 2006
Tuesday, July 11, 2006
Hacking Online Banks
The Washington Post covers a pretty nice attack which allows the bad guys to steal two factor authenication credentials. What is not so well covered is what banks are doing about it. The answer is risk based authentication.
For example: You as the bad guy, login to megabank.com with the right credentials you have stolen from a valid customer.
If the bad guy is coming from an IP in say Russia when the customer usually logins in from Ohio, that might trigger a "challenge" question. [The question changes at random].
If the bad guy tries to do an ACH transfer or wire transfer of funds, that would definetly trigger a "challenge" question.
Meanwhile, once the bank detects that the account has been compromised, it will then flag the IP and or network of the bad guy as a place compromised logins tend to come from -- thus triggering even more challenge questions at the login phase.
The point is that the systems security is never fully compromised - but instead additional layers require circumventing. Given a virtual environment, there will always be the possibility that someone (eg. a spouse) can pretend to be someone else. However risk mitigation is the name of the game. With risk based authentication AND two factor authentication, banks can reduce the fraud and customer impact to negligible levels. The better banks will simply offer to reimburse customers from any negative financial impact.
For example: You as the bad guy, login to megabank.com with the right credentials you have stolen from a valid customer.
If the bad guy is coming from an IP in say Russia when the customer usually logins in from Ohio, that might trigger a "challenge" question. [The question changes at random].
If the bad guy tries to do an ACH transfer or wire transfer of funds, that would definetly trigger a "challenge" question.
Meanwhile, once the bank detects that the account has been compromised, it will then flag the IP and or network of the bad guy as a place compromised logins tend to come from -- thus triggering even more challenge questions at the login phase.
The point is that the systems security is never fully compromised - but instead additional layers require circumventing. Given a virtual environment, there will always be the possibility that someone (eg. a spouse) can pretend to be someone else. However risk mitigation is the name of the game. With risk based authentication AND two factor authentication, banks can reduce the fraud and customer impact to negligible levels. The better banks will simply offer to reimburse customers from any negative financial impact.
posted by Wetkarma | 9:51 AM
|
0 Comments
Wednesday, July 05, 2006
Barack Obama on Religion and the Public Square
Sen. Barack Obama recently gave a speech on how religion and politics mixes in the public square.
The whole thing is worth reading or listening to but the highlights for me were these statements:
...we first need to understand that Americans are a religious people. 90
percent of us believe in God, 70 percent affiliate themselves with an
organized religion, 38 percent call themselves committed Christians,
and substantially more people in America believe in angels than they do
in evolution.
This religious tendency is not simply the result of successful
marketing by skilled preachers or the draw of popular mega-churches. In
fact, it speaks to a hunger that's deeper than that - a hunger that
goes beyond any particular issue or cause.
In so far as Sen. Obama attributes people's religious tendencies to an innate hunger, I agree with him. Human beings are pattern seeking machines. It irritates the mind to ponder that there is no plan, no god, no afterlife. The culture that arises from humans coming together inevitably produces some form of explanation that answers the big meaning of life questions.
However, just because 90% or even 100% of people believe in a supernatural diety, doesn't make that diety exist. The fact that religious tendency exists does not make it an appropriate framework on which to set public policy. In fact -- creating public policy around religious tendency in the modern age is a recipe for disaster. Its far too easy to wage a crusade/jihad over issues not based in any factual reality.
They want a sense of purpose, a narrative arc to their lives. They're
looking to relieve a chronic loneliness, a feeling supported by a
recent study that shows Americans have fewer close friends and
confidants than ever before. And so they need an assurance that
somebody out there cares about them, is listening to them - that they
are not just destined to travel down that long highway towards
nothingness.
Just because someone likes it when sweet nothings are whispered into their ear, doesn't change the reality of their situation. The poor still wake up poor despite going to church, the sick are still
sick despite fervent prayer, and the dead contribute nothing towards the betterment of this world.
Faith is a seductive pathway which blinds many to things as they are. Faith causes people to translate their reality into a context which fits their framework. Hurricane destroyed your home? It was God will that you survived. Your child killed in Iraq? God works in mysterious ways. Trillions donated to charity, and people are still poor? Well the meek will inherit the Earth.
Faith creates a purposeful disconnect between cause and effect. If shit happens, then there is a higher plan. Reconciling religion within public policy is akin to re-introducing a cancerous growth into someone whose body has not quite developed an immunity to it. The crutch that religion offers is itself the source of infection.
While I respect Sen. Obama and consider his thoughts well worth considering, in the end he is wrong. People have a right to their opinion, but not to their own facts. Religion causes people to feel entitled to their own facts -- whether it be Creationism or 72 virgins. The inherent dissonance between reality and religion's perspective of reality will always cause conflict. This conflict is something which the public square can do without.
The whole thing is worth reading or listening to but the highlights for me were these statements:
...we first need to understand that Americans are a religious people. 90
percent of us believe in God, 70 percent affiliate themselves with an
organized religion, 38 percent call themselves committed Christians,
and substantially more people in America believe in angels than they do
in evolution.
This religious tendency is not simply the result of successful
marketing by skilled preachers or the draw of popular mega-churches. In
fact, it speaks to a hunger that's deeper than that - a hunger that
goes beyond any particular issue or cause.
In so far as Sen. Obama attributes people's religious tendencies to an innate hunger, I agree with him. Human beings are pattern seeking machines. It irritates the mind to ponder that there is no plan, no god, no afterlife. The culture that arises from humans coming together inevitably produces some form of explanation that answers the big meaning of life questions.
However, just because 90% or even 100% of people believe in a supernatural diety, doesn't make that diety exist. The fact that religious tendency exists does not make it an appropriate framework on which to set public policy. In fact -- creating public policy around religious tendency in the modern age is a recipe for disaster. Its far too easy to wage a crusade/jihad over issues not based in any factual reality.
They want a sense of purpose, a narrative arc to their lives. They're
looking to relieve a chronic loneliness, a feeling supported by a
recent study that shows Americans have fewer close friends and
confidants than ever before. And so they need an assurance that
somebody out there cares about them, is listening to them - that they
are not just destined to travel down that long highway towards
nothingness.
Just because someone likes it when sweet nothings are whispered into their ear, doesn't change the reality of their situation. The poor still wake up poor despite going to church, the sick are still
sick despite fervent prayer, and the dead contribute nothing towards the betterment of this world.
Faith is a seductive pathway which blinds many to things as they are. Faith causes people to translate their reality into a context which fits their framework. Hurricane destroyed your home? It was God will that you survived. Your child killed in Iraq? God works in mysterious ways. Trillions donated to charity, and people are still poor? Well the meek will inherit the Earth.
Faith creates a purposeful disconnect between cause and effect. If shit happens, then there is a higher plan. Reconciling religion within public policy is akin to re-introducing a cancerous growth into someone whose body has not quite developed an immunity to it. The crutch that religion offers is itself the source of infection.
While I respect Sen. Obama and consider his thoughts well worth considering, in the end he is wrong. People have a right to their opinion, but not to their own facts. Religion causes people to feel entitled to their own facts -- whether it be Creationism or 72 virgins. The inherent dissonance between reality and religion's perspective of reality will always cause conflict. This conflict is something which the public square can do without.
posted by Wetkarma | 3:06 PM
|
1 Comments
Crazy..or Batshit Crazy? An examination of right-wing logic.
Ok so Dennis K over at the "the Flying Monkey-Right" blog believes that a recent New York Times story which published
the fact that both Vice-President Cheney and Defense Secretary Rumsfeld have homes in the village of St. Michael's, Maryland is actually a call to assassinate these officials.
Yes..I know...Glenn Greenwald does a good job at showing the fallacies in this but lets walk through the right-wing logic tree.
Supposedly publishing this story is providing info to terrorists to act on and so as a solution, Dennis K is now advocating that the locations of the homes of the editors and reporters also be published. Here is the problem: IF Dennis K truly believes that the NYT article is an implicit call to assassination and or is intended to endanger the VP/Defense Secretary, then it naturally follows - by his own argument, that his posts are intended to harm the NYT workers and their families.
WTF? What kind of madness would prompt someone to a) believe the original "story as call to harm" theory and b) then explicitly write your own "call to harm" as a counter-argument?
Update: It seems that Dennis K has deleted his blog. I guess thats one way to concede a point.
the fact that both Vice-President Cheney and Defense Secretary Rumsfeld have homes in the village of St. Michael's, Maryland is actually a call to assassinate these officials.
Yes..I know...Glenn Greenwald does a good job at showing the fallacies in this but lets walk through the right-wing logic tree.
Supposedly publishing this story is providing info to terrorists to act on and so as a solution, Dennis K is now advocating that the locations of the homes of the editors and reporters also be published. Here is the problem: IF Dennis K truly believes that the NYT article is an implicit call to assassination and or is intended to endanger the VP/Defense Secretary, then it naturally follows - by his own argument, that his posts are intended to harm the NYT workers and their families.
WTF? What kind of madness would prompt someone to a) believe the original "story as call to harm" theory and b) then explicitly write your own "call to harm" as a counter-argument?
Update: It seems that Dennis K has deleted his blog. I guess thats one way to concede a point.
posted by Wetkarma | 9:33 AM
|
0 Comments
Monday, July 03, 2006
A false sense of security
A day in the life blog has a neat tip on how access your gmail mail account via https (thus encrypted) rather than http (unencrypted). I can't help thinking however that ultimately this tip provides a false sense of security to those who use it. Certainly those people who are on your LAN or on the pathway between your internet connection and google are now unable to sniff your mail -- but if you accepted mail sniffing as a valid threat, then its key to realize that the email when it is sent/received is being transmitted unencrypted.
Its somewhat similar to sending a postcard via public mail and then reading it in a secure room because you have concerns that someone might look over your shoulder.
Its somewhat similar to sending a postcard via public mail and then reading it in a secure room because you have concerns that someone might look over your shoulder.
posted by Wetkarma | 11:31 AM
|
0 Comments
Sunday, July 02, 2006
Haloscan commenting and trackback have been added to this blog.
posted by Wetkarma | 11:16 AM
|
0 Comments