macserv

"I'm speculating that Apple might be using the Square card reader, rather than rolling out an iPad case with a card reader."

Apple uses Verifone as their card payment processing service, so it's highly unlikely that they'd deploy a reader which doesn't enforce end-to-end encryption of swiped data. Any reader Apple uses with their point-of-sale iPads will either be wireless via Bluetooth, or— most likely— plugged in through the dock connector.

Agreed, but "Castle" sure does sound like an Apple code name to me.

@Faceless Troll No real hacks, but he is taking advantage of a glitch. Valve removed the delays for portals opening and closing, and also greatly increased the force portals use to force you out when you relocate a portal. This was intended to kill the "peek-a-portal" glitch from the original game, but ended up creating a glitch you can use to propel yourself higher and higher, seen at 3:54.

There is no processing hardware of any kind; the strip is read by a magnetic tape head. The data is sent to the phone as if it were raw audio, to which the Square app "listens", and processes it accordingly, like an old TRS-80 reading a program from cassette tape.

Because of this, as Verifone demonstrated, it's very easy to build a skimmer that looks just like a legitimate card processing app, but just gathers credit card numbers. One could also implement a less-obvious "man-in-the-middle" attack on an unsuspecting device.

This is all about deterrence, but the deterrent does matter. Making it more difficult to execute an attack *does* make it less likely that an attack will take place. There's a lot of naïveté in the comments here regarding the credit card industry, and how protective they are of the layers of security they've built up to reduce fraud as much as possible. They won't willingly introduce a new risk, and they're going to put Square through the paces.

I've been saying the same thing since the Square solution hit the scene, and I've concluded by noting that whichever company assimilates the other's strengths (Square's brilliant payment model or Verifone's hardware robustness and thorough background checks) is going to eat the other for lunch. Right now, it looks like it's gonna be Square.

I don't think Apple will bother with a USB hub when they'd much rather see Thunderbolt take over, at which point you won't be needing a hub anymore.

He was, but the fact that the iPad 2 is currently available for purchase tends to numb the sting a bit.

The Harmony thing was even more clear-cut than that... Real was illegally manipulating Apple's FairPlay DRM to get their tracks to work in iTunes. That's even worse than Palm spoofing the USB vendor IDs.

@ZayCube Coming this summer, if I remember correctly.

@MC SE7EN: Not only are vendors *able* to fragment the Android experience, they're somewhat forced to, if they want to retain maximum control, and save as much money as possible up front.

You see, the OS itself is open, but the Google apps people want to use (Gmail, Chrome, Google Calendar, etc.) are licensed separately, and not open. So as a handset vendor, you can choose to pay Google and agree to their distribution terms, or create your own versions of those apps.

Ugga no file patent.