Jump to content

Pugna

Active Members
  • Posts

    234
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Pugna

  1. In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM he was using and reported it to police. Authorities who responded to the incident discovered a sophisticated, professional-grade ATM skimmer that they believe was made with the help of a 3D printer.Below is a front view image of the device. It is an all-in-one skimmer designed to fit over the card acceptance slot and to record the data from the magnetic stripe of any card dipped into the reader. The fraud device is shown sideways in this picture; attached to an actual ATM, it would appear rotated 90 degrees to the right, so that the word “CHASE” is pointing down. On the bottom of the fake card acceptance slot is a tiny hole for a built-in spy camera that is connected to a battery. The spy camera turns on when a card is dipped into the skimmer’s card acceptance slot, and is angled to record customer PINs. The bottom of the skimmer device is designed to overlay the controls on the cash machine for vision impaired ATM users. On the underside of that space is a data port to allow manual downloading of information from the skimmer. Looking at the backside of the device shows shows the true geek factor of this ATM skimmer. The fraudster who built it appears to have cannibalized parts from a video camera or perhaps a smartphone (possibly to enable the transmission of PIN entry video and stolen card data to the fraudster wirelessly via SMS or Bluetooth). It’s too bad so much of the skimmer is obscured by yellow plastic. I’d welcome any feedback from readers who can easily identify these parts based on the limited information here. Here’s a closer look at the circuit board on top, which looks like some type of Flash storage device: Here’s another look at the electronic parts wedged into the back of the skimmer: It appears from the following image that the data storage capacity on the device is connected directly to the mag stripe reader (top, silver wire), while the device’s video camera is wedged behind the pinhole (bottom, gold wires). The investigator I spoke with about the incident didn’t know much about the innards of the device, and said that those responsible have not yet been caught. But he did have something interesting to tell me about the origins of the skimmer: “It is believed that the green skimmer was made with the Stereolithography process.” Translation: The cops think thieves produced the card skimmer molds with the help of 3D printers. These hi-tech and costly machines take two dimensional computer images and build them into three dimensional models by laying down successive layers of powder that are heated, shaped and hardened. In September, I detailed how U.S. investigators had arrested four men in Texas who allegedly built their ATM skimmers using a 3D printer they’d purchased with the proceeds of their skimming business. In related news, New York County District Attorney Cyrus Vance earlier this month announced an 81-count indictment against three men suspected of planting skimmers at ATM machines in Manhattan. The indictment alleges that the men used the skimmers to steal the debit card numbers of nearly 1,500 individuals, and then exploited the stolen debit card numbers to make more than $285,000 in fraudulent transactions. In the press release that accompanied the indictment, the district attorney released several images of the skimmer devices allegedly planted by the Manhattan trio. While these devices relied on a separate façade that held a hidden video camera to record customer PINs, there is little question that the same Chase ATM design was targeted. In the picture below, the hidden camera is the squarish silver block mounted vertically to the left of the PIN pad. An enlarged picture of the camera façade follows this one. A compromised ATM in Manhattan. Image: NYCDA. A hidden camera and card skimmer part seized by authorities in Manhattan. All About Skimmers. If you visit a cash machine that looks strange, tampered with, or out of place, then try to find another ATM. And remember, the most important security advice is to watch out for your own physical safety while using an ATM: Use only machines in public, well-lit areas, and avoid ATMs in secluded spots. Also, cover the PIN pad with your hand when entering your PIN: That way, if even if the thieves somehow skim your card, there is less chance that they will be able to snag your PIN as well.If you liked this post, consider checking out the other stories in my ATM skimmer series, Sursa: krebs.
