Blog dedicado a la formación en todos sus ámbitos: presencial, online, a distancia
Hola:
Una presentación con La guía definitiva para buscar en Twitter.
Un saludo
Apple Pay allows you to easily scan cards into the Passbook app, but Citi is allowing some cards to be added without additional verification if they meet certain conditions.
That was the question posed by our Consumer Reports colleague Glenn Derene, who put Apple Pay’s easy scanning ability to the test, with surprising results.
After familiarizing himself with the scanning and verification process by uploading a couple of cards that actually belonged to him, Derene then attempted to add two of his CR co-workers’ cards (presumably with their knowledge).
“[A]t first it looked as if those cards were going to be approved,” he writes, but the attempt to scan other people’s cards hit a roadblock when the issuing banks requested additional verification via text message, e-mail, or over the phone.
This is the typical sort of two-factor authentication that most financial institutions employ for people logging onto their websites or mobile apps for the first time. Without being able to provide the requested security info, Derene was unable to add his colleagues’ cards to his Apple Pay.
But when he scanned in his wife’s Citibank MasterCard (with her knowledge but without any verification info that would give him access to her account), Derene says there were no additional steps required to authorize the card.
“That was unexpected, since it is my wife’s private card, and she has never authorized me as a user,” he explains. “Also, that card isn’t associated with our family iTunes account. In fact, I have no current financial relationship with Citibank at all.”
But that didn’t stop Derene from going on a wild spending spree with his wife’s card at McDonald’s, where he used Apple Pay to purchase five (5) cheeseburgers and fries; none of which he shared with his wife (or with any Consumerist staffers).
The spree continued at Walgreens, where he purchased cleaning supplies using Apple Pay.
“All the transactions were quick and seamless with the Apple Pay system,” writes Derene.
Just in case this was some sort of glitch, Derene convinced one of his married co-workers to see if he could use Apple Pay to get the same unfettered access to his wife’s Citi MasterCard.
“He was able to add her card to his account with no additional verification, and he bought several items using Apple Pay with her card,” writes Derene, adding that the co-worker’s wife did receive an e-mail from Citi welcoming her to Apple Pay and letting her know that she could remove the card from the system if she had concerns.
When contacted for comment on the ease of scanning and using their spouses’ cards, Apple pointed to the card-issuing banks, saying it is up to these institutions to decide how to authorize their customers’ cards for use on Apple Pay.
A rep for Citi shed a little light on the issue, saying that since Derene was able to provide all the relevant info from the card — number, expiration date, CVV code — and since the address on the family’s iTunes account is the same as the address for his wife’s card, the account was verified.
The rep also pointed out that, as part of the authorization process, Derene had agreed to the terms and conditions, certifying that the card was his.
Derene points out that easy access to a spouse’s credit card is nothing new, and that he could have just as easily added her card info to his Amazon account before going on a spending spree, all without an iPhone of Apple Pay.
But that doesn’t change the fact that the Apple Pay system of adding cards could be improved to prevent this sort of unauthorized access.
“Since the system already has the ability to do two-step verification, why didn’t the banks and Apple make it the only way to authorize a card for use?” asks Derene, who says it only takes a few seconds to legitimately verify a card.
“Sure, it’s not as convenient as simply pointing a iPhone camera at your credit card and instantly authorizing it for use,” he concludes, “but I know that my wife would have appreciated the extra verification step—and she also wishes I had brought her home at least one of those cheeseburgers she paid for.”
ThinkProgress, a progressive political site, also has an anti-Brown Thursday stance, and they’ve already started compiling a list of chain retailers that will be closing their doors during the holiday. It includes Dillard’s, Burlington [Coat Factory], REI, and American Girl. The latest addition is Costco, which also made a point of staying closed on Thanksgiving Day of last year, along with warehouse club competitor BJ’s.
Last year, retailers waited to announce their plans, even to their own employees, which threw many workers’ holiday plans into disarray. While experts have made predictions, most malls and stores haven’t announced their Thanksgiving plans yet.
Costco Will Be Closed On Thanksgiving Because Employees ‘Deserve The Opportunity’ To Be With Family [ThinkProgress]
As Ars Technica reports, the chips in question are in adapters that allow newer, USB-based hardware to connect with older machines that have serial ports. (Serial ports are the ones that use little pins that you have to line up on both ends, and they have gone rapidly out of use as other technology, like USB, has become widely adopted.)
