http://www.wired.com/threatlevel/2012/07/pinpadpwned/ By Kim Zetter Threat Level Wired.com July 30, 2012 LAS VEGAS -- At least three widely used credit and debit card purchasing terminals in the U.S. and U.K. have vulnerabilities that would allow attackers to install malware on them and sniff card data and PINs. The vulnerabilities can also be used to make a fraudulent card transaction look like it’s been accepted when it hasn’t been, printing out a receipt to fool a salesclerk into thinking items have been successfully purchased. Or an attacker can design a hack that would invalidate the chip-and-PIN card system, a security feature that is standard in Europe but only nascent in the U.S. It uses cards embedded with a chip and requires cardholders to enter a PIN to validate a transaction. The hacks were demonstrated at the Black Hat Security conference last week by Rafael Dominguez Vega, a Spanish security researcher and consultant for MWR InfoSecurity, and a German researcher who goes by the name Nils, who is head of research for MWR. Nils cemented his security bona fides in 2009 when he hacked three browsers at the Pwn2own contest at the CanSecWest conference. [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Tue Jul 31 2012 - 01:42:33 PDT
This archive was generated by hypermail 2.2.0 : Tue Jul 31 2012 - 01:51:36 PDT