  2. Online gambling gets another blow after Ultimate Bet (UB) suffered a data breach as a result of which around 3.5 million of their customers’ accounts were published online.Full names, aliases, email addresses, phone numbers, account balances, IP addresses, deposit methods, birth dates, UB account numbers and statuses of the players were all posted on the Internet by an anonymous hacker, reports Subject:Poker.One of the files even contains a column labeled “passwords,” but the data doesn’t seem to represent actual passwords.For now, all the links that pointed to the massive quantity of information were removed, but while they were online, a large number of people had access to the files.The leaked data was dumped organized by country and the numbers indicate that 2 million US citizens, 319,000 Canadians, 137,000 British and 1 million individuals from other countries were affected.While a large part of the data is inconsistent and many unlabeled columns appear in the leak, the information seems to be accurate, which means that indeed someone managed to breach UB’s systems.An interesting thing is that Ultimate Bet, along with Full Tilt Poker, Absolute Poker and Poker Stars stopped their activity after their domains were seized by US authorities for money laundering suspicions. The hacking operations, the fact that their customers can’t withdraw their winnings, and the legal issues that surround these businesses have really taken their toll, and from this perspective, their boat is about to sink for good.Recently, the European Union has been debating the issue of online gambling since they noticed that things are getting out of hand. They are planning to make a legislation that will be followed by most of the countries who still allow any form of gambling, but since there are many states involved, it won’t be easy for them to reach an agreement.Sursa: softpedia.
  3. Cei de la Vondafone ne dau o veste bun?. Dac? vre?i un Samsung Galaxy Nexus, îl ve?i putea achizi?iona de la operatorul de telefonie mobil? începând din 12 decembrie, în premier? în ?ara noastr?. În ziua men?ionat?, telefonul va avea un discount de cel pu?in 70 € dac? va fi comandat cu orice pachet smartphone pe durata de doi ani. Reamintim c? smartphone-ul creat de Google în parteneriat cu Samsung are un ecran SuperAMOLED de 4,65" cu rezolu?ia de 720x1280 pixeli. Procesorul dual core ARM Cortex-A9 la 1,2 GHz ?i placa video PowerVR SGX540 sunt integrate într-un TI OMAP 4460. Camera foto cu senzor de 5 MP permite filmare full HD, iar bateria are 1.750 mAh. Samsung Galaxy Nexus ruleaz? noul sistem de operare Android 4.0 Ice Cream Sandwich. Pentru cei care opteaz? pentru un abonament Mega 25 sau Mega 45 cu trafic pe Internet de 1 GB, pre?ul lui Galaxy Nexus va fi de 169 € cu TVA. De la acest nivel, pre?ul cre?te pân? la 399 € cu TVA în cazul unui abonament Mega 8 sau Mega 11 cu trafic de 250 MB. Sursa: go4it.
  4. Problem: Google suffers from an open redirect that can be used to trick users into visiting sites not originating from google.com Example: http://www.google.com/local/add/changeLocale?currentLocation=http://www.bing.com http://www.google.com/local/add/changeLocale?currentLocation=http://www.tubgirl.ca Regards suckure
  5. This is a short whitepaper discussing how to use Google as a malware spreading tool. http://packetstorm.crazydog.pt/papers/general/spreading-malware.pdf Destul de simplut si destept, se foloseste de Google Translate drept wrapper.
  6. Nu a mai fost o stire referitoare la "Iceman" acum o luna ?
  7. Hello there, The first method should work. Be sure you edited the right php.ini file, maybe you changed the one for CLI, and restart the webserver.
  8. Daca cu total commander nu pot sa-l deschid, cu un live cd tot ii vad contentul.
  9. After a Russian news agency informed the world on the fact that Kaspersky is about to withdraw its membership from Business Software Alliance (BSA), Eugene Kaspersky, the man behind the renowned security solutions provider, came forward with a statement confirming the fact that his company doesn’t approve of SOPA. BSA supports SOPA to a certain degree, but Kaspersky doesn’t support it at all, and to make sure they’re not affiliated in any way with the controversial bill, they decided to break any connection to the Alliance. “Authors and creative teams should be cherished, protected and encouraged to create more masterpieces. As a result, US lawmakers have made it clear that SOPA s a priority for them, and many special-interest groups have come out in support of the bill, including BSA,” said Eugene Kaspersky. While the intentions of this law may sound fair to the copyright holders, Kaspersky believes that the whole concept tries too much to “Americanize” the Internet law. In other words, SOPA is protecting only the works of American creators, but in order to achieve this, they’re asking for the power to go after copyright infringers all over the world. He states that the Stop Online Piracy Act is looking at the problem from the wrong perspective as instead of trying to find new business models, adapted to the times we live in, it tries to enforce old laws that aren’t based on the realities out there. “The world has changed and the old rules do not work anymore. We need to find new models of creative content distribution, which, by the