The Pre-play Attack in Real Life
A previously-theoretical attack on chip-and-pin payment cards, now observed in the wild:
after we wrote a paper on the pre-play attack, we were contacted by a Scottish sailor who’d bought a drink in a bar in Las Ramblas in Barcelona for €33, and found the following morning that he’d been charged €33,000 instead. The bar had submitted ten transactions an hour apart for €3,300 each, and when we got the transaction logs it turned out that these transactions had been submitted through three different banks. What’s more, although the transactions came from the same terminal ID, they had different terminal characteristics. When the sailor’s lawyer pointed this out to Lloyds Bank, they grudgingly accepted that it had been technical fraud and refunded the money.
(tags: fraud chip-and-pin payment banking credit-cards security pre-play-attack exploits)
-
Some history of the early Irish web, including yours truly, setting up the second server in Ireland in June 1993
CircleCI Engineering Competency Matrix
CircleCI have done a good bit of work on defining competency levels in an engineering organization here
(tags: career circleci engineering growth management competencies work)