Friday, September 03, 2010

Not a 'skimmer' attached to an unattended card reader. Did someone hack in and if so, are there hundreds of parking lots that are vulnerable?

NZ: Card security breached in Qtown

September 2, 2010 by admin

Grant Bryant reports:

A spate of credit card scams has hit Queenstown.

The biggest scam was centred at the Man St parking building, but it was not the only scam to breach cardholder security in the resort this week.

People who had used their credit cards for payments were then later phoned by their card companies and notified that fraudulent transactions had taken place later in the day.

The Bank of New Zealand has now blocked credit card transactions outside New Zealand and Australia for customers who used credit cards at the parking building.

Kiwi Bank has put a hold on credit card accounts for about 17 of its customers who used the carpark.

BNZ external relations manager Erica Lloyd yesterday said the bank had hired a specialist fraud company to do a forensic audit of the carpark. [Isn't that the 'car park' owners responsibility? Bob]

Full audit results would be known soon, but “skimming,” was ruled out because no device was attached to the machines.

“The audit results will offer a clear picture, but looks like the carpark had their data collection process compromised,” she said.

Read more on Stuff.

“We can, therefore we must!” Tools & Techniques for my Ethical Hackers

Murdoch Reporters’ Phone-Hacking Was Endemic, Victimized Hundreds

A phone-hacking scheme involving British royals and reporters working for one of Rupert Murdoch’s tabloid newspapers went far beyond what was previously disclosed and prosecuted, according to The New York Times.

Andy Coulson, currently media advisor to British Prime Minister David Cameron, is accused of having encouraged the hacking during his tenure as editor of Murdoch’s News of the World paper.

According to the N.Y. Times, reporters working under Coulson targeted hundreds of victims — from Princes Harry and William to government and police officials and numerous celebrities, including soccer star David Beckham and his wife.

Most of the victims are only now learning that their phone voicemail accounts may have been accessed by reporters, four years after the investigation first launched.

… Scotland Yard is being accused of violating the rights of victims by failing to inform them earlier that they were targeted and of purposely narrowing the investigation to a single reporter and private investigator in order to preserve a special information-sharing relationship law enforcement agents had with the tabloid.

… Access to private voicemail messages occurred in two ways. In some cases, victims had simply neglected to change a default password phone carriers established for every new account. Anyone who knew the default four-digit code for a particular carrier — such as 1111 or 4444 — could access the accounts if they knew the victim’s phone number.

Where victims did change the password, the paper’s private investigators found another way to trick phone carriers into revealing the code. The N.Y. Times story does not detail the second method. In the United States, phone hackers have been known to use caller I.D. spoofing to access a victim’s voicemail. The hacker calls the target’s cellphone after setting their caller I.D. to the same number, which on some wireless carriers will drop the call right into the voicemail retrieval menu.

For my Ethical Hackers Might rise to the level of a class project if the Dean ever buys a new car...

Could Connectivity And Smartphones Open Your Car Up To Hackers?

Is it time for firewalls and malware protection for your car? Almost, but not quite yet, say experts, in a top-notch report from CNET.

Earlier this year we reported on research from the University of Washington and the University of California, San Diego, that showed how researchers were able to break into vehicle networks or change features—in some cases, while the vehicle was in motion.

That report is now available, and includes some eye-opening examples of what could be done remotely with some determination.

Safety-critical systems (such as stability control or engine control) actually haven't been isolated from non-safety-critical systems (such as entertainment systems), the report reveals, and systems such as GM's OnStar services, which allow remote access already, might make them especially vulnerable.

… Yet another report, from researchers at the University of South Carolina and Rutgers found tire-pressure monitoring systems easy to break into—suggesting that it would be easy to spoof a warning and cause a driver to pull over and inspect the vehicle, making them vulnerable to theft.

Should we connect Israeli “access to data” with “forged passports?”

Israel Data Access Stopped After Irish Objection

September 2, 2010 by Dissent

Objections levied by Irish European officials have put a stop to Israel gaining recognition for its data protection and access to sensitive information.

The European Commission has announced it has halted a proposal to allow Israel access to potentially sensitive data on European Union citizens following concerns expressed by the Irish representatives.

The unexpected move saw the Commission withdraw the application to effectively recognise Israel’s data protection standards as being on a par with those enjoyed in the EU, thereby limiting the state’s access to EU citizen’s information.


The Irish objections were raised after it emerged Israeli agents had used forged Irish passports in the murder of a Hamas operative. The events eventually led to the expulsion of an Israeli Diplomat, and a breakdown in Irish/Israeli relations.


Them Brits is crazy!