Most of the chips are made by a Scottish company called FTDI. The FTDI chips are a widespread standard. But just like anything else on earth that gets to be a popular choice, knockoffs abound and can be hard to spot.
The company that makes an adapter may or may not know whether they put real or fake FTDI chips into it, but the customer on the end who buys and uses the adapter will have absolutely no way to tell. It would be like trying to inspect every hose inside of a washing machine before you buy it to be sure they came from the right factory before Whirlpool put them together. Realistically, end users can’t really do it.
The chips in these adapters need software system drivers to work in the same way that your printer needs the right system driver to work. The driver comes from FTDI but, as with most modern devices, Windows can grab and update the driver for you when you do a Windows Update.
In August, Ars Technica explains, FTDI — apparently sick and tired of all the counterfeit chips — changed their driver and the end-user license agreement for it. So the new driver deliberately scrambles knockoff chips, making them unusable.
The new EULA even says: “Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.”
In other words, updating the software on your adapter will completely brick your adapter if the chip inside it is fake. The chip that you have no way of tracing the provenance of. And because of the way that Windows Update can pull drivers down for you, you don’t have to go looking to update the driver on purpose. Your computer will helpfully do it for you.
End result? Run Windows Update, and suddenly discover some of your hardware is broken. And from the looks of it, very intentionally so.
As Public Knowledge points out, “The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do.” And not just “bad service” or “ethically questionable” wrong, either, but, if intentional, straight up illegal-wrong.
IP infringement does not give the infringed rights to destroy others’ property. Public Knowledge writes:
So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags.
“If your IP rights are being infringed,” Public Knowledge concludes, “the proper course of action is to go to court, not take the law into your own hands.”
A Microsoft representative told Ars Technica that since the issue became widely reported, those two drivers have been removed from Windows Update. They added, “Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.”
Windows Update drivers bricking USB serial chips beloved of hardware hackers [Ars Technica]
IP Rights Aren’t a License to Kill Devices (And No, Fine Print Doesn’t Make It OK) [Public Knowledge]
Hola:
Una infografía que nos cuenta que Amazon aumenta sus pérdidas.
Un saludo
You will find more statistics at Statista
Those dark and stinky days are almost over for children in a western Alaskan village, reports the Associated Press, as the more than 100 homes in the area will soon be getting indoor plumbing after an influx of cash from the U.S. Department of Agriculture.
The $12.5 million in funding for Alaska is part of $325 million in grants and loans going to rural communities nationwide, as part of an effort to bring the whole country up to date with the modern world.
“It’s really designed to make sure people live in communities and in areas that provide the basic protections and the guarantee of basic protections that we all, as Americans, ought to have,” Agriculture Secretary Tom Vilsack told the AP. “It’s an adequate supply of quality water. It’s the ability to treat sewage properly so that it doesn’t do harm or damage to the environment.”
The remote village of Akiachak will get $5 million in grant money for constructing sewer mains and other essential systems that will then be hooked up to the 100 houses in the community that still use something called the “Honey Bucket” system for waste. That’s not to mention having to go outside to chip away at ice in the winter and bringing it home to melt.
The system right now works as un-sweetly as its name: It’s usually up to the family’s children to haul away large buckets used as toilets and bring it to village receptacles for dumping. Those buckets can leak when overfull, said the chairman of the village tribal council, who lives in one of the homes without indoor plumbing.
He’s excited for the future, that’s for darn sure.
“It’s going to be real different,” he said. “The whole community will be really happy.”
Here’s where we cut to a shot of all the kids doing jumping high fives all over town.
Alaska village to get indoor plumbing as USDA gives $352M for rural water systems nationwide [Associated Press]
The latest spate of recalls is for the Embrace 35, which was “manufactured at various times from December 2011 through May 2014,” Evenflo says in a report (PDF) posted on the National Highway Traffic Safety Administration website.
The same buckle made by AmSafe Commercial Products was at the heart of this year’s earlier recalls for other models of Graco and Evenflo seats, after complaints that the daily wear and tear of mess kids gumming up the works made it difficult or impossible to get a child out in an emergency.
