Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The security by obscurity approach usually give you only an ILLUSION of security


Security has nothing to do with fraud. And in combating fraud, obscurity works. SSL is security, but it's meaningless if the site you just sent your CC data to is fraudulent.

Then, you need to understand how open PayPal is to fraud. I can easily commit major crimes using PayPal, and security has nothing to do with it.

This is the challenge they face. If you think it's an easy problem to solve, ask yourself: why is there no one else out there doing this same thing? Why are all the other supposed opponents limited in such drastic ways that PayPal is not?

I'm not suggesting they are perfect, but your trite remark is meaningless and ignorant of the realities of the system.


Yes...once they figure it out, you still need to change your spam filtering/fraud detection methods. But if they have the algorithms, then they can figure out how to bypass it offline, on their own hardware, and you'll never now that it is happening until it is too late.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: