=============================================================== From: John Aldrich ------------------------------------------------------ I wonder if the "aluminum wallets" do any good at blocking the signals?
=============================================================== From: Lynn Dixon ------------------------------------------------------ I would say so. You can get wallets that have copper woven into them to create a faraday cage to block pretty much any RF signal. The newer passports and passport cards come in a RF sheilding envelope as well. My new passport and card came in one 2 years ago.
=============================================================== From: Mike Harrison ------------------------------------------------------ That's why mine are in a metal wallet, actually a 'card carrier'.
=============================================================== From: William Wade ------------------------------------------------------ I would think that it is far more likely that a company you have trusted with your data, or even the credit card company itself will be hacked than a person stealing information on this level. At least so far...
=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The presenter mentioned that most RFID "protection" containers can be overcome by amping up the transmit power. She is working on a container that actually bounces the transmissions back, essentially drowning out the signal your device may send. It has an owl and the eyes glow when you come within range of an RFID scanner. Looks kinda cool :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8oDE4ACgkQABP1RO+tr2R5gACfZ9C+Eu5nmzahValPx/LPtnXC SVwAnRIi10GYz9BXSEXQBWNu/40uyVYl =nLPw -----END PGP SIGNATURE-----
=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Due to the OTP nature of the CVV, I think it's a perfect thing to use a large gatherings of folks. You have to make it work on quantity of transactions, not a couple of large ones. But it can be done, and the PCI industry has known for several years now, but still advertise this solution has unhackable and safe.... Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8oDOsACgkQABP1RO+tr2TP/QCeOoXg6arlA2j0gDd6x0NqmS2u S4kAnjnfQq/6T+6Z4Nzohc9XRubruTCy =Rk58 -----END PGP SIGNATURE-----
=============================================================== From: Lynn Dixon ------------------------------------------------------ With a faraday cage, RF signals will be blocked regardless of PEP. Its simple to weave a faraday cage into fabrics with copper.
=============================================================== From: Mike Harrison ------------------------------------------------------ If you saw how most CC companies, especially web gateways, actually process credit cards, you would be amazed and infuriated. I am. I'm building a gateway today to Cardnet, one of the only two systems that will take credit cards for Dominican Peso's. Rube Goldberg would be proud. There might be a PCI rule that I'm not breaking, and if so, I'll make sure I break it also just to make sure I have a full house of cards to show. The good news is, it's how they told me to do it, with example code. They think because there is a VPN involved in the chain, it is secure. What really kills me is, they use http so they can help troubleshoot on their end, past the Fortinet filewall. Yeah.. in production as well as testing. The real world is made up of lots of duct tape.
=============================================================== From: Mike Harrison ------------------------------------------------------ Mine's not a piece of mylar film.. or mesh, it's solid aluminum. except for the end caps... You'd have to crank it hard to get through, I've tried. Tim is on the list, and near my office, he has such gear, sounds like a great Chugalug and IT Security presentation if he is willing.
=============================================================== From: Tim Youngblood ------------------------------------------------------ That will happen eventually. One off the first 'unguided' projects on my list for ChattLab is an rfid/nfc access control system (among other things). Once it is functional, we'll try to hack the lab itself! How is that for redundant irony? Should be great fun.
=============================================================== From: Ed King ------------------------------------------------------ ----- Original Message ---- not all the time
=============================================================== From: William Wade ------------------------------------------------------ True, the best place to set something like this up would be somewhere people are using their cards already.
=============================================================== From: Mike Harrison ------------------------------------------------------ Yeah.. and that is a real problem. I've got an RFID card on my person right now that lets me in just about anywhere at a utility I am working at. It has their company logo on it, and losing it is scary. To me. I am sure they get lost all the time, their real security is guards with shotguns.. Everyone is very polite. I was introduced to them.... My metal wallet has other side bene's. RFID, swipe and contactless cards don't get fried by my cell phone when they are all in the same pocket. If I were going to snag cards... the scanner antenna would be on my hip.. and I'd hang around a gas staion or other busy counter. I would not have to be far away.