Hacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system’s remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the…  Read More →

An Army private suspected of leaking classified information to WikiLeaks was admonished as a trainee in 2008 for uploading YouTube videos discussing classified facilities, according to an Army official with direct knowledge of the incident. Bradley Manning, now 22, was three months into his 16 weeks of training as an intelligence analyst when about 25 of his fellow students got together to report him for the videos in July 2008, says the official,... 

LAS VEGAS — Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can’t determine whether the activity was state-sponsored? Retired General Michael Hayden, former director of the National Security Agency, said Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an... 

LAS VEGAS — Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can’t determine whether or not the activity was state-sponsored? Retired General Michael Hayden, former director of the National Security Agency, said on Thursday that one solution being discussed in government is to simply forget about trying to determine if the source... 

Cisco recently released the 2010 Midyear Security Report and I caught up with one of the principal authors, Mary Landesman, Senior Security Researcher at Cisco.  Read More →

“Who controls the off switch?” by Ross Anderson and Shailendra Fuloria. Abstract: We’re about to acquire a significant new cybervulnerability. The world’s energy utilities are starting to install hundreds of millions of ’smart meters’ which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay…  Read More →

LAS VEGAS — In a city filled with slot machines spilling jackpots, it was a “jackpotted” ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills. The demonstration was greeted with hoots and applause. In one of the …  Read More →

A federal appeals court has ordered Virginia’s attorney general to back away from threats of suing a privacy advocate who publishes Social Security numbers of elected officials on the internet. The decision by the 4th U.S. Circuit Court of Appeals means Betty Ostergren avoids being sued by the state’s top law enforcement official for breaching a state law that prohibits publication of such information. The Richmond, Virginia, court,... 

The DNSSEC root key has been divided among seven people: Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate…  Read More →

LAS VEGAS — A hacker group known as the Ninjas has created what may be the best DefCon badge ever. The badge allows wireless ninja battle between badge holders. Unlike the official badge, attendees can’t buy this one: it’s free. DefCon, the world’s largest hacker convention, is more than just a group of hackers getting together to exchange the latest exploit code and hacking techniques. It’s a time for hackers who... 

A Ukrainian carder who earned more than $11 million selling credit and debit card data stolen from top U.S. retailers was lured to a meeting in Turkey in 2007 where he was arrested by local authorities, according to a new report released Wednesday. Maksym Yastremskiy, alleged to be the underground carding kingpin known as “Maksik,” was sentenced to 30 years in a Turkish prison. He was a key player in the criminal ring of TJX hacker... 

A Ukrainian carder who earned more than $11 million selling credit and debit card data stolen from top U.S. retailers was lured to a meeting in Turkey in 2007 when he was arrested by local authorities, according to a new report released Wednesday. Maksym Yastremskiy, alleged to be the underground carding kingpin known as “Maksik,” was a key player in the criminal ring of TJX hacker Albert Gonzalez. Yastremskiy was seized by authorities... 

Time is an important aspect of Network Security Monitoring. If you don’t pay close attention to the time shown in your evidence, and recognize what it means, it’s possible you could misinterpret the values you see. My students and I encountered this issue in TCP/IP Weapons School at Black Hat this week. Let’s look at the first ICMP packet in one of our labs. I’m going to show the output …  Read More →

A webcam scandal at a suburban Philadelphia school district expanded Tuesday to include a second student alleging his school-issued laptop secretly snapped images of him. The brouhaha commenced in February, when a student of Lower Merion School District was called into an administrator’s office . Sophomore Blake Robbins was shown a picture of himself that officials suggested was him popping pills. The family claimed it was candy. An invasion-of-privacy... 

Okay, this is just weird: Mark S. Price, a specialist in public security, and his privately held company, Paradise Lost Antiterrorism Network of America (www.plan-a.us), have recently applied to the United States Patent and Trademark Office for a Utility Patent on their Suicide Bomb Deterrent, a security device designed, manufactured and distributed by PLAN-A. This device has been designed to…  Read More →