Aug 18

Thermal-Imaging Camera Can Read Your ATM PIN

Posted in: security, Today's Chili

Heatmap

The thermal signature left by your fingers on an ATM keypad can be used to grab your PIN

You might want to rethink your ATM security procedures in the light of yet another new number-stealing hack. No longer is it enough just to shield the keypad from possibly hidden cameras, or avoid swiping your card to get into the bank during off-hours (skimmers often replace the door card-readers with their own). Now you also have to deal with thermal imaging.

Security researchers have discovered that pointing a thermal camera at a plastic keypad can read off your PIN as easily as if you had written it down. The heat from your fingers shows on the camera and all four digits of your PIN can be read with a success rate of 80% after ten seconds, and 60% 45 seconds after you have tapped them in.

Metal number pads are immune, but less conductive plastic pads store the heat so well that you can even tell in what order the buttons were pressed. The reading of the numbers can even be done using software.

While the researchers (Keaton Mowery, Sarah Meiklejohn and Stefan Savage from the UC San Diego) don’t think that thieves have used this technique yet, it looks like an easy job once you have bought an expensive thermal-imaging camera. Short of avoiding plastic pads altogether, I guess we should all start resting our fingers on extra buttons, just to be safe.

Stealing ATM PINs with thermal cameras [Naked Security via Slashdot]

See Also:


No Comments
Aug 16

Auto Lock a Computer with a USB Drive

Posted in: Freeware, security, Software, Today's Chili, usb drive, Windows

This article was written on May 28, 2010 by CyberNet.

predator auto lock.png

arrow Windows Windows only arrow
Most people carry a USB drive around for storing files on-the-go, but that’s not all they are good for. A free (for non-commercial use) program called Predator will actually let you use a USB drive as a key for your computer. Basically, when you remove the drive the computer will lock itself, and it will be unlocked the next time you insert the drive.

How it works is simple:

  1. You insert the USB drive
  2. You run PREDATOR (autostart with Windows is possible)
  3. You do your work
  4. When you’re away from your PC, you simply remove the USB drive – once it is removed, the keyboard and mouse are disabled and the screen darkens
  5. When you return back to your PC, you put the USB flash drive in place – keyboard and mouse are immediately released, and the display is restored.

There are some things you might naturally be concerned about, such as what happens if you lend out your drive to someone and they copy everything on it? Well, you can set up the app to require a password in order to unlock your computer, but that may not be necessary. Predator will update your key from time-to-time so that any copies are invalidated. If you’re worried about losing your USB drive you can always designate a secondary drive, that uses its own key, that can be used in an emergency.

The free version of Predator is only for personal, non-commercial use. If you do buy the app you’ll also get some advanced features such as Twitter or SMS notifications in the event that someone tries to “break into” your computer. For most home users I’m guessing the logging options really aren’t necessary.

Predator Homepage (Windows only; Free for non-commercial use)

Copyright © 2011 CyberNetNews.com

Related Posts:


No Comments | Tags:
Aug 14

Telex anti-censorship system promises to leap over firewalls without getting burned

Posted in: concept, free, government, politics, research, security, Software, Today's Chili, web
Human rights activists and free speech advocates have every reason to worry about the future of an open and uncensored internet, but researchers from the University of Michigan and the University of Waterloo have come up with a new tool that may help put their fears to rest. Their system, called Telex, proposes to circumvent government censors by using some clever cryptographic techniques. Unlike similar schemes, which typically require users to deploy secret IP addresses and encryption keys, Telex would only ask that they download a piece of software. With the program onboard, users in firewalled countries would then be able to visit blacklisted sites by establishing a decoy connection to any unblocked address. The software would automatically recognize this connection as a Telex request and tag it with a secret code visible only to participating ISPs, which could then divert these requests to banned sites. By essentially creating a proxy server without an IP address, the concept could make verboten connections more difficult to trace, but it would still rely upon the cooperation of many ISPs stationed outside the country in question — which could pose a significant obstacle to its realization. At this point, Telex is still in a proof-of-concept phase, but you can find out more in the full press release, after the break.

