Month: April 2017

Yank on Your ATM (It Just Sounds Dirty, but It Isn’t)

Click for larger images



ATM with skimmer installed


Note the pinhole for a camera to read your PIN


Note the overlay beginning to pull away


The overlay removed

It turns out that thieves are attaching skimming devices to ATMS to steal your card codes and your pass codes:

Once you understand how easy and common it is for thieves to attach “skimming” devices to ATMs and other machines that accept debit and credit cards, it’s difficult not to closely inspect and even tug on the machines before using them. Several readers who are in the habit of doing just that recently shared images of skimmers they discovered after gently pulling on various parts of a cash machine they were about to use.

………

ATM card skimmers contain tiny bits of electronics that record payment card data from the magnetic stripe on the backs of cards inserted into a hacked ATM. Most commonly (as in this case), a card skimmer is paired with a pinhole spy camera hidden above or beside the PIN pad to record time-stamped video of cardholders entering their PINs. Taken together, the stolen data allows thieves to fabricate new cards and use PINs to withdraw cash from victim accounts.

Card skimmers designed to look like the green anti-skimming devices found on many ATMs are some of the most common cash machine skimming devices in use today, probably because they are relatively cheap to manufacture en masse and there are many fraudsters peddling these in the cybercrime underground.

………

Many people believe that skimmers are mainly a problem in the United States, where most ATMs still do not require more secure chip-based cards that are far more expensive and difficult for thieves to clone. However, it’s precisely because most U.S. ATMs lack this security requirement that skimming remains so prevalent in Europe.

Mainly for reasons of backward compatibility to accommodate American tourists, many European ATMs allow non-chip-based cards to be inserted into the cash machine. What’s more, many chip-based cards issued by American and European banks alike still have cardholder data encoded on a magnetic stripe in addition to the chip.

When thieves skim ATMs in Europe, they generally sell the stolen card and PIN data to fraudsters on the other side of the pond. Those fraudsters in turn will encode the card data onto counterfeit cards and withdraw cash at ATMs here in the United States.

One more thing to be paranoid about.

Oh, Snap!

Massachusetts instituted background for “ride sharing” drivers, and over 10% failed the check:


More than 8,000 Massachusetts residents who want to drive for ride-sharing services like Uber and Lyft won’t be allowed to, because they didn’t pass a new background check system that operates in that state.

Most were rejected because they had suspended licenses or hadn’t been driving for long enough to qualify, according to a report on the matter in The Boston Globe. But hundreds had committed serious crimes, including violent crimes and sexual crimes. 51 applicants were registered sex offenders. Others had convictions for drunk driving or reckless driving.

The checks came about because Massachusetts passed a new law regulating ride-sharing companies, which required a background check run by the state government, in addition to the companies’ own background checks. The state checks began in January, and the results were announced yesterday. Out of the 70,789 drivers who went through the state application process, 8,206 were rejected.

………

“Under Massachusetts law, Lyft’s commercial background check provider, like all consumer reporting agencies, is legally prevented from looking back further than seven years into driver applicants’ histories,” Lyft said in a statement to the Globe. “The state does not face the same limitation, which likely explains why a small percentage of our drivers failed the state’s background check while passing ours.”

Note how most were simply unqualified to drive a hack, which IS something that should be picked up in a, “Lyft’s commercial background check.”

Lyft did not want to catch this, so they paid for a search that didn’t, otherwise they would have caught the folks who lacked sufficient driving experience to qualify.

Lyft and Uber did this because they thought that they could get away with it.

I Predict That They Will Cave

They might have the votes right now, but I would bet the proverbial, “Credits to Navy Beans,” that they are going to fold in the end.

The Democratic Party seems to be constitutionally incapable of standing their ground these days, so I think that a significant portion of the caucus will eventually fold in the name of, “Keeping their powder dry.”

Realistically, this would have the effect of preserving the filibuster on SCOTUS only for Republicans, because, of course, if the Dems ever attempt such a filibuster, then the ‘Phants will threaten the nuclear option, and if the Democrats filibuster anyway, they will pull the trigger:

Senate Democrats have clinched enough support to block Neil Gorsuch’s nomination to the Supreme Court, setting up a “nuclear” showdown over Senate rules later this week.

Sen. Chris Coons (D-Del.) announced on Monday that he will oppose President Trump’s pick on a procedural vote where he will need the support of eight Democrats to cross a 60-vote threshold to end debate on Gorsuch. Coons is the 41st Democrat to back the filibuster.

“Throughout this process, I have kept an open mind. … I have decided that I will not support Judge Grouch’s nomination in the Judiciary Committee meeting today,” Coons said.

“I am not ready to end debate on this issue. So I will be voting against cloture,” Coons said, absent a deal to avoid the nuclear option.Unless one of the 41 Democrats changes their vote, the filibuster of Gorsuch will be sustained in a vote later this week.

Gorsuch’s path to overcoming a filibuster closed on Monday after Democratic Sens. Dianne Feinstein (Calif.), Patrick Leahy (Vt.) and Mark Warner (Va.) each announced they would oppose Gorsuch’s nomination.

Only four Democratic senators have said they will support President Trump’s pick on the initial vote to end debate: Heidi Heitkamp (N.D.), Joe Donnelly (Ind.), Joe Manchin (W.Va.) and Michael Bennet (Colo.).

Needless to say, defeating Heitkamp, Donnelly, Manchin, and Bennet in their next elections should be a priority for Democratic activists.

There is a difference between a conservative Democrat and a disloyal one, and this particular, “Gang of 4,” are disloyal Democrats.

Know Your Rights

Iceland is the first modern nature requiring public disclosure of salary as a way to combat discrimination, but a lot of people don’t know that in the US it is illegal for your boss to restrict discussions among employees of their pay:

Iceland recently decided its laws preventing pay discrimination were insufficient. New legislation will require employers to prove that their employees are being compensated fairly. This is a significant advance. Pay secrecy gives employers the power to discriminate against workers, or to pay them based on arbitrary, opaque criteria. Forcing employers to be transparent about compensation puts Iceland at the front of the pack in protecting worker rights. In many countries, including the United States, the onus is on the employee to uncover pay discrimination, and bring about legal action to remedy the situation.

………

The issue of pay secrecy is particularly fraught for women, who have historically been paid substantially less than men for doing the same work. This is starting to change. In an era of “lean-in” feminism, women have become familiar with research showing that Women Don’t Ask and that starting a career with a lower salary than a man in a similar position can lead to dramatic differences in compensation over the long run. These days, more and more women are asking.

………

In theory, the Ledbetter Act works in concert with Section 7 of the National Labor Relations Act which grants non-supervisory employees in private-sector companies the freedom to discuss their wages or salaries. Any such discussion is concerted activity, protected under the act. However, the penalties for employer violations remain woefully weak, and may disappear entirely under the current presidential administration.

Moreover, as legal scholar Cynthia Estlund argues, most workplaces have strong norms against discussing salaries, and many workers incorrectly believe that they may be punished for these discussions. For example, numerous NLRB rulings prohibit companies from putting rules in employee handbooks that flout federal protections of workers’ rights. Yet companies still do it. In 2010, an administrative law judge ruled that ten different sections of the T-Mobile employee handbooks violated federal labor law, including provisions that effectively stopped workers from discussing wages and working conditions. In this case, the company was imposing an illegal policy on over forty thousand workers, chilling their ability to organize together at the same time that the Communications Workers of America was attempting to organize a union at T-Mobile.

Some 60 percent of private-sector workers report that their employers have similar policies to T-mobile. These policies, while technically unenforceable, create a climate where workers do not discuss pay, and therefore cannot uncover any disparities. Many workers wrongly think (no doubt encouraged by their employers) that it’s against the rules to discuss their wages or salaries with their coworkers. 

Know your rights here.

Requiring pay disclosure, and requiring that temp agencies disclose their billing rate to their contractors, would be a very good, but until then, know that any section of the employee manual that forbids discussion of your pay with a coworker is illegal and unenforceable.

Pass the Popcorn

There has been a recent surge by the far left candidate, Jean-Luc Melenchon, in the French campaign for President, which means that it is theoretically possible that you would have a runoff between him and right wing extremist Marine LePen.

If Melenchon makes it into the runoff, I think that we will see the main-stream parties going for the bigot, because he is more of a threat to the bankster’s racket:

French left-wing candidate Jean-Luc Melenchon’s creeping gain in the polls is adding a new layer of risk to France’s election.

Although the possibility of a second round between Melenchon and the anti-immigration, anti-euro National Front’s Marine Le Pen — candidates of the extreme left and extreme right — is remote, his rise casts yet another shadow over what has been one of the most tumultuous and unpredictable election campaigns in recent French history.

Melenchon, who was a distant fifth in the polls until a couple of weeks ago, is now within touching distance of Francois Fillon, currently in third place. According to an Odoxa poll published by Le Point magazine Friday, Melenchon would get 16 percent of the vote in the first round on April 23, just shy of Republican candidate Fillon’s 17 percent. Emmanuel Macron and Le Pen remain the front runners, with 26 percent and 25 percent respectively.

“If Jean-Luc Melenchon’s momentum continues, one could have three or four favorites in a pocket handkerchief, within the margin of error of the polls,” said Yves-Marie Cann, political research director at polling firm Elabe. “And then there will be uncertainty.”

A potential battle of the two populists, coming after the Brexit vote in the U.K. and the election of Donald Trump in the U.S., would add to the turmoil in the markets. Although Melenchon, unlike Le Pen, hasn’t said he will take France out of the European Union, he remains hostile to Europe’s institutions and has said he wants to renegotiate treaties and reform the union.

………

The oldest of the main candidates, Melenchon, 65, is on his second run for president and has a loyal base attracted by his uncompromising positions against globalism and Western militarism. He was a member of the Socialist Party and even a government minister before quitting the party over what he saw as its pro-business policies.

In his campaign program, Melenchon says he’d put in place a 100 billion-euro ($107 billion) stimulus package to help tackle poverty, improve public services and protect the environment. He plans 173 billion euros of extra state expenses that he says will generate 190 billion euros of additional revenue, boost growth by more than 2 percentage points from 2018 and create more than 3 million jobs.

Among his populist measures are a plan to raise France’s minimum wage by 15 percent and lower retirement age to 60 years with full pension. He also plans to add 200,000 units of public housing a year. He expects his program to increase public debt as a share of gross domestic product to 95.8 percent, with a plan to reduce it to 87 percent in 2022.

It’s a slim chance, but I think that his making the runoff would be a good thing, and not just because he has the best policies of any candidate.

By presenting French voters with two choices outside the general window of acceptability (though Melenchon would have been pretty mainstream circa 1980) it requires actual thought by the voter.

Hopefully, this might create an electorate that eschews the false dichotomies that are presented by the current powers that be.

The disastrous policies coming from Berlin and Brussels have always been sold as being the only alternative, disabusing both the ordinary folk and the PTB would be a very good thing.

It’s the Start of the Crazy Season

Spent most of today cleaning for Pesach (Passover).

It’s a period of high anxiety for Sharon*, and I am doing my level best to be as supportive as possible.

Light blogging for a while.

BTW, anyone know a good way to split the Red Sea?

Have a Pesach joke:

Once upon a time in a far away land there lived a king who had a Jewish advisor. The king relied so much on the wisdom of his Jewish advisor that one day he decided to elevate him to head advisor. After it was announced, the other advisors objected. After all, it was bad enough just to sit in counsel with a Jew, but to allow one to ‘lord it over them,’ was just too much to bear. Being a compassionate ruler, the King agreed with them, and ordered the Jew to convert. What could the Jew do? One had to obey the King, and so he did.

As soon as the act was done, the Jew felt great remorse for this terrible decision. As days became weeks, his remorse turned to despondency, and as months passed, his mental depression took its toll on his physical health. He became weaker and weaker. Finally he could stand it no longer. His mind was made up. He burst in on the king and cried, “I was born a Jew and a Jew I must die. Do what you want with me, but I can no longer deny my faith.” The King was very surprised. He had no idea that the Jew felt so strongly about it. “Well, if that is how you feel,” he said, “then the other advisors will just have to learn to live with it. Your counsel is much too important to me to do without. Go and be a Jew again” he said.

The Jew felt elated. He hurried back home to tell the good news to his family. He felt the strength surge back into his body as he ran. Finally, he burst into the house and called out to his wife. “Rifka, Rifka, we can be Jews again, we can be Jews again.” His wife glared back at him angrily and said, “You couldn’t wait until after Passover?”

*Love of my life, light of the cosmos, she who must be obeyed, my wife.

Hold Onto Your Wallet

Here we have another claim of an earth shattering product.

It’s not software, it’s an actually a real world high tech physical device, and he is promising to be able to deliver a Lidar (Laser Radar) for things like self driving cars for pennies.

Am I the only one who thinks that this reads like an article about Elizabeth Holmes and Theranos:

In the sixth grade, Austin Russell turned a Nintendo gaming handset into a cell phone. At 15, he built a holographic keyboard. By 17, he’d filed for a patent. Now at 22, he’s running a startup at the heart of Silicon Valley’s latest technology mania.

As founder and chief executive officer of Luminar Technologies Inc., Russell and his team are building lidar, a hyper-accurate laser sensing technology crucial for self-driving cars. Google parent Alphabet Inc. is suing Uber Technologies Inc. for allegedly stealing lidar designs, while startups Velodyne Lidar Inc. and Quanergy Systems Inc. have raised at least $150 million apiece from giants like Ford Motor Co., Baidu Inc., Daimler AG and Samsung Electronics Co.


Russell has raised a similar amount, according to people familiar with Luminar’s finances. The company, founded in 2012, had sought a valuation above $1 billion when it was raising money last year, one of the people said. It’s unclear who invested — Luminar is in “stealth” mode, meaning it hasn’t announced itself to the world yet. A spokeswoman declined to comment, as did Russell’s father Michael, a commercial real estate veteran who serves as chief financial officer. A message sent to Austin Russell through his LinkedIn profile was answered by his assistant, who declined to comment.Russell has raised a similar amount, according to people familiar with Luminar’s finances. The company, founded in 2012, had sought a valuation above $1 billion when it was raising money last year, one of the people said. It’s unclear who invested — Luminar is in “stealth” mode, meaning it hasn’t announced itself to the world yet. A spokeswoman declined to comment, as did Russell’s father Michael, a commercial real estate veteran who serves as chief financial officer. A message sent to Austin Russell through his LinkedIn profile was answered by his assistant, who declined to comment.

………

That a relatively unknown college dropout of barely drinking age can raise millions of dollars shows the appetite for lidar. “It’s a gold rush and we’re selling pickaxes,” said Velodyne President Mike Jellen, who graduated college years before Russell was born. Several car companies want autonomous vehicles on the road by 2020 or 2021, which means they’re starting to order lots of lidar systems. Velodyne expects to ship 12,000 units this year, 80,000 in 2018 and 1.7 million by 2022.

 ………

A top-of-the-range lidar from Velodyne sells for more than $50,000. It offers cheaper lidar, which generates lower-definition 3-D images, for about $8,000, while Quanergy has a product that sells for some $4,000. Autonomous cars often require two or more lidar sensors, so having a capable system can get expensive.

Russell is trying to develop a lidar priced significantly less than $1,000, according to people with knowledge of Luminar’s planning. Quanergy aims to have one that sells below $100 in three to four years.

………

In a recent demonstration, the images generated by Luminar’s lidar system were higher-definition than those produced by competing equipment made by Velodyne or Quanergy, according to someone who saw the equipment first-hand, but was not allowed to discuss it publicly. Another version generated even sharper images, but the information was processed with a slight delay — because of a lack of computing power to crunch all the data rather than a problem with the core technology, the person said.

Another “unicorn”, only because it’s not a clever internet idea and actually have to deliver a physical product that is bound by the laws of physics, it ain’t quite so easy.

What we have here is the Silicon Valley investors distracted by a shiny bauble.

A few buzz words about the current in technology, and they go crazy.

Kind of like how all of big movers and shakers in tech declaring that Dean Kaman’s “Ginger”,  now known as the Segway scooter was going to transform the world.

Way too much of the US tech market seems startlingly close to snake oil sales.

If someone suggests investing in this, run in the other direction.

Everything That Is Wrong with the F-35 in 1 Article


At 35 Seconds, You can See the Pilot’s Head Strike the Canopy

It’s a bit of a read but this article lists the the current problems, and the basic architectural problems in excruciating detail:

The F-35 still has a long way to go before it will be ready for combat. That was the parting message of Michael Gilmore, the now-retired Director of Operational Test and Evaluation, in his last annual report.

The Joint Strike Fighter Program has already consumed more than $100 billion and nearly 25 years. Just to finish the basic development phase will require at least an extra $1 billion and two more years. Even with this massive investment of time and money, Gilmore told Congress, the Pentagon and the public, “the operational suitability of all variants continues to be less than desired by the Services.”

Gilmore detailed a range of remaining and sometimes worsening problems with the program, including hundreds of critical performance deficiencies and maintenance problems. He also raised serious questions about whether the Air Force’s F-35A can succeed in either air-to-air or air-to-ground missions, whether the Marine Corps’ F-35B can conduct even rudimentary close air support, and whether the Navy’s F-35C is suitable to operate from aircraft carriers.

He found, in fact, that “if used in combat, the F-35 aircraft will need support to locate and avoid modern threat ground radars, acquire targets, and engage formations of enemy fighter aircraft due to unresolved performance deficiencies and limited weapons carriage availability.”

The details follow, and while some might eventually be fixed (late and expensive) a lot of these are artifacts of the basic architecture of both the plane.

This is going to be a complete cluster f%$#.