way, Apple/Google have already done and even tested it for us. “Lobbying for a return to Jurassic copyright laws is like giving a blood transfusion to an already dead patient, risking the donor’s life. Governments should think about stimulating and developing new business models, rather than protecting old ones,” he adds. Eugene Kaspersky even proposes a new way in which content should be distributed. More precisely, low quality content should be free, medium quality materials should be cheap, and only professional services and content should be expensive. Finally, he lets everyone know how he feels about the fact that some people are downloading his products. “Antivirus is not a product but a service. It is viable due to updates and for that reason I’m not really bothered how a user acquires our software – on a CD in a cardboard box or downloaded from the web.” Sursa : softpedia. Observatie asupra ideii: "low quality content should be free, medium quality materials should be cheap, and only professional services and content should be expensive." - Scena o relativizeaza
  10. Google has admitted that it is struggling to create a system of processes that will allow the firm to abide by new cookie laws owing to the sheer number of its products that are affected by the rules. The cookie law is an amendment to the ePrivacy Directive which came into force on 26 May, and requires web site owners using cookies to achieve explicit consent from visitors to install and run cookies on their systems. Anthony House, public policy manager at Google, said the company's work on compliance is "in progress" but is taking longer than the firm had hoped. "One of the things that has made us move more slowly than we would like is that we have to cover it from all the angles," he said at an event to discuss the issue hosted by law firm Field Fisher Waterhouse and attended byV3. "We have a popular destination site, an ad network, a browser and an analytics solution that's almost a mini-microcosm of the internet when we have an internal meeting to discuss what we are going to do, so it's taking a little bit of time." House added that, despite the difficulties the law is creating, compliance is crucial for Google as the technology forms such a vital part of its systems. "The things that cookies do are necessary to the web working, and we've always tried to be very forthright with customers and publishers about what those cookies are for," he said. "We know some publishers are being approached by competitors who say they can do what Google does without cookies and so avoid the issues of the ePrivacy Directive, but this isn't ideal for consumers as we could end up with other technologies that offer less transparency [than cookies] being used." The Information Commissioner's Office, meanwhile, used the event to urge all firms not already working on the necessary systems to begin immediately, as the 12-month grace period to comply reaches the half way stage. Sursa : V3
  11. Malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned today. Adobe says attackers are taking advantage of a newly discovered critical flaw exists in Adobe Reader X (10.1.1) and earlier versions for Windows and Mac systems, and Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, as well as Adobe Acrobat X (10.1.1) and earlier for Windows and Mac machines. A security bulletin warns of reports that the vulnerability is being actively exploited in “limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.”Adobe said it plans to ship an emergency update no later than the week of Dec. 12 to address the vulnerability in Reader 9.x and Acrobat 9.x on Windows no later than the week of Dec. 12. Citing protections built into newer versions of its software, however, Adobe said it would not fix the flaw in Reader X or Acrobat X versions for Windows, Mac, or UNIX versions until Jan. 10, 2012, the date of its next scheduled quarterly security update. Adobe’s Brad Arkinexplains more about the company’s reasoning behind this decision in a blog post published along with the advisory.If you are using Adobe Reader or Acrobat, take a moment to make sure you have the latest version. It also never hurts to consider one of several free PDF reader alternatives to Adobe, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF. Sursa: krebs.
      • 1
      • Upvote
  12. Gata checker-ul : http://rstcenter.com/forum/44461-php-ftp-checker.rst#post297237
  13. Updating
  14. Daca apucai vremurile alea ar fi insemnat sa ai un background in online, ceea ce ar fi insemnat sa stii sa cauti singur o tema wordpress, iar daca n-ai fi gasit-o ai fi fost cert ca nu exista si n-ai mai fi fost nevoit sa o ceri.
  15. Nu a apucat vremurile, nu stie cum a fost.
  16. Bre, ai citit bine ce am scris ? Daca din postul meu ai tras concluzia ca nu stiu eu cu ce se mananca inseamna ca tu n-ai nicio treaba. Am mai incercat sa il pacalesc pentru editare, dar n-am reusit, tot 500 primesc. Oricum nu prea are utilitate, tinand cont si de faptul ca id-urile numerice sunt generate.
  17. Din imagine si content iti dai seama ca e o prastie de curs.
  18. Pugna

    Mailuri franta

    De multe ori cei care vand ori publica mailuri isi includ si adresa lor ca atunci cand ai dat drumul la spam sa te raporteze in secunda doi. Nu fac nicio aluzie la Weedy92, dar sa tineti minte.
