Yeah, I was aware of that one and actually meant (but forgot) to add a qualifer. However, that article title is misleading - the attack used was against a stolen card and the author is incorrect in that you cannot record everything "bar the unpredectible number" from the chip, clone it and expect to validate a transaction. The cryptographic key isn't revealed. Now if the unpredictable numbers are too predictable it may be possible to eventually get that key which would be a serious issue which WOULD allow cloning. The unpredictable number is transmitted with everything else so it's, on it's own, inherently insecure in a cryptographic sense and given a raw message buffer I could read it for you without any tools. But it was not designed to be random (it's not called a random number, after all), it was designed to add a small element of "unpredictability" as an input to an althgorithm that's run on the card chip itself with key that's present on that chip and cannot be read.
Are there insecurities in an EMV payment system? Yes. Is it possible to use a stolen card? Yes (but much harder than a magstripe to the point of being very difficult indeed if you want to use it in a card-present scenario). Is is possible to clone a chip card? Not, as far as we know, at this point.
Why couldn't you just use the first stolen card's body?
You need the original chip intact and the thickness increased from 0.4mm to 0.7mm. This made it harder to get into the reader so I assume it was to prevent the chip on top being pressured which may screw up the contact to the chip below, and also the card would look weird if it was half again as thick.
As for the PIN, if it's wrong in an offline environment you'd never know. At best, you can reduce windows and thresholds for requiring allowing cards to be used offline. You can't stop this attack with the current hardware while still allowing offline transactions.
True, but the customer's never going to see it!
There are 3 verification steps with EMV, card verification, cardholder verification and transaction verification. They were pretty coy about what they did but they said that they'd coupled the card, cardholder and transaction verification in a way that made this attack more difficult. As I said, it's pretty generic and they won't say how they did it.
Stolen chip with malicious chip soldered on top. No idea why you need a second stolen card for the body as shown in the image.
So the card didn't have the chip protruding, which would have made it look tampered with. It may also have allowed the card to be inserted without damaging the new chip.
This was done in France in 2011. EMVCo claims they've fixed this or made it harder. They won't say how. No one believes them.
The will say how, they just won't give details. The basic problem is that you have offline PIN validation where the chip can validate the entered PIN and say "yo, it's all good, I've verified the PIN". This method is allowed for low-value stuff (think metro tickets) up to a bank-defined threshold for a bank-defined number of transactions, then the card is forced online. To allow this, the original implementations allowed completely separate PIN validation and Transaction validation. They said that they increased the coupling so that if the PIN is wrong the application request cryptogram will no longer validate correctly, I believe.
The skimming could still take place but the card can't be cloned. Cloning is the majority of card-present fraud and the chip effectively eliminates it.
Chip and PIN is secure if used: 1. With the card present 2. With a PIN pad 3. With online validation
Which is all it ever guaranteed.
Chip and Signature should help reduce card cloning attacks because unless the cryptographic key on the chip can be read the application request cryptograms will never be correct so the transactions will be flagged. What happens in the case of an ARQC validation failure is up to your bank, but they can hardly refuse a refund if they approve a transaction where the ARQC validation failed. (Well, they can, but they're likely to get shafted for it eventually)
However what this attack enables is allowing stolen cards to be used because the fake chip would pass through the request to generate the ARQC to the chip card. So if your card's stolen, report it quickly. It's the same problem with the contactless cards. If it's stolen it can be used until it's blocked for the smaller amounts that it allows, but it's difficult to clone (I won't say impossible but I have not heard of it being done) because there's cryptographic key on the chip which generates a cryptogram that has to validate before the transaction will be approved.
Chip of any flavour does not stop card-not-present fraud, so internet fraud and over-the-phone purchase fraud will continue unabated. It solves a different problem.
It would be trivial for one guy to write the code to have low NOx during testing, and high efficiency/performance otherwise. However, half the company would have to know they were cheating.
Actuallly, it wouldn't because the car has to detect when it's in a test condition anyway the way that the tests are run require that the traction control be disabled. So the code changng behaviour because of the test condition is legit. However, the code gaming the thing that was being measured was not. Given that the test condition flag had to be available to other systems (the aforementioned traction control) it could have been a small group that managed this. Probably the R & D group which the departing president ran...
Like, for instance, in South Africa, where electricity delivery is very unreliable and most businesses have diesel generators as backups. This also goes for large portions of the continent where power delivery is very unreliable for a host of reasons. (this was aimed at the GP, in case anyone's wondering.)
The Sad Puppies claim the exact opposite - that they voted for stories that they liked over stories that were preachy. And their slate was pretty damn good, to be honest.
The Rabid Puppies.... well, let's just say they're well named.
I'm feeling really sorry for Jim Butcher right now - the Dresden Files series is excellent and he deserved a nomination.
The "No Award" vote for some of those categories cannot be viewed as anything EXCEPT political, which is a shame. The fact that the Sad Puppies campaign nominated authors who felt that they had to withdraw because they were on the slate is a tragedy. That, more than anything else, indicates that the Sad Puppies nominated stories by authors that clearly didn't agree with them - to me this indicates that they were doing it on the strength of the story telling.
That these authors felt that had to decline a nomination, followed by the "No Award" votes shows how poisonous and factionalized the debate got (and that's no thanks to Vox Day, who deserves to have someone steal his internet connection if you ask me). It made a farce out of this years Hugos. My view is that Scalzi, in particular, was stupid - he should have let things go their natural course without trying to organize a "counter campaign". The counter campaign legitimized the campaign and further factionalized any conversation, which played into the hands of Vox Day.
I would tend to disagree with you there about Heinlein. If you look at his Hugo wins (I'm leaving out Double Star because I haven't read it) he won for Starship Troopers, the Moon is a Harsh Mistress and Stranger in a Strange Land. All of these were social commentaries
The Moon is a Harsh Mistress had a society that had evolved under various pressures and then examined it from the inside (from the protagonist's perspective) and from the outside (the reaction of the Earth to the tour - like when he got arrested for bigamy). In Starship Troopers, the Federation wasn't at war until after Rico joined up and the evolution of the start of the conflict was there to highlight the way the society worked. And if I have to explain why Stranger in a Strange Land is about society...
Heinlein's brilliance was his ability to imagine the social pressures of somewhere like living on the moon in a prison complex, and extrapolate a believable society out of it. He challenged the norms of the time (and, frankly, the current norms). But all that said, he was a brilliant storyteller on top of all of that which is why he was nominated and won so many times.
But this was always the case! And it drove much of the costs - anyone could go to the emergency room and be treated, but they were not guaranteed to pay so everyone else was already bearing the cost.
All the ACA does is make the cost explicit. Now everyone (mostly) has insurance of some form or other the cost is levelled across the whole country - and the cost of care has fallen slightly as a result.
And this is somebody that the world sees as a scientist?
Yeah, I mean, being awarded the Nobel Prize in Medicine, being made a Fellow of the Royal Society and the National Academy of Sciences, as well as being awarded a Royal Medal and knighted for his contributions to the field of medicine doesn't make you a scientist at all. So some (poorly judged) comments meant to poke fun at himself (you DID know that he married a female colleage from his lab, right? She divorced her husband to marry him) should totally negate all that.
Yes, it's easy to manufacture and attach fake ATM fronts....
EMV means that card present fraud effectively disappears overnight. The liability shift is not to you, it's to merchants that do not accept Chip and PIN, or Banks that do not issue it. Your position is exactly the same as it was before the shift. The difference is that payment networks will no longer accept liability for insecure card-present payment methods which is not unreasonable.
Online/card-not-present transaction fraud is entirely different and EMV is not designed to deal with it, so it's no surprise it doesn't. For THAT all the networks are implementing payment token support which I expect to see become mainstream over the next couple of years. The tokens will be limited time use alphanumeric strings that have specific values - basically "ApplePay" is re-branded Visa Tokenization. Mastercard already have PayPass Online but that is a digital wallet and their newer solutions will abstract the path to the cardholder's account, Discover and AMEX are also implementing something similar, as are the regional switches in the States.
The game plan for the Greexit would be to convert everything, both assets and liabilities, into Drachma. Euro bonds issued by the Greek government are controlled by Greek law. Or any debt issued under Greek law.
is that it was gamed out quite a bit during the first crises and the consensus is that it is not legal to unilaterally change the currency of the bonds. That means that Greece would have to get its creditors to agree to re-denominate them in Drachma which would effectively be writing them off.
Greece has a massive merchant marine (or at least Greek flagged merchant ships). Argentina, in a much less compromising situation, has had ships seized. This is not a situation the Greeks want to be in because it's a signifcant part of their economy. Greece also runs a food deficit - it buys in a significant percentage of its total food production. They won't be able to afford it with the Drachma. Lastly, Greece will not be able to pay their army and given that it was a military dictatorship until 1974 this is also making people nervous.
The pace of reforms can be debated, but the need for them will not be. Greece is something of a mess and needs to continue with sorting out the crazy tax-evasion problems that they have. If the govenment wanted to, it could use the resentment that is being directed outward to force through some increased taxation on their oligarchy.
That said, the European banks that lent recklessly to banks in Greece and the likes of Ireland, Italy and Spain will have to take the medicine sooner or later. Nothing else is going to work to get the debts to manageable levels. Germany is going to have to start spending too - I'm surprised that they haven't taken the opportunity for some larger infrastructure projects.
However, I would tend to agree with you that a clean bankruptcy is better than a messy partial default. Expect that there is no real mechanism to Greece to default. If I understand correctly, it would be easier for Greece to exit the EU, convert to the Drachma, and devalue the currency.
Except that all those debts are denominated in Euro, so exiting and devaluing makes things worse. So they need to exit and default. This means that they've lost the advantages of being in the common trade area, their currency will be worth very little (which might boost tourism to a point) but no-one will lend them money so they will either inflate at a very high rate or be forced to do their own austerity and either way it does not improve their prospects.
The latest report from Fukushima revealed that more people have died from stress-related illnesses and other maladies after the disaster than from injuries directly linked to the [triple disaster of earthquake, tsunami and nuclear meltdown]
So your own link reveals that stress was a greater killer than any combination of a massive earthquake, massive tidal wave AND nuclear meltdown, which only shows how dangerous irresponsible reporting is (like the headline in the article, oddly).
While I don't disagree with you about the need for equality, the quote
Men still earn far more than women in the workplace
is a canard. For the same roles with the same experiences any differences between male and female employees looks like statistical noise. The variation only appears if you consider all male and all females regardless of age, experience, role or any other consideration.
It appears that the major barrier to equal earnings is still that females tend to take extended maternity leave and career breaks to raise children which leaves them with less experience at a similar age to their male counterparts. So later in her career the female employee will earn less, but then so will the male who started the career later in life.
This is a little confusing - each card has 3 Card Verification Values (which, depending on the type of card can be CVV, CID or CVC - lets use CVV)
CVV is stored on the track data. CVV2 is the one on your card. It is transmitted as a separate field for non-card-present transactions (eCommerce, for instance). CVV3, also known as dCVV (dynamic card verification value) is an EMV thing.
Most people use CVV to refer to CVV2.
This whole token thing is not AMEX only, Mastercard and Visa published specifications on this already and are certifying their acquirers. AMEX are late to the party:) The specifications are transitional at the moment, so the acquirer sends the token, and what's called the Token Service Provider (TSP, yay for TLA's) de-tokenizes it, then the real values are sent to the issuer for authorization. The TSP can be the Switch (AMEX, Mastercard, Visa, etc.) or the card issuer, or a separate provider somewhere else that does only this.
If you think that without government regulation we would not all be paying on MasterVISA cards with all other competitors being summarily crushed I have some bad news for you...
Slashdot Mirror
Yeah, I was aware of that one and actually meant (but forgot) to add a qualifer. However, that article title is misleading - the attack used was against a stolen card and the author is incorrect in that you cannot record everything "bar the unpredectible number" from the chip, clone it and expect to validate a transaction. The cryptographic key isn't revealed. Now if the unpredictable numbers are too predictable it may be possible to eventually get that key which would be a serious issue which WOULD allow cloning.
The unpredictable number is transmitted with everything else so it's, on it's own, inherently insecure in a cryptographic sense and given a raw message buffer I could read it for you without any tools. But it was not designed to be random (it's not called a random number, after all), it was designed to add a small element of "unpredictability" as an input to an althgorithm that's run on the card chip itself with key that's present on that chip and cannot be read.
Are there insecurities in an EMV payment system? Yes. Is it possible to use a stolen card? Yes (but much harder than a magstripe to the point of being very difficult indeed if you want to use it in a card-present scenario). Is is possible to clone a chip card? Not, as far as we know, at this point.
Why couldn't you just use the first stolen card's body?
You need the original chip intact and the thickness increased from 0.4mm to 0.7mm. This made it harder to get into the reader so I assume it was to prevent the chip on top being pressured which may screw up the contact to the chip below, and also the card would look weird if it was half again as thick.
As for the PIN, if it's wrong in an offline environment you'd never know. At best, you can reduce windows and thresholds for requiring allowing cards to be used offline. You can't stop this attack with the current hardware while still allowing offline transactions.
True, but the customer's never going to see it!
There are 3 verification steps with EMV, card verification, cardholder verification and transaction verification. They were pretty coy about what they did but they said that they'd coupled the card, cardholder and transaction verification in a way that made this attack more difficult. As I said, it's pretty generic and they won't say how they did it.
Stolen chip with malicious chip soldered on top. No idea why you need a second stolen card for the body as shown in the image.
So the card didn't have the chip protruding, which would have made it look tampered with. It may also have allowed the card to be inserted without damaging the new chip.
This was done in France in 2011. EMVCo claims they've fixed this or made it harder. They won't say how. No one believes them.
The will say how, they just won't give details. The basic problem is that you have offline PIN validation where the chip can validate the entered PIN and say "yo, it's all good, I've verified the PIN". This method is allowed for low-value stuff (think metro tickets) up to a bank-defined threshold for a bank-defined number of transactions, then the card is forced online.
To allow this, the original implementations allowed completely separate PIN validation and Transaction validation. They said that they increased the coupling so that if the PIN is wrong the application request cryptogram will no longer validate correctly, I believe.
The skimming could still take place but the card can't be cloned. Cloning is the majority of card-present fraud and the chip effectively eliminates it.
Chip and PIN is secure if used:
1. With the card present
2. With a PIN pad
3. With online validation
Which is all it ever guaranteed.
Chip and Signature should help reduce card cloning attacks because unless the cryptographic key on the chip can be read the application request cryptograms will never be correct so the transactions will be flagged. What happens in the case of an ARQC validation failure is up to your bank, but they can hardly refuse a refund if they approve a transaction where the ARQC validation failed. (Well, they can, but they're likely to get shafted for it eventually)
However what this attack enables is allowing stolen cards to be used because the fake chip would pass through the request to generate the ARQC to the chip card. So if your card's stolen, report it quickly. It's the same problem with the contactless cards. If it's stolen it can be used until it's blocked for the smaller amounts that it allows, but it's difficult to clone (I won't say impossible but I have not heard of it being done) because there's cryptographic key on the chip which generates a cryptogram that has to validate before the transaction will be approved.
Chip of any flavour does not stop card-not-present fraud, so internet fraud and over-the-phone purchase fraud will continue unabated. It solves a different problem.
It would be trivial for one guy to write the code to have low NOx during testing, and high efficiency/performance otherwise. However, half the company would have to know they were cheating.
Actuallly, it wouldn't because the car has to detect when it's in a test condition anyway the way that the tests are run require that the traction control be disabled. So the code changng behaviour because of the test condition is legit. However, the code gaming the thing that was being measured was not. Given that the test condition flag had to be available to other systems (the aforementioned traction control) it could have been a small group that managed this. Probably the R & D group which the departing president ran...
I'll buy one!
Like, for instance, in South Africa, where electricity delivery is very unreliable and most businesses have diesel generators as backups. This also goes for large portions of the continent where power delivery is very unreliable for a host of reasons. (this was aimed at the GP, in case anyone's wondering.)
Oh I completely agree :)
Please note that I am referring to the Sad Puppies' original slate, not the Rabid Puppies' one, which was full of crap (in my opinion).
The Sad Puppies claim the exact opposite - that they voted for stories that they liked over stories that were preachy. And their slate was pretty damn good, to be honest.
The Rabid Puppies.... well, let's just say they're well named.
Or, you know, vote to nominate the story you like, which is how all this started.
I'm feeling really sorry for Jim Butcher right now - the Dresden Files series is excellent and he deserved a nomination.
The "No Award" vote for some of those categories cannot be viewed as anything EXCEPT political, which is a shame. The fact that the Sad Puppies campaign nominated authors who felt that they had to withdraw because they were on the slate is a tragedy. That, more than anything else, indicates that the Sad Puppies nominated stories by authors that clearly didn't agree with them - to me this indicates that they were doing it on the strength of the story telling.
That these authors felt that had to decline a nomination, followed by the "No Award" votes shows how poisonous and factionalized the debate got (and that's no thanks to Vox Day, who deserves to have someone steal his internet connection if you ask me). It made a farce out of this years Hugos. My view is that Scalzi, in particular, was stupid - he should have let things go their natural course without trying to organize a "counter campaign". The counter campaign legitimized the campaign and further factionalized any conversation, which played into the hands of Vox Day.
I would tend to disagree with you there about Heinlein. If you look at his Hugo wins (I'm leaving out Double Star because I haven't read it) he won for Starship Troopers, the Moon is a Harsh Mistress and Stranger in a Strange Land. All of these were social commentaries
The Moon is a Harsh Mistress had a society that had evolved under various pressures and then examined it from the inside (from the protagonist's perspective) and from the outside (the reaction of the Earth to the tour - like when he got arrested for bigamy).
In Starship Troopers, the Federation wasn't at war until after Rico joined up and the evolution of the start of the conflict was there to highlight the way the society worked.
And if I have to explain why Stranger in a Strange Land is about society...
Heinlein's brilliance was his ability to imagine the social pressures of somewhere like living on the moon in a prison complex, and extrapolate a believable society out of it. He challenged the norms of the time (and, frankly, the current norms). But all that said, he was a brilliant storyteller on top of all of that which is why he was nominated and won so many times.
Great, so you've found a better taxi company.
But this is what has happened. Pretending it's not is an odd cognitive dissonance.
But this was always the case! And it drove much of the costs - anyone could go to the emergency room and be treated, but they were not guaranteed to pay so everyone else was already bearing the cost.
All the ACA does is make the cost explicit. Now everyone (mostly) has insurance of some form or other the cost is levelled across the whole country - and the cost of care has fallen slightly as a result.
And this is somebody that the world sees as a scientist?
Yeah, I mean, being awarded the Nobel Prize in Medicine, being made a Fellow of the Royal Society and the National Academy of Sciences, as well as being awarded a Royal Medal and knighted for his contributions to the field of medicine doesn't make you a scientist at all. So some (poorly judged) comments meant to poke fun at himself (you DID know that he married a female colleage from his lab, right? She divorced her husband to marry him) should totally negate all that.
Two companies. Mastercard bought (or merged with) Europay, so the E and M in EMV are the same company now.
Yes, it's easy to manufacture and attach fake ATM fronts....
EMV means that card present fraud effectively disappears overnight. The liability shift is not to you, it's to merchants that do not accept Chip and PIN, or Banks that do not issue it. Your position is exactly the same as it was before the shift. The difference is that payment networks will no longer accept liability for insecure card-present payment methods which is not unreasonable.
Online/card-not-present transaction fraud is entirely different and EMV is not designed to deal with it, so it's no surprise it doesn't. For THAT all the networks are implementing payment token support which I expect to see become mainstream over the next couple of years. The tokens will be limited time use alphanumeric strings that have specific values - basically "ApplePay" is re-branded Visa Tokenization. Mastercard already have PayPass Online but that is a digital wallet and their newer solutions will abstract the path to the cardholder's account, Discover and AMEX are also implementing something similar, as are the regional switches in the States.
The problem with this
The game plan for the Greexit would be to convert everything, both assets and liabilities, into Drachma. Euro bonds issued by the Greek government are controlled by Greek law. Or any debt issued under Greek law.
is that it was gamed out quite a bit during the first crises and the consensus is that it is not legal to unilaterally change the currency of the bonds. That means that Greece would have to get its creditors to agree to re-denominate them in Drachma which would effectively be writing them off.
Greece has a massive merchant marine (or at least Greek flagged merchant ships). Argentina, in a much less compromising situation, has had ships seized. This is not a situation the Greeks want to be in because it's a signifcant part of their economy.
Greece also runs a food deficit - it buys in a significant percentage of its total food production. They won't be able to afford it with the Drachma.
Lastly, Greece will not be able to pay their army and given that it was a military dictatorship until 1974 this is also making people nervous.
The pace of reforms can be debated, but the need for them will not be. Greece is something of a mess and needs to continue with sorting out the crazy tax-evasion problems that they have. If the govenment wanted to, it could use the resentment that is being directed outward to force through some increased taxation on their oligarchy.
That said, the European banks that lent recklessly to banks in Greece and the likes of Ireland, Italy and Spain will have to take the medicine sooner or later. Nothing else is going to work to get the debts to manageable levels. Germany is going to have to start spending too - I'm surprised that they haven't taken the opportunity for some larger infrastructure projects.
However, I would tend to agree with you that a clean bankruptcy is better than a messy partial default. Expect that there is no real mechanism to Greece to default. If I understand correctly, it would be easier for Greece to exit the EU, convert to the Drachma, and devalue the currency.
Except that all those debts are denominated in Euro, so exiting and devaluing makes things worse. So they need to exit and default. This means that they've lost the advantages of being in the common trade area, their currency will be worth very little (which might boost tourism to a point) but no-one will lend them money so they will either inflate at a very high rate or be forced to do their own austerity and either way it does not improve their prospects.
That Japan Times article is hilarious
The latest report from Fukushima revealed that more people have died from stress-related illnesses and other maladies after the disaster than from injuries directly linked to the [triple disaster of earthquake, tsunami and nuclear meltdown]
So your own link reveals that stress was a greater killer than any combination of a massive earthquake, massive tidal wave AND nuclear meltdown, which only shows how dangerous irresponsible reporting is (like the headline in the article, oddly).
While I don't disagree with you about the need for equality, the quote
Men still earn far more than women in the workplace
is a canard.
For the same roles with the same experiences any differences between male and female employees looks like statistical noise. The variation only appears if you consider all male and all females regardless of age, experience, role or any other consideration.
It appears that the major barrier to equal earnings is still that females tend to take extended maternity leave and career breaks to raise children which leaves them with less experience at a similar age to their male counterparts. So later in her career the female employee will earn less, but then so will the male who started the career later in life.
This is a little confusing - each card has 3 Card Verification Values (which, depending on the type of card can be CVV, CID or CVC - lets use CVV)
CVV is stored on the track data.
CVV2 is the one on your card. It is transmitted as a separate field for non-card-present transactions (eCommerce, for instance).
CVV3, also known as dCVV (dynamic card verification value) is an EMV thing.
Most people use CVV to refer to CVV2.
This whole token thing is not AMEX only, Mastercard and Visa published specifications on this already and are certifying their acquirers. AMEX are late to the party :) The specifications are transitional at the moment, so the acquirer sends the token, and what's called the Token Service Provider (TSP, yay for TLA's) de-tokenizes it, then the real values are sent to the issuer for authorization.
The TSP can be the Switch (AMEX, Mastercard, Visa, etc.) or the card issuer, or a separate provider somewhere else that does only this.
If you think that without government regulation we would not all be paying on MasterVISA cards with all other competitors being summarily crushed I have some bad news for you...