Payoneer waste of time

I use Paypal quite a lot for handling online purchases. One problem with Paypal is that none of the big electronic component suppliers support it, so I have been looking at easier ways to handle that.

A few weeks ago, a friend of mine pointed me to Payoneer. According to their web site they will provide you with a US account and provide you with a prepaid master card for said account. They also specifically stress Paypal in the FAQ:

Payoneer Paypal

Initially I was quite impressed with Payoneer’s service – I had my spankling new Mastercard within a week or so and activating it took seconds. Now I had a Mastercard with a balance of zero, so I wanted to transfer some funds from my Paypal account.

To make a long story short – adding the account to Paypal turned out to be impossible and a phone call to Paypal’s helpdesk confirmed my suspicion – Paypal do NOT support Payoneer after too many fradulent accounts.

Payoneer could possibly argue that this is a Paypal problem and that is indeed partially true. However, IF Payoneer is still guilty of lying on their web-site, so I’ll say this is a Payoneer problem.

I am going to Mars

Looks like I’ll be going to Mars soon.

Power Probe Demo

The following graph show live (updated once an hour) data pulled from a Power Probe into a Google Sheet and then embedded on this site.

And another one:

Network Security? Not my Problem!

changkatI live within 2 minutes walk from a street packed with restaurants and bars, probably more than 30 of them. Most – if not all – of these, provide WiFi Internet access as a service for their customers, and most – if not all – of these put their servers and point-of-sales (POS) terminals on the same network.

Of course it is pretty easy to understand what is happening here.  The restaurant or bar owner know little, or nothing, about IT.  The vendor or supplier of the point of sales system cares little, or not at all, about anything except selling point of sales terminals, and while this vendor will probably be tasked with setting up the network, their staff know next to nothing about the consequences of their decisions.

As a result, anybody who can connect to the outlet’s public WiFi can poke around the network with absolutely no risk of being detected.  This in turn leads to a number of “interesting” problems.

Illegal Use

The very first problem is that these uncontrolled public WiFi networks put the owner at an enormous risk resulting from potential illegal actions performed by the users.  This could range from piracy (downloading copyrighted material) to serious offences such as distribution of child pornography.  Since most of these semi-public WiFi access points uses a shared password that is distributed to all customers on request (if not actually pasted on the wall somewhere) there is no way the individual users can be identified.

liabiliry

Click on the image to go to the original article.

Or another one:

fbi

Click on the image to go to the original article.

 

Denial of Service

The second potential problem is various means of denial-of-service (DoS) attacks.  Having a device on the same network as servers and POS terminals, it would be relatively easy to render the Internet connection or indeed the network itself completely useless.  Downloading a popular bittorrent could easily fill the available bandwidth completely, and ARP flooding/poisoning could easily be used to ensure that the entire network would only serve one specific client.

I honestly do not know if a typical POS terminal will continue operating if the server is unreachable, but I imagine this could potentially put the POS terminal out of service for the duration of the attack.

Man-in-the-middle Attacks

Finally network sniffing.  ARP flooding/poisoning/spoofing will trick most – if not all – cheap consumer access points, which means it is trivial for anybody who is connected to capture all network traffic.  That includes traffic from other customer’s phones, tablets and laptops, and traffic from and between the point of sales terminals and the server (presumably running a centralized accounting application of some sort).  This all sounds pretty nerdy and something that would require significant skills.  Think again!  Hell – I got an app for my Android phone which will quite happily do this for me – without any knowledge needed whatsoever (DroidSheep).

DroidSheep is a bit of a toy really.  It will collect “sessions” for a number of services (Google, Facebook, Email etc.) but that is about it.  There are of course more serious tools available.  An application such as Ettercap is potentially much more dangerous. Ettercap will, like DroidSheep, use ARP poisoning to ensure that all network traffic is captured.  It also contains plugins that can trick servers into sending passwords in clear text (or at least in a form that can be analyzed and cracked later) or force the servers to disconnect from the network.

