The Security Pub

Random Thoughts About Security

Category Archives: Hacking

PIN Pad Physical Security

So I was at the grocery store this evening (I won’t mention which one) . When I was paying for my groceries with my credit card I noticed how the PIN pad was secured.  Can you see what’s wrong with this picture?

If you are having difficulties identifying what’s wrong I will go ahead and explain…

This grocery store has decided to secure all their pin pads to the stand with zip ties.  I did take a look underneath the device and there wasn’t any screws mounting the device to the stand.  So if a hacker wanted to they could easily remove and replace these PIN pads with modified versions.

Here are some examples of good security for physically securing PIN pads.

5 men arrested in relation to Anonymous DDoS attacks

Five men believed to have taken part in recent Anonymous’ DDoS attacks have been arrested this morning during a series of raids coordinated by the Metropolitan Police Service’s Police Central e-Crime Unit.

The arrested males – ages are 15, 16, 19, 20 and 26 and have been taken to their local police stations in West Midlands, Northants, Herts, Surrey and London and are currently still in custody, said the police.

They are likely to be charged with offenses under the Computer Misuse Act 1990.

They have probably been tracked down by the police because they have been using Anonymous’ LOIC tool to DDoS various sites – a tool that has been proved to actually not to be able to completely anonymize its users’ involvement.

The arrests are the results of a months’ old investigation that the Metropolitan Police has mounted with the help of law enforcement agencies from the US and various Europe countries.

UAE Man-in-the-Middle Attack Against SSL

Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more than 60 separate certificate authorities by default. Microsoft’s software trusts more than 100 private and government institutions.

Read the full article –  [Schneier on Security]

Former IT Specialist Hacks into Charity's Network

Here is a good example of what could happen if you don’t decommission users when they leave the company.

A computer specialist has been arrested and indicted for breaking into his former employer’s computer network one year after he was let go.  The admin is accused of causing significant damage by deleting records and crippling critical communications systems such as email and telephone.

Here is the rest of the article