![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
One of those days where earlier posts are in need of updating. So I will. Working from most recent back:
* The puppy post from yesterday.
Surprise surprise, Nike still seems to be available for adoption. Just as surprise surprising, nobody's contacted us yet. Probably they're waiting for Wonder Woman to fly in and Lasso of Truth every potential adopter before they'll even consider any of the applications. I did get many comments here and on Facebook, including more than a few from friends and friend-of-friends who are certified at either rescue or fostering in their communities, all of whom said that this groups' adoption policy- Take The Dog Sight Unseen Or Else- was wayyy over the top and quite probably contrary to anything they'd ever seen.
----
* The PIN-ned post from the weekend.
One misstatement to correct here, and one scary thing to mention in addition.
Turns out Wegmans is NOT already using the technology- they've had the hardware to do it for close to a year, but they haven't installed the chip-implementing software on those terminals yet. Silly me- of course, I wouldn't have known, since I haven't had (and still don't) a chip-enabled card from anybody to try them out with.
The scary part is how dumb some of these terminals were designed to be:
Those terminals are supposed to be safe, because they encrypt your PIN as you type it and don't store your credit card's data. But MWR Labs researchers found that a hacker could easily tell the machines to do the opposite.
MWR, which works closely with the financial industry and governments, has yet to observe this tactic used by criminals.
But the hack is pretty simple: All it takes is inserting a smart card with malware into the machine.
It's that easy, because the terminals operate on a false sense of trust. They think whatever cards passed through them are authentic bank cards, explained MWR Labs researcher Jon Butler.
Here's the scenario: At checkout, a hacker pays with a pre-programmed card that injects this command to the machine: "Stop encrypting PINs and store all subsequent credit card swipes in your computer memory."
All day long, the machine gathers the information. At day's end, the hacker returns with another card, which sucks all that data out of the machine. The store clerk wouldn't even notice.
To demonstrate how easy it is to hack a chip-and-PIN machine, Butler and fellow a researcher "paid" with a card that was loaded with a variant of the game Flappy Bird. The terminal then began running the game.
Hacking the terminals is virtually undetectable. Turning the machine off erases all evidence that the hack ever even happened.
The researchers found the weakness in Miura Shuttle handheld point-of-sale terminals, a popular hardware supplier that is sold by vendors under many other brand names.
The British company did not immediately respond to requests for comment from CNNMoney. However, researchers said the vendors were cooperative in working to fix the issue. Still, it's up to merchants to update their systems, which in reality, they rarely do.
Yeah. Ask Eleanor about updating produce scale software sometime.
----
* Bet you don't remember this one.
A few weeks ago, I went on about a gaping loophole in our nation's almost perfectly Puritanical bans on gambling on any kind of sporting event involving humans. (Horses, occasionally dogs, and Yankee games obviously don't meet that definition;) It came out of a Bush-era exception provided for what was once a very geeky pursuit of "fantasy sports" but has exploded, especially this year, into a multi-billion dollar industry led by two competing sites: FanDuel and DraftKings. Each has put major money into promoting their "games" on national and local sports programming....
until today.
These "contests" were attracting professionals with major stakes in the outcomes, and some of them- among them professional poker players- were simply brute-forcing their way into payouts by using algorithms and multiple accounts to freeze out the little guys. But some were doing it with inside information. Each of the two major sites prohibited its employees from "insider trading" on their own sets of contests, but neither prohibited them from using inside information from their data to bet on contests on the other's. Which is exactly what seems to have happened last week when a DraftKings employee leaked information from its data and wound up winning a $350,000 prize on FanDuel.
Almost instantly after this story hit, the sponsorships on ESPN and ads all over local radio have disappeared. Investigations- internal and governmental- are inevitable. And it may wind up having the odd effect of getting the Three-Point-Favorite Elephant In The Room to finally be recognized; instead of betting on fake teams of real players, allow legal betting by real teams of real players. Regulate it to keep mob influence away from players and officials, tax the bejesus out of it, and let it all happen legally, as it's been happening, obviously if not legally,for almost my entire life.
----
Still to come, scrolling back to the top from this point:
- How my move has gone (so far so good, so far:)
- Doctors and Muppets (three of one, one of the other so far)
- Blunt Talk still going well roughly halfway in
- Yet another chance tomorrow at the stroke of two for me to buy Mets playoff tickets for a game that may never be played
- Hopefully good news about their chances of such a game being played- they're off until Friday night in LA, and the biggest story about them today was their best pitcher getting stuck in traffic on his way to a team workout today (the only complaint I have about that is him getting stuck in a tunnel, which virtually assures me that he lives in New Jersey, never a good sign;)
- And politicians and papal officials will continue to lie and misrepresent. It's just a question of how many Pinnochios they'll get:P
* The puppy post from yesterday.
Surprise surprise, Nike still seems to be available for adoption. Just as surprise surprising, nobody's contacted us yet. Probably they're waiting for Wonder Woman to fly in and Lasso of Truth every potential adopter before they'll even consider any of the applications. I did get many comments here and on Facebook, including more than a few from friends and friend-of-friends who are certified at either rescue or fostering in their communities, all of whom said that this groups' adoption policy- Take The Dog Sight Unseen Or Else- was wayyy over the top and quite probably contrary to anything they'd ever seen.
----
* The PIN-ned post from the weekend.
One misstatement to correct here, and one scary thing to mention in addition.
Turns out Wegmans is NOT already using the technology- they've had the hardware to do it for close to a year, but they haven't installed the chip-implementing software on those terminals yet. Silly me- of course, I wouldn't have known, since I haven't had (and still don't) a chip-enabled card from anybody to try them out with.
The scary part is how dumb some of these terminals were designed to be:
Those terminals are supposed to be safe, because they encrypt your PIN as you type it and don't store your credit card's data. But MWR Labs researchers found that a hacker could easily tell the machines to do the opposite.
MWR, which works closely with the financial industry and governments, has yet to observe this tactic used by criminals.
But the hack is pretty simple: All it takes is inserting a smart card with malware into the machine.
It's that easy, because the terminals operate on a false sense of trust. They think whatever cards passed through them are authentic bank cards, explained MWR Labs researcher Jon Butler.
Here's the scenario: At checkout, a hacker pays with a pre-programmed card that injects this command to the machine: "Stop encrypting PINs and store all subsequent credit card swipes in your computer memory."
All day long, the machine gathers the information. At day's end, the hacker returns with another card, which sucks all that data out of the machine. The store clerk wouldn't even notice.
To demonstrate how easy it is to hack a chip-and-PIN machine, Butler and fellow a researcher "paid" with a card that was loaded with a variant of the game Flappy Bird. The terminal then began running the game.
Hacking the terminals is virtually undetectable. Turning the machine off erases all evidence that the hack ever even happened.
The researchers found the weakness in Miura Shuttle handheld point-of-sale terminals, a popular hardware supplier that is sold by vendors under many other brand names.
The British company did not immediately respond to requests for comment from CNNMoney. However, researchers said the vendors were cooperative in working to fix the issue. Still, it's up to merchants to update their systems, which in reality, they rarely do.
Yeah. Ask Eleanor about updating produce scale software sometime.
----
* Bet you don't remember this one.
A few weeks ago, I went on about a gaping loophole in our nation's almost perfectly Puritanical bans on gambling on any kind of sporting event involving humans. (Horses, occasionally dogs, and Yankee games obviously don't meet that definition;) It came out of a Bush-era exception provided for what was once a very geeky pursuit of "fantasy sports" but has exploded, especially this year, into a multi-billion dollar industry led by two competing sites: FanDuel and DraftKings. Each has put major money into promoting their "games" on national and local sports programming....
until today.
These "contests" were attracting professionals with major stakes in the outcomes, and some of them- among them professional poker players- were simply brute-forcing their way into payouts by using algorithms and multiple accounts to freeze out the little guys. But some were doing it with inside information. Each of the two major sites prohibited its employees from "insider trading" on their own sets of contests, but neither prohibited them from using inside information from their data to bet on contests on the other's. Which is exactly what seems to have happened last week when a DraftKings employee leaked information from its data and wound up winning a $350,000 prize on FanDuel.
Almost instantly after this story hit, the sponsorships on ESPN and ads all over local radio have disappeared. Investigations- internal and governmental- are inevitable. And it may wind up having the odd effect of getting the Three-Point-Favorite Elephant In The Room to finally be recognized; instead of betting on fake teams of real players, allow legal betting by real teams of real players. Regulate it to keep mob influence away from players and officials, tax the bejesus out of it, and let it all happen legally, as it's been happening, obviously if not legally,for almost my entire life.
----
Still to come, scrolling back to the top from this point:
- How my move has gone (so far so good, so far:)
- Doctors and Muppets (three of one, one of the other so far)
- Blunt Talk still going well roughly halfway in
- Yet another chance tomorrow at the stroke of two for me to buy Mets playoff tickets for a game that may never be played
- Hopefully good news about their chances of such a game being played- they're off until Friday night in LA, and the biggest story about them today was their best pitcher getting stuck in traffic on his way to a team workout today (the only complaint I have about that is him getting stuck in a tunnel, which virtually assures me that he lives in New Jersey, never a good sign;)
- And politicians and papal officials will continue to lie and misrepresent. It's just a question of how many Pinnochios they'll get:P