Opinion: “Privacy, Parliament and the Courts” – Mark Thomson

September 2, 2010 by Dissent

A constant theme of the recent press discussion of “sportsman’s privacy injunctions” has been the suggestion that judges have created a privacy law by stealth and that this raises serious questions about democratic accountability. I have already commented on some of the issues arising from this coverage but it is worth looking at the background to the development of the modern law of privacy in order properly to evaluate the charge of “development by stealth”. This involves considering the development of the law of confidence by the common and the approach of successive Governments towards privacy, including during the passage of the Human Rights Act.

Read more on Inform’s Blog.

If India can do it, why not the rest of the world?

UN Telecom Chief Urges Blackberry Data Sharing

Posted by timothy on Thursday September 02, @03:26PM

"The top man in telecommunications at the United Nations is weighing in on the Blackberry battle ... and he says share the data. The UN's telecom chief says governments have legitimate security concerns, and Research in Motion should give them access to its customer data. In an interview with the Associated Press, Hamadoun Toure said 'There is a need for cooperation between governments and the private sector on security issues.'"

For my Ethical Hackers. Apparently the government provides everyone with a hacking tool to go with the new “secure ID”

New German Government ID Hacked By CCC

Posted by timothy on Thursday September 02, @01:53PM

"Public broadcaster ARD's show 'Plusminus' teamed up with the known hacker organization 'Chaos Computer Club' (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN meant to be used as a digital signature for official government business and beyond."

That was quick. Earlier this year, CCC hackers demonstrated vulnerabilities in German airport IDs, too.

[From the article:

The home scanners will be necessary for use with home computers to process the personal data for official business and possibly even online shopping.

If this court becomes more “open” will we need another layer of “secret?”

FISA Court Proposes New Court Rules

September 2, 2010 by Dissent

Steven Aftergood writes:

The Foreign Intelligence Surveillance Court has proposed new rules to comply with the provisions of the FISA Amendments Act of 2008. The Court reviews government applications for intelligence surveillance and physical search under the Foreign Intelligence Surveillance Act (FISA).

The proposed FISA Court rules (pdf) provide new procedures by which telecommunications companies can petition the Court to modify or dismiss a court order or a directive from the Attorney General or the DNI requiring them to assist in electronic surveillance, to provide “any tangible thing,” or to adhere to a nondisclosure requirement concerning intelligence surveillance. Meanwhile, other procedures would permit the government to petition the Court to compel cooperation by a non-compliant telecommunications provider. A new section in the proposed FISA Court rules accordingly addresses the conduct of “adversarial proceedings,” a term that does not appear in the current rules (last modified in 2006).


The FISA Court has provided an opportunity for public comment on the new rules. Comments are due by October 4, 2010.

Read more on Secrecy News.

Go Judge! I can't get my students to write a coherent page about a current article. I hope he holds this juror to higher standards!

Facebook Post Juror Gets Fined, Removed, Assigned Homework

Posted by CmdrTaco on Thursday September 02, @11:23AM

"A Michigan judge removed a juror after a Facebook comment and also fined her $250 and required her to write a five-page paper about the constitutional right to a fair trial. The juror was 'very sorry' and the judge chastised her, saying, 'You violated your oath. You had decided she was already guilty without hearing the other side.'"

(Related) Learning when to seek legal advice the hard way!

Woman Wins Libel Suit By Suing Wrong Website

Posted by samzenpus on Thursday September 02, @09:38AM

"It appears that Cincinnati Bengals cheerleader Sarah Jones and her lawyer were so upset by a comment on the site that they missed the 'y' at the end of the name. Instead, they sued the owner of, whose owner didn't respond to the lawsuit. The end result was a judge awarding $11 million, in part because of the failure to respond. Now, both the owners of and are complaining that they're being wrongfully written about in the press — one for not having had any content about Sarah Jones but being told it needs to pay $11 million, and the other for having the content and having the press say it lost a lawsuit, even though no lawsuit was ever actually filed against it."

I've mentioned this one before, but sometimes I need to remind my students that the T in CTU stands for Technical...

Thursday, September 2, 2010

Think Tutorial - Free Web Apps & Software Tutorials

Think Tutorial is a site providing free, easy to follow tutorials on a variety of web services and software. On Think Tutorial you will find tutorials for taking advantage of the many features of popular email services like Gmail, Apple Mail, Hotmail, and Yahoo mail. You will also find tutorials for using iWork and Word. Want to learn how to use LinkedIn, Twitter, or Facebook? Think Tutorial has you covered there too. Need to know how to alter settings in your favorite web browser? Think Tutorial has tutorials for that too.

No comments: