This credit-card skimmer was removed from a New York gas pump; it uses components scavenged from a cellular phone and a T-Mobile SIM to send the credit card details it harvests to its owners, who can retrieve them from anywhere in the world.
In a post to the venerable NANOG list (mirrored since to Dave Farber's Interesting People list), anti-spam researcher Ronald F. Guilmette posts the results of his investigation into the IP addresses claimed by a mysterious company called host-offshore.com — IP addresses assigned to "various parties within the nation of Columbia (including the National University thereof)" but, strangely, routed through Bulgaria.
Looking for an appetite suppressant? The U.S. Food & Drug Administration can help. Just stop by FDA's Defect Levels Handbook to learn how many insect legs and rodent hairs are acceptable in various foods sold to the American public.
Philadelphia is a crimeware-as-a-service business that sells a highly customizable ransomware package for budding entrepreneurs who want to dabble in crime.
The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it's not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear — it's also name brands like Sony.
Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers.
The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services.
A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday. — Read the rest
Some of the internet's most popular, well-defended services — including Twitter — were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders.
The California DMV has rejected Opendns founder David Ulevitch's application for an "1NFOS3C" vanity license plate because it includes "a term of lust or depravity."
Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes.
Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers.
On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." — Read the rest
NCR reports in-the-wild sightings of "deep skimmers" (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: "Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States."
A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate.
Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud.