Tag: password

Bank robbers use KVM switch and 3G router to steal money

The networked KVM switch and 3G router used to rob a Barclays Bank branch remotely. Metropolitan Police, London Nine members of a London-based gang have been convicted  and three others are scheduled for sentencing in June for a series of electronic bank robberies. Using social engineering to install a remote-controlled keyboard-video-mouse (KVM) switch on bank PCs, the gang managed to transfer millions to outside accounts in two separate jobs in April and July of 2013. They were caught attempting to rob a third bank in September. Dean Outram, 32, entered all three banks claiming to be from a tech support contractor and saying he was there to repair computers. At each bank branch robbed, Outram installed a KVM switch and a 3G wireless router . From a “control center” in central London, others then used the KVM switches to gain access to the PCs of bank employees, remotely logging keystrokes and monitoring screen activity to get the information necessary to transfer funds from customers’ accounts to accounts controlled by the group. In the first attempt, the group managed to make 128 fund transfers totaling £1.3 million (about $2 million) in one day from a branch of Barclays Bank. The bank detected the fraud the same day and recovered about £600,000 ($1 million) of the funds before the gang drained the accounts. In its second attempt at another Barclays branch, the group was able to make off with £90,000 (about $150,000). Read 3 remaining paragraphs | Comments

Visit link:
Bank robbers use KVM switch and 3G router to steal money

Review: Gigabyte’s AMD Brix gives Intel’s mini PC a run for its money

Gigabyte’s AMD Brix (top) is, if anything, even smaller than Intel’s latest