Forgot your password?
typodupeerror

Comment: Re:Why? Nobody uses NFC payments (Score 1) 170

by JaredOfEuropa (#47799909) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet
There's an offline mode for payments? I've never seen that in action, and the only portable terminals I have seen have a cellular data connection.

The card itself is indeed capable of verifying the PIN, which is used for online banking and payments (at least it is in the Netherlands). Online banking uses one-time passwords (OTP), generated by a small dongle into which the bank card is inserted. The card's PIN has to be entered on the dongle every time in order to generate an OTP, and the card will lock out after 3 incorrect PINs have been entered. It's not bad, but a pretty good system since the PIN never has to be entered on a computer, only the OTP is entered and that cannot be used by key loggers for replay attacks. The system is still vulnerable to man-in-the-middle attacks but in principle you can more or less safely do your online banking from, say, a web cafe in Bangkok, if you are careful (only do one transaction per session, end the session and contact your bank if you receive an "incorrect OTP" error).

Comment: Re:Why? Nobody uses NFC payments (Score 1) 170

by JaredOfEuropa (#47799849) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet
It looks like they want to combine NFC with some interaction on the phone. It could be as simple as only allowing payments when the phone is unlocked, so with an iPhone 5S that would mean 1) take phone from pocket, 2) unlock by thumbing the home button / fingerprint scanner, 3) swipe phone past scanner. Perhaps there's a popup to confirm the amount if it's over a certain limit. At the very least, I'd expect such integration to mean that swiping the phone will automatically open the payment app if required.

Partnering with major CC companies is nice but what I am really hoping for is integration with companies like Maestro (part of MC), linking the phone to a debit card. This would make the transaction fees for merchants a whole lot lower and would speed adoption in Europe. In my country, pretty much everybody has a Maestro compatible debit card linked to their current account, and almost every shop has a Maestro terminal.

Comment: Re:Why? Nobody uses NFC payments (Score 2) 170

by IamTheRealMike (#47799265) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

NFC payment cards in Australia/Europe cryptographically sign a challenge from the terminal, using basically standard crypto. It's EMV all the way. In-person magstripe payments are carefully controlled and risk analysed to ensure they only occur if, for example, the card is broken - or outright banned.

NFC payments in the USA involve the phone sending regular magstripe data to the terminal, with only the CVC code being some kind of cryptographic derivative - a three digit number (less than 1000). The reason for this crazy setup is so merchants don't have to update their backend/PoS systems that still expect magstripe data. There is no plan to perform a complete upgrade thus old style transactions cannot be phased out. It's a dramatically less secure system.

Comment: Re: As much as I hate Apple (Score 4, Interesting) 170

by IamTheRealMike (#47799247) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

More importantly, the underlying technology is totally different. VISA Europe is not at all the same as VISA USA. VISA in Europe is a coalition of banks, VISA USA is a private company. America has never rolled out EMV, making its banking industry a ridiculous joke compared to, well, everywhere else. You don't get reports of major European supermarket chains getting their PoS systems hacked and magstripes skimmed like you do in the US, because EMV is a much more secure system.

The NFC payment cards that are rolling out around the world (outside USA) now are basically a variant of EMV/Chip and PIN. The underlying crypto is the same. The card signs a challenge from the terminal. They're upgrading to elliptic curve crypto at the moment actually, not sure if all NFC cards do that or not but it would not surprise me. NFC as tried by Google in America is actually a very minor variant on just sending your magstripe data via radio. I believe the CVC code rotates (three digits of entropy lol) and the tech is based on a Secure Element hard-wired to the NFC radio. But the phone has minimal control over the actual payment transaction, thus doesn't add much value beyond being a big battery, and that's why the tech largely stalled. Also they screwed up the compatibility testing and the terminals were full of bugs that meant transactions just sort of randomly failed.

So don't be fooled. The "NFC payments" that we know outside of North America is totally different to what they call "NFC payments", which is an unfortunate piece of linguistic confusion.

