BreachExchange mailing list archives
Credit Card Roulette: Payment Terminals Pwned in Vegas
From: security curmudgeon <jericho () attrition org>
Date: Tue, 31 Jul 2012 12:16:02 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.wired.com/threatlevel/2012/07/pinpadpwned/ By Kim Zetter Threat Level Wired.com July 30, 2012 LAS VEGAS -- At least three widely used credit and debit card purchasing terminals in the U.S. and U.K. have vulnerabilities that would allow attackers to install malware on them and sniff card data and PINs. The vulnerabilities can also be used to make a fraudulent card transaction look like it?s been accepted when it hasn?t been, printing out a receipt to fool a salesclerk into thinking items have been successfully purchased. Or an attacker can design a hack that would invalidate the chip-and-PIN card system, a security feature that is standard in Europe but only nascent in the U.S. It uses cards embedded with a chip and requires cardholders to enter a PIN to validate a transaction. The hacks were demonstrated at the Black Hat Security conference last week by Rafael Dominguez Vega, a Spanish security researcher and consultant for MWR InfoSecurity, and a German researcher who goes by the name Nils, who is head of research for MWR. Nils cemented his security bona fides in 2009 when he hacked three browsers at the Pwn2own contest at the CanSecWest conference. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Credit Card Roulette: Payment Terminals Pwned in Vegas security curmudgeon (Jul 31)