WidgetBucks - Trend Watch - WidgetBucks.com

Archive for July, 2008

Citibank ATM breach highlights PIN security issues

Thursday, July 31st, 2008

Yahoo News reported 1st July 2008 that hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes. This highlighted a disturbing security hole in the most sensitive part of a banking record: the PIN.

Apparently this netted the thieves millions of dollars in illegal profits.

More importantly for the average consumers, it showed that criminals were able to access PINs by attacking the back-end computers responsible for approving the cash withdrawals (the 3rd party processor). That means, they probably did not have to touch the ATMs at all.

A critical issue is that how the hackers infiltrated the system has not been publicly answered yet.

It could only be speculated that:
(i) they could’ve gained admin access to the server through a flaw in the network or by figuring out their passwords; or
(ii) they installed malware on a banking server to capture unencrypted PINs as they passed through.

Yes, this is a more sophisticated method than phishing.

Full story

Posted in news | No Comments »

DNS cache poisoning exploits has begun

Monday, July 28th, 2008

Attack code that exploits flaws in the net’s addressing system are starting to circulate online, say security experts. The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details. In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread. Net security groups say there is anecdotal evidence that small scale attacks are already happening.

Full story

Posted in news | No Comments »

ICANN’s icann.com and iana.com hijacked, but recovered in 20 minutes

Saturday, July 12th, 2008

The domain names hijacked were ICANN.com and IANA.com — for the ICANN subdivision known as the Internet Assigned Numbers Authority. Visitors to those addresses are normally redirected automatically to the organization’s main sites at ICANN.org and IANA.org, neither of which was affected by the attack.

ICANN said Thursday that new, unspecified security measures should prevent such attacks in the future. The organization also said it was reviewing other security procedures.

Source

Posted in news | No Comments »

About Me

This site is a tribute to all fans of the golden age of heavy metal and hard rock, the 60s to the 80s. More

Want to subscribe?

 Subscribe in a reader Or, subscribe via email:
Enter your email address: 
Find entries :