Solutions

To solve the problems listed above, a number of changes needs to be implemented:

Separate Networks

This one is so simple it is almost a no-brainer. When putting together a network of potentially vulnerable servers, make sure that network is isolated completely from unknown users.

User Identification

Force users to “sign-up” with a valid e-mail address so that the users can be identified.

Separate Exit Strategies

Route unknown users through an anonymizing network such as for example Tor. This would ensure that no illegal traffic can be tied to the business owner.

Only in America

Only in America can people seeking fitness be so lazy they need a damn escalator to get up a few steps:

enhanced-buzz-28303-1302284099-13

Manos: The Hands of Fate (1966)

ManosposterI have a weakness for movies that are so bad that they become unintentionally funny. The master of the genre is of course Edward D. Wood, Jr. who spend his entirely life making a long line of absolutely brilliantly poor movies.

One movie however stands out as so poor that it makes Ed Wood look extremely talented and that is Manos: The Hands of Fate.

Some highlights from the reviews around the web:

  • Some films are so bad, they’re good. Meaning “fun” or “entertaining” or at least “interesting”… But few films can claim to be so dreadful, you actually feel physical pain while viewing them. So bad are these damned few that you don’t experience them or watch them: you “endure” them. This is the mother of all such films!
  • “Manos the hands of fate” is without a doubt the most inept and atrociously awful film ever made. Its poorness is so extreme that of itself it is the film’s strongest selling emphasis. The script is non-existent, the acting makes Steven Seagal look like a member of the Royal Shakespeare Company and the editing could have less horrendously botched by a blind Eskimo with no arms. It is also painfully slow. this film makes its approximately 70 minute running time and make you feel like you’ve aged ten years. That’s what makes a film truly bad: the fact that despite its overbearing weaknesses it isn’t even entertaining!
  • The story…well, I guess it’s supposed to be one of those “innocents get lost and stumble upon supernatural evil” deals. Actually, it’s more like an “irritating family gets lost and stumbles upon a group of vague cultists and their creepy hired hand Torgo” deal.
  • There’s much more, of course, but “Manos” is like a train wreck, or a natural disaster: I could describe it to you, but you’d never understand the full level of horror unless you witness it for yourself. So go ahead, watch it, I dare you. At least you can take comfort in the knowledge that, after you’ve seen it, nothing else you watch will be quite so bad.
  • After seeing this movie I ran through the house screaming at the top of my lungs for several hours pausing occasionally only to bang my head repeatedly on the floor. And that was the MST3K version!! Imagine seeing this movie pure and undiluted! It’s too horrible to conceive!

And here it is – the pure and undiluted horror that is Manos:

Funniest Comedy Ever?

This might very well be the single most funny moment in comedy ever.

Funniest Yes Prime Minister Moment.

Livestock Tracking

I am currently working on a system for live GPS tracking of livestock.

Systems like that exist already, but they all – without exception – fail on one particular field – reporting!  Existing systems all rely on either GSM or (even worse) Satellite connection to report locations in real time.  The system I am working on uses a mesh network of cheap base stations to provide network coverage over large areas.

A complete system description is available at http://lth.cow.dk/wiki/Livestock_Tracking.

HazeCam

wpid-IMG_20130712_085118.JPG

Definitely not the neatest hardware installation I’ve done but it works most of the time.

More here: http://hazecam.netcompartner.com

Formula One and Malaysian Politics

Formula 1 reminds me more and more about Malaysian politics.  Let’s look at this week in Formula 1:

Wednesday

Bernie announces that Monza is probably the next European race to get axed as Formula 1 move into new markets.

Thursday

Ferrari announces that they will axe Formula 1 if Monza get axed.

Friday

Bernie announces that there’s absolutely no risk Monza will ever get axed from the Formula 1 calendar.

Sigh!

Top