Adventures with Computers
Archive for May 2005
I’ve been putting the old posts into proper categories, fixing mistakes in the conversion, and generally making sure that they integrate properly in their new home in [WordPress][].
I’ve also added comments here and there as can be seen on the right where the Fuzzy Recent Comments plugin shows exactly that: a fuzzy amount of recent comments :-)
I’ve finally managed to convert the news from the [PhpWiki][] era into [Markdown][] syntax and import it into [WordPress][]. So I now have a complete archive of news all the way from the very first post to the five year anniversary post. New posts include my enthusiastic announcement of the WikiWikiWeb, something about the art of writing BETA code (and making it look nice in [LaTeX][] afterwards), my “live” report from The Party, playing with Freenet, handing in the dOvs project, the very first release of PEL, and 97 other more or less interesting tidbits from the last three years!
I’ve imported the news into the “Uncategorized” category, and I will sort it in the next few days. There’s probably also still some quirks left behind from the PhpWiki markup, even though I was able to convert most of it.
The conversion is actually pretty cool — making so-called reference style links in Markdown, and doing word-wrapping too, just to make the source look nice! The code is available for download — if you click on the link, but don’t like regular expressions, then please close your eyes…
The System Security course that I’m currently taking always manages to make my Fridays interesting. Yesterday we heard about security in filesystems, most of which I already knew. But afterwards in the exercise hour we told about skimming, an attack on your credit card when you use an ATM (automated teller machines, those machines where you can withdraw cash from your credit card).
The exercises are actually often more interesting than the lectures themselves, for there we hear some real-world stuff. Yesterday Stefan Frei showed us a presentation about attacks on ATMs, both skimming attacks and other more brute-force attacks where people run away with the entire machine!
Skimming attacks are a relative new form of fraud where people snatch the information stored in the magnetic stripe on credit cards, together with the PIN code. They do this by installing a small camera and a small card reader in the ATM. The fake card-reader is put infront of the real card reader, and the bad guys will thus get hold of the information in the magnetic strip when you insert your card in the ATM. An example taken from a British ATM is shown on the right: at the top you see the original ATM, and at the bottom the ATM with the card reader installed.
See how those fake card readers look very professional and similar to the rest of the machine? We’re not talking about something held together with dutch tape here…
When you input your PIN the camera captures that — with both the magnetic strip and the PIN there’s nothing that prevents them from making a duplicate of your card and then simply walk op to the nearest ATM and withdraw money from your account. A rather scary scenario!
In the presentation we saw some photos of the next generation of skimming devices. The “funny” thing about those is that you cannot see them! They measure just a tiny bit more than your credit card, which means something like six centimeters wide, five milimeters height, and four milimeters deep. And that includes batteries, the card reader, radio antenna, and the circuits to make the whole thing run!
One could think that this is just some weird trick which only occurs in countries far, far away, but no — it happens right here in Switzerland! The first case of skimming has just been discovered in Wallis… So if you still have a magnetic stripe on your credit card, then watch out where you stick it into.
The newer card which uses a chip are not in danger from skimming attacks, since the data stored on the chip cannot be read out without interacting with the chip. The chip uses digital signatures to ensure that it’s really talking with an authorized ATM and not just some rouge skimming device. Of course most of these chip-enabled credit cards still have a magnetic strip on them to be compatible with legacy ATMs, so one still has to be careful…
[
][eth]
Why did I not think of that before I travelled from Buchs to Zürich…! :-)
Today I have classes from 11 to 12 and from 14 to 17. The exercise class was somewhat boring since the TA just quickly went through the next exercise — something which I would just as well have read myself.
Afterwards I got lunch and waited until the next class. But nobody was there! Then things started to come back to me, and I remembered that the lectured had said something about that there would be a two week break now.
Well, at least I then got an exercise done while waiting, so now I wont have to think about that next week.
