[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Credit Card Roulette: Payment Terminals Pwned in Vegas
From: InfoSec News <alerts () infosecnews ! org>
Date: 2012-07-31 8:42:33
Message-ID: alpine.DEB.2.02.1207310342140.29646 () infosecnews ! org
[Download RAW message or body]
http://www.wired.com/threatlevel/2012/07/pinpadpwned/
By Kim Zetter
Threat Level
Wired.com
July 30, 2012
LAS VEGAS -- At least three widely used credit and debit card purchasing
terminals in the U.S. and U.K. have vulnerabilities that would allow
attackers to install malware on them and sniff card data and PINs.
The vulnerabilities can also be used to make a fraudulent card
transaction look like it's been accepted when it hasn't been, printing
out a receipt to fool a salesclerk into thinking items have been
successfully purchased.
Or an attacker can design a hack that would invalidate the chip-and-PIN
card system, a security feature that is standard in Europe but only
nascent in the U.S. It uses cards embedded with a chip and requires
cardholders to enter a PIN to validate a transaction.
The hacks were demonstrated at the Black Hat Security conference last
week by Rafael Dominguez Vega, a Spanish security researcher and
consultant for MWR InfoSecurity, and a German researcher who goes by the
name Nils, who is head of research for MWR. Nils cemented his security
bona fides in 2009 when he hacked three browsers at the Pwn2own contest
at the CanSecWest conference.
[...]
--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic