secure_contactless_payment

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:22 +0000

2016-05-04 - secure contactless payment?

contactless payment is a neat idea. unfortunately it is not very secure (1 2 3 – to name some of the issues). the main problem is that the card itself is able to allow payment w/o any interaction. how about adding one?

of course it cannot be PIN code, as the main idea was to eliminate it for “small payments”. instead card could have a sort of a small contact fields, that one would need to touch, in order to accept payment. from user's PoV it would only mean to keep card by a selected corner (say: with contacts on top and bottom). w/o closing the loop, payment would not get accepted. this way universal, remote attack becomes useless, as thief would have to have a physical access to a card first.

there is still one more problem – physical card's theft. thief can obviously close the loop manually, thus making a payment. this still gets problematic when trying to get your money back after being robbed. unfortunately circumventing this is a bit more tricky, as event “simple” biometry like fingerprints will not do, since you often touch your card with your fingertips, thus thief can try reconstructing these, base on prints you left.

for now – better safe than sorry. just disable the contactless payment method in your bank (one call to info line + using a ATM twice in my case) and sleep tight. :)

sys_sw_snapshot

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:22 +0000

2016-05-04 - sys SW snapshot

modern radeon GP/GPUs are really good in terms of both performance and price/performance. unfortunately AMD constantly fails to provide up-to-date fglrx driver. even though this will most likely change with amdgpu driver, as it goes highly open-source… my card is not that new, so i won't get support from there either. no luck this time either.

the problem is that when X11 ABI changes, fglrx usually lags behind for a few months, before compatible binary gets released. until then quite a few updates got blocked.

there is one more problem – human factor. i update my system very often. since i need to remember, that proper driver is not there and i should not install X11 updates until new driver is provided, it's just a matter of time until i make a mistake and have hours-long fun of restoring all necessary packages (and their dependencies!) back to “compatible” version, so that my video driver is happy again. after doing this twice i decided to automate this a little, with two little shell scripts:

make_sys_snapshot – writes down list of currently installed packages and their versions
restore_sys_snapshot – script for doing the actual magic. :)

once system gets accidentally updated, all i need to do is to call the “restore” script and provide it with a date/time of a snapshot to restore to.

there are two “buts” to make this work:

run “snapshot” script along with an update (another script in my case – so no problem here)
make sure not to remove apt-get archives (this could be improved, by just downloading needed packages, when missing)

scripts are not high quality, but they seem to do the work for now.

BaSzErr - blog:2016:05:04

secure_contactless_payment

2016-05-04 - secure contactless payment?

sys_sw_snapshot

2016-05-04 - sys SW snapshot