  19. Zorin OS este o distributie de Linux mai putin cunoscuta, dar care promite sa multumesca foarte multi utilizatori care vor sa incerce alt sistem de operare decat Windows. Distributia ofera o interfata grafica extrem de asemanatoare cu cea a Windows 7 si permite, prin intermediul Wine, chiar si instalarea anumitor programe native de Windows. Zorin OS are un slogan simplu si sincer...: "Zorin OS - Poarta catre Linux pentru utilizatorii de Windows". Cu alte cuvinte, deja trebuie sa va fi dat seama la ce sa va asteptati daca rulati acest sistem de operare. Zorin promite integrare foarte buna a aplicatiilor pe care un utilizator obisnuit de Windows le foloseste zilnic. Distributia este bazata pe Ubuntu (Debian), dar putem afirma ca din punct de vedere al interfetei grafice sta chiar mai bine pentru ca dezvoltatorii au reusit sa cobine elementele grafice ale Windows 7 si cele al Gnome 3. Zorin OS ofera, pe parte de aplicatii preinstalate LibreOffice (suita office open source), Gimp (editor de imagini), navigatorul Google Chrome si Mozilla Firefox, dar si pachetul de emulare PlayOnLinux - bazat pe Winesi care asigura rularea unor programe de Windows in Zorin. Distributia are o dimensiune de 1,1 GB si poate fi descarcata de pe site-ul oficial al sistemului de operare - ZORIN Sursa: hit.
  20. International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details. “International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information,” reads the email provided by SpywareSucks. “You are receiving this email from International Checkout because your credit card information was in the database which was compromised.” It seems as the breach was discovered sometime in mid-September and an investigation has immediately commenced. Besides the fact that the authorities were notified of the issue, the credit card information from the databases was removed to make sure no one still had access. Even though the information was encrypted, the attacker managed to obtain the encryption key that was stored in a separate location. “As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take the appropriate measures to protect themselves,” the notification adds. The company is advising customers to closely monitor their bank account statements for any suspicious transactions. Bank account numbers were not exposed, but credit cards numbers were and in some situations the financial institutions involved may even recommend the changing of the account number. An important thing customers should know is that they will not be directly contacted by International Checkout, unless they call them first. They alert individuals on the fact that some might profit from the situation and call them pretending to represent the firm, requesting sensitive information. “We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number.” Unfortunately, a lot of companies are on International Checkout’s partner list so the number of potential victims is high and people are already starting to complain about abusive transactions made with their credit cards. Sursa: softpedia.
  21. One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website. Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces of malware attached and according to the Virus Total submission, 10 out of 39 vendors detect the Nmap installer as containing a Trojan. “They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap's real installer,” Fyodor said. He’s also upset with the fact that CNET utilizes their Nmap trademark as if they were involved in the fact that the tool is not actually clean. “In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright,” he adds. He states that in many cases users will not look at what they’re downloading or installing and they’ll just end up with a changed homepage, an extra toolbar and maybe even a malicious element. His biggest fear is that Nmap users will believe that all these extras actually come from the developers, thus ruining their reputation. “We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!” CNET offered them the opportunity to opt out of the Download.com Installer, but Fyodor says he’s not going to stop here. He is now in search of a copyright attorney as he’s sure his rights have been violated. At the time of writing, the Nmap installer on download.com seems to be clean so maybe the company already acted on the warnings received from the devs. Sursa: softpedia.
  22. Cu placere. Ca idee sa poti sa grabesti procesul, dar iti da batai de cap : http://rstcenter.com/forum/44308-php-mass-email-sender.rst#post296503 Sper sa te fi ajutat Cartus.
  23. Are voie doar prin cele trei comenzi. Trebuie sa seteze un gateway intre eth0 si wlan0 cu route, dar nu sunt destul de documentat sa ofer solutii.
  24. http://www.emag.ro/dvd-writer/dvd-writer-lg-gh22ns70-sata-bulk-negru--pGH22NS70#Ancora_Opinia
  25. 20 RDP-uri = 40e 50 SMTP-uri = 40e 15 vhosts + 1 cpanel = 20e Total: 100e Sa fiti nesimtiti sa cereti mai putin
×
×
  • Create New...