Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for July 28th, 2010

« Older Entries

ATM hack gives cash on demand

By admin on Wednesday, July 28th, 2010 | No Comments

IDG News Service - Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.

Exploiting bugs in two different ATM machines, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them.

He showed the attacks on two systems he had purchased himself — the type of generic ATM machines typically found in bars and convenience stores. Criminals have been hitting this type of machine for years, using ATM skimmers to record card data and PIN numbers, or in some cases simply pulling up a truck and hauling the machines away.

But according to Jack there’s an easier, much more alarming way to get the money out. Criminals can connect to the machines by dialing them up — Jack believes a large number of them have remote management

Read the rest

Read More...

Court Says Privacy Advocate May Publish Social Security Numbers

By admin on Wednesday, July 28th, 2010 | No Comments

A federal appeals court has ordered Virginia’s attorney general to back away from threats of suing a privacy advocate who publishes Social Security numbers of elected officials on the internet.

The decision by the 4th U.S. Circuit Court of Appeals means Betty Ostergren avoids being sued by the state’s top law enforcement official for breaching a state law that prohibits publication of such information.

The Richmond, Virginia-based court, however, stopped short of striking down the law, which was adopted in 2008 and carries civil penalties of about $3,500 per violation.

Instead, a three-judge panel said the regulation breached Ostergren’s First Amendment rights as they applied to her protected”political” speech. The court found that the purpose of Ostergren’s speech outweighed the privacy interests of the roughly three dozen public officials whose data was published on her website.

Ostergren published land records which contained Social Security numbers… Read the rest

Read More...

Researcher’s Hack Can Make ATMs Spew Money

By admin on Wednesday, July 28th, 2010 | No Comments

barnabyatm

Updated with ATM vendor names, responses from vendors, picture and video.

Security researcher Barnaby Jack says he’s always liked the scene in Terminator II when a young John Connor slips a fake credit card into an ATM, types a few keystrokes into what seems to be an Atari laptop, and pulls out hundreds of dollars. In reality, however, Jack says the hack is actually somewhat easier: all it takes is a USB thumb drive or an Internet connection.

At the Black Hat hacker conference Wednesday, Jack demonstrated two exploits on stage that allowed him to pull off that mythical bits-into-Benjamins stunt: One of the exploits allows anyone to unlock a panel on ATMs, insert a USB key, and overwrite the machine’s firmware to take control of the ATM and output cash. Another method allows him to remotely access a machine over the Internet and

Read the rest

Read More...

ST05-012: Supplementing Passwords

By admin on Wednesday, July 28th, 2010 | No Comments

Supplementing Passwords

Why aren’t passwords sufficient?

Passwords are beneficial as a first layer of protection, but they are
susceptible to being guessed or intercepted by attackers. You can
increase the effectiveness of your passwords by using tactics such as
avoiding passwords that are based on personal information or words
found in the dictionary; using a combination of numbers, special
characters, and lowercase and capital letters; and not sharing your
passwords with anyone else (see Choosing and
Protecting Passwords for more information). However, despite your
best attempts, an attacker may be able to obtain your password. If
there are no additional security measures in place, the attacker may
be able to access your personal, financial, or medical information.

What additional levels of security are being used?

Many organizations are beginning… Read the rest

Read More...

Microsoft flaunts ribbon as it beats Office 2011 for Mac drum

By admin on Wednesday, July 28th, 2010 | No Comments

Computerworld - The lead user interface designer for Office 2011 for the Mac touted the software’s new Ribbon interface today in a video MIcrosoft released to pump up enthusiasm the upcoming suite.

“The Office for Mac Ribbon is a new user interface built from the ground up that places the most commonly-used controls right at your fingertips,” said Han-Yi Shaw, the user experience manager at Microsoft’s Mac Business Unit. MBU is the Redmond, Wash. company’s internal Mac development team, which spends the bulk of its time building Office for Mac.

Shaw’s comments were among those voiced by several MBU developers and program managers in a two-and-a-half-minute video that gave users the first official glimpse of the new interface, and a small number of other additions and enhancements, slated to appear in Office 2011.

“The Ribbon will make it easier to find [tools and

Read the rest

Read More...
« Older Entries