Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:It's all crap. (Score 1) 132

by Andy Dodd (#49189205) Attached to: A Critical Look At CSI: Cyber

"but since CSI Miami more or less gave up any pretense that it was meant to be and instead was 45 minutes of Horatio being awesome, saving women and children and shooting very heavily armed but remarkably inaccurare bad guys it was actually far more entertaining." - or, why I actually LIKE watching Scorpion. :) It's so bad, it's good!

Comment: Re:Try and try again. (Score 2, Interesting) 419

I am currently an avid Android user.

I used to be an avid Windows Mobile user. WM5/6 were actually, when they existed, the MOST power-user/business-friendly mobile OSes out there. They were more geek-friendly than any of the horrifically locked-down "Linux-based" mobile OSes.

Then Microsoft dropped WP7 on the world - an OS which was unusable for nearly 100% of the core WM5/WM6 user base. At the same time, Android was coming onto the scene, which had everything that WM5/WM6's core user base wanted. MS never recovered, they utterly screwed up. NEVER alienate the majority of your core user base, even if it's trying to reach a "new" audience - especially when the "new" audience you're targeting is already drooling over a competitor (Apple).

Comment: Re:someone explain for the ignorant (Score 1) 449

by Andy Dodd (#49090531) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Many of VeriFone's units now implement contactless EMV with a reader that is below the screen... So you tap your payment device to the screen itself, and it is also frequently NOT obvious that the unit is contactless-capable. When Wegmans first deployed them I was really disappointed they eliminated contactless, until I noticed the contactless payment logo appear briefly at the end of the checkout process.

I've seen these VeriFone units at:
Firehouse Subs
Target (contactless is currently disabled though due to the CurrentC mess)
Hershey's Chocolate World (these units were lower-end/smaller than the three above, but still had contactless-under-the-screen support)

Unfortunately, it seems like VeriFone gives retailers a LOT of flexibility as to the UI/UX of these new readers, and every single one of them has an utterly shitty workflow for contactless.
For example, Wegmans allows you to scan a barcode for their loyalty card or swipe the card via magstripe. If you swipe via magstripe, it will prompt you for desired payment method. If you scan the barcode, there's a beep and no other indication that anything happened. The contactless reader is not activated until you select "Credit" after a Shopper's Club magstripe swipe... So you can't use contactless payment without mag-swiping your loyalty card!

Comment: Re:someone explain for the ignorant (Score 2) 449

by Andy Dodd (#49090471) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

"EMV is going to render a lot of crappy, insecure technologies obsolete (things like Coin, LoopPay, NFC, and many of the smartphone based "wallet" apps.)"
WAT? Yes, LoopPay and maybe Coin will be rendered obsolete, since I know LoopPay is magstripe based and hence it's going obsolete in October.

But for the rest, "EMV is going to render itself obsolete" - makes NO sense whatsoever. Apple Pay, Google Wallet, and all other known NFC payment methods ARE EMV!!!! In fact many of them are more secure than the "plastic card" based EMV since both Apple Pay and Google Wallet use time-limited/geographically-limited or one-time-use transaction tokens, wherease "plastic card" EMV can fundamentally not be limited in time to anything other than the expiration date and can't be geographically limited.

In the case of Wallet, IIRC the method used since Google Wallet moved to HCE with KitKat is to generate a time/geography limited credential when you unlock Wallet with your PIN (which is why HCE-based Wallet needs a network connection for unlock, while the previous SE-based Wallet did not).

Comment: Re:Apple Pay = One time card numbers (Score 1) 449

by Andy Dodd (#49090403) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Yup, and even the units that can't do that (since they're a standalone chip in the card) have, at a minimum, a monotonically increasing transaction counter that is incremented every time the chip is read.

Skips in the counter are allowed (failed reads, accidental reads, etc.), but any "out of order" transactions will trigger an instant fraud alert.

For example:
Your card is at transaction counter 1000
A thief reads your card. He gets 1000, your card increases to 1001
Thief chooses a transaction counter of 1005 and makes a purchase
You try to use the card, payment processor sees transaction counter drop from 1005 to 1001 - instant fraud alert trigger

Most importantly here is that you can easily prove it was fraud and will not be liable for the charges. You can't prove this with magstripes, which is why credit card companies are shifting fraud liability for magstripe transactions from them to the retailer (who is likely to pass the pain on to you) in October.

Comment: Re:someone explain for the ignorant (Score 1) 449

by Andy Dodd (#49090319) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Actually, EMV can be either. There are standards for both. Both methods meed the credit card company requirements for avoiding the fraud liability shift in October.

IIRC, it's ISO 7816 for contact-based EMV, and 14443 for contactless

Also, I'm surprised that ArmoredDragon hasn't seen vendors with an ISO7816 reader, considering that most of the retailers involved in MCX have installed those and not contactless readers as a way of starting to prep for the liability shift without encouraging contactless-based payment systems (Google Wallet, Apple Pay) that compete with CurrentC.

For example, every Walmart I've been to in the past 3-4+ months has had ISO7816 readers, and in fact refused stripe-swipes from my father's card that supported 7816 back in September. (but the 7816 reader was broken, so he had to use a different card... nice one Walmart...) I believe Target's card readers also do 7816. They've also got 14443 capability built in (it's under the screen on that model of VeriFone terminal) but it's not enabled due to MCX/CurrentC.

Comment: Re: The new power supplies may be sensitve to EMP (Score 1) 192

by Andy Dodd (#49017665) Attached to: Xenon Flashes Can Make New Raspberry Pi 2 Freeze and Reboot

IIRC the GSM frame repetition rate was around 400-440 Hz.

Many electronics will, when exposed to RF like this, behave exactly like the legacy "crystal" radios did - these were nothing more than a basic envelope detector (diode + low pass filter) combined with a tuned resonator.

Hit a crystal radio with a lot of local RF (1/R^2 remember?) and it'll receive a "station" it's not tuned to.

Comment: Re:Don't trust any of them ... (Score 1) 82

by Andy Dodd (#48972163) Attached to: Samsung Set To Launch Mobile Payment System With Galaxy S6 At MWC

Even if Apple has the card number - credit cards have built-in fraud protection.

I trust Google with my credit card info, and in the event that they screw up (as of yet, they're one of the few people who HASN'T screwed up at this point with a major breach a la Target and TJ Maxx), the card still has fraud protection.

Wanna bet Samsung's crap is ACH-backed like CurrentC? If it is - STAY THE HELL AWAY.

Comment: Goodbye Samsung (Score 4, Insightful) 82

by Andy Dodd (#48972141) Attached to: Samsung Set To Launch Mobile Payment System With Galaxy S6 At MWC

"Samsung can't afford to give away its position in the smartphone market, and a payments system tailored to customers is a key factor."

Samsung has been losing marketshare because customers HATE being assaulted with Samsung's crappy substandard "me-too" crapware.

This is just more of the same. They just don't get it.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen