在南極洲收銀行 OTP 簡訊的方式

看到「SMS Multifactor Authentication in Antarctica」這篇,講在南極洲收銀行 OTP 簡訊的方式 (one-time password,常見的形式是六碼或是七碼數字)。

很明顯的,南極洲沒有什麼電信商可以讓你漫遊 XD

一開始是試著用 Verizon Messages Plus,這個服務可以在電信商直接把簡訊改成 e-mail 寄出來,但作者發現所有的簡訊都會轉送,就是銀行的不會轉送 XDDD

接著是試著用 Google Voice 的號碼,但銀行會判定為 VoIP 電話而不送。

另外的方式是「Wifi Calling」,看起來應該是 VoWiFi 這個台灣更常見的詞,透過 internet 連到電信商的網路掛進去,而不需要透過電信商的基地台。

McMurdo 的網路目前還是有很多不一樣的限制與問題:

At McMurdo, phones have access to a wifi network only for wifi calling and texting, not for general Internet access. It’s just a prototype at this time. It doesn’t work in all cases or in all areas, and for one reason or another it doesn’t work for some people, even if they’ve followed all the steps for enabling wifi calling.

看起來作者遇到的問題是 latency 過高以及頻寬不穩定的問題:

Also, the protocol assumes terrestrial broadband with reasonable latency and bandwidth. At McMurdo, as of this writing, latency to terrestrial locations is in excess of 700 milliseconds. Usable bandwidth for any given end user can vary widely, down to a few dozen kilobits per second.

然後也很難 troubleshooting:

The protocol also doesn’t expose any useful diagnostic info to the end user in order to troubleshoot. You just have to cross your fingers that the magic “wifi calling” icon lights up.

接下來作者嘗試的是 Voice MFA,但不存在這樣的電話號碼可以轉接之類的:

Direct inward dialing to US Antarctic stations isn’t generally available, so you probably can’t configure your cell phone number to forward to a number you can directly answer on-station. (I’m aware of some exceptions to this.)

作者最後提了兩個方法,第一個是想辦法找一個銀行不會擋的虛擬號碼註冊,但這個方法基本上是個貓抓老鼠的遊戲。第二個是作者實做的方法,自己搞 relay,透過 IFTTT 或是其他類似的工具來轉:

轉出來像是這樣:

也許等基礎建設好一點之後,VoWiFi 應該就有機會通?

英國新的紙鈔將會使用 Alan Turing 頭像

新版 50 英鎊的紙鈔將使用 Alan Turing 的頭像設計:「New face of the Bank of England's £50 note is revealed as Alan Turing」。

不知道要怎麼介紹 Alan Turing... 對於現代計算理論的貢獻、對於二戰盟軍的貢獻,以及對於人工智慧的貢獻都無與倫比,另外一方面,在 1952 年時因同性戀身份被定罪,1954 年時食用氰化物自殺過世,然後到了 2013 年議會爭論赦免的過程中,英國女皇決定直接行使赦免權。現在則是決定以他的頭像作為五十英鎊的人物。

既然靠這個圈子吃飯的,應該會蒐藏一張起來吧,紀念這位英雄...

ING Bank 在羅馬尼亞的機房出事...

ING Bank 在羅馬尼亞的機房發生資料損毀:「A Loud Sound Just Shut Down a Bank's Data Center for 10 Hours」。

不過原因是因為火災測試時噴發的音量太大,導致硬碟故障 XDDD

ING Bank’s main data center in Bucharest, Romania, was severely damaged over the weekend during a fire extinguishing test. In what is a very rare but known phenomenon, it was the loud sound of inert gas being released that destroyed dozens of hard drives. The site is currently offline and the bank relies solely on its backup data center, located within a couple of miles’ proximity.

報導給了個測試影片,示範超大的音量會對硬碟有什麼影響:

索馬利亞愈來愈發達的行動支付

索馬利亞的行動支付愈來愈發達:「More phones, few banks and years of instability are transforming Somalia to a cashless society」。

Now, it is one of at least three companies offering mobile money transfers in Somalia, where 51 out of every 100 people has a mobile subscription (compared to 22, only three years ago), and around 40% of adults use mobile money accounts, according to 2014 data from the World Bank (">pdf).

行動支付的流行,原因包括了缺乏零售銀行 (也就是服務據點),加上戰爭因素:

[,] the lack of retail banking in Somalia and fears of continued unrest—Al-Shabaab continues to occasionally stage attacks throughout the country—have made the service vital to Somalia’s reconstruction. Hormuud holds the cash, acting in essence like a bank.

時代創造英雄的感覺...

為什麼有了 Google Authenticator 還要使用實體的 Two-Factor Token?

如標題的問題,因為 token 可以將 secret key 實體隔離開。

可以讀看看最近這篇報導:「Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions」,其中這段:

To date, the researchers said, Eurograbber has infected more than 30,000 users and stolen an estimated 36 million Euros.

對於開發木馬的人,銀行服務算是「經濟效益」最高的「投資」...

用簡訊也有類似的問題,實體的 OTP 算是目前最能抵抗這類攻擊的方式了...

銀行 (信用卡) 的最新優惠消息...

已經好幾次遇到「根本不知道有哪些優惠」的情況了,去找 feed 沒幾家有做,只好自己做一個來生 Atom feed:「Useful Feeds」。

網站的程式碼放在 GitHub 上,要改的人可以開 ticket 或是直接 fork + pull-request,目前還有很多地方需要修正 (像是 Atom feed validator 問題)。

出了信用卡的以外,之後如果有遇到需要加的功能會再加上去...