Hey, HackWM author here, this might be a better link https://github.com/ZaneA/HashTWM :) Unfortunately it has been largely unmaintained by myself since the initial release, I occasionally pick it up for a day or two but I'm not using it actively anymore. Just happy that some people find a use for it!
Not that this is any sort of proof but if you watch the last few videos you can definitely see the shading change on the tree leaves that move around in the wind.
Works for me too - Nexus 5, MasterCard PayPass. The app in its current form isn't dangerous, it takes ~2 minutes to read the card and if the screen goes off or the reader loses contact you have to start again.
I wrote essentially the same proof of concept app two years ago after seeing that report pretty much just by reading the specs. From reading the paper mentioned on GitHub, the only real difference to what I wrote is that I didn't check for the CVC3 information (which I think is generally not included, or doesn't correspond to the actual security code on the back of the card).
But in any case, just the card number and expiry number are enough — as mentioned in the Channel 4 report — to make purchases from a lot of places.
If CVC3 is anything like CVV and CVV2, it's probably intentionally different than what's on the back of the card.
Mag-stripe VISA cards have a three-digit code embedded in the stripe (this is the CVV), and a different three-digit code on the back of the card (the CVV2). Different brands of cards use the same model, but they don't always call them CVV/CVV2, and the number of digits may be different.
The numbers are different so that use of the card is a magnetic reader can be differentiated from someone typing it in.
Doesn't this make it an impractical attack in most situations? I've never thought that buying RF shielding cases is of much use for 99% of situations, and this seems to support that theory.
Or should I rush out tomorrow and get one? (Australia, so yep, all of them are paywave, whether you want them or not).
Though as I understand from the source this also acts as an emulator, so if you scan your phone it may replay those card details, worth keeping in mind.
I'd love this. My bank wants me to pay $2.99 for a sticker to go on the back of my phone (to do contactless purchases) while supporting Galaxy S* phones natively...
Sounds to me like his bank is the Commonwealth Bank of Australia(1), so Google Wallet is a non-starter. Coin is interesting, but the payments landscape in .au is rapidly moving away from card swipes to Paywave/Paypass. I've seen quite a few places that offer Cash or Tap, no swipe (I presume because of the fee structure).
Commonwealth Bank charge $2.99 a year regardless of what you want to do. To use their Android app, they also bill you that to have the functionality turned on.
The annual fee is not applicable in case of the PayTag (https://www.commbank.com.au/personal/can/can-tap.html). Also, can you refer me to the doc that mentions the extra cost of using the Android app for that purpose?
I have been using it also and agree it is worth a look. I keep meaning to move more of my sites to using piwik but time keeps going by without that happening, [sigh].
The great thing about evil is you can enable it in your .emacs and it mostly just works. But even better, because this is Emacs the vi layer is also easily extendable. Here's an example of adding other operators (adding `mit`, `mit>` etc): https://github.com/ZaneA/Dotfiles/blob/1858a02de25e25de20e96...
I'm tempted by emacs/evil as well, but everytime I try to make the switch I run into two problems:
1) intial emacs setup: it feels really tricky to just get basic editor sanity configured (auto-indent, syntax highlighting, etc.)
2) I worry that by using evil mode, I lose out on a lot of the goodness of emacs major and minor mode's. Do you remap everything to be more vi-ish for each mode that you use? I guess that is fine but the transition just seems daunting.
I second the idea of using Prelude to start with Emacs, along with the package manager which makes the initial setup and adding modes/stuff very easy (see http://melpa.milkbox.net).
I haven't seen any lost functionality by using evil; modes that define bindings continue to work, and the usual C-x/C-c/M-x/whatever works fine with evil. There is the odd major mode that doesn't work with evil out of the box (usually if it redefines j/k) but most have no problems. You can still use most (all?) regular Emacs movement commands with evil as well.
