Pages: 1 [2] 3   Go Down
Author Topic: This is the month of fraud prevention, lol  (Read 4759 times)
0 Members and 1 Guest are viewing this topic.
Central MN, USA
Offline Offline
Tesla Member
***
Karma: 72
Posts: 7175
Phi_prompt, phi_interfaces, phi-2 shields, phi-panels
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
It defines two types of contactless cards ("A" and "B") and allows for communications at distances up to 10 cm (3.9 in)

More than 4 inches from a cash register and you are OK. Plus, it would need to be subverted somewhat to ring up a sale without you noticing. Heck, if the shop is that dishonest you probably have other problems.

I would imagine this is just a factor of getting a bigger antenna, but feel free to correct me on this.

I'm afraid you are right. If you can emit the right frequency to energize the RFID (easy) from a "safe" distance, I think it will start emitting its ID. Then if you have a good antenna the size of, say a shopping cart (or just the metal shopping cart itself), you can pick up this weak signal, if it's not buried by noise. I'm not sure if there's enough noise at that frequency unless there's a bunch of other RFIDs around. Then once received, you radio it unmodified to a remote location and send it out via an antenna. The RFID reader at that location will think the card is right next to it. This way is not cloning so completely immune to encryption. You listen fast enough to what the RFID says and repeats verbatim to the reader miles away.

Here is what I found about RFID theft:

http://en.wikipedia.org/wiki/Wireless_identity_theft

I am not sure how this theft can be defeated by upgrading technology.
Logged


In Front Of Computer
Offline Offline
Newbie
*
Karma: 0
Posts: 47
Resistance is futile, but only for less than ten ohms.
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Here is what I found about RFID theft:
http://en.wikipedia.org/wiki/Wireless_identity_theft
I am not sure how this theft can be defeated by upgrading technology.
I have a bit of a background in cryptography, and I remember reading about a secure ID scheme (eID) that was used in Belgium that made use of digital signatures as well as microprocessors on the ID cards themselves that ran advanced cryptographic algorithms.  It isn't exactly a perfect scheme, but it at least makes it significantly more complex for crooks to exploit.
« Last Edit: August 02, 2013, 10:36:31 pm by thepenguin » Logged

The Three Laws of Thermodynamics:
1. You can never get ahead, you can only break even.
2. You will only break even at absolute zero.
3. You

Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1906
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

If you can add gps info to the message the car knows you are not close.
Best regards
Jantje
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Central MN, USA
Offline Offline
Tesla Member
***
Karma: 72
Posts: 7175
Phi_prompt, phi_interfaces, phi-2 shields, phi-panels
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

If you can add gps info to the message the car knows you are not close.
Best regards
Jantje

That will only work in open parking lots. If you are in underground parking garage you can't get any GPS reception.
Logged


Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1906
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

If you can add gps info to the message the car knows you are not close.
Best regards
Jantje

That will only work in open parking lots. If you are in underground parking garage you can't get any GPS reception.
True; but you could get a far better security when both the car and the key use the "current gps location and if no current; last know gps location"
Secondly Indoors positioning systems are in the progress of becoming reality.
So no silver bullet but a major increase in security. However adding gps to a rfid key is not gonna be easy with current technology ;-)
Best regards
Jantje
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Now I have one from the Santander Bank which I have never heard of, let alone have an account with.

Quote
Santander Bank is sending you this e-mail to inform you that our
service to you could be suspended.
Logged

Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1906
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Now I have one from the Santander Bank which I have never heard of, let alone have an account with.

Quote
Santander Bank is sending you this e-mail to inform you that our
service to you could be suspended.
You must be listed somewhere as a rich guy  smiley-twist
Best regards
Jantje
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Offline Offline
God Member
*****
Karma: 7
Posts: 647
"In this house, we obey the Laws of Thermodynamics" Homer J. Simpson
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Contact-less  passports seem to be the first foray into this area. Why anybody thought this was a good idea beats me. Anyway it is correct that the range was "supposed" to be limited. In other words the passport had to be in close proximity to the reader. However if my memory is correct a number of university papers were then published which extended this range to tens of meters and proposed "man-in-the-middle" attacks that could get somebody through a border check using the passport of somebody else in the queue. In other words without the need to break encryption.

The banks now seem to be going down the route of contact-less cards. Did you ask for this? Does it provide you with any advantages?

Simultaneously they are also pushing to have security breaches pushed back onto the card holder. They also do not provide an indication on statements that transactions have occurred wirelessly nor do they allow card holders to block their cards being used wirelessly. Given that banks lose billions annually to fraudulent use of the relatively secure chip and pin system I can fully understand why they would rather push very strongly (and put a lot of money behind) getting us poor prols to pay.
Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Got another message, sounds bad:

Quote
Dear Yahoo User,

This notice is to inform you that we are embarking on an end of the month emergency server transplant and we insist that all user re-verify there username and password to avoid account termination.

For security reasons We advice you should download the attached form to re-verify.

"Server transplant? Sounds pretty painful. I hope it recovers.
Logged

Global Moderator
Dallas
Offline Offline
Shannon Member
*****
Karma: 200
Posts: 12782
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I find it funnier to get phishing e-mails for banks I don't even have accounts with smiley-cool

Got one of those today.  Apparently I'm overdue.
Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

In the one above I see at least three spelling mistakes: "transplant", "there", "advice".

Of course, they pass a spell-check, but are wrong in the context.

Plus, I'm not a Yahoo User.
Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Got another one today:

Quote
And if  you want to unsubscribe email notification about new vocations let me know and I will delete your email from a Mailing list.

Notice he says he will delete my email from a waiting list, not this particular one.

Apparently this particular job offer is something to do with trails:

Quote
During trail-period you will be informed about main vacancy you will pick and your salary will be $1500 USD per every 2 week of trail-term.

Logged

Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1906
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Notice he says he will delete my email from a waiting list, not this particular one.
I wonder. If you stay on the waiting list ..... you will never get spam? But this can't be true as you already got spam.
So what is this waiting list for?  smiley-twist
Best regards
Jantje
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I misquoted. It is a mailing list, not a waiting list. But yes, we all know that if you reply you have just confirmed that the email address is valid, something they may not have known before.
Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 474
Posts: 18696
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

This one doesn't have a good start:

Quote
Goog news for you and your health!
Logged

Pages: 1 [2] 3   Go Up
Jump to: