TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited December 2019
RFID credit cards (Which I will confess are different from NFC phone payments) certainly seem more secure than magstrips at the Point of Sale, but I worry a heck of a lot about how easy those things are to sniff from a distance. There's more than one DEFCON presentation or similar about how "tap to pay" credit cards are pretty easy to steal without making physical contact.
The functional problem with gas pumps is you need to authorize the card first to activate the pumps to prevent drive offs, but you also don't know how much the transaction will be until it's done pumping. So for a chip card you'd have to leave the card in for the entire duration, which can cause problems for shared card readers and allow physical card theft.
That's not how it works up here (Canada). It does ask you to enter the cash amount you want to purchase, pre-authorizes for that amount (after you enter your pin), and then gives you your card back before dispensing fuel from the pump. You're only actually charged for the amount you pump. It's a smooth, quick process that only sucks because being outside in winter sucks. :P
Yeah, that's how it works here in the UK too, if you pay at the pump. (For pay at kiosk, we still pump first, then go in and pay. I've not heard about drive offs being a problem here, though.)
Chip cards are ubiquitous here. NFC at pumps still seems very rare; I don't actually recall seeing it. But at our fuel prices, the NFC limit for a card would be pathetically little fuel; obviously that would be less of an issue for phones but I guess not having it avoids confusion that way.
The functional problem with gas pumps is you need to authorize the card first to activate the pumps to prevent drive offs, but you also don't know how much the transaction will be until it's done pumping. So for a chip card you'd have to leave the card in for the entire duration, which can cause problems for shared card readers and allow physical card theft.
That's not how it works up here (Canada). It does ask you to enter the cash amount you want to purchase, pre-authorizes for that amount (after you enter your pin), and then gives you your card back before dispensing fuel from the pump. You're only actually charged for the amount you pump. It's a smooth, quick process that only sucks because being outside in winter sucks. :P
US doesn't have chip and pin.
Just remember that half the people you meet are below average intelligence.
RFID credit cards (Which I will confess are different from NFC phone payments) certainly seem more secure than magstrips at the Point of Sale, but I worry a heck of a lot about how easy those things are to sniff from a distance. There's more than one DEFCON presentation or similar about how "tap to pay" credit cards are pretty easy to steal without making physical contact.
Yeah, the early RFID cards were a security nightmare (they just sent your CC#, Exp, and extra ID in plain-text to anyone who asked), but I think the newer ones are slightly better.
Rotating "virtual" CC# is probably the best solution for our current infrastructure.
The functional problem with gas pumps is you need to authorize the card first to activate the pumps to prevent drive offs, but you also don't know how much the transaction will be until it's done pumping. So for a chip card you'd have to leave the card in for the entire duration, which can cause problems for shared card readers and allow physical card theft.
That's not how it works up here (Canada). It does ask you to enter the cash amount you want to purchase, pre-authorizes for that amount (after you enter your pin), and then gives you your card back before dispensing fuel from the pump. You're only actually charged for the amount you pump. It's a smooth, quick process that only sucks because being outside in winter sucks. :P
oh that's a much better idea, all the US pumps I've ever seen still operate in the "pump until you release the pump handle, the cost spins up as you go" style of analog pumps from the olden pre-computerized pump days
Have I Been Pwned lists it as the 10th biggest breach it's ever recorded, and the second biggest from a household name (after MySpace's 360 million accounts breach in 2008 that wasn't made public until 2016).
OrcaAlso known as EspressosaurusWrexRegistered Userregular
I think I might have gotten hit by that gas station compromised credit card attack.
Fueled up using my card since I hadn't gotten around to hitting the ATM (I pay with cash often for the marginal decrease in price, but had been lazy last night). That night two holds and a purchase went through, then my bank declined a second purchase and informed me.
If you do use a card at a gas station, use a credit card and not a debit card. That way, if your card is compromised, they're not taking money right out of your bank account.
If you do use a card at a gas station, use a credit card and not a debit card. That way, if your card is compromised, they're not taking money right out of your bank account.
Really though, just never use a debit card for anything. Ever. I hate even using it at my bank’s drive up ATM and will only use the one in my office since that is a locked down, gated building
OrcaAlso known as EspressosaurusWrexRegistered Userregular
And the bank next day airmailed a new card to me but it's contactless. Do you jerkasses WANT more fraud? Or have they finally fixed relay attacks? (a quick google says only Mastercard had bothered with an updated spec as of a year ago).