Comment: Re: Wireless security (Score 1) 82

by David Jao (#47798233) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess
If you're using client certificates for authentication, and an attacker obtains the server cert, then the attacker can successfully fool you into thinking that you have connected to the real server, but the attacker cannot successfully fool the real server into thinking that you have connected to it. This kind of "half-MITM" attack is not usually thought of as a full MITM. The authentication protocol uses a challenge/response protocol which incorporates ephemeral keys and hence is not portable even between two entities both holding the same server cert. That is, if A and B both have the server cert, and A challenges C, and B obtains C's response to A's challenge, B cannot then impersonate C to A, since B does not know either C or A's ephemeral DH keys. Even if the attacker just blindly proxies between the real server and the real client, it won't work; in this case the communication would just be a real connection that the attacker can't decrypt or alter in any way thanks to forward secrecy.

Comment: Re:How I know that Russian troops are not in Ukrai (Score 2) 220

by IamTheRealMike (#47796801) Attached to: Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

Here's a tip, my Russian friend: if you want to pretend to be a neutral observer on the Ukrainian conflict in an internet forum, then you'd do better to proofread your post again and again until you manage to remove the little telltale signs that your native language is Russian. No informed reader of your post above is going to be convinced you don't have a significant dog in this fight.

You know, maybe some of us should complain to Slashdot about the Obama/Poroshenko-bots that reliably and consistently troll every single story about this conflict? You know, the ones who imply that anyone who even slightly skeptical about the propaganda we're all being fed, must be Russian or a paid Kremlin propagandist?

Suck on this. I'm a native English speaker from the UK, I have never been to Russia, I have been reading Slashdot for about 14-15 years, posting for most of that time too. And the Anonymous Coward tells it like it is. Poroshenko has claimed Ukraine was invaded like ten times already. He claimed he was being "invaded" by a fucking aid convoy, including after Putin's honesty about it's contents had been verified by international journalists and the Red Cross. In fact he asserted he'd shell said convoy, so the Red Cross chickened out, but the crazy Russians just drove right in there and delivered that aid anyway.

So as a native speaker, please heed my call - let's all stop abusing the English language shall we? We know what an invasion looks like. It looks like what the USA did to Iraq. It looks like Russian flags flying above Kiev and Russian tanks rolling down the streets to the parliament building. It does not look like journalists scrabbling around presenting the testimony of a milkmaid in a farcical attempt to find an army, as the Guardian did only a few days ago. Now condemn Putin for militarily supporting the rebels if you like (though the proof of this is wafer thin as well), just be aware that this is something many countries do, including the ones that are currently being most shrill about Ukraine. So such an argument doesn't have much impact, unfortunately, though I wish we lived in a world where it did.

Comment: Re: Wireless security (Score 1) 82

by David Jao (#47794097) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess
Having all their traffic to and from one server is not as devastating an attack as having their password. For one thing, users tend to re-use passwords across multiple sites. I'm sure you can think of plenty of other reasons why client certs are at least *slightly* safer than username/passwords.

Comment: Re:Cut the Russians Off (Score 2) 827

by IamTheRealMike (#47777231) Attached to: Russian Military Forces Have Now Invaded Ukraine

That's a rather one-sided view of what happened. Yes, the Soviet Union did invade Afghanistan as part of pushing its global ideology, much like the USA invaded Vietnam. But the stone age state of Afghanistan at the time of the US invasion in 2001 was a direct result of America supporting religious fanatics in a proxy war, the mujahideen, who after the war ended and the Soviet's were defeated went on to become the Taliban. That's why bin Laden is so famously a former ally of the US.

The USA is not only building an empire but doing so in plain sight of everyone. To quote Putin directly:

Our partners, especially in the United Sates, always clearly formulate their own geopolitical and state interests and follow them with persistence. Then, using the principle “You’re either with us or against us” they draw the whole world in. And those who do not join in get ‘beaten’ until they do.

This principle is most clearly visible in two acts. One is that the sanctions on Iran are built as a "you're with us or against us" model. Any country that is seen by America to be "undermining" the sanctions i.e. not joining in is itself sanctioned. And the second act is again sanctions based: every financial institution in the world is being taken over by Washington via a system of recursive ("viral" if you like) sanctions that require banks to obey the USA even if that would contradict local laws. The goal is to collect tax from American's abroad. It's called FATCA and it's resulted in many, many nations having to repeal their own privacy laws, in order to allow banks to become agents of the US Government. They were given no choice in the matter.

So the USA has found ways of forcing people in countries all over the world to: (a) engage in economic warfare against America's enemies and (b) pay taxes directly to America, all regardless of what the local government wants or how the local people vote.

Being able to conscript people to their fights and force payment of taxes is the very foundation of empire itself.

Comment: Re:Alternate views (Score 1) 827

by IamTheRealMike (#47777045) Attached to: Russian Military Forces Have Now Invaded Ukraine

Check back in 6 months, compare what they reported on this conflict to what really happened. Because they were reporting the Ukrainian protests as being a bunch of Fascists who, if they had their way, would be building concentration camps for Russian speakers. Of course, the protesters won, got new elections, and turned out to be what they appeared to be; moderate youths who want increased relations with the EU.

Let's set aside the idea that RT is somehow horrendously biased and we can learn what really happened by, er, reading our totally neutral and trustworthy western newspapers.

Let's instead focus on an indisputable fact. This wonderful new parliament put in place by moderate youths who wanted only increased EU relations, on the very next day after the ex-President fled (the one who did actually win an election), voted overwhelmingly to repeal a law that made Russian an official language. Their first act wasn't to improve relations with the EU, or heal the giant rift between east and west Ukraine, their first order of business was to drive an even bigger wedge right between their own citizens.

Is it any wonder that this glorious democratic government our leaders love so much reacted to an independence movement in their country with massive military force, and has been shelling their own citizens ever since?

By the way, here's how RT reported it at the time. Seems pretty accurate to me.

Comment: Re:Cut the Russians Off (Score 1) 827

by IamTheRealMike (#47776375) Attached to: Russian Military Forces Have Now Invaded Ukraine

That's sort of like saying the Soviet's didn't invade anywhere during the cold war. They just supported puppet governments and militias in their place, as did America (hence Osama bin Laden being a former employee of the CIA).

They all still have both political sovereignty, and also control of their legal borders.

You can't claim that America deciding unilaterally to engage in "regime change" to use the delightful term is respecting political sovereignty. What happens is the USA evaluates a government and if it's not one they like, sometimes they remove it by force and replace it with a new one they like better. Said country has "control of their borders" only if you ignore that the US military operates within those borders at will.

Comment: Re:Inevitable (Score 1) 827

by IamTheRealMike (#47776281) Attached to: Russian Military Forces Have Now Invaded Ukraine

While people may have been all pissy about Bush, unilateral wars, and Team America World Police, the fact of the matter is that it was better than the alternative.

What alternative is that, exactly? That Iraq invades America? That the Afghans conquer Europe?

I'm trying to figure out how the world would look if Team America had not said "Fuck Yeah" so many times in the past decades. I think it'd probably look much the same as it does now, except quite possibly ISIS would not exist.

Comment: Re:Alternate views (Score 1) 827

by IamTheRealMike (#47776247) Attached to: Russian Military Forces Have Now Invaded Ukraine

Your comment will be down-voted into oblivion after a few hours.

Try 20 minutes. It went up to +5 Interesting almost immediately. Now it's at zero. What's hilarious is the stream of comments on these stories claiming that Russia is manipulating online forums. All I see is that right now anyone questioning the western party line is immediately zerod out so nobody sees it. I don't think that's because of cunning governmental manipulation though. I think people are just desperate for the old days when they could feel like they were the good guys in a fight of "good vs evil". Whacking Muslims in the desert just doesn't feel as awesome as a good old fashioned America vs Russia showdown.

Comment: Re:Alternate views (Score 1) 827

by IamTheRealMike (#47776059) Attached to: Russian Military Forces Have Now Invaded Ukraine

It seems all governments do that at the moment. The USA even does so publicly.

Regardless, if you believe anyone who merely questions the obvious propaganda being bandied about by both sides is a paid employee of The Other Side then you're delusional. I'm hardly anonymous on this forum and my account dates back I'd guess about 13-14 years. The Guardian comment made claims that made me curious and is, at minimum, merely repeating claims made in other news outlets, which is worthy of exploration by itself.

Forty two.

Working...