Saudi deputy FM meets Sudan's Sovereign Council chief in Port Sudan    Kuwait, India to elevate bilateral relations to strategic partnership Sheikh Mishal awards Mubarak Al-Kabir Medal to Modi    MoH to penalize 5 health practitioners for professional violations    Al-Samaani: Saudi Arabia to work soon on a comprehensive review of the legal system    Environment minister inaugurates Yanbu Grain Handling Terminal    Germany's attack suspect reportedly offered reward to target Saudi ambassador    U.S. Navy jet shot down in 'friendly fire' incident over Red Sea    Israeli strikes in Gaza kill at least 20 people, including five children    Trudeau's leadership under threat as NDP withdraws support, no-confidence vote looms    Arabian Gulf Cup begins with dramatic draws and a breathtaking ceremony in Kuwait    GACA report: 928 complaints filed by passengers against airlines in November    Riyadh Season 5 draws record number of over 12 million visitors    Fury vs. Usyk: Anticipation builds ahead of Riyadh's boxing showdown    Saudi Arabia to compete in 2025 and 2027 CONCACAF Gold Cup tournaments    Marianne Jean-Baptiste on Oscars buzz for playing 'difficult' woman    PDC collaboration with MEDLOG Saudi to introduce new cold storage facilities in King Abdullah Port Investment of SR300 million to enhance logistics capabilities in Saudi Arabia    Al Shabab announces departure of coach Vítor Pereira    My kids saw my pain on set, says Angelina Jolie    Legendary Indian tabla player Zakir Hussain dies at 73    Eminem sets Riyadh ablaze with unforgettable debut at MDLBEAST Soundstorm    Order vs. Morality: Lessons from New York's 1977 Blackout    India puts blockbuster Pakistani film on hold    The Vikings and the Islamic world    Filipino pilgrim's incredible evolution from an enemy of Islam to its staunch advocate    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Alliances, upgrades key to foil cyber crooks
Published in The Saudi Gazette on 30 - 07 - 2010

The world of hackers can be roughly divided into three groups. “Black hats” break into corporate computer systems for fun and profit, taking credit card numbers and e-mail addresses to sell and trade with other hackers, while the “white hats” help companies stop their disruptive counterparts.
But it is the third group, the “gray hats,” that are the most vexing for companies. These hackers play it any number of ways, which can leave a company vulnerable to lost assets as well as a tarnished reputation as security breaches are exposed. (The terms are a nod to westerns, with the villain wearing a black hat and the hero a white one.) These gray-hat hackers surreptitiously break into corporate computers to find security weaknesses. They then choose whether to notify the company and stay silent until the hole has been patched or embarrass the company by exposing the problem.
The debate among all of these groups over the best course of action has never been settled and will be an undercurrent at the Black Hat hackers conference which started Friday in Las Vegas.
Internet gets an upgrade
The Internet has undergone a key upgrade that promises to stop cyber criminals from using fake websites that dupe people into downloading viruses or revealing personal data.
The agency in charge of managing Internet addresses teamed with online security services firm VeriSign and the US Department of Commerce to give websites encrypted identification to prove they are legitimate.
The Domain Name System Security Extensions, referred to as DNSSEC, basically adds a secret, identifying code to each website address.
The domain name system is where the world's Internet addresses are registered and plays a key role in enabling computers around the world to speak with one another online. Applications commonly used on the Internet can be tailored to essentially check the ID of a website to make certain it is what it claims to be, according to Dan Kaminsky, a hacker turned computer security specialist. For example, web browser software such as Google or Bing could be adapted to tell whether a bank log-in page is authentic.
DNSSEC strips cyber criminals of being able to do attacks that involve manipulating code to redirect people from legitimate websites to fake pages rigged with malicious code or asking for passwords and other valuable data.
Bunker-busting ATM attacks
A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them. The attacks demonstrated Wednesday targeted standalone ATMs. But they could potentially be used against the ATMs operated by mainstream banks.
Criminals have long known that ATMs aren't tamperproof.
Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank branches.
His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines. He showed off his results here at the conference. His attacks have wide implications because they affect multiple types of ATMs and exploit weaknesses in software and security measures that are used throughout the industry.
Jack showed in a theatrical demonstration two ways he can get ATMs to spit out money:
• He found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each. Then he compared the keys he got to pictures of other keys, found on the Internet. He used his key to unlock a compartment in the ATM that had standard USB slots. He inserted a program he had written into one of them, commanding the ATM to dump its vaults.
• He hacked into the machines by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet. Jack said the problem is that outsiders are permitted to bypass the need for a password. The remote style of attack is more dangerous because an attacker doesn't need to open up the ATMs. It allows an attacker to gain full control of the ATMs and not only order it to spit out money, but also to silently harvest card data from anyone who uses the machines.
Jack said the manufacturers whose machines he studied are deploying software fixes for both vulnerabilities, but added that the prevalence of remote-management software broadly opens up ATMs to hacker attacks.


Clic here to read the story from its source.