HeatwaveCome, now, and walk the path of explosions with me!Registered Userregular
edited December 2019
Is anyone else getting security notifications when visiting these forums?
Since wiping my GPU drivers prior to installing my new GPU and updating my Antivirus software a few weeks ago, I'm getting nonstop "Suspicious connection blocked" notifications, but only while browsing these forums.
No other website seems to do this.
Done multiple system scans with Bitdefender and Malwarebytes, but nothing comes up.
I can still browse the forum but the notification popups are super annoying and I can't seem to figure out how to stop them from popping up at the corner of my screen.
EDIT: reference the notification is usually this:
Suspicious connection blocked
one minute ago
Feature:
Online Threat Prevention
firefox.exe attempted to establish a connection relying on an unmatching security certificate to hw1.pa-cdn.com. We blocked the connection to keep your data safe since the used certificate was issued for a different web address than the targeted one
And it makes typing anything here very difficult before the notification popup takes me out of whatever text field I'm in on the forums, including login.
OrcaAlso known as EspressosaurusWrexRegistered Userregular
I haven't seen 'em on my home connection.
+4
Options
HeatwaveCome, now, and walk the path of explosions with me!Registered Userregular
This never happened to me before I uninstalled the drivers, so maybe its related. Or maybe one of my one of my firefire add-ons is causing this somehow
I'm using sponsor block, ublock origin, https everywhere and disconnect. Just removed sponsor block as that was one I installed recently and to be honest it hasn't been working to remove sponsored advertisement from youtuber videos.
Yeah you should be able to whitelist that source/extension, at the least.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
I'm not currently getting any kind of security notification from the forums, but I have in the past for sure.
Usually it's something that someone has in their signature, pointing toward some other site. Which makes diagnosing the issue difficult, because it doesn't happen on every page - just certain ones where that particular individual may have posted.
Is anyone else getting security notifications when visiting these forums?
Since wiping my GPU drivers prior to installing my new GPU and updating my Antivirus software a few weeks ago, I'm getting nonstop "Suspicious connection blocked" notifications, but only while browsing these forums.
No other website seems to do this.
Done multiple system scans with Bitdefender and Malwarebytes, but nothing comes up.
I can still browse the forum but the notification popups are super annoying and I can't seem to figure out how to stop them from popping up at the corner of my screen.
EDIT: reference the notification is usually this:
Suspicious connection blocked
one minute ago
Feature:
Online Threat Prevention
firefox.exe attempted to establish a connection relying on an unmatching security certificate to hw1.pa-cdn.com. We blocked the connection to keep your data safe since the used certificate was issued for a different web address than the targeted one
And it makes typing anything here very difficult before the notification popup takes me out of whatever text field I'm in on the forums, including login.
I believe that's a bitdefender alert. But I suspect it might be an interaction with your https everywhere stuff because the little bit of forum content from hw1.pa-cdn.com is not encrypted, it's normal http.
Just remember that half the people you meet are below average intelligence.
I've had one before on my phone (although I can't remember what it said) when I've had to grudgingly resort to public wifi. At that point I can't get on the forums at all. But if I then put my VPN on, it's fine again.
Is anyone else getting security notifications when visiting these forums?
Since wiping my GPU drivers prior to installing my new GPU and updating my Antivirus software a few weeks ago, I'm getting nonstop "Suspicious connection blocked" notifications, but only while browsing these forums.
No other website seems to do this.
Done multiple system scans with Bitdefender and Malwarebytes, but nothing comes up.
I can still browse the forum but the notification popups are super annoying and I can't seem to figure out how to stop them from popping up at the corner of my screen.
EDIT: reference the notification is usually this:
Suspicious connection blocked
one minute ago
Feature:
Online Threat Prevention
firefox.exe attempted to establish a connection relying on an unmatching security certificate to hw1.pa-cdn.com. We blocked the connection to keep your data safe since the used certificate was issued for a different web address than the targeted one
And it makes typing anything here very difficult before the notification popup takes me out of whatever text field I'm in on the forums, including login.
I believe that's a bitdefender alert. But I suspect it might be an interaction with your https everywhere stuff because the little bit of forum content from hw1.pa-cdn.com is not encrypted, it's normal http.
I thought that extension is just trying to negotiate to https if the connection will support it. Since it's actually coming back with a cert mismatch that seems like an issue with the cdn server.
0
Options
HeatwaveCome, now, and walk the path of explosions with me!Registered Userregular
So I tried disabling Https Everywhere for 'hw1.pa-cdn.com' in , but now I'm getting the alerts for 'alabasterslim.com'
Is this site associated with Penny Arcade? I don't want to go down a rabbit hole and make too many exclusions
Posts
Yeah, that's how it works here in the UK too, if you pay at the pump. (For pay at kiosk, we still pump first, then go in and pay. I've not heard about drive offs being a problem here, though.)
Chip cards are ubiquitous here. NFC at pumps still seems very rare; I don't actually recall seeing it. But at our fuel prices, the NFC limit for a card would be pathetically little fuel; obviously that would be less of an issue for phones but I guess not having it avoids confusion that way.
Steam | XBL
US doesn't have chip and pin.
https://pjxray.com/x-ray-lead-skirts.html
I'm set.
XBL:Phenyhelm - 3DS:Phenyhelm
Yeah, the early RFID cards were a security nightmare (they just sent your CC#, Exp, and extra ID in plain-text to anyone who asked), but I think the newer ones are slightly better.
Rotating "virtual" CC# is probably the best solution for our current infrastructure.
oh that's a much better idea, all the US pumps I've ever seen still operate in the "pump until you release the pump handle, the cost spins up as you go" style of analog pumps from the olden pre-computerized pump days
Have I Been Pwned lists it as the 10th biggest breach it's ever recorded, and the second biggest from a household name (after MySpace's 360 million accounts breach in 2008 that wasn't made public until 2016).
Steam | XBL
Fueled up using my card since I hadn't gotten around to hitting the ATM (I pay with cash often for the marginal decrease in price, but had been lazy last night). That night two holds and a purchase went through, then my bank declined a second purchase and informed me.
Don't use cards at gas stations folks!
Free credit monitoring for a year, like usual.
I think every big company has this already prepped at this point...
Really though, just never use a debit card for anything. Ever. I hate even using it at my bank’s drive up ATM and will only use the one in my office since that is a locked down, gated building
Once again proving that Sheetz is better.
No. Bad dog.
https://www.digitaltrends.com/news/facebook-data-leak-267-million-users-affected/
wait, no, it's the other thing
Can't draw blood from a stone!
Since wiping my GPU drivers prior to installing my new GPU and updating my Antivirus software a few weeks ago, I'm getting nonstop "Suspicious connection blocked" notifications, but only while browsing these forums.
No other website seems to do this.
Done multiple system scans with Bitdefender and Malwarebytes, but nothing comes up.
I can still browse the forum but the notification popups are super annoying and I can't seem to figure out how to stop them from popping up at the corner of my screen.
EDIT: reference the notification is usually this:
And it makes typing anything here very difficult before the notification popup takes me out of whatever text field I'm in on the forums, including login.
Steam / Origin & Wii U: Heatwave111 / FC: 4227-1965-3206 / Battle.net: Heatwave#11356
I'm using sponsor block, ublock origin, https everywhere and disconnect. Just removed sponsor block as that was one I installed recently and to be honest it hasn't been working to remove sponsored advertisement from youtuber videos.
Steam / Origin & Wii U: Heatwave111 / FC: 4227-1965-3206 / Battle.net: Heatwave#11356
My guess is that you have a faulty filter rule/list that is causing one of your extensions to prevent connections to the site.
Usually it's something that someone has in their signature, pointing toward some other site. Which makes diagnosing the issue difficult, because it doesn't happen on every page - just certain ones where that particular individual may have posted.
I believe that's a bitdefender alert. But I suspect it might be an interaction with your https everywhere stuff because the little bit of forum content from hw1.pa-cdn.com is not encrypted, it's normal http.
Steam | XBL
I thought that extension is just trying to negotiate to https if the connection will support it. Since it's actually coming back with a cert mismatch that seems like an issue with the cdn server.
Is this site associated with Penny Arcade? I don't want to go down a rabbit hole and make too many exclusions
Steam / Origin & Wii U: Heatwave111 / FC: 4227-1965-3206 / Battle.net: Heatwave#11356
Steam | XBL
Oh good. I was worried it was one of the scammers that occasionally post threads with spam.
Alright so making the exclusions for those two sites seems to have worked. Thanks guys!
Steam / Origin & Wii U: Heatwave111 / FC: 4227-1965-3206 / Battle.net: Heatwave#11356
you can get free certificates from https://letsencrypt.org/ if you are looking for a place to get one
Fake edit: Actually they just use letsencrypt too.