Monthly Archives: June 2005

Uncategorized

:-O

Leave a comment

:-O

pwn3d..

More than 40 million credit card numbers belonging to U.S. consumers were accessed by a computer hacker and are at risk of being used for fraud, MasterCard International Inc. said yesterday.

In the largest security breach of its kind, MasterCard officials said all credit card brands were affected, including 13.9 million cards bearing the MasterCard label. A spokeswoman for Visa USA Inc. confirmed that 22 million of its card numbers may have been breached, while Discover Financial Services Inc. said it did not yet know if its cards were affected.

Proceeding down the walk of shame now is CardSystems, Inc., a merchant services provider.

For those of you unfamiliar with how credit card processing works, let me give you a quick rundown. Forgive my shitty ASCII art, it's late.

You -> Merchant (merchant either swipes or keys in the number, or if online, retransmits it over SSL to the payment processor) -> Payment Processor (optional, if online – they act as a terminal for you – this is part of the merchant step, really) -> Merchant services provider & Merchant account bank -> Magical credit card interchange system -> Cardholder bank. Then the cardholder bank does a test to see whether the credit limit, amount requested, and all that jives. If the bank is willing to render that payment to you, it returns success, along with an authorization code. If not, it returns a decline with a reason code (my favorite one is "Pickup", which indicates that not only was the card declined, but you should attempt to seize it if you can do so safely).

(If that last part was confusing, my payment processor, Authorize.net, has a pretty little diagram of how it works, simplified, for online transactions)

Then the request goes back to the merchant services provider, who records the transaction as an authorization (and usually a capture too), and then passes the success or fail to you. If you do things like address verification or checking of CVV2, those are usually done at this point, and if they don't match, the transaction is reversed, meaning that you've just created a bit of hell for some poor debit card guy who won't see the hold drop off his account until you batch out.

Anyhow, so the merchant services provider stores a log of all transactions, not only to assist in fraud correlation, but to actually finish the transaction, which occurs in three stages:

  1. Authorization – This actually is where you stake your claim to a specific amount of money, and ask the bank if it's available. Say if I'm pumping gas, I may authorize you for $50 before I turn on the pump, just to make sure that if you hit that, your card can cover it. Restaraunts typically authorize your card for 125%-150% of the bill, to cover tip if you write one.
  2. Capture – In many transactions, this is done at the time of authorization. In things like hotel rooms, self service gas pumps, restaraunts, etc, this is done at the end of the transaction. The amount you capture cannot exceed your authorized amount. If you authorize for $50, and capture for $25, it only takes $25 from the customer's bank account. No actual withdrawal is generally done unless you do a capture. But most of the time, say, getting groceries, buying crap off amazon, etc, this is done simultaneous to the authorization (which is known as an authorization and capture transaction).
  3. Batch – All your captured transactions are held until the batch they are associated with is closed. Typically this occurs daily. Most merchant providers will refuse a batch older than 60 days, so this is often done at least every other day even if you don't do many transactions. The batch actually initiates the transfer of money, which was just set aside for you when you captured. Typically, at this point, the money is enroute, and if you refund someone, or void a transaction, it runs as a withdrawal of your account, a seperate transaction rather than just reversing the one that was already done.

For investigations of chargebacks, or fraud, the merchant provider keeps a full record of the transaction. If someone were to get ahold of this database, the results could be disasterous.

Guess what. It just happened. Endgame.

Let's see how this ends up.

Uncategorized
Leave a comment

http://www.snopes.com/politics/arts/pbs.asp

Claim: Legislation currently under consideration would substantially cut federal funding of public broadcasting.
Status: True.
Example: [Collected on the Internet, 2005]

http://www.moveon.org/publicbroadcasting/

Just so you know, this is not a joke.

Uncategorized

Copy and paste laziness. Sorry, I'm busy.

11 Comments

http://action.truemajority.org/campaign/Iraq_Resolution

Iraq Troop Withdrawal Resolution

Rep. Walter B. Jones Jr., Republican from North Carolina, has introduced a bipartisan resolution calling for President Bush to come up with a plan by the end of this year to withdraw the troops from Iraq, and for the withdrawal to start no later than October of 2006. Rep. Jones became famous for changing the name of the french fries in the congressional cafeteria to "Freedom Fries" when France came out against invading Iraq. He also represents Marine Corps base Camp Lejeune, where many new recruits go for basic training, so it is significant that he is publicly breaking with Bush policy. This is how quagmires like this end. First the public support drops, and polls already show American' support for this war declining. Next, Congress begins to pressure the administration to come up with a way out. That is what this resolution does. Finally, if the administration continues to fight calls for withdrawal, Congress pulls the plug on the money. That is how the war in Vietnam eventually ended. To push this process along, we need members of Congress to join the two Republicans and two Democrats introducing this resolution. Please send a message to your congressperson asking him or her to sign on and vote for it.

(See link above)

I'm all about forcing bush and friends to wrap things up over there and get our troops out of harm's way. Every day we're over there without a clear exit strategy, is another day we have good hardworking people killed with IEDs and RPGs with no end in sight. It was bad to go into the war without a clear plan on how to win, but to be 2 years into it with no idea is ludicrous. Our troops are doing their part, why isn't the commander in chief doing his?

Uncategorized

The wonders of the +G flag in Unreal IRCd

3 Comments

[pjustice] Grr! Coprophiliac helix server mangles ithyphallic quicktime files as it delivers them. Phallus at 11.
[myself] Is this likely the result of spongiform encephelopathy on the part of the designers, or some perniciously evil interaction with other software?
[pjustice] As it seems not to matter which promiscuous programmatics are used, I suspect the former osteocephalics of copulating it all up.
* myself falls over
[pjustice] In case anyone's G-flag mind is apogenous today, my thersitical language indicates that I'm brassed off.
[myself] revenge of thesaurus rex!
[pjustice] YES!
[pjustice] Oddly, I'm finding that coming up with all this prolix scatology is good (as in reduces the inflammation of) the desire to impel perfectly functional hardware into a defenestratory predicament.
[AmishOne-work] Stop now. We must encourge the desire to propel copper coated lead into hardware at supersonic velocities thus resulting in stress relief.

Oh man, this is precisely why I set the +G flag. It was totally worth it. I absolutely love this excrement.
(The +G flag on an IRC channel on a server running Unreal IRCd censors most common swear words – I set it with the intent of people coming up with more creative outlets for anger than lame ass swear words. Totally awesome.)

Uncategorized
Leave a comment

hah, and I went through a stack of old milk crates containing my childhood book collection.

It consists of mostly hobbyist magazines, religious texts from at least 2 different religions that I never was a member of (for reading about them), weird dated textbooks and educational books from the early half of the 20th century ("A first electrical book for boys" is among my favorites). A 6th grade reading text I got as a gift when I was in 2nd or 3rd grade, a few books from my childhood, a book on cool things like dinosaurs, and all kinds of scientific study stuff, old manuals for programming assembly on CP/M, printouts of all kinds of amusing things like scripts to log into bbses and check my email, stuff like that. There's an actual copy of a magazine specializing in users of DOS in the pile somewhere. One of the articles debated the utility of defragmentation, talking about all the bloat in DOS 6.22.

I just thought that was awesome.