the integrated one of the thinkpad works fine tbh, just the fact that they use completely unmaintained software in a banking environment is a little weird

yeah, but it's kind of like a form of 2factor

But I noticed the heavy Win XP usage still in 2018

I never use that function though

I just set it up with mine to verify through my phone

that works? Didn't know that, I'll tell her, the auth is a pain rn

might depend on the bank, but I can do ATM transfers online just with a phone verification

Are you at citibank?

not really one to discuss that sort of thing

i'd be surprised if they didn't have that function, though

it's not like I'll raid your account but you don't have to tell

From a security point of view I like the MRT cards

Tried to dump the NFC onto my phone but they are properly encrypted

it used to be shit

some german guy demonstrated it years ago with the gen 1 cards

is this why they made this "version 2" thing lately?

v2 and later have been out for years

I only have v2

if it doesn't have a chip it's v1

said german was able to decrypt the contents of the card and add as much money as he wanted

since it was still stored on the card back then

and the encryption was piss-poor

Just checked

I have an EasyCard V2 with a chip

now it's just on a server so even if you have a v1 you can't modify it to have more money

you might be able to impersonate another v1 card though, i dunno

So yuou're saying all those busses in the middle of nowhere, all taxis etc have an active internet connection that checks the balance?

I've thought about that and I can only assume it's yes or it's hybrid

there was a story a few years back about how someone was arrested for falsifying the balance on cards

might have been done with v1 cards

```
At the 27th annual German Chaos Communication Congress hacker conference ("27C3") in 2010, German free software programmer Harald Welte showed that it is possible to artificially change the amount of money stored on a first-generation EasyCard —based on the MIFARE Classic chip— using nothing more than a USB RFID reader and a laptop computer running open source software. Welte denounced the system for its poor choice of cipher and lack of user authentication. He was able to map out and manipulate the card's internal format in 2 days on a trip in Taiwan.[22]

However, hacking the EasyCard remains illegal, and in September 2011 a 24-year-old engineer was arrested on suspicion of fraudulently using a hacked EasyCard.[23]
```

yes

it might be that the mobile readers trust a balance on the card and then it's all settled afterwards

the card readers on buses fail occasionally so that might be a connectivity issue

either to the servers or just a card reading issue

or the readers actually all have GSM

Wouldn't surprise me much

i dunno, cell connectivity in taiwan is everywhere

so yeah

exactly

it wouldn't really be an issue