But both companies had resisted issuing recalls for rear-facing seats, reports the New York Times, saying that the part of the seat that holds the child could be detached from the base and taken out of the car that way, thus there was no “unreasonable risk” to children’s safety, reports the New York Times.
It seems Evenflo has changed its tune after the NHTSA continued to demand a recall of the rear-facing seats, saying it “acquiesced” to regulators on Oct. 14.
“Child seats serve one purpose: to keep our children safe from harm during a crash and its aftermath,” said Anthony Foxx, secretary of the Department of Transportation. “If the seat is defective, we will force a recall as we have done today.”
Affected model numbers include: 30711365, 31511040,31511323, 31511400, 3151198, 3151953, 31521138, 46811205, 46811237, 48111200, 48111215, 48111215A,48111218, 48111234, 48111235, 48111235A, 48111462, 48411391, 48411391D, 48411392, 48411504, 48411504D, 52911307A,52921040, 55311138, 55311238 and 55311292.
Evenflo will notify registered owners and provide a remedy kit, including a replacement buckle and instructions for easy consumer removal of the AmSafe buckle and installation of the newly-designed replacement buckle. Owners may contact Evenflo’s toll-free number at 1-800-490-7591.
Evenflo Recalls 202,000 Child Safety Seats [New York Times]
The shopper is asking for upwards of $250,000, but according to the Fresno Bee, he may end up with nothing depending on how a judge rules next week.
See, the customer filed suit in 2008, but Walmart claims that the suit should be dismissed because the case didn’t go to trial within five years. The plaintiff contends that the delay is Walmart’s fault, that the retailer misled the court into believing that a settlement was in the offing.
He also claims that court documents show that Walmart had previously agreed to a March 2015 trial date before requesting the dismissal.
The man says there was a previous offer of $10,000, but that this more about teaching Walmart a lesson than about the money.
“I’m doing this as a public service so no one else has to go through what I have gone through,” he explains to the Bee.
Walmart maintains that not only is the case too old to go trial, but that the manager didn’t do anything wrong. The retailer says that the man was not, as he alleges, detained or touched by Walmart workers but “asked to leave the store because he previously assaulted an employee.”
The manager stated in a deposition that all he told the shopper was, “You can’t be here. I need you to leave the store.”
But the plaintiff claims that he was detained and publicly accused of being the man in the earlier attack, and that he had to break free and contact the police to clear his name.
The police put his photo in a line-up and showed it to the employee who’d been attacked in the September incident. That worker picked someone else out as the likely culprit.
Interestingly enough, Walmart has no video surveillance footage from either the original attack on the employee or of the day on which the shopper was accused of being that attacker.
One lawyer — who is not connected to the case — the Bee spoke to says he believes the plaintiff is probably due some sort of damages, but thinks that $10,000 is generous because it’s hard to quantify damages when there aren’t things like medical bills or loss of income that you can point to.
“He wasn’t knocked down and put in the hospital. He was inconvenienced,” says the lawyer.
But the plaintiff contends that this offer was “insulting.”
“I was taught never to lie, never to steal and to respect women, but I have been falsely accused of all three,” he explains.
The man got a call from the Massachusetts State Lottery this week to tell him he’d won $25,000 a year for life, reports the Boston Globe, as part of the Lucky for Life season ticket he had.
After he hung up, his brain clicked and he realized that he had a duplicate ticket that his family had bought for him, which used the same numbers based on several family birthdays. Bingo. Or rather, Lottery-o.
In case you’er wondering, a state lottery rep says it’s unusual to have someone win twice this way.
“For a game like this, where there’s so many possible winning combinations … people rarely buy the same ticket with the same numbers,” she said. “They have to be really confident that those numbers will come in.”
He picked the cash reward option, and is taking home two checks written out for $390,000 each, she added.
He’s planning on taking his family on vacation — as he should, they’re half the reason he’s so rich now — and pay for his son’s college tuition and his daughter’s car payments.
The man was “excited as most people are when they win a prize of this magnitude,” the rep said, which I will take to mean that he shouted as loud as he could at the top of his lungs and went running through the streets, screaming, “TAKE THAT, UNIVERSE! I AM A WINNERRRRRRRRRRR!” which is what I would definitely do in the same situation.
Norwood man hits it big — twice — in state lottery game [Boston Globe]
