> Anyone so inclined could walk in, load up a cart, walk up to a
> self-checkout, check maybe half the items in the cart, pay for
> them and leave, with no one the wiser until the physical inventory
> didn't match up with the computer inventory.
>
> Wal*Mart is not stupid. They know full w
On 01/03/12 06:54, Peter Gutmann wrote:
=?UTF-8?Q?lodewijk_andr=C3=A9_de_la_porte?= writes:
Our cozy dutch supermarkets are trying self-checkout systems themselves. They
sometimes check carts with what's scanned. My dad's theory was that people
are so afraid to have forgotten that they'd most
On 01/03/2012 04:08 AM, John Levine wrote:
> unsusual, so if I were a scalper, I'd have a network of web proxies,
> to make it hard to tell that they're all me, a farm of human CAPTCHA
> breakers in Asia who cost maybe 5c per CAPTCHA, a large set of
> employees, friends, and relatives who will let
From: Thor Lancelot Simon
To: Randall Webmail
Cc: Crypto List
Sent: Tue, 03 Jan 2012 01:58:46 -0500 (EST)
Subject: Re: [cryptography] CAPTCHA as a Security System?
On Tue, Jan 03, 2012 at 01:57:10AM -0500, Randall Webmail wrote:
>
>> There is one girl (and it is always a girl) who
On Tue, Jan 03, 2012 at 01:57:10AM -0500, Randall Webmail wrote:
>
> There is one girl (and it is always a girl) who is at the control center.
> She comes to the checkout station to override the system when the shopper
> scans beer. No one watches to see if you scan every item in your cart.
From: Peter Gutmann
To: cryptography@randombit.net, rv...@insightbb.com
Sent: Tue, 03 Jan 2012 01:51:26 -0500 (EST)
Subject: Re: [cryptography] CAPTCHA as a Security System?
Randall Webmail writes:
>>My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
>>se
=?UTF-8?Q?lodewijk_andr=C3=A9_de_la_porte?= writes:
>Our cozy dutch supermarkets are trying self-checkout systems themselves. They
>sometimes check carts with what's scanned. My dad's theory was that people
>are so afraid to have forgotten that they'd most likely scan their products
>multiple tim
Randall Webmail writes:
>My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
>self-checkouts.
>
>Anyone so inclined could walk in, load up a cart, walk up to a self-checkout,
>check maybe half the items in the cart, pay for them and leave, with no one
>the wiser until the phy
On Mon, 3 Jan 2012, John Levine wrote:
> Scalping can be very profitable, with markups of $100 per ticket not
> unsusual, so if I were a scalper, I'd have a network of web proxies,
> to make it hard to tell that they're all me, a farm of human CAPTCHA
> breakers in Asia who cost maybe 5c per CAPTCH
On Mon, Jan 2, 2012 at 9:08 PM, John Levine wrote:
> [...]. One of the advantages of having a working legal system is so
> that we can live reasonable lives with $20 locks in our doors, rather
> than all having to spend thousands to armor all the doors and windows,
> like they do in some other
Ticket sellers and scalpers have been been fighting since long before
there was an Internet.
>To do much better than slow down the scalpers Ticketmaster would have
>to either do a lot of work (with payments system providers' help) to
>ensure that payments are not anonymous and that the there is on
On Mon, Jan 2, 2012 at 4:25 PM, Randall Webmail wrote:
> My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
> self-checkouts.
>
>[...]
> Wal*Mart is not stupid. They know full well that a certain percent of
> shoppers will indeed walk out with a certain amount of goods, ev
On 3/01/12 09:06 AM, lodewijk andré de la porte wrote:
I'd like to add to this conversation, as a side note, that a new type
of security has (fairly) recently emerged: legal security. "It's
illegal to break in, so we don't need security".
Right. But it needs to be a break in, not a trespass.
>
>
> My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
> self-checkouts.
>
> Anyone so inclined could walk in, load up a cart, walk up to a
> self-checkout, check maybe half the items in the cart, pay for them and
> leave, with no one the wiser until the physical inventory d
From: lodewijk andré de la porte
>I'd like to add to this conversation, as a side note, that a new type of
>security has (fairly) recently emerged: legal security. "It's >illegal to
>break in, so we don't need security". Quite common in convenience stores,
>people's homes and now, the Internet
I'd like to add to this conversation, as a side note, that a new type of
security has (fairly) recently emerged: legal security. "It's illegal to
break in, so we don't need security". Quite common in convenience stores,
people's homes and now, the Internet. Some will find that this sort of
security
>
> Would a security system that does not model a human attacker really
> qualify as a security system?
>
If it's man-controlled it certainly does, like a ballistic missile blocking
device is also security/safety.
In real life security is also an "analog" kind of thing. Something becomes
"more se
On Mon, Jan 2, 2012 at 2:40 PM, Jeffrey Walton wrote:
> On Mon, Jan 2, 2012 at 2:44 PM, John Levine wrote:
>> Law is not software. Ticketmaster's CAPTCHA is a security system in
>> the sense that it is obviously meant to keep out robo-purchasers. It
>> doesn't matter that CAPTCHAs are not impos
On 2012-01-02, Marcus Brinkmann wrote:
My personal experience with CAPTCHAs is that they are increasingly
hard to decipher for humans. Has the scale already tipped over in
favor of computer programs?
On this one I'm not ready to take any sides, but I'd like to remind you,
too, that a given
On Mon, Jan 2, 2012 at 2:03 PM, Marcus Brinkmann
wrote:
> On 01/02/2012 06:58 PM, Jeffrey Walton wrote:
>> I was reading "CAPTCHA: Using Hard AI Problems For Security" by Ahn,
>> Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
>>
>> I understand how recognition is easy for humans a
On Mon, Jan 2, 2012 at 2:44 PM, John Levine wrote:
>>The reason I ask is Wiseguy Tickets Inc and their gaming of
>>Ticketmaster's CAPTCHA system to buy tickets [1]. Eventually, Wiseguy
>>Tickets was indicted, and the indictment included a an assertion,
>>"[Wiseguy Tickets Inc] defeated online tick
>The reason I ask is Wiseguy Tickets Inc and their gaming of
>Ticketmaster's CAPTCHA system to buy tickets [1]. Eventually, Wiseguy
>Tickets was indicted, and the indictment included a an assertion,
>"[Wiseguy Tickets Inc] defeated online ticket vendors' security
>mechanisms" [2]. I'm not convinced
On Mon, Jan 02, 2012 at 08:03:07PM +0100, Marcus Brinkmann wrote:
> Computer programs today are limited by attention of experts (programmers,
> researchers). What does "hard for computer programs" actually mean then? Is
> there a theoretical boundary that limits the abilities of computer program
On 01/02/2012 06:58 PM, Jeffrey Walton wrote:
> I was reading "CAPTCHA: Using Hard AI Problems For Security" by Ahn,
> Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
>
> I understand how recognition is easy for humans and hard for computer
> programs.
But is that really true?
My
Hi All,
I was reading "CAPTCHA: Using Hard AI Problems For Security" by Ahn,
Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
I understand how recognition is easy for humans and hard for computer
programs. Where is the leap made that CAPTCHA is a [sufficient?]
security device to pr
25 matches
Mail list logo