Continue reading Telex anti-censorship system promises to leap over firewalls without getting burned

Telex anti-censorship system promises to leap over firewalls without getting burned originally appeared on Engadget on Sun, 14 Aug 2011 15:56:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceTelex.cc (1)  | Email this | Comments

No Comments | Tags:
Aug 11

Researchers use children’s toy to exploit security hole in feds’ radios, eavesdrop on conversations

Posted in: radio, research, security, study, Today's Chili, toy
Researchers from the University of Pennsylvania have discovered a potentially major security flaw in the radios used by federal agents, as part of a new study that’s sure to raise some eyebrows within the intelligence community. Computer science professor Matt Blaze and his team uncovered the vulnerability after examining a set of handheld and in-car radios used by law enforcement officials in two, undisclosed metropolitan areas. The devices, which operate on a wireless standard known as Project 25 (P25), suffer from a relatively simple design flaw, with indicators and switches that don’t always make it clear whether transmissions are encrypted. And, because these missives are sent in segments, a hacker could jam an entire message by blocking just one of its pieces, without expending too much power. What’s really shocking, however, is that the researchers were able to jam messages and track the location of agents using only a $30 IM Me texting device, designed for kids (pictured above). After listening in on sensitive conversations from officials at the Department of Justice and the Department of Homeland Security, Barnes and his team have called for a “substantial top-to-bottom redesign” of the P25 system and have notified the agencies in question. The FBI has yet to comment on the study, but you can read the whole thing for yourself, at the link below.

Researchers use children’s toy to exploit security hole in feds’ radios, eavesdrop on conversations originally appeared on Engadget on Thu, 11 Aug 2011 11:40:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceThe Wall Street Journal  | Email this | Comments

No Comments | Tags: ,
Aug 09

7 Casino Technologies They Don’t Want You to Know About

Posted in: security, Today's Chili, top

Movies make casino cheaters seem like modern-day Robin Hoods, but don’t be fooled. Regulatory agencies toss around jail sentences faster than mob goons used to break knees. But casinos can’t prosecute what they can’t catch; everything starts with detection. More »

No Comments
Aug 08

Elektrobit’s Specialized Device Platform tailors Android devices for security-minded markets, won’t hem pants

Posted in: Android, cdma, dual-core, DualCore, gingerbread, lte, mobile, security, Today's Chili

The defense industry may already have its share of deadly high-tech toys, but when it comes to the latest in mobile, it’s often left to watch from the highly-secured sidelines. Enter Elektrobit Corporation with a just announced Specialized Device Platform that crafts made-to-order, Android-based devices for the public safety, security and aforementioned defense markets. Citing its lower cost, faster development approach, EB’s service marries the “best of the traditional mobile world… with product-and industry-specific features” so clients won’t have to deal with last year’s Android OS. Oh wait, actually they will. The currently on offer Froyo-flavored, 1GHz single-core OMAP3 model packs a WVGA capacitive touchscreen (either 4-, or 4.3-inch), 5 megapixel camera, VGA front-facing camera, WiFi, Bluetooth and GPS with quad-band GSM, tri-band UMTS / HSDPA and CDMA2K / EVDO support. Clients interested in a 700MHz LTE, Gingerbread option — that’s right, no Ice Cream Sandwich — will have to hold off until the first half of 2012, when the company’s 1.5GHz dual-core OMAP4 models will be available for production. Alright, so these specs aren’t exactly bleeding edge tech, but hey — who needs a quad-core phone when you’ve got this.

