Contactless Payment Theft

You may have seen stories in the news about Contactless Payment theft; how it is possible for a criminal to merely brush against you with a new contactless card reader and steal up to £30 from your contactless payment card. It might be a good idea to consider protecting your card against contactless RFID attacks?01_reader

You can either decide that pressing a contactless card reader against your wallet isn’t a plausible crime (it is a plausible crime) or you won’t be affected. Or you can be a  little paranoid and go out and buy a screened wallet or purse, designed to block the RFID signal. They aren’t cheap!

However, you can do it yourself with stuff you should already have around the house – Gaffer Tape and Aluminium Foil. Ideally, you would have a sheet of copper mesh to use as it’s even more effective at blocking the RFID signal but several layers of aluminium foil works just fine – blocking up to 80% of the signal and rendering the contactless card reader ineffective.



Tools needed! 1 pair of scissors.

03_gaffer tape strips

Start by laying out 3 strips of Gaffer Tape, roughly the height of your wallet and aboud 2.5 time the length. This will form the case for the foil

04_foilTear off a nice big piece of foil and start to fold it up so it is a bit less than the height of your wallet. Make sure it is very flat!


Carefully place the foil onto the tape and 07_coveR_in_tapefold up the tape over the foil and trim the edges down so you have a nice neat packet



Slip your RFID signal blocker into the notes section… and there you have it. 1 nicely protected wallet. No contactless theft possible and I have just saved myself £30 for a new screened wallet and feel a little safer when on public transport. Lovely.

OK – I know this is not my usualy Oracle technical blog, and Heath-Robinson inventions aren’t my usual story, but I do have a client who makes these machines and I probably know a little more about them than most. I’ve had one of these RFID blockers in my wallet for a very long time.


Here’s a good tip In SQL*Plus, that I have learned only recently; You’re in the middle of typing in some SQL or a PL/SQL Anonymous block, and can’t remember the column name, or other table information? At the start of the next line type “#desc <table_name>” and the table is described but you keep in the same place in your edit. No need to stop.

NEIL @ orcl > declare
 2 l_dt date;
 3 l_txt varchar2(50);
 4 begin
 5 #desc test_tab1

 Name Null? Type
 ------------------ -------- --------------------------------------------
 DATE_COL                    DATE
 TEXT_COL                    VARCHAR2(50)
 PAD_COL                     CHAR(50)
 5 l_date := sysdate;
 6 select text_col into l_txt.... 
 7 .
NEIL @ orcl >

You can teach an old dog, old tricks. Neat time saver.

Maslow’s Hierarchy of Needs

Maslow updated – you all know somebody who believes this. If you don’t, it’s probably you 🙂 :


For those of you who are unaware of Maslow

The Fear of Presenting

I am deputy chairman of the UK Oracle User Group: Availability, Infrastructure and Management  (AIM) SIG. We arrange several groups per year where we look to get speakers to present on all manner of subject in relation to the remit of the SIG: Exadata, RAC, Partitioning, Grid Control, Managing DBA’s, etc (for more info, check here). However, it can sometimes be difficult to get presenters, and close to impossible to get new presenters.

Now, most people are pretty scared to get up in front of their peers and present. It initially seems quite a daunting prospect. However, I was recently reading Dr Richard Feynman’s autobiography, which puts the fear of your first presentation into perspective:

When he was a graduate student at Princeton, Feynman was working as a research student and was encouraged by John Wheeler to give a talk on an electrodynamics theory they were working on, as “you need experience in giving talks”. Feynman found out later that especially invited to the talk were Henry Norris Russell, Professor Wolfgang Pauli, and Professor Albert Einstein. Three of the most preeminent scientists of their day (you might have heard of at least one of them).

So, if you think your talk is going to be difficult standing in front of a couple of contractors, 3 geeks from the local council, a couple of bankers and some bloke from a supermarket, it’s not. Well, not compared to being open to critique by Pauli and Einstein! Nobody is going to be critical of your talk, only supportive. Nobody expects a presenter to have all of the answers. Many of us have witnessed the consummate presenter Jonathan Lewis writing impossible SQL on a flip chart, much to his chagrin. So if Jonathan can make an amusing mistake, I don’t think we’re overly worried about anybody else making one either.

As for Feynman, his only regret about the seminar as that he can’t remember exactly what Prof. Pauli has said when he raised a question, as he thinks it might have been the answer to making a quantum version of his electrodynamic theory.

So, if you DO present, and I would really encourage you to present,  listen carefully to any questions asked by the audience. They just might give you the answer you are looking for.

For the record and to stop frivolous posts, Martin, I DO present occasionally. Just not as much as perhaps I should.

Complex Passwords

Increasing numbers of Yahoo mail passwords appear to have been compromised; I don’t use Yahoo [although in a historically stupid move, I have multiple email addresses from multiple providers including hotmail, gmail, my ISP and my own domain ]. Anyway, I have been getting an increasing number of spam emails from friends and acquaintances with Yahoo accounts. Not from any other source. I have been multiply spammed from multiple yahoo accounts this year, but from no other provider. The conclusion I draw from this is that either Yahoo has had its password file compromised and the spammers are slowly working their way through it, or it has a significant hole in its security, or there is a focussed piece of malware out there harvesting Yahoo passwords.

Either way, I would strongly recommend that anybody who uses a Yahoo email go and change their password, make it computer-complex (i.e. long), write it on a Post-it and stick it next to your desk (at home – not in the office where everyone can read it)

WHAT! I hear you cry. Why do THAT! You’re mad! Well, no. Brute force attacks are rare, and they will generally use standard dictionary words. I hate to tell you, but hackers know you replace E with 3, A with 4 and L with 1. So your password of AFR1C4 it as much a dictionary word as AFRICA to a computer. [ If you want a really hard-to-crack, easy-to-remember password, I suggest you refer to this XKCD cartoon ]

The likelihood is that your password will be compromised by malware and not brute force attacks, in which case it doesn’t matter how complex it is. The chance it will be compromised by a burglar looking in your desk drawer is very low indeed (although people with teenage children need to be a bit more cautious.)

And change your passwords occasionally – at least once a year. How many of you out there have 2 or 3 different passwords that they use everywhere? A (seemingly) complex one for your bank account and “password” for your forum accounts? And you have NEVER changed them as it would mean changing 200 accounts and it’s too much like hard work? Thought so. One day you will be pwned by the hackers.

UKOUG – Call for Papers

The UK Oracle User Group has put out it’s call for papers, and the deadline is rapidly approaching.

Have you registered as a speaker and sent in a abstract yet? NO? Don’t you know how great an opportunity it is for you. Discuss your ideas with your peers. Network. Instruct and inform. Help other avoid the pitfalls which dogged your project. All by telling everyone about it. We will love you for it at the user group. And you will love the feedback you get. Anyone can speak, everyone has a good story to tell.

You need to register by THIS FRIDAY, 1ST JUNE!!!

Go on. Try it. – you might surprise yourself.