There is a difference between an RFID tag and a contactless smart card implementing EMV. Calling it RFID is inaccurate as it is not an an identification tag. Yes some RFID devices use ISO 14443. Does that make all ISO 14443 devices RFID tags?
Slashdot needs to be much more careful in its use of loaded terms. This is never going to happen though.
What can I say. Maybe I just suck. I was sincerely worried that I would snap some of the plastic hooks. I also had a very hard time inserting the knife into the opposite side once I had opened the first side. There just is not very much space there. I tried using just one knife and then using two. I finally settled on one.
As far as closing it is concerned, you must have been doing something wrong. I closed mine in mere moments.:)
I downloaded the official docs from Apple somewhere. Those docs tell you to grind your putty knife to have a thinner leading edge. I wish I had done this. It was not as easy as some of the websites make it out to be. I am fairly mechanically inclined and it took me a half an hour to get the thing open the first time. Admittedly I was trying to be careful to not mar or break it, but it is not a 10 second job.
Just to be clear, it is simply the possibility that Apple is doing this that you think is 100% certain? Does that make as little sense to you as it does to me? Rather than state that you are certain that something is possible, wouldn't it be easier to state how certain you are that this is happening? I would guess that you think there is a low probability that this is happening, but your above statement is true for any non-zero probability, making it nearly meainingless, right?
You get it. The luddites here do not. They claim to be geeks but have no clue. Look at all the "attacks" that have been dreamed up in these comments. Nearly all of them would be more effective against a mag-stripe card yet these people use a mag-stripe credit card everyday.
Secure messaging for ISO 14443, T=CL, is well defined and widely implemented. Also, EMV, unlike magstripes, is designed such that replay attacks won't work.
Actually Visa doesn't care if it is 100% secure. They want it to be more secure than the current mag stripe so that fraud drops. They also want it to appeal to consumers so that they use it more frequently. It needs to be quick and easy. It is a cash replacement strategy.
It doesn't matter because you could have hacked the wire and be listening in on that. The system is designed such that you can sit in the middle and watch all the communication and it does you no good. That is exactly what you want.
Again, this isn't RFID. Do you know what mutual authentication looks like? Also, all the scams getting mentioned in response to this article are easier with magstripe. Become a merchant, get a kiosk in the mall, and store all the magstripes you get. Then charge a bundle on them one day and move to Mexico, right? Now why doesn't that happen everyday? I'll leave that as an exercise for the reader.
Thanks for the edit! Too bad it came so late. Maybe the Slashdot editors should get some education on the subject of smart cards and RFID. This happens ALL THE TIME, and 50% of the articles that claim to be about RFID are not.
I used Reynolds Wrap "Quality Aluminum Foil". Either should work. In all seriousness there is nothing to worry about, this is more secure than your magstripe card, but if you are paranoid foil works nicely. Of course if you are this paranoid you should not even have a credit card.
I work in the industry. I would be interested in knowing what your knowledge of it is. Visa is doing this to reduce fraud. If there are security holes they are small compared to the holes in the current magstripe system.
Visa isn't making money because of the infrastructure change, in fact they are investing. Companies such as ViVOtech are going to sell a lot of readers. Visa's motivation is to reduce fraud. They will save billions with this technology. If this weren't orders of magnitude more secure they wouldn't use it.
You can probably eavesdrop on the card to reader communication from some distance. This is known by those that created the spec and they have designed for it. Go read the EMV spec. Tell me if you can hack it. It has been out for years and in production in Europe for a while, though most deployments there are for contact cards.
The real goal is fraud reduction. Visa isn't aiming for a perfect system, they want a better one that prevents skimming of your mag stripe. This means that they are no longer the low hanging fruit and the fraudsters will target traditional magstripe cards.
Please show me the reader that can read one of these from 5 feet. I would love to see it. Again, this isn't an RFID tag with a 3 meter range. But you know what? Tinfoil works great. I have a desk full of contactless smart cards here and if you put a single layer of tinfoil around it nobody can read it. I've tried.
You don't know what you're talking about and neither does/., or at least Zonk. This isn't RFID, these aren't the TI chips. This isn't ISO 15693. If you can break 3DES please let me know. I would be VERY interested.
This is a contactless credit card, ISO 14443. RFID is ISO 15693. They are different. The article never mentions RFID. Slashdot has inserted something that was never there. This is misleading, dishonest, and unprofessional. There are MAJOR DIFFERENCES between the technologies. You would think that a techie site like/. would know better.
