Smartphone Enabled ATMs

Posted on March 16, 2015 by Carmelo

BMO Harris Bank is launching the U.S.’s biggest cardless ATM network that allows  customers to withdraw cash within seconds, using nothing but their smartphones!

If your phone is lost or stolen, the bank can remotely remove the app. No card data is stored on the phone.

  • Download the digital banking app, Mobile Cash.
  • Sign into the Mobile Cash app.
  • The app will ask you to Enter the amount you want to withdraw.
  • The app will store the info until you get to the ATM.
  • At the ATM, select a “Mobile Cash” option on the ATM screen.
  • A quick response code, or QR code, will appear on the screen. Scan the QR code via your smartphone.
  • Collect your cash.

Read more at the WSJ.

Posted in Security Blog | Tagged , , , , | Comments Off on Smartphone Enabled ATMs

Viviana’s 1st Birthday

Posted on March 15, 2015 by Carmelo

Carmelo’s first cousin twice removed, Viviana, had her birthday! Here are some pictures of the Dr. Seuss themed birthday.

Green Eggs and ham

Dr. Seuss birthday

drinks

Mmmm food!

Viviana and Hethel

Vic

Beau and Courtney

Damien, Beau, and Courtney

Beau with Hat on Courtney

Viviana and Jasmin

Sequoia

Viviana and Jasmin

Vic

Viv

James and Jerell

John/Hector

Jasmin and Danielle

Henry and Mojica

Sequoia, Nakai, Hethel, and Viviana

Damien

Posted in life | Comments Off on Viviana’s 1st Birthday

Free Apple Watch, Click Here!

Posted on March 13, 2015 by Carmelo

A scam is being played out right now since Apple has re-introduced the Apple Watch. A group of scammers are creating Facebook events, littered with Apple Watch pictures, where the victim is instructed to invite 100 friends to join the event, minimum, and then claim a free Apple Watch.

Once people join the event, the scammers check profiles for email addresses and other personal information to send them phishing emails. Let’s face it, if they fell for the Free Apple Watch, they’ll be good phishing targets with their mostly public profiles.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Free Apple Watch, Click Here!

Spear Phishing in Florida Nearly Leads to Half Million Dollar Loss

Posted on March 13, 2015 by Carmelo

Orange Park City Hall nearly lost $500,000 from the city’s bank account at Wells Fargo, according to Security Info Watch.

An email with an attachment was sent to an employee. Once the attachment was opened, similar emails were sent to other employees and they also opened the attachment. Opening the attachment introduced a virus into the town’s computer system that allowed the hacker to tap into information connected to the town’s Wells Fargo bank account, and initiated a $491,000 transfer to Deutsche bank. With quick incident response, they were able to get the money back.

The hack did not include the theft of any information about business residential and commercial customers that had done business with the town.

Educate your employees never to open an attachment on an email unless they’re expecting it, even if you think you know who it’s coming from.

Posted in Security Blog | Tagged , , , , , | Comments Off on Spear Phishing in Florida Nearly Leads to Half Million Dollar Loss

Bloomberg Interview with FBI Special Agent of Cyber Special Operations, Leo Taddeo

Posted on March 12, 2015 by Carmelo

The Cost of Security Breaches

Posted in Security Blog | Tagged , , , , | Comments Off on Bloomberg Interview with FBI Special Agent of Cyber Special Operations, Leo Taddeo

Would You Buy Your Kids A “Hello Barbie” Doll?

Posted on March 12, 2015 by Carmelo

Most kids like to talk to their toys, it’s not uncommon. As far back as I can remember, like many children, I’d play with toys and do voices for them, or ask them questions on behalf of other toys, playing out scenarios I’ve just come up with.

“Hello Barbie” uses speech recognition and connects to Wi-Fi. When someone presses a button on her belt buckle, Barbie will record what everything you say and send it it up to the cloud. It’s saved, so Barbie keeps learning more and more about you, in order to inform her responses. The software then sends back a command to the doll to playback a reply stored in the toy. Barbie is programmed with various questions, jokes and quips, which are picked by the back-end software in response to whatever the kid wants to talk about. “Hello Barbie” will learn a child’s likes and dislikes so that she can incorporate them into conversation. Possibly even to be used to advertise.

How is this different than Samsung Televisions, Siri, Google Now, and Cortana? Yes, it’s a privacy concern, but what are other cyber-risks?

Children have been targeted by the unscrupulous cyber bad guys, even baby Emma and her parents were subject to online harassment when they failed to secure their Internet enabled baby monitor (see my video presentation on cyber-risk). I’m sure with the proper safeguards, the “Hello Barbie” can be an enjoyable toy for kids, but I don’t think the security is there yet.

Have you seen Feminist Hacker Barbie?

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Would You Buy Your Kids A “Hello Barbie” Doll?

A USB to Destroy a Computer

Posted on March 12, 2015 by Carmelo

A blog writer named Dark Purple wrote an article on a proof of concept called USB Killer, a USB that when plugged into a computer, would charge, then discharge back into the computer, to fry circuits and burn half the computer down.

usbPOC

Dark Purple writes:

“The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.”

The practical applications of such a device can really be scary.

It almost seems like something out of Mission Impossible, but then again, what was Stuxnet? A worm that sought specific hardware and if that hardware was found, would copy itself to other devices. Once it found centrifuges at a Nuclear facility, it would make them go out of control while giving the impression that nothing was going wrong, adjusting readouts to appear normal.

Read more about USB Killer here.

Posted in Security Blog | Tagged , , , , , , | Comments Off on A USB to Destroy a Computer

Rowhammer

Posted on March 11, 2015 by Carmelo

Intel-compatible PCs running Linux are exploitable through the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.

Google’s Project Zero has released an in-depth article on how to exploit the DRAM Rowhammer.

The rowhammer-test program is available here.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Rowhammer

The Disgruntled and Passed Over

Posted on March 11, 2015 by Carmelo

The FBI reports that; Michael Meneses, a system manager and software programmer who was often passed over for promotions, created a program to pharm employee passwords, left his job at an unnamed Long Island High-Voltage Power Manufacturer, in January 2012.

After he left, he used credentials to remotely logon to the network and:

  • The defendant deleted a line of code in a software program that the victim company used to calculate work order costs, leading the company to incorrectly calculate these costs.
  • The defendant read an e-mail sent by his former supervisor to one of his former colleagues about a candidate for the defendant’s former position, created the e-mail address “iamconcern2012@gmail.com,” and sent the candidate a message that stated, “Don’t accept any position from [victim company].”
  • The defendant modified a database so it would appear to be March 2012 rather than February 2012. As a result, the company was unable to process routine transactions.
  • The defendant manually purged a purchase order table, which prevented the company from converting purchase requisitions to purchase orders.

Since Michael was caught, he has pleaded guilty to the charges and will spend up to the next 10 years in prison and may have some hefty fines to pay.

Posted in Security Blog | Tagged , , , , , , | Comments Off on The Disgruntled and Passed Over

Men who Performed the Largest Data Breaches in History: Arrested

Posted on March 7, 2015 by Carmelo

The Department of Justice reports, three men operating from Vietnam, the Netherlands, and Canada are accused of carrying out the largest data breach of names and email addresses in the history of the Internet.

Two of the hackers, Viet Quoc Nguyen and Giang Hoang Vu would hack email service providers, stealing over a billion email addresses and use David-Manual Santos Da Silva’s company, MarketBay.com making millions of dollars from generated revenue from the spam.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Men who Performed the Largest Data Breaches in History: Arrested