PoS Flaws Allow Hackers to Steal Card Data, Change Prices
Researchers at ERPScan discovered that
SAP’s POS product, which is part of the company’s SAP for Retail offering, was
affected by several flaws. Specifically,
the system’s server component, Xpress Server, lacked important authorization
checks for critical functionality.
This allows an attacker with access to the system to send
malicious configuration files to Xpress Server and gain complete control of both the frontend and backend of the PoS system.
A hacker can abuse tens of commands, allowing them to
steal data from all the credit and debit cards used at the targeted store, and
apply special prices and discounts to specified items. These discounts can be applied for specified
times so that an item has a small price only when fraudsters go to purchase it.
Fraudsters can also set up the system so
that their purchases are charged to the previous customer’s card.
… the connections
between POS workstation and the store server turn out to be the weakest link.
They lack the basics of cybersecurity - authorization procedures and
encryption, and nobody cares about it. So, once an attacker is in the Network,
he or she gains full control of the system.”
Probably not the best way to convince the judge that you
are not part of a vast criminal conspiracy.
Should the lawyer have made this public?
Fraud Forces WannaCry Hero's Legal Fund To Refund All
Donations
The vast majority of money raised to pay for the legal
defense of beloved [? Bob]
British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all
donations, including legitimate ones, will be returned, the manager of the
defense fund says.
Lawyer Tor Ekeland, who managed the fund, said at least
$150,000 of the money collected came from fraudulent sources, and that the
prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about
$4,900 in legitimate donations, but that he couldn't be certain even of those.
If this is easy for Facebook, imagine what Intelligence
Agencies can do.
Rebecca Porter and I were strangers, as far as I knew. Facebook, however, thought we might be
connected. Her name popped up this
summer on my list of “People You May Know,” the social network’s roster of
potential new online friends for me.
The People You May Know feature is notorious for its
uncanny ability to recognize who you associate with in real life. It has mystified and disconcerted Facebook
users by showing them an old boss, a one-night-stand, or someone they just ran into on the street.
… On any given
day, it tended to recommend about 160 people, some of them over and over again;
over the course of the summer, it suggested more than 1,400 different people to
me. About 200, or 15 percent of them,
were, in fact, people I knew, but the rest appeared to be strangers.
And then there was Rebecca Porter. She showed up on the list after about a month:
an older woman, living in Ohio, with whom I had no Facebook friends in common. I did not recognize her, but her last name was
familiar. My biological grandfather is a
man I’ve never met, with the last name Porter, who abandoned my father when he
was a baby. My father was adopted by a
man whose last name was Hill, and he didn’t find out about his biological
father until adulthood.
… I sent the woman
a Facebook message explaining the situation and asking if she was related to my
biological grandfather.
“Yes,” she wrote back.
Rebecca Porter, we discovered, is my great aunt, by
marriage. She is married to my
biological grandfather’s brother; she met him 35 years ago, the year after I
was born. Facebook knew my family tree
better than I did
“I didn’t know about you,” she told me, when we talked by
phone. “I don’t understand how Facebook
made the connection.”
… Facebook is known to buy information from data brokers, and a person who previously
worked for the company and who is familiar with how the tool works suggested
the familial connection may have been discerned that way. But when asked about that scenario, a Facebook
spokesperson said, “Facebook does not use information from data brokers for
People You May Know.”
What information had Facebook used, then? The company would not tell me what triggered
this recommendation, citing privacy reasons. A Facebook spokesperson said that if the
company helped me figure out how it made the connection between me and my great
aunt, then every other user who got an unexpected friend suggestion would come
around asking for an explanation, too.
… Now, when I look
at my friend recommendations, I’m unnerved not just by seeing the names of the
people I know offline, but by all the seeming strangers on the list. How many of them are truly strangers, I
wonder—and how many are connected to me in ways I’m unaware of. They are not people I know, but are they
people I should know?
Probably not soon, but eventually.
The Next Big Thing: Energy-Saving Graphene Computers with
1,000x Speed and Efficiency
Today, researchers
from Northwestern University, University of Texas at Dallas, University of
Illinois at Urbana-Champaign, and University of Central Florida have joined
minds together in the development of a graphene-based transistor.
… Transistors
function as on and off switches, forming logic gates in computers when placed
in various arrangements. These logic
gates enable microprocessors to solve complex logic and arithmetic problems. But, since 2005, the speed of computer
microprocessors which utilize silicon transistors have clock speeds mostly in
the 3 to 4 gigahertz range only.
… According to the
team, with a cascading series of graphene transistor-based logic gates, a
computer could have clock speeds near the terahertz range, thus making it a
thousand times faster and more efficient than today’s computers.
Graphene computers also use lesser energy, only a
hundredth of the power consumed by silicon-based ones. Moreover, computers could be designed smaller
in size
Amusing.
No comments:
Post a Comment