Verified by Visa: How not to design authentication

A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers.

The system is called 3-D Secure (3DS) but known better under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an on-line purchase.

As a reward for investing in the systems, merchants are less liable for fraudulent transactions and are stuck with fewer chargebacks. But banks such as the Royal Bank of Scotland are now holding consumers to a higher level of liability if fraudulent transactions occur using either system, said Steven J. Murdoch, a security researcher at the University of Cambridge.


I’ve been aware of the security issues with Verified by Visa for a while now, but it’s becoming increasingly difficult to avoid using the scheme. Right now I’m having to decide if it’s worth compromising my security for a cool pair of trainers. Previously, I’ve been able to use PayPal, or some other alternative, but Adidas offer VbV or nothing.

If you shop online often, read up on this a little. here’s a link to the actual paper, which is quite short and readable.

Veri ed by Visa and MasterCard SecureCode: or, How Not to Design Authentication [PDF 164KB]


3ds Max vs. Blender: Revealing results of a CG software user survey

It’s clear from the pie chart that 3ds Max is the giant in the market here, with Maya (also an Autodesk product) the next big player. If you scroll down the article, what really stands out is that both of these packages consistently rank the lowest in user satisfaction.

I was surprised to see that Lightwave has such a small share. I’ve always had a soft spot for it, but perhaps in recent years the situation has changed. I stopped doing 3D work around the same time that Modo came out, and I was aware that many were switching loyalties then.

The Cinema and Houdini get big positives, but I’m especially pleased to see the open-source Blender rank so highly in most responses. I’m hoping to get back into CG graphics soon, and I’d love to invest my energies in free software.