Continue reading Elektrobit’s Specialized Device Platform tailors Android devices for security-minded markets, won’t hem pants

Elektrobit’s Specialized Device Platform tailors Android devices for security-minded markets, won’t hem pants originally appeared on Engadget on Tue, 09 Aug 2011 01:08:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

No Comments | Tags: , , , , , , , , , ,
Aug 08

Seagate’s GoFlex Turbo portable hard drive touts USB 3.0, built-in SafetyNet

Posted in: external hard drive, ExternalHardDrive, hands-on, hard drive, HardDrive, security, Today's Chili

Another week, another external HDD from the folks at Seagate. This go ’round, it’s the GoFlex Turbo taking the stage, positioned somewhere between the GoFlex Slim and Satellite in terms of depth. It’s the outfit’s first drive to ship with two free years of SafetyNet, which nets you a single data recovery attempt should something go haywire during the honeymoon period. Tucked within, you’ll find a 500GB / 750GB drive (7200RPM), a USB 3.0 port and support for eSATA / FireWire 800 connectors via an optional interface adapter. Per usual, it’ll hum along just fine on both Windows and OS X, and can be snapped up today at Best Buy for $119.99 / $139.99, respectively. Full release is after the break, and if you’re curious, we managed to see consistent USB 2.0 rates of 30MBps to 40MBps (read / write) during our brief time with it.

Gallery: Seagate GoFlex Turbo hard drive hands-on

Continue reading Seagate’s GoFlex Turbo portable hard drive touts USB 3.0, built-in SafetyNet

Seagate’s GoFlex Turbo portable hard drive touts USB 3.0, built-in SafetyNet originally appeared on Engadget on Mon, 08 Aug 2011 08:00:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

No Comments | Tags:
Aug 08

Android Network Toolkit lets you exploit local machines at the push of a button

Posted in: Android, hack, security, Today's Chili, wifi

Defcon 2011 is in full hacking swing, and Itzhak Avraham — “Zuk” for short — and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed “Anti” for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. To do this, it seeks out weak spots in older software using known exploits, which means you may want to upgrade before hitting up public WiFi. According to Forbes, it’s much like Firesheep, and Zuk refers to Anti as a “penetration tool for the masses.” Apparently, his end-goal is to simplify “advanced” hacking and put it within pocket’s reach, but he also hopes it’ll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 “corporate upgrade.” Consider yourself warned.

Android Network Toolkit lets you exploit local machines at the push of a button originally appeared on Engadget on Mon, 08 Aug 2011 02:18:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceForbes  | Email this | Comments

No Comments | Tags:
Aug 06

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat

Posted in: Chrome, chrome os, ChromeOs, demo, Gmail, Google, hack, hacking, research, security, Today's Chili

It’s been a rough Black Hat conference for Google. First, FusionX used the company’s homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS. According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google’s vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad — a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user’s contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat’s attendees that they’ve discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, “This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels.” The company went on to say that its laptops can ward off attacks better than most, thanks to “a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.”

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat originally appeared on Engadget on Sat, 06 Aug 2011 17:07:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceCNET  | Email this | Comments

No Comments | Tags: , , ,
Aug 06

AT&T ramps up voicemail security, say hello to your new pin code

Posted in: att, hack, Hacks, security, Today's Chili

Have anything sitting in your voicemail that you’d prefer the rest of the world didn’t hear? When’s the last time you went about checking it, anyway? AT&T is now on a mission to save its carefree customers from themselves, and beginning today, all new subscribers will be required to set a voicemail password or affirmatively disable the security measure. Ma Bell’s new policy is a reaction to the current unauthorized intrusion hubbub in the media, combined with the very real threat of caller ID spoofing. Shockingly, its current customers won’t receive similar treatment until early next year, and only when they upgrade their handsets. Of course, you can easily secure your voicemail within the settings, and if you prefer the convenience of retrieving your messages without hassle, you’ll still have that option — much to Rupert Murdoch’s pleasure, that is.

AT&T ramps up voicemail security, say hello to your new pin code originally appeared on Engadget on Sat, 06 Aug 2011 13:06:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  sourceAT&T Public Policy Blog  | Email this | Comments

No Comments | Tags: