Jul 24

Latest ATM skimmers get thinner

Posted in: Today's Chili

ATM skimmers lift credit and debit card information by attaching to the card slot on the machine, although such modifications have typically been spotted quickly due to their bulky and obvious nature. Over the years, skimmers have become increasingly hard to detect, resulting in mass fraud until the banks fix the affected ATM. The latest generation of ATM skimmers are said to be so thin that they can be inserted directly into a card slot without arousing suspicion.

Recent reports from the European ATM Security Team detail a new skimming device that can be inserted directly into an ATM card reader thanks to its svelte frame. Just like other skimmers, it lifts information from the magnetic strip on the back of a credit or debit card and stores it for later retrieval. Bulky ATM skimmers can be easily avoided, but a device that fits directly into the card reader could be difficult to detect.

Still, such devices need the most crucial piece of information: your PIN. The only way to lift that is by using a secondary device, typically either an overlay on top of the keypad on an ATM or a hidden camera. Cameras may be a little tricky to spot, but any modifications to the keypad should be easier to detect. As always, if something doesn’t seem right about an ATM you’re trying to use, call the bank and try to find another machine.

[via Krebs on Security]


Latest ATM skimmers get thinner is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


No Comments | Tags: , , , ,
Jul 16

Anonymous and WikiLeaks relationship detailed

Posted in: Today's Chili

The strange nature of the relationship between Anonymous and WikiLeaks has been detailed in a report from International Business Times. Members of the group spoke to IBTimes following a Twitter row over the leaked emails from Syria, with one individual saying the relationship between the two entities is “complex.” As it turns out, there’s crossover between both groups, with some individuals working on both sides to gather and expose information.

Anonymous and WikiLeaks are said to have similar aspirations, hence the heavy crossover between the personnel: “Both groups are first and foremost information activists, so there is a common ground between us.” One member of Anonymous went on to detail the work behind the Syria email leaks, saying the group working tirelessly to breach “multiple domains and dozens of servers.” While the information was handed off to WikiLeaks, the organization didn’t reveal its relationship with Anonymous.

The hacktivist group doesn’t seem to mind, however: “Nor would they be expected to reveal their source that is after all what WikiLeaks is all about.” There’s also the fact that WikiLeaks seems to have no qualms about releasing any information. Anonymous is said to have negotiated with Al-Jazeera regarding the release of the email dumps, but “no suitable disclosure agreement could be negotiated.”

Still, Anonymous is looking ahead to the future. Members of the group have recently launched their own version of Wikileaks, dubbed Par:AnoIA. The site is designed is host Anonymous leaks, and is said to have been created to gain better media coverage for highly sensitive dumps and expose information faster than WikiLeaks.


Anonymous and WikiLeaks relationship detailed is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


No Comments | Tags: , , , , , ,
Jul 13

Billabong, NVIDIA, and Android Forums all affected by hacks

Posted in: Today's Chili

Yesterday Yahoo! suffered a major security breach as it saw over 400,000 passwords leak out. The group responsible for the hack claimed it was to expose the shoddy security methods employed by the company, and wasn’t intended as a malicious attack. It looks like Yahoo! wasn’t the only victim, as several other companies have had their databases exposed and pasted onto the internet due to similar security lapses.

ZDNet reports that Phandroid suffered from a hack on its Android Forums, which exposed usernames, email addresses, and hashed passwords. Its not known how many users have been affected by the hack, although the forum has over a million registered users. The administrators of the site say the exploit has been found and fixed, with the hack most likely an attempt to harvest email addresses.

Last night, Billabong and NVIDIA also suffered from hacks. Around 35,000 plaintext passwords are said to have been extracted from Billabong’s database, but only 1,435 were located in a CodePaste.net post. Like the Yahoo! hack, it looks like the hackers took advantage of a MySQL injection exploit to get at the data.

NVIDIA also shut down its Developer Zone last night after in response to a hacking attack on the website. In a statement, NVIDIA says that it shut down the site “in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords.” There’s no word on how many passwords were taken as a result of the hack, but unlike Billabong, all of the passwords are hashed.

[via The Next Web]


Billabong, NVIDIA, and Android Forums all affected by hacks is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


No Comments | Tags: , , , , , ,
Jul 04

Yahoo! email spam linked to Android botnet

Posted in: Today's Chili

Malware has increasingly become a problem for Android, with most malicious apps intended to send premium text messages in the background that will rack up a nasty phone bill. Android might also be used to setup botnets and send spam emails, according to Terry Zinck’s blog on MSDN. He discovered that standard spam email messages were being sent from Yahoo! Mail servers on Android devices.

Zinck took a closer look at the header information and signatures that were being sent out with the spam. All the messages come from compromised Yahoo! accounts and sent through Yahoo! Mail servers, and all also seem to finish with the “Sent from Yahoo! Mail on Android” signature. Zinck postulates that a hacker has developed a botnet that can access Yahoo! Mail accounts on Android devices and send spam messages as a result.

Yahoo! does provide the IP address of where the emails came from, with origin countries including Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The odds of downloading a malicious app on the Play Store are extremely low, so Zinck believes that users are tracking down pirated versions of apps to avoid paying, or have acquired a fake version of the Yahoo! Mail app.


Yahoo! email spam linked to Android botnet is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


No Comments | Tags: , , , , ,