Patreon Leak, classy vs. not classy
-
I hate sjws and I hate the loopers in gamergate. Which faction am I?
Anyone who is not with us is against us.
You're a self-hating gamergate in denial, obviously.
A lying double agent, obviously.
See, @DogsB, I was right!
@Lorne_Kates said:
Trans
genderfactioned.FTFY
-
Actually every time my cards have been compromised (about 6 times in 10 years across about 8 cards), it happened in the real world and the cards were later USED in the real world. Typically at gas stations and stores with self checkouts.
-
There's more than enough other opportunities to send that message that don't involve screwing over individual artists just because you want to send a message to large businesses
What? They choose a shitty sub-contractor for their payment solution, they're going to lose revenue because of that decision. That's just business. Handle your own payments if you don't want to take that risk.
-
To sum up my sentiments on the topic of data leaks:
CREDIT CARDS ARE BAD
CREDIT CARDS HAVE NO SECURITY
AVOID USING CREDIT CARDS AS MUCH AS YOU CAN
KILL CREDIT CARDS. KILL KILL KILL.
That is all
-
Basically, they're supposed to be more secure for some contrived reason. Apparently the magnets are harder to reproduce when they're shaped like a square or something.
Silly 'muricans, being confused...
Chips on credit cards are basically the same technology as SIM cards. They generate key pairs for every individual transaction. Copying a chip is not "read data from it and it's all over" deal - you need to pretty much recreate the entire chip, either in hardware or software. Putting a chip card in a skimmer is in itself useless - all you get is a code for that individual transaction which cannot be reused in the future.
Compare this to magnetic cards - you have a number stored on a magnetic strip. That's it. Stealing data is so easy it's funny. Forget attaching one to an ATM (which have several methods of combating them, including a randomized mechanism for card insertion and injection - at least over here the card doesn't just go in smoothly, it jerks around randomly in order to mess with any reader that might be placed in front). No, what you do is get a job as a waiter somewhere, go to eBay, buy a magnetic card reader for $5, attach power source and some form of memory and swipe customer's cards as they give them to you. Easy!
Want to complain about new-fangled security measures? How about those new contactless cards? "Swipe and pay! Don't enter a PIN or anything, fuck it, it's OK, you might just picked this card off the floor, fuck if we'll check! Oh, you have it on your phone, too? Great! Those never get lost or stolen, after all!"
I'm obviously stupid, because I don't get those at all.
-
Ohh, so how do you buy things online? You put the credit card in your computer?
No? What's this you say? You still have to give the other guy on the internet your credit card number and all your personal data? And you have to trust them to take only the money they say they will take and to delete the number when they say they delete it?
But that would mean credit cards still have zero authentication methods at heart and the entire chip-and-pin thing is just a secondary security measure! It would mean the Visa servers just receive the order "transfer $100 from this account to this one", without any kind of password, and do it! Surely this can't be true, in 2015?
-
Ohh, so how do you buy things online? You put the credit card in your computer?
There are situations where that is done. My father has his own business, and in order to even access the account tied to his business, yes, he needs a card reader and a smart card (which is, incindentally, a separate card and it can't be used for anything else).
On the other hand, the same bank has a "token" authentication method for non-business use, too. See, you either get a small device or a smartphone app (which require a PIN to activate). Every time you want to log in you have to give the site your token number and a temporary authentication number the device/app generates for you. Then, to pay, you pretty much get the chip-and-pin thing: the site gives you a big number, you punch it into your thing, get another big number you punch into the site and there, authenticated! It's like magic!
And this is in a butt-fucking-nowhere country of sheep herders. I'm sorry Visa can't figure this shit out, in 2015.
But, that aside, you're saying that extra meatspace security is pointless because online payment is crap? It's like saying you shouldn't have seatbelts in your car since your breaks don't work anyway.
-
In .nl, there's is a system called iDeal, which uses an authentication step at your own bank.
That has a completely unrelated problem where it's debit and you can't contest a charge later if the vendor didn't deliver.
-
Also, it's a bit more obvious if you try to skim via chip reader because you actually have to replace the whole shebang. With a magnetic strip you can read it while it passes through the slot - not possible with the chip.
-
In .nl, there's is a system called iDeal, which uses an authentication step at your own bank.
That has a completely unrelated problem where it's debit and you can't contest a charge later if the vendor didn't deliver.
In NL the general implementation of MasterCard SecureCode is also to authenticate via your own bank, using the same kind of two-factor authentication you'd employ for debit transactions via the iDeal system.
SecureCode itself is optional though, but I assume transactions without it are given additional scrutiny considering the major payment providers and stores all support it by now.
-
Is that like 3D Secure?
-
On a quick skim, yes.
-
Handle your own payments if you don't want to take that risk.
And get a different set of risks instead, because it makes you a much more tempting target for thieves.
-
They choose a shitty sub-contractor
Patreon was, until this breach, largely considered to be the best provider of this sort of service. And since they'll almost certainly step up their cyber security readiness in response to the breach, they'll probably continue to be the best provider.
-
And get a different set of risks instead, because it makes you a much more tempting target for thieves.
Sure, but if you are actually compliant with PCI-DSS your risk is very low. As annoying as it is to implement, the rules are generally sensible and comprehensive. It's not really a practical suggestion for probably most of their customers though, just using a better service would probably be their best bet.
Patreon was, until this breach, largely considered to be the best provider of this sort of service
I hadn't heard of them until maybe the start of this year, and the general vibe was very 'web 3.0 sharing-economy hipsters', i.e. it isn't a huge surprise to me that this happened. I think I'd probably have used PayPal myself if I needed recurring payments for something as they have a proven security record (in spite of the other issues).
And since they'll almost certainly step up their cyber security readiness in response to the breach, they'll probably continue to be the best provider.
This shouldn't really be something you can come back from. They seem to have had their entire network pillaged which is incredible. The lack of design and security for that to happen is mind-boggling, why did their IDS not spot this if nothing else?
I'm sure you're right though and this will be a minor blip for them, generally people don't seem to care much.
-
@Lorne_Kates said:
@DogsB said:
I hate sjws and I hate the loopers in gamergate. Which faction am I?
Trans
factiongenderFTFY
FIAT
-
Sure, but if you are actually compliant with PCI-DSS your risk is very low.
But you've proposed doing something with a high regulatory burden as an alternative to delegating the matter to a provider who handles all that stuff, and who can share the costs of doing that across a very large number of transactions. Babies in bathwater need to watch out around you!
-
just using a better service would probably be their best bet.
Patreon is basically the gold standard for easily handling varying amounts of monthly payments and allowing content creators to provide varying degrees of rewards for those monthly payments. Just because you didn't hear about it until this year doesn't mean that it's a small thing. I know several artists who make a substantial portion of their income off of Patreon.
-
Babies in bathwater need to watch out around you!
You haven't heard my high-security version involving bringing back chequebooks and abandoning the internet entirely.But you've proposed doing something with a high regulatory burden as an alternative to delegating the matter to a provider who handles all that stuff, and who can share the costs of doing that across a very large number of transactions
Yeah, that's why I said it's not really practical for (I guess?) most of their customers. It not that onerous though should someone want to do it.
I can't really see a problem with using PayPal though unless Patreon had significantly lower fees, they do seem to have a good handle on their security.
-
I can't really see a problem with using PayPal though unless Patreon had significantly lower fees, they do seem to have a good handle on their security.
The problem with PayPal is it only automates the payments. Patreon automates everything. If content creators want to provide backers with rewards, without Patreon, they have to do it by hand, which is a lot of work.
-
The problem with PayPal is it only automates the payments. Patreon automates everything. If content creators want to provide backers with rewards, without Patreon, they have to do it by hand, which is a lot of work.
I see, that makes it more difficult then. So it's pretty much Hobson's choice if you need that kind of service?
Edit: Yep, seems that way from a bit of Googling.
-
I hate sjws and I hate the loopers in gamergate. Which faction am I?
WHY CAN'T WE ALL JUST HATE EACH OTHER
Filed under: WHY CAN'T WE ALL JUST NOT GET ALONG
-
My point is that's a toxic person and it isn't surprising that she reacted the way she did...?
Is there other reaction from her out there? I don't see anything objectionable about what she said. She was making a different point than the other cartoon twitterer posted in the OP, but I don't see anything unclassy or whatever about what she said.
I bow to no obsolete encryption standard when it comes to disliking SJWs, but I see no evidence of that here.
-
Actually every time my cards have been compromised (about 6 times in 10 years across about 8 cards), it happened in the real world and the cards were later USED in the real world. Typically at gas stations and stores with self checkouts.
I don't know how my cards were compromised, but, yes, they were used at places like gas stations and department stores in places States away where I definitely wasn't. It's been a while (like 10 years or so maybe? well, I've had cards reissued, but no actual fraud on them, just a precaution apparently) since that happened to me, though.
-
See, the problem with using fraudulent cards online is that if you want goods you have to give them an address.
If you want services, you'll be consuming them from a traceable IP.
In person, though? Once you successfully get out of the parking lot, the chances of getting caught drop dramatically.
So online transactions have built in accountability that in person transactions lack.
-
If you want services, you'll be consuming them from a traceable IP.
Mobile IP addresses are quite difficult to track apparently.
-
See, the problem with using fraudulent cards online is that if you want goods you have to give them an address.
That's what reshipping mules are for.
So online transactions have built in accountability that in person transactions lack.
But, yeah, without being international and a whole lot more effort, easier to fill up at the gas station.
-
obsolete encryption standard
Joke's on you, the only standard I ever received was one prohibiting my use.
-
Is there other reaction from her out there? I don't see anything objectionable about what she said. She was making a different point than the other cartoon twitterer posted in the OP, but I don't see anything unclassy or whatever about what she said.
She didn't get the joke and got offended by the fact that there are people who don't like wasting money on random youtubers. Too bad the joker turned out to be an asshole too with his third reply.
-
Also I should probably add that if you go and read over her tweets/bio/etc and get a sense of how she generally reacts to things (hint: lots of SJWishness) you'll see why I made the snap judgement of it (although I guess I just read it differently).
-
Meta discussion: is Social Justice worth fighting for/about/over?
-
Meta meta discussion: Please settle on a definition of social justice before we can determine if we want to fight about it.
-
Meta meta discussion: Please settle on a definition of social justice before we can determine if we want to fight about it.
That's just like a SJW, wanting to define everything.
-
No, they usually settle for redefining existing things and making up new words so they can be more racist. Definitions are probably a sign of masculine power, so I'd expect they get rejected.
-
Meta meta discussion: Please settle on a definition of social justice before we can determine if we want to fight about it.
-
No, they usually settle for redefining existing things and making up new words so they can be more racist.
:thatsthejoke.xls:
-
:thatsthejoke.xlsx:
Converted that for you. If you can make it into a pptx and send me the pdf that'd be great.
-
@Lorne_Kates said:
@antiquarian said:
:thatsthejoke.xlsx:
Converted that for you. If you can make it into a pptx and send me the pdf that'd be great.
Here you go:
:thatsthejoke.mdbx:
OH FUCK....that didn't help.
-
-
-
-
@boomzilla said:
:thatsthejoke.mdbx:
:ithinkyoumean.accdb:
:imsadinewthisone.accde:
:ordidimean.odb:
:muahahaha.scr:
-
-
Of course. No chance of me ever outfoxing you…
-
-
Visual FoxPro to the rescue?
-
-
I know one guy who swore by (not swore at) VFP, but I was going for the pun more than anything.
-
I've had two services I use/used leak my data this year, so I've taken a policy that if you screw up that badly I can't trust you ever again.
... How are there any services left that you feel you can use?
-
3-D Secure - Opayo - Elavon UK
