Bonets Attack U.S. Banks
January 18, 2013 by admin
Filed under Around The Net
Comments Off on Bonets Attack U.S. Banks
Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the responsible parties behind the ongoing DDoS attack campaign against U.S. financial institutions — thought by some to be the work of Iran — are using botnets for hire.
The compromised website contained a PHP-based backdoor script that was regularly instructed to send numerous HTTP and UDP (User Datagram Protocol) requests to the websites of several U.S. banks, including PNC Bank, HSBC and Fifth Third Bank, Ronen Atias, a security analyst at Web security services provider Incapsula, said Tuesday in a blog post.
Atias described the compromised site as a “small and seemingly harmless general interest UK website” that recently signed up for Incapsula’s services.
An analysis of the site and the server logs revealed that attackers were instructing the rogue script to send junk traffic to U.S. banking sites for limited periods of time varying between seven minutes and one hour. The commands were being renewed as soon as the banking sites showed signs of recovery, Atias said.
During breaks from attacking financial websites the backdoor script was being instructed to attack unrelated commercial and e-commerce sites. “This all led us to believe that we were monitoring the activities of a Botnet for hire,” Atias said.
“The use of a Web Site as a Botnet zombie for hire did not surprise us,” the security analyst wrote. “After all, this is just a part of a growing trend we’re seeing in our DDoS prevention work.”
Fed Contractor Arrested For Software Theft
January 28, 2012 by admin
Filed under Around The Net
Comments Off on Fed Contractor Arrested For Software Theft
Bo Zhang worked at the bank and took advantage of his position to commit the crime, according to prosecutors, and was arrested yesterday by the FBI and the Treasury Department.
“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan US Attorney Preet Bharara.
“Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk.”
A complaint against Zhang has been unsealed and according to that he pilfered the Government-Wide Accounting and Reporting Program code by copying it to a hard drive owned by the Federal Reserve Bank of New York.
PayPal Unveils New Payment System
PayPal has unveiled a mobile payment product for customers that doesn’t require near-field communication (NFC) technology inside smartphones.
The system relies instead on using smartphones and other mobile devices to scan product bar codes and to authorize payments through PayPal mobile accounts. Shoppers will also be able to use credit-card scanning terminals commonly seen in grocery stores: The user inputs a phone number and PIN on the terminal’s keypad instead of swiping a credit or debit card.
PayPal President Scott Thompson laid out the basics of the plan in a blog posted Wednesday. In the blog, he also took a swipe at competitors, including Google, MasterCard, Visa and others, who are working with NFC in smartphones for a mobile wallet.
“Let’s be clear about something — we’re not just shoving a credit card on a phone,” Thompson said in his blog.
PayPal is already a major global force in online payments, with 100 million customers. While PayPal’s new payment technologies don’t rely on NFC, they do propose making in-store payments possible from any device and support GPS-based offers, according to Thompson’s blog. PayPal will even allow for customers to set up payments on credit after they’ve checked out.
Dozens of merchants got a sneak peak of the technology Wednesday at an event PayPal sponsored. The event was covered by All Things D, which was not allowed to take photographs, but posted a story. In addition to the payment methods shown in the PayPal video, that story said PayPal will allow customers to continue using plastic cards, issued by PayPal, for payment.
In an interview posted on AllThingsD, Thompson said the PayPal approach doesn’t require merchants to install new terminals, nor does it require customers to buy a new smartphone.
SpyEye Poses Risk To Banking Defenses
Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.
SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.
Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.
SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.
NFC Support Coming to Windows Phone 7
April 3, 2011 by admin
Filed under Smartphones
Comments Off on NFC Support Coming to Windows Phone 7
Microsoft is adding support for NFC (near field communication) to its Windows Phone mobile operating system, according to a report on Bloomberg Businessweek. NFC technology is a key component to the upcoming mobile payment and mobile wallet systems now reportedly under development at Google, RIM and Apple as well as the new carrier-led initiative Isis, a coalition of three of the four major cellular providers here in the U.S.
Support for NFC technology in Windows Phone 7 will be pushed out in an update to Microsoft’s mobile operating system, sources told Bloomberg reporters. Those updates may arrive sometime this year.
Bloomberg says that the addition of NFC is an effort to close the gap between Microsoft and Google, the latter which is currently the leading smartphone platform here in the U.S., and, according to at least one analyst firm, worldwide.
Google’s Android mobile operating system added in NFC support in the release code-named Gingerbread (Android 2.3) and has incrementally added new capabilities since then to broaden its feature set. In February 2011, for example, an update delivered the ability to both read and write to standard NFC tags, whereas before the NFC support was read-only.
Amex Debuts Mobile Payment System
March 29, 2011 by admin
Filed under Around The Net
Comments Off on Amex Debuts Mobile Payment System
American Express has just debuted a digital payment and commerce service that makes it possible to use Android-based devices and Apple iPhones for person-to-person online payments. Visa announced a similar personal payment product in the U.S. on March 16.
Analysts say the moves by Visa and American Express are clearly aimed at challenging PayPal in the personal payments business.
The new Amex service, named Serve, allows consumers and small businesses to make purchases and person-to-person payments on iOS- and Android-based devices. Serve accounts are also accessible on personal computers through Facebook and at Serve.com.
Serve also allows users to create and manage sub-accounts for friends and family members.
Visa Offers New Payment Service
March 20, 2011 by admin
Filed under Around The Net
Comments Off on Visa Offers New Payment Service
Visa announced Wednesday it is developing a new service that will allow U.S. customers to send money directly to one another, presenting new competition to PayPal.
Visa already lets people send money to Visa accounts in many other countries, but this will be the first time it will offer the service in the U.S.
People who use banks that participate in the new program will be able to send money directly to someone’s Visa account by entering the recipient’s Visa account number, e-mail address or mobile-phone number in an online payment form.
Visa said it has made deals with two payment companies, Fiserv and CashEdge, so that those companies can allow their customers to send money to Visa accounts. Banks offer Fiserv’s ZashPay and CashEdge’s Popmoney services to their customers for sending money to other people. The first banks are expected to make the Visa service available through CashEdge and Fiserv in the second half of the year, Visa said. It’s not clear whether Visa will offer the service on its own. Read More…