InfoSec links December 18, 2014

Spike in Malware Attacks on Aging ATMs - Brian Krebs - Krebs on Security

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

This Fake Log Jams Your Phone So You'll Shut Up and Enjoy Nature - Andy Greenberg - WIRED

Artist and coder Allison Burtch has created a new device to save us from our cellphones and ourselves. It comes in the form of a 10-inch birch log that jams cellular radio signals, and it’s called the Log Jammer. Packed with about $200 of hardware including a power source, a circuit board of her own design, voltage control components, an amplifier, and an antenna, it can produce radio noise at the 1950 megahertz frequency commonly used by cellphones. It’s powerful enough to block all cellphone voice communications in a 20-foot bubble, and its log-like exterior is designed to unobtrusively create that radio-jamming zone in the great outdoors.

'Replay' Attacks Spoof Chip Card Changes - Brian Krebs - Krebs on Security

The most puzzling aspect of these unauthorized charges? They were all submitted through Visa and MasterCard‘s networks as chip-enabled transactions, even though the banks that issued the cards in question haven’t even yet begun sending customers chip-enabled cards.

This post first appeared on Exploring Information Security.

Public infosec links July 21, 2014

How to remove your house from Google Street View - Graham Cluley - welivesecurity

Google is mapping the world, which does come with privacy concerns. However, there is a way for someone to request that their home be blurred on Google Maps street view.

The Rise of Thin, Mini and Insert Skimmers - Brian Krebs - Krebs on Security

There are devices that can be attached to an ATM that can grab your credit card information and pin number. The stuff is meant to look like it’s part of the ATM. If you can wiggle something loose at an ATM it’s probably not meant to be there. Look for anything that appears to be out of place on an ATM.

Beware Keyloggers at Hotel Business Centers - Brian Krebs - Krebs on Security

Malware on a public machine is not all that surprising. Using a public computer for personal accounts is never a good idea. I would recommend avoiding public computers all together, but if you must I would be very careful what information you access on that machine.

This post first appeared on Exploring Information Security.

Hacking links June 5, 2014

'Half of American adults hacked' in the past year - really? - John Zorabedian - Naked Security

Recently, CNN reported on a study that claimed that 47% of US adults have been hacked. The thing is those percentages and the numbers might not actually be representative of the population. Also at question, the term hacked. Should employee negligence or insider theft be considered negligence? Probably not.

Thieves Planted Malware to Hack ATMs - Brian Krebs - Krebs on Security

This occurred in the Chinese territory of Macau. The process for the hack is quite interesting. The criminals slide a long skimming board down the ATMs card slot to install the malware. The malware would log anyone that used that information and a few days later they'd follow the same process to get the logged information and to remove the malware. Pictures of the device and the rest of the kit are featured in the article.

Hacking the Registry to keep Windows XP Updating - A Bad, Bad Idea - Rafal Los - Following the Wh1t3 Rabbit

Apparently, someone has figured that you can change the registry of a Windows XP machine to make it look like a Point-of-Sales (POS) terminal, which are still getting Windows XP updates. This might not be the best idea in the world as POS terminals are much different than a computer installed with Windows XP and patches could negatively affect system stability. If you're that desperate to get Windows Updates, just go ahead and upgrade your system. It will save you a love headache in the long run.

 This post first appeared on Exploring Information Security.