On Wed, Jul 31, 2013 at 11:34:41PM -0400, Scott Howard wrote: > On Wed, Jul 31, 2013 at 10:45 PM, Craig Sanders <[email protected]> wrote: > > > because i don't want to carry something in my wallet that can be scanned > > remotely to give an attacker my name, credit card number, CCV code (and > > possibly other details including my address - i'm not sure about the > > address but the other three pieces of data are certain) without any > > action on my part and without even my knowledge that it has happened. > > FUD is fun, isn't it.
false claims of security are even more "fun" > Modern contactless cards do not contain the card number on the chip. > They also doesn't contain the CVV1 or CVV2 numbers (I'm presuming that's > what you mean when you refer to the CCV code?!) > They doesn't contain your address. > And they likely doesn't contain your name (although they optionally can). here's a video showing someone gaining exactly the details I mentioned: http://www.youtube.com/watch?v=elBWoMXt3WY see also: Shmoocon 2012: Credit Card Fraud: The Contactless Generation http://www.youtube.com/watch?v=HRXb-FZ6WFM PDF version: http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit-cards.pdf and googling reveals many more sites, videos, pdf presentations etc on the topic. > I hope that in addition to destroying the contactless chip/antenna > you're also sanding off the physical numbers and painting over them. > After all, a high-resolution camera is still cheaper than an RFID > reader, and very simple to aim at the credit card reader in your local > supermarket, capturing all of the same information as above. some threats are more credible than others. given that my hand AND my body AND the card-reader it's inserted into obscure most or all of the card when i'm using it, i'm not particularly worried by cameras. same when entering a PIN - i'm usually careful to use one hand to hide what the other hand is typing in. craig -- craig sanders <[email protected]> BOFH excuse #289: Interference between the keyboard and the chair. _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
