PC Monitors Vulnerable To Hacking
You should probably be leery of what you see since, apparently, your computer monitor can be hacked.
Researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.
Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.
They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.
During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.
It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.
However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.
The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.
The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.
For instance, cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it, Kataria said. Or they could even spy on users’ monitors, by logging the pixels generated.
However, the two researchers said they made their presentation to raise awareness about computer monitor security. They’ve posted the code to their research online.
“Is monitor security important? I think it is,” Cui said.
Dell couldn’t be reached for immediate comment.
Source- http://www.thegurureview.net/computing-category/computer-monitors-are-also-vulnerable-to-hacking.html
Samsung Buys LoopPay
March 5, 2015 by admin
Filed under Around The Net
Comments Off on Samsung Buys LoopPay
Samsung Electronics Co Ltd has acquired U.S. mobile wallet startup LoopPay, signaling its intention to launch a smartphone payments service to compete with rival Apple Inc.
Mobile payments have been slow to catch on in the United States and elsewhere, despite strong backing. Apple, Google, and eBay Inc’s PayPal have all launched services to allow users to pay in stores via smartphones.
The weak uptake is partly because many retailers have been reluctant to adopt the hardware and software infrastructure required for these new mobile payment options to work. These services also fail to offer much more convenience than simply swiping a credit card, Samsung executives said on Wednesday.
LoopPay’s technology differs because it works off existing magnetic-stripe card readers at checkout, changing them into contactless receivers, they said. About 90 percent of checkout counters already support magnetic swiping.
“If you can’t solve the problem of merchant acceptance…, of being able to use the vast majority of your cards, then it can’t really be your wallet,” said David Eun, head of Samsung’s Global Innovation Center.
Injong Rhee, who is leading Samsung’s as-yet-unannounced payments project, said the Asian giant will soon reveal more details of its envisioned service. He would not be drawn on speculation the company may do so during the Mobile World Congress in Barcelona.
He said new phones such as the upcoming, latest Galaxy would support the service.
Apple Pay, launched in September, allows iPhone users to pay at the tap of a button. Executives have lauded its rapid rollout so far, including the fact that more than 2,000 banks now support it and the U.S. government will accept Apple Pay later this year.
But Apple Pay requires retailers to install near-field communication and some have been reluctant. In addition, many retailers such as Wal-Mart Stores Inc and CVS Health Corp, back their own system, CurrentC.
Samsung had invested in LoopPay, along with Visa Inc and Synchrony Financial, before its acquisition. Terms of the deal, which Samsung negotiated over several months, were not disclosed.
It’s unclear how else Samsung could differentiate its service versus Apple’s or other rivals.
eBay Expands Mobile Shopping
July 21, 2014 by admin
Filed under Around The Net
Comments Off on eBay Expands Mobile Shopping
Braintree, the payments gateway owned by eBay Inc, is working on removing a hurdle for e-commerce companies by making it easier for customers to directly pay for products on their smart phones.
The company rolled out a set of tools for software developers on Wednesday that allows businesses to deduct payments directly from a customer’s PayPal account.
The developer kit is the first big push from Braintree since it was bought by eBay for $800 million last year to help PayPal, eBay’s payments division, expand its presence on mobile devices.
Eliminating the need for mobile shoppers to type in their credit card details on their phones should help boost sales, Braintree Chief Executive Bill Ready said in an interview.
This is especially critical as consumers spend more time on their smartphones, a trend that is forcing developers to design a “fundamentally different computing experience” for the smaller screen, Ready added.
Braintree processes payments for businesses including car service Uber and online home-rental marketplace Airbnb.
PayPal Extend Bug Bounty
PayPal is expanding its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.
PayPal’s program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal’s director of information security.
In May, 17-year-old Robert Kugler, a student in Germany, said he’d been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.
In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.
Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent’s account, Anagnos said.
Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.
PayPal pays much less for vulnerabilities on partner websites, which have a URL form of “www.paypal-__.com.” A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company’s main sites.
Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a “Wall of Fame” for the top 10 researchers in a quarter. Another “honorable mention” page lists anyone who submitted a valid bug for the quarter.
Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.
“I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching,” he wrote on his blog.
PayPal Wooing SMB’s With Payments Service
March 23, 2012 by admin
Filed under Around The Net
Comments Off on PayPal Wooing SMB’s With Payments Service
PayPal is focusing on small businesses, service providers, and casual sellers on the move with its new PayPal Here service which allows vendors to process a variety of payments including checks and cards using their mobile phones.
The new service unveiled Thursday includes a free app and encrypted thumb-sized card reader, which allows merchants with an iPhone, and later Android smartphones, to process payments.
Merchants can accept payments by swiping cards in the card reader, scanning cards and checks using their phone cameras, or by entering card information manually into the app, the eBay unit said. They can also send an invoice and set payment terms, and accept PayPal payments from the app. The check facility is however only available in the U.S.
An iPhone version of the card reader and merchant app is available from Thursday to select merchants in the U.S., Canada, Australia and Hong Kong, with general availability in those countries scheduled for April. PayPal also plans to have an Android version of the merchant app by then. It will announce the availability of the service in more countries soon, it said.
Merchants pay a flat rate of 2.7 percent for card swipes and PayPal payments, while checks will be processed free of charge. Scanning of cards or typing the card information will be charged extra. PayPal Here merchants will also receive a business debit card for access to cash and 1 percent cash-back on eligible purchases.
PayPal will be competing with mobile payment systems from other providers such as Square and Intuit.
The key differentiator for PayPal Here in comparison to other small business mobile payment services is that it comes from a trusted brand in the online payments industry, with more than 100 million customers globally, David Marcus, vice president of mobile at PayPal said in a blog post.
Google Pressuring Developers
March 16, 2012 by admin
Filed under Around The Net
Comments Off on Google Pressuring Developers
Google Inc has been leaning on applications and mobile game developers to use its more expensive in-house payment service, Google Wallet, as the Internet search giant tries to copy the financial success of Apple Inc’s iOS platform.
Google warned several developers in recent months that if they continued to use other payment methods – such as PayPal, Zong and Boku – their apps would be removed from Android Market, now known as Google Play, according to developers, executives and investors in mobile gaming and payment sectors.
Developers say the Internet search giant is trying to simplify consumer payments, hoping apps-buying will rise and offset their higher costs. Google’s payment service charges a higher cut per transaction than some rivals’. But the move also suggests Google is using its powerful position in the mobile apps market to promote an in-house offering.
“Although this move by Google might seem high-handed, it reduces the friction for purchases inside Android apps and therefore makes users more valuable,” said Hugo Troche, chief executive of Appsperse, a cross-promotion network for app discovery.
Android Market, or Google Play as it is now known, is the company’s answer to Apple’s apps store, where consumers browse and buy or download everything from games and music to individual software or applications. Google wants Google Wallet to be the dominant way that people pay for anything on this platform.
Will eBay Cozy Up With Facebook?
October 17, 2011 by admin
Filed under Around The Net
Comments Off on Will eBay Cozy Up With Facebook?
EBay Inc is attempting to strengthen its relationship with social network leader Facebook at a developer conference this week, a person familiar with the e-commerce company said on Tuesday.
EBay will also debut a new online identification service for shoppers named PayPal Access, the source added.
The company expects almost 4,000 people to attend its X.commerce conference in San Francisco on October 12, 13 and 14. The event marks the official launch of the company’s new X.commerce division, which will target e-commerce software developers.
EBay is trying to encourage outside developers to create applications for its e-commerce platforms and is making a particularly strong push in mobile commerce.
At the end of September, Katie Mitic, head of Platform and Mobile Marketing at Facebook, joined eBay’s board of directors, sparking speculation that the two companies were working on new partnerships.
Mitic is scheduled to be one of the keynote speakers at the X.commerce conference on Wednesday. Facebook Platform, which Mitic helps run, is the company’s developer unit, so any new partnership will focus on this area, the person said on condition of anonymity because the plans aren’t public yet.
PayPal Unveils New Payment System
PayPal has unveiled a mobile payment product for customers that doesn’t require near-field communication (NFC) technology inside smartphones.
The system relies instead on using smartphones and other mobile devices to scan product bar codes and to authorize payments through PayPal mobile accounts. Shoppers will also be able to use credit-card scanning terminals commonly seen in grocery stores: The user inputs a phone number and PIN on the terminal’s keypad instead of swiping a credit or debit card.
PayPal President Scott Thompson laid out the basics of the plan in a blog posted Wednesday. In the blog, he also took a swipe at competitors, including Google, MasterCard, Visa and others, who are working with NFC in smartphones for a mobile wallet.
“Let’s be clear about something — we’re not just shoving a credit card on a phone,” Thompson said in his blog.
PayPal is already a major global force in online payments, with 100 million customers. While PayPal’s new payment technologies don’t rely on NFC, they do propose making in-store payments possible from any device and support GPS-based offers, according to Thompson’s blog. PayPal will even allow for customers to set up payments on credit after they’ve checked out.
Dozens of merchants got a sneak peak of the technology Wednesday at an event PayPal sponsored. The event was covered by All Things D, which was not allowed to take photographs, but posted a story. In addition to the payment methods shown in the PayPal video, that story said PayPal will allow customers to continue using plastic cards, issued by PayPal, for payment.
In an interview posted on AllThingsD, Thompson said the PayPal approach doesn’t require merchants to install new terminals, nor does it require customers to buy a new smartphone.
Amex Debuts Mobile Payment System
March 29, 2011 by admin
Filed under Around The Net
Comments Off on Amex Debuts Mobile Payment System
American Express has just debuted a digital payment and commerce service that makes it possible to use Android-based devices and Apple iPhones for person-to-person online payments. Visa announced a similar personal payment product in the U.S. on March 16.
Analysts say the moves by Visa and American Express are clearly aimed at challenging PayPal in the personal payments business.
The new Amex service, named Serve, allows consumers and small businesses to make purchases and person-to-person payments on iOS- and Android-based devices. Serve accounts are also accessible on personal computers through Facebook and at Serve.com.
Serve also allows users to create and manage sub-accounts for friends and family members.
Visa Offers New Payment Service
March 20, 2011 by admin
Filed under Around The Net
Comments Off on Visa Offers New Payment Service
Visa announced Wednesday it is developing a new service that will allow U.S. customers to send money directly to one another, presenting new competition to PayPal.
Visa already lets people send money to Visa accounts in many other countries, but this will be the first time it will offer the service in the U.S.
People who use banks that participate in the new program will be able to send money directly to someone’s Visa account by entering the recipient’s Visa account number, e-mail address or mobile-phone number in an online payment form.
Visa said it has made deals with two payment companies, Fiserv and CashEdge, so that those companies can allow their customers to send money to Visa accounts. Banks offer Fiserv’s ZashPay and CashEdge’s Popmoney services to their customers for sending money to other people. The first banks are expected to make the Visa service available through CashEdge and Fiserv in the second half of the year, Visa said. It’s not clear whether Visa will offer the service on its own. Read More…