Dumb: ATM owners who use the default password for administering their ATM’s, allowing hackers to get into the machines easily by locating the default password online from vendor sites.
Dumber: ATM owners who don’t change the default password after the machine is hacked and used to give out more money than it was supposed to.
A pair of crooks got caught using the default password on an ATM for the fourth time. They weren’t caught the first three times, but by the fourth time, the police had information from surveillance cameras and had alerted the store manager (where the ATM was located) to the identity of the thieves. So when they tried it for the fourth time, they got caught.
I’m wondering why the ATM owner didn’t just change the default password on the administrative functions of the ATM so it couldn’t be hacked a second time. That would have been the smarter thing to do, wouldn’t you think?
Who’s dumber, the criminal or the ATM owner? I’m thinking it’s the latter.
Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”
Read the rest of this entry »
It was only a month ago that Microsoft Corp. announced its free antispyware application; however, malware has already been detected by an antivirus company, Sophos PLC, that will disable Microsoft’s program and delete all files in the program’s installation directory.
Read the rest of this entry »
Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.
Read the rest of this entry »
Three academic computer scientists have uncovered a serious security hole in the Google Desktop Search Toolbar that was released on October 14th. Dan Wallach, assistant professor of computer science at Rice University and two graduate students, Seth Fogarty and Seth Nielson, have known of the security problem for a month; however, this is the first confirmed report of a serious problem with Google’s popular search tool.
Read the rest of this entry »
A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.
WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.
Microsoft will patch this security flaw as part of it’s scheduled monthly update.
Dave’s Comment
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.
Call for Comments
What do you think? Leave your comments below.
References
Microsoft Security