Look up Control4 corp. There was a big article on them in Wired a month or two ago. Very Linux-centric. They can set you up with network addressable light switches and power outlets and anything else you can imagine.
Slashdot Mirror
Slashdot needs to be much more careful in its use of loaded terms. This is never going to happen though.
As far as closing it is concerned, you must have been doing something wrong. I closed mine in mere moments. :)
I downloaded the official docs from Apple somewhere. Those docs tell you to grind your putty knife to have a thinner leading edge. I wish I had done this. It was not as easy as some of the websites make it out to be. I am fairly mechanically inclined and it took me a half an hour to get the thing open the first time. Admittedly I was trying to be careful to not mar or break it, but it is not a 10 second job.
He's quoting Shatner you fool!
In any case, would it be too much trouble to cite a source? Otherwise you just look like a jerk. Or simply say that you can't/won't cite one.
If they name it Wolverine, I'd shoot it. I mean, what would you do in a situation like that? Gosh!
Just to be clear, it is simply the possibility that Apple is doing this that you think is 100% certain? Does that make as little sense to you as it does to me? Rather than state that you are certain that something is possible, wouldn't it be easier to state how certain you are that this is happening? I would guess that you think there is a low probability that this is happening, but your above statement is true for any non-zero probability, making it nearly meainingless, right?
While what you describe might be what you desire, it isn't random at all. It is rules based. Which is fine if that is what you want.
Fine. Buy it at Amazon. I've had a copy for two months now. If that is too painful you could probably find a place to download it.
You get it. The luddites here do not. They claim to be geeks but have no clue. Look at all the "attacks" that have been dreamed up in these comments. Nearly all of them would be more effective against a mag-stripe card yet these people use a mag-stripe credit card everyday.
Secure messaging for ISO 14443, T=CL, is well defined and widely implemented. Also, EMV, unlike magstripes, is designed such that replay attacks won't work.
Actually Visa doesn't care if it is 100% secure. They want it to be more secure than the current mag stripe so that fraud drops. They also want it to appeal to consumers so that they use it more frequently. It needs to be quick and easy. It is a cash replacement strategy.
Put a sheet of foil in your wallet then along with the bills.
It doesn't matter because you could have hacked the wire and be listening in on that. The system is designed such that you can sit in the middle and watch all the communication and it does you no good. That is exactly what you want.
Again, this isn't RFID. Do you know what mutual authentication looks like? Also, all the scams getting mentioned in response to this article are easier with magstripe. Become a merchant, get a kiosk in the mall, and store all the magstripes you get. Then charge a bundle on them one day and move to Mexico, right? Now why doesn't that happen everyday? I'll leave that as an exercise for the reader.
Thanks for the edit! Too bad it came so late. Maybe the Slashdot editors should get some education on the subject of smart cards and RFID. This happens ALL THE TIME, and 50% of the articles that claim to be about RFID are not.
I used Reynolds Wrap "Quality Aluminum Foil". Either should work. In all seriousness there is nothing to worry about, this is more secure than your magstripe card, but if you are paranoid foil works nicely. Of course if you are this paranoid you should not even have a credit card.
Visa isn't making money because of the infrastructure change, in fact they are investing. Companies such as ViVOtech are going to sell a lot of readers. Visa's motivation is to reduce fraud. They will save billions with this technology. If this weren't orders of magnitude more secure they wouldn't use it.
The real goal is fraud reduction. Visa isn't aiming for a perfect system, they want a better one that prevents skimming of your mag stripe. This means that they are no longer the low hanging fruit and the fraudsters will target traditional magstripe cards.
Please show me the reader that can read one of these from 5 feet. I would love to see it. Again, this isn't an RFID tag with a 3 meter range. But you know what? Tinfoil works great. I have a desk full of contactless smart cards here and if you put a single layer of tinfoil around it nobody can read it. I've tried.
and something tells me that Zonk should stick to games and stay off the front page. This is classic FUD.
BTW, the specs are out there if you care to look. Here's a hint for you: EMV
You don't know what you're talking about and neither does /., or at least Zonk. This isn't RFID, these aren't the TI chips. This isn't ISO 15693. If you can break 3DES please let me know. I would be VERY interested.
This is a contactless credit card, ISO 14443. RFID is ISO 15693. They are different. The article never mentions RFID. Slashdot has inserted something that was never there. This is misleading, dishonest, and unprofessional. There are MAJOR DIFFERENCES between the technologies. You would think that a techie site like /. would know better.
Look up Control4 corp. There was a big article on them in Wired a month or two ago. Very Linux-centric. They can set you up with network addressable light switches and power outlets and anything else you can imagine.