Bio not provided
Bitcoin will only go up. You know why? Fraud. An no - NOT the kind of fraud you think I mean.
Here is today's problem: every time a fraudster uses a stolen credit card to buy something, it is the MERCHANT who suffers. They loose the goods, they loose the money, and they get hit with a giant charge-back penalty. Even when it's not a fraud, the merchant still has to pay transaction fees, commissions, exchange rate conversions, and withdrawal costs. The entire worlds payment systems are designed to cream money from merchants and traders, and to pass on all risks to those same victims. Credit card companies make billions of extra dollars from fraud (thropugh charge-back fees, commissions, and because merchants have to increase prices to cover frauds, and the credit card companies thus earn higher commissions on those increased prices), so fraud is never going to go away. Even normal currency has to deal with fraud - from counterfeit notes through corrupt officials and bribery to government "policy".
Merchants and end users alike can now, for the first time ever, totally dissociation themselves from being the ultimate victims of fraud. Bitcoins offer the worlds first zero-fee no-commission totally secure payments solution.
And yes - it doesn't hurt that it's also a money-launderers wet dream too, but that's inconsequential: nothing can thrive unless it gets adopted, and that means merchants must use it, and Bitcoin represents the absolute end to the hassles of fraud and fees that merchants have suffered ever since banks were invented :-)
1 year, 3 months ago on Conversation @ http://siliconangle.com/blog/2011/08/08/bitcoin-crash-doesnt-spell-doom-for-peer-to-peer-currency/
@aaronklein I listed, like, 10 or 20 failures. You attacked only 1 thing I said. And yes - I'm saying don't get that flu shot. Instead, I'm saying - go buy the whole kit, the one that includes the flu shot, the bullet-proof vest, the crash helmet, the fallout bunker, the armed-guard response team, the lifejacket, the parachute, the steal deadbolt door, the acid resistant boots, the carbon monoxide alarm, and in general, every other component that's needed to actually *protect* you, instead of you grabbing a "fix" for something that's neither complete, nor relevant, nor effective in practice. If you want to read about 2-step hacks, fire up "bing" or something and do some searches. For some (cough) inexplicable reason, google's own search engine can't seem to find any matches for those searches :-)
1 year, 4 months ago on Two-Step Verification Dances Around the Issue
@aaronklein @AdrianBye The 6-digit code gets used one time - by the phishing site (script really, in real time if necessary) - after it tricked you into giving it to the site. Heck - if they want to, they can pretend you got something wrong, and get a second code from you too (assuming a second code is needed to de-activate 2-step after they've logged in to your account).
@Ken Aston Actually, that's exactly the problem. Phones (non lost) can't tell the difference between real and phishing sites. Nor can printed codes, random-number tokens, or text messages etc. The "Lost Phone" issue is more complicated than most people realize. Remember - this is a company giving 350M users free accounts: and phone loss/theft is epidemic. The company has to make a decision: permanently lock out those victims, and deal with the support and publicity nightmare, or give them all some way to bypass the authentication (which then becomes a target for the hackers).
Most other 2-factor "solutions" have got it all backwards: they're solving (usually not well and almost never completely) the perceived problems that we users have to face, and paying no attention to the different set of real problems that people like google (or banks or businesses or whatever - with large number of users) have to deal with. e.g. "us" :-)
It needs to be easy (or people can't/won't use it). It needs to work (or it will get cracked and ridiculed). It needs to cater for modern problems, including malware, phishing, 0-day exploits, malicious proxies, and importantly "less than diligent" users who aren't serious, or re-use the same passwords etc. It needs to keep working when the customer's phone cannot. It needs to be trusted (and not privacy invasive). It needs to survive without bypass mechanisms! 2-step fails *all* of those!
@Ken Aston Nice that you told us you don't get it, but you then went on to say something that doesn't make sense, which pretty might highlights what you're "not getting". You're thinking it's "slightly different" and has "the same flaws", that's exactly the bit you're "not getting".
Schneier has a great blog about how almost all two-factor is useless in today malware-infected world.
Things boil down to 2 problems: if you implement a "bypass" (eg: a lost-token or "forgot password"), hackers will exploit it. If you trust a P.C, malware will screw with your transaction in real time. "2 factor" is part of the way to a solution, but it's not the *full* solution.
@AdrianBye "if i give you a time based code from my phone you still can't get into my account" - If "I" am a phishing web site, yes I can.
@kross76 It's even more silly that Apple do that!
My *kids* have to answer stuff like "What's their first car", and "Name of their first love", and stuff - or in general, a stack of questions to which they cannot choose because they don't yet have *any* answers at all... And yes - kids have iPods and iPads etc, so they do have to deal with this mad idea...
@aaronklein You're missing the point. It's the "I lost my phone" issue, where *hackers* can bypass the security, that breaks it. The problem is the fact it can be *bypassed* (not to mention, phished etc)