toothpaste stained and covered in snow

I have a toothpaste stain on my shirt today.

I was brushing my teeth at a truly nasty pre-dawn hour when I caught sight of The Outside World. It was snow. Lots of snow, “falling” horizontally. I swore, spewing toothpaste everywhere. I had things to do and places to be – and snow, especially new snow, throws a real wrench into any commute in this gawd-forsaken transport-disabled city. I threw aside the toothbrush, grabbed the dog, purse and keys and ran out the door to try to work our way to the doggie daycare (don’t judge me) then to my training course at the furthest north hospital in the city. I live in the far southeast and the hospital is normally 25 min away but today – well, here I am an hour and 20 minutes later, finally seated (very late) in class.

Oh – did I mention I scored a new job? Yessiree, I’ve left the world of credit unions and banking and ATMs. That month of holding my breath and staying offline really highlighted that I didn’t like my job very much. The company I was working for had geared down consulting work within my specialty and I was just being shoved into areas that I wasn’t interested in pursuing. So after some pondering and searching and after The Husband confirmed that as much as he jokes, he does not want a stay at home wife, I’ve jumped over to the emerging world of health care software, paperless hospitals and coordinated services. It’s interesting. Intriguing. Rewarding. And makes me feel like I’m doing something phenomenally good with my work. It’s been a month on the job as of today, and I quite enjoy it when I don’t have to cross the city in a blizzard to attend a training course. And when I’m not gasping for breath – note that I started this job on day TWO of the Bad Bad Sickness. The Sick lasted until last week. I was VERY popular – being sick while working in health care is only what I can imagine it is like for a vegetarian brigade dealing with their one meat-eating jerk that keeps showing up for meetings.

Health care, even in an office environment, is not for the faint of heart. I have a strong stomach and an interest in medical procedures and even I have now had lunch conversations that made me think twice about finishing the butter chicken. Fecal vomiting. Poop transplants. And I’ve already had to look up “vaginectomy” just hoping that it really wasn’t what I thought it was. 

And that was all in my first week.

I now have WebMD on “speed search”, haven’t obsessed about credit card security and haven’t even used an ATM since I left my previous job. I am now terrified of germs and have antibacterial hand spray within easy reach at all times. It’s a strange new world.

Advertisements

surreal geek

The window down the hall from my cubicle faces the neighboring building. That building is, at most, 10 feet away. The micro environment that this creates is making the fluffy cotton snow flow upwards. I’m in the opening credits of a surrealistic film.

I am reading Jimmy Corrigan: The Smartest Kid on Earth which is the collected dark diagramming of exquisite fantasies/reality of an intriguing socially-awkward man. Except he’s not socially awkward. But he is. I love the way that pages will pass with no dialogue. I love the icons. I love the freshness and the storytelling. I actually love that it’s not as pretty as Preacher or anything like Dave McKean – which isn’t ordinary for me since I did read my first non-Archie comic because of the artwork (Batman: Arkham Asylum – here’s a pdf sneak peek).  I love the symbolism in Jimmy, and the interconnected storylines. It’s really nothing like I’ve ever read before.  Thoughts of it has this upwards snow making sense.

I’m purcolating photos to share with you. Well, kinda. Mostly, I’m organizing my new fancy shiny external hard drive which also happens to have the photos I’d like to share here. The easy way would be to load the photos into photo editing software on my Windows PC. But noooooo… We here at the Gypsyhick Headquarters refuse this thing others call “uncomplicated”. I now have Fedora 7 test 2 (Linux) running on VMWare, and I’m organizing the environment so that I can import the photos into GIMP within the Fedora appliance. So then I can edit my poor photography skilled photos, and show you the most amazing knitting organizers of all time. Really. You’ll drool, even if you don’t knit. And our latest painting project, which had me really really high on oil-based paint on the weekend. Not as enticing as you’d think, actually…

And now I’m off to class – because there’s nothing better than a 15 hour work day and a commute in a blizzard! I wonder if I’ll be able to knit (while driving) in the traffic jam again?

the machine is us/ing us

I really do hope I’m not becoming just another bloggy YouTube aggregator. However, I am quite taken with Michael Wesch’s take on Web 2.0 so here it is:

[YouTube=http://www.youtube.com/watch?v=6gmP4nk0EOE]

I do have more to update, especially with respect to more “101 things” accomplished, redefined, and advice needed.  But I have to go to the washroom then to class, so that’s taking priority right now.

Yes, I just shared that.

propeller girl

This working thing is seriously hampering my knitting thing. Gah.

When I’m not knitting (or drinking, travelling, reading your blog, or procrastinating) I work with money. It’s what I do. I rarely see it physically – in my world, it’s all virtual. I watch the little hex values in messages stream out across networks and between nodes, banking systems to switches to retailers and ATMs and back again. I watch thousands of transactions every day streaming at top speed along a spider-web of connectivity, then I work to mimic it and try to break in on parallel test systems. It’s just my thing, my gig. I’ve been doing it since I was discovered to have a knack for breaking things – natural clutziness has become the key to my paycheque because I’m the gal who stumbles across holes in logic, code, and encryption and I seem to be able to make it all do “bad things” in a way that make the poor managers’ eyeballs pop. Sometimes I’m not well received because, if anyone can break it (on purpose or accidentally), I can. Ah, when I present my results on a project, the chorus of “F*CK!” is music to my ears because I’ve found something for the good guys to fix so the bad guys can’t break in.

I do take great pleasure in breaking things (at work). I’m a bull in a china shop – sadly this also goes for non-work things like poking myself in the eye with a spoon while eating, tripping over carpet lint into the table, instigating a falling waterfall of spices and cookbooks by moving one item in the cupboard, and generally trying to trigger an ER visit. It’s nice that at least my mad clutz skillz are useful in some area. I try to focus on this fact when holding yet another burned piece of my flesh under the running kitchen tap. Silver linings, people, silver linings.

I’ve been doing this monetary-clutziness for so long that I often forget that other people aren’t exposed to security and encryption, magnetic stripe and chip formatting and ripping, low tech scamming, high tech skimming, data mapping… I’m a lonely princess on my own stack of encrypted hexidecimal values.

All this is leading up to tell you that it’s become my “hobby” to track ATM and POS scams and hack tools. When someone has figured out a way around the safeguards designed to protect transactions and bank accounts, I sit up and take note. When “they’ve” built a better mousetrap, it means I’m currently or going to be testing their methods and working to set up more roadblocks to keep information protected. “Information longs to be free” does not apply to my bank account, thank you very much. I can’t count the amount of times I’ll read the news and groan because the “unknown” hole we’re patching next week has just been discovered by some basement dwelling, caffeine-sucking, 14-year old from Russia.

The following pissed me off because, well, I’ll explain in a minute. On the news:

“PIN NUMBER REVERSAL (GOOD TO KNOW)

If you should ever be forced by a robber to withdraw money from an ATM machine, you can notify the police by entering your Pin # in reverse.

For example if your pin number is 1234 then you would put in 4321. The ATM recognizes that your pin number is backwards from the ATM card you placed in the machine.

The machine will still give you the money you requested, but unknown to the robber, the police will be immediately dispatched to help you.

This information was recently broadcasted on TV and it states that it is seldom used because people don’t know it exists.”

People don’t know it exists because it DOESN’T exist and this just gives mugging victims false hopes that the help is on the way when in reality, they’re just really screwed. Secondly, it’s not an ATM machine. It’s an Automated Teller Machine – ATM, not an Automated Teller Machine Machine. Jerkass acronymn screwuppers.

Anywho, if you haven’t nodded off by now (and you probably should just stop and go nap because I start to get ranty and illiterate at this point), here’s my clarification (ha!) on what really happens with that old pin thing:

Step Oneish – enter card into ATM & enter PIN

You enter your card and choose the tidbits of your transaction (deposit, withdrawal, balance, what have you). The ATM keypad you’re using to enter your PIN is supposed to be encrypting what you’re entering as you’re entering it but some countries haven’t upgraded their ATMs to meet this standard yet. Using an algorithm generated code known to the ATM & the keypad, your PIN is encrypted before it even hits the ATM core.

Step Twoish – ATM encrypts and sends PIN’d transaction to master switch

At this stage, that keypad-encrypted PIN is combined with other information from your transaction, such as every second number in your bank card number or what have you,then multiplied by a 64 digit (or longer) number to generates a final encrypted PIN value. Now, your whole transaction, with this new unique encrypted PIN value, is sent to the master switch it’s connected to. That master switch then automagically sends the transaction to your bank’s system that holds your personal account and pin information. We often describe the sequence as sending as a letter – the transaction, such as requesting $20 from your chequing account, with your encrypted PIN, is the “letter” composed at the ATM. That letter is then “enveloped” by being encrypted using a second code known to the ATM and the master switch (and recalculated frequently), and the whole envelope is assigned a secret handshake string of digits using yet a third code.

Step Threeish – Decryption & verification

When the whole envelope hits the master switch, the secret handshake is verified as correct and then the message is “de-enveloped” and decrypted using the matching codes and then the encrypted PIN is sent to a secondary device whose sole purpose is to decrypt and verify pin values. If the resulting pin value math adds up, the PIN is declared correct and the ATM is advised that the transaction can be processed. If it’s wrong, well, it’s wrong and a note is sent to the ATM indicating that the transaction is declined.

The only thing that final PIN verify step can do is verify that the math on the known PIN and transaction values should be. There’s no way for anyone to ever know what your real PIN is or if it’s backwards. Even if they did, these switches and banks aren’t connected in real time directly to law enforcement so no flag rises and no heroes are dispatched to the scene. I mean, it takes hours for a crew to get to an ATM that’s risen a flag that it’s out of cash, much less if one of the millions of transactions had a bad pin sequence.

Just don’t go to a dark ATM, a dark alley, or follow a stranger to an ATM. If you do get mugged, call the cops and your financial institution.

The moral of the story is that if you’re mugged, you can’t enter a secret code to call for help because the secret code doesn’t exist. The secondary moral is that low tech PIN and card stealing is the most successful method of fraud, which is why it’s so important to keep your card and PIN secret. Never let your card out of your sight (EVER), shield your pin as if cameras are recording your every move, and if you suspect anything off color, call the number on the ATM, the cops, and your own bank.

In 2005 in Canada, there were 293 million ATM transactions & 3.1 billion POS transactions (pay at cashier direct payment)