Category Archives: security

Clever Password Tricks Aren’t Protecting You from Today’s Hackers

Security breaches happen so often nowadays, you’re probably sick of hearing about them and all the ways you should beef up your accounts. Even if you think you’ve heard it all already, though, today’s password-cracking tools are more advanced and cut through the clever password tricks many of us use. Here’s what’s changed and what you should do about it.

Source: lifehacker.com

Good advice

Unlock ATMs in Minutes – ATM Security and Kaba Lock Security

Unlock ATMs in Minutes at Defcon27 Story by Wired 8/9/2019 on presentation at Defcon27 Excerpt: SAFECRACKERS OF THE past put a stethoscope to a safe’s panel while turning its dial, listening for the telltale murmurs of the interlocking components inside. It turns out that modern safecracking, despite all its electronic upgrades, isn’t always so different. But now those involuntary murmurs… Read More »

Check-In Kiosks Security – The Overlooked Security Threat by IBM and Wired

Originally published on Wired March 4, 2019 Overlooked Security in Sign-In Kiosks – Visitor Management Systems  (note: all are “mostly” patched) Wired published story of IBM interns infiltrating some systems (later patched). Typically there are USB ports exposed and sure enough in this case they found some.  We’re surprised that HID Global was the noted offender. They know… Read More »

EMV Kiosk – On Track Innovations Receives Interac Certification for Canadian Market

Originally published on https://www.otiglobal.com/pr-news-events/on-track-innovations-receives-interac-certification-for-canadian-market/ October 30, 2018 ROSH PINNA, Israel – October 30th, 2018 — On Track Innovations Ltd. (OTI) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment solutions, has received a renewed Interbank Network Interac certification, which now allows Canadian businesses to integrate OTI’s secure cashless payment solutions into vending machines, kiosks and other unattended… Read More »

Tokenworks ID Authenticate Product News – User Authentication Drivers License

Tokenworks Product News – User Authentication Drivers License We like to highlight our members when we can and new product enhancements are now available from Tokenworks. Tokenworks provides a complete range of Age Verification, Data Entry & Form Fillers and Forensic Scanners. And complete developer tools. Editors Note:  While with KIOSK Information Systems, I probably participated in the… Read More »

This Week In Credit Card News: Identity Fraud Hits All-Time High; Apple Pay’s Move Into E-Commerce

What took place this week in the credit card and payment industries

Source: www.forbes.com

Last year marked a large shift in the world of data breaches. For the first time, Social Security Numbers were compromised more than credit cards. A staggering 16.7 million consumers were affected by identity fraud last year, an 8% increase over year-ago levels and the highest volume since Javelin Strategy & Research began their annual surveys in 2003. This fraud resulted in losses of $16.8 billion.

Pornographic video at D.C.’s Union Station disassembled; content provider takes responsibility, claims it wasn’t a hack

A kiosk in a public transit station displayed pornographic content because the software was not properly locked down.

Source: www.kioskmarketplace.com

Writeup by Maras from point of view of software provider.  Our take? 

 
I think the Ping guy is being disingenuous when he says he wasn’t hacked.​ “Breaking into the desktop” is a hack in itself.  Was there malware which modified some existing code?.. no. But that isn’t what people are supposed to guard against.  He was hacked.
 
A little disappointing that his protection is predicated on his image build containing his tools.  And he said he “checked every single unit” like he went pc by pc.  No mention of overall remote management and control.
 
They never configured their Win10 correctly (and imaged it as such) and my guess is they are on consumer version.
 
Given all that the odds are very good that he’ll get “hacked” again sounds like to me…

Kiosk Security – Here Is the Porn Video That Played in DC’s Union Station Last Night [NSFW]

Last night, a display screen in Union Station—one of Washington DC’s main transit hubs—found itself moonlighting as a tiny pornographic theater. Now, Gizmodo can exclusively reveal footage of the incident, and I can assure you that, one, it’s definitely pornography, and two, I have never had a commute this stimulating.

Source: gizmodo.com

I think they said it in the movie (Sierra Madre?) ” we don’t need no stinkin’ lockdown…”.  Somebody supposedly smarter than everyone else turns out to be not as smart as many.

Camlock Systems Launches LinkedIn Company Page

Camlock Systems Ltd has launched its company page on the professional social network LinkedIn. Camlock’s followers can now obtain expert security advice, gain company insights, read market news and participate in related discussions. Camlock Systems’ locking security experts work in partnership with customers to supply or to design, develop and manufacture mechanical and electronic locking security using innovative… Read More »

Security – How The Panama Papers Breach Happened

The news this week has been filled with the so called “Panama Papers” which have resulted in the resignation of at least one world leader, the Icelandic Prime Minister, and have caused controversy to surround others including Russian President Putin and British prime minister Cameron. The data involved was taken from a Panamanian Law Firm called Mossack Fonseca (MF) by a hacker and… Read More »

Thin Client Kiosk – malerisch.net: Owning a thin client in less than two minutes

RT @m3g9tr0n: Pwning a thin client in less than two minuteshttps://t.co/Y9FK57uVy2Source: blog.malerisch.netNormally, HP ThinPro OS interface is configured in a kiosk mode, as the concept of a thin/zero client is based on using a thick client to connect to another resource. For this purpose, a standard user does not need to authenticate to the thin client per se and would just need to perform a connection – e.g. VMware Horizon View. The user will eventually authenticate through the connection. The point of this blog post is to demonstrate that a malicious actor can compromise such thin clients in a trivial and quick way provided physical access, a standard prerequisite in an attack against a kiosk.

Source: thinclient.org

Tutorial on breaking and entering a thin client configured for kiosk mode.