Thomas Schneider, a postdoctoral researcher in the System Security Lab of Technische Universität Darmstadt, said on Monday that Amazon's Web Services is so easy to use that a lot of people create virtual machines without following the security guidelines.
In what they termed was the most critical discovery, the researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines.
But the consequences could be expensive: With those keys, an interloper could start up services on EC2 or S3 using the customer's keys and create "virtual infrastructure worth several thousands of dollars per day at the expense of the key holder," according to the researchers.
Showing posts with label credit card fraud. Show all posts
Showing posts with label credit card fraud. Show all posts
Tuesday, June 21, 2011
Saturday, June 18, 2011
Con artists pose as security companies in growing scam
Criminals posing as computer security engineers are having success in calling victims at home and stealing their money, according to a survey issued Thursday by Microsoft. Fifteen percent of 7,000 computer users polled in the United States, Canada, U.K. and Ireland said they have been been contacted by a phone scammer, and 22 percent of those were tricked into following the fraudsters' directions, which included giving them remote access to a computer or providing credit card information. Seventy-nine percent of those suffered a financial loss as a result. Victims were out an average $875 in the United States, the survey found.
Friday, October 22, 2010
Man In The Browser (MITB) Attacks
A new botnet named Feodo has been discovered. It doesn't seem to have much new about its internal workings, but the linked article gives a good description of how Man In The Browser attacks work.
Feodo rewrites specific banking app web pages in order to add input fields, such as PIN numbers and other personal information, that the bank wouldn't normally request on the unmodified version of the page.
Feodo rewrites specific banking app web pages in order to add input fields, such as PIN numbers and other personal information, that the bank wouldn't normally request on the unmodified version of the page.
Friday, August 13, 2010
Heartland denies systems involved in new data breach
It seems that Heartland Payment Systems, the company that achieved unwanted celebrity status last year for suffering the largest credit card data breach ever, is back in the news. This time they are spinning out ways to downplay yet another major data breach.
A Heartland spokesperson is suggesting that somebody hacked into a system between Tino's Greek Cafe and Heartland, resulting in numerous fraudulent charges to the customer's credit cards. Jeff Nori, co-owner of Tino's plenty to say about the breach.
Thanks to jimmiejaz for the scoop.
A Heartland spokesperson is suggesting that somebody hacked into a system between Tino's Greek Cafe and Heartland, resulting in numerous fraudulent charges to the customer's credit cards. Jeff Nori, co-owner of Tino's plenty to say about the breach.
Thanks to jimmiejaz for the scoop.
Thursday, May 20, 2010
Hacking the Hackers
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.
Subscribe to:
Posts (Atom)