Forgot your password?

Comment: Re:Why? Nobody uses NFC payments (Score 1) 171

by mjwx (#47803647) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

NFC payment cards in Australia/Europe cryptographically sign a challenge from the terminal, using basically standard crypto. It's EMV all the way. In-person magstripe payments are carefully controlled and risk analysed to ensure they only occur if, for example, the card is broken - or outright banned.

You know nothing about bank security.

First off, the NFC cards are not cryptographically secure in the slightest. In fact they give out your card number, name and expiry date to anything that asks for it and once a crim has your CC number they can do all manner of things with it from online transactions to cloning the card itself. This app for any NFC enabled android phone can read your card, last I checked the source code is available for the uncensored version. This is not top secret info, it was based on the specifications publicly available on Visas website.

Secondly, there's no requirement for EMV on any Australian terminal. We're closer to the US than Europe in that regard. Magstripe transactions are not controlled in any way, shape or form. I've got a Citibank Plus card that's a few years old and it hasn't got a chip. 100% magstripe and it's never been rejected anywhere (in fact it's been rejected less than NFC in my Mastercard and I use the Citibank card at least 10 times as often).

Comment: Re:Why? Nobody uses NFC payments (Score 1) 171

by mjwx (#47803611) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

A few years ago, those Google NFC payment terminals were all over Silicon Valley. Nobody used them. Newer credit card terminals show no sign of supporting them, although some apparently have the hardware inside for it.

Another problem is that if the technology just requires the phone's presence, not interaction on the phone, it's insecure. "Near field communication" is only supposed to be up to 20cm, but a 2013 paper at Black Hat demonstrated connectivity at 100cm, which is good enough for crime. If it does require interaction on the phone, the user has to activate the phone, navigate to some app, and deal with the app. This is slower than swiping a credit card.

It's easier to do than card-reader skimmers.

This is why a phone is better than the NFC cards most people have in their wallet right now.

The Paywave/Paypass NFC cards will give the card details to anything that asks for them. All the malicious software has to do is follow the spec available to the general public on Visas and Mastercards websites. That's how this little app came about (actually this is the censored version, the source code is available on github). The card gives out the number, name and expiry date... basically everything written on the front of the card. So harvesting CC numbers has become a lot easier.

With a phone at least you can control who gets that information, a simple popup message saying "x terminal wants your details" with confirm or deny buttons (and an automatic deny in 15 seconds). Above this, you can actually implement some kind of cryptographically secure encryption like a PRNG or at the very least a 2nd factor of authentication.

But it's going to take a government like the EU to force banks to do this. Right now it's easier for them to swallow the cost of fraud (which gets passed on to you anyway). Banks simply dont care about security because it costs money (capex, fraud is opex).

Comment: Re:As much as I hate Apple (Score 1) 171

by mjwx (#47803581) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

Not even Apple is capable of creating an entirely new payment ecosystem. They'll play ball with the banks and card associations, or they'll go nowhere.

So what you're saying is that Apple is going to get nowhere.

Apple doesn't follow standards.

Google chose NFC for the Android phones because NFC was a standard, it was well defined, mature and compatible. I can read NFC enabled cards from my phone (all you need is the software to interpret the output). Its only a matter of time before I can make payments via NFC on my Android phone.

Comment: Re:As much as I hate Apple (Score 1) 171

by mjwx (#47803539) Attached to: Apple Said To Team With Visa, MasterCard On iPhone Wallet

I am in Australia and have Visa PayWave attached to my card yet I never use it (using EFTPOS instead) because there are fees attached to PayWave but not EFTPOS (with my bank at least) and because EFTPOS transactions show up faster and better on my online banking.

Australian here, I'll explain this one.

In Australia you have three options when you pay by card, Savings, Cheque and Credit. These define what network the transaction goes through and that determines what fees and charges are applied to the transaction.

Savings and Cheque are part of the EFTPOS network and have a small per transaction fee (usually in the vicinity of A$0.20) that the merchant absorbs. This network is Aus/NZ specific and is not related to similarly named networks overseas.
Credit routes the transaction though the Visa/Mastercard network. This has a per transaction fee plus a percentage of the transaction taken as a merchant service fee (anywhere between 0.5-4%, some high end cards like Amex have a 6% feee). It is entirely legal for a merchant to pass on this fee in Australia (and the Visa/Mastercard terms of service dont override Australian law). Now even if the merchant absorbs this fee, you end up paying in the form of higher prices (that are already too damn high in Oz)

Paypass/paywave automatically routes through credit, so you automatically get the higher fee.

Comment: Re:Yup - the story is doing its job (Score 1) 360

by mjwx (#47797769) Attached to: Islamic State "Laptop of Doom" Hints At Plots Including Bubonic Plague

I remain conflicted; as a moderately competent STEM educated person, I am aware of any number of ways of reducing Western cities to chaos without a lot of effort and no risk. Yet our jihadi brethren never succeed in pulling it off. 7/7 in London and the Boston bombing seem to have been independent efforts, not carried out by people in the jihadi chain of command. Which leads me to suspect a lot of the hype is FUD by our government, or at least its security agencies, to milk the situation for as much as possible. OTOH it is totally clear that IS and HAMAS are committed to doing very nasty things to anyone who gets in their way. Something weird is going on; I look forward to discovering the truth, but I have nasty suspicion we won't.


Our governments are gunning for war and this seems like a very convenient intelligence coup. Besides, it's not like they weren't wrong about Saddam having weapons of mass destruction, right, guys, right?

Comment: Re:Baby steps (Score 1) 274

by mjwx (#47797625) Attached to: Hidden Obstacles For Google's Self-Driving Cars

It will be decades before these vehicles can handle real life situations. You will need AI that can improvise as well as a human. Good luck with that.

I'm sure that there will always be a few situations where a skilled human driver will make better decisions, and produce better outcomes, than standard automation.

I'm equally sure that there will be exponentially more situations where standard automation will make better decisions, and produce better outcomes, than average (or even well above-average) human drivers.

I'm sorry, but "there will always be situations where a human performs better than AI" sounds an awful lot like "I won't wear a seat belt because it might trap me in a burning car". It's not wrong, but it is foolish, and it's a poor decision.

You could have just said "I dont actually understand the issue or how your statement relates to it", it would have been faster.

An AI at the moment is nowhere near as good as a terrible driver because the AI cannot deal with situations that have not already been programmed into is where as the worst of our drivers can. Sure it can handle common issues better, ones that have been predicted but it's the scenarios that haven't been programmed into it that it will fail horribly at. Sure you can set a default of "stop" if it doesn't know what to do but that is as dangerous as "set throttle to 100%". The thing is, uncommon situations on the road are not that uncommon.

What is worse, if you take 100 bad meat-based drivers they will all fail in different ways, if you take 100 autonomous cars, they will all fail in the same way.

Finally, and this was the GP's point, even a terribad driver will learn on their own. Google's car is not capable of this yet (and probably wont be for some time), for a problem with the autonomous cars AI to be corrected, the data will need to be taken back to Google and an update issued (I suppose it makes the term "crash dump" a little more literal). For this reason alone, 100% autonomous cars are a long, long way off.

Comment: Re:can it get me home from the bar? (Score 1) 274

by mjwx (#47797473) Attached to: Hidden Obstacles For Google's Self-Driving Cars

In any case, most cyclists have cars too, so are paying the "road tax" anyway. Having said that, I would be quite happy to pay road tax on my bike - it might shut up people like you.

Having a large "highlight reel" of cyclists antics from my dash cam, I dont give a flying fuck if cyclists pay for roads (cycle paths also some from tax money, but again I'm not fazed) I simply want them to be licensed so that they know the rules regarding riding on the road and road going cycles to be registered so when they're caught doing the wrong thing they can have their road going privileges taken off them.

Basically, I want them held to the same minimum standards as other road users (read: car drivers and motorcyclists).

However cyclists absolutely hate this idea because it will shatter the frail illusion that cyclists are perfect and everything that goes wrong is someone else's fault. The mere mention that cyclist need to follow the same road rules as other road users get the Lycra warriors up in arms. Simple things like keeping left, not trying to undertake parked vehicles, abiding by red lights (cyclists running reds in Australia is endemic... and the same people want to make it that any accident between a bike and a car is automatically the cars fault) and staying in the cycle lane (in Australia is is illegal for a cyclists to ride in any other lane if there is a cycle lane present).

I've got no issue with sharing the roads... I just wish cyclists would extend the same courtesy to other road users.

Comment: Re:can it get me home from the bar? (Score 1) 274

by mjwx (#47797427) Attached to: Hidden Obstacles For Google's Self-Driving Cars

" google cars should never be allowed on the road."
Not: " until they can reliable detect bicycles, driver-less cars shouldn't be sold to the public.

OK, once they reliably detect bicylces, what can they do about them.

I propose Goolge invents a door actuator to knock them down once detected within 0.5 metres to demonstrate the error of their way. If Google does not rise to the challenge, we'll give it to the Top Gear team.

Mystics always hope that science will some day overtake them. -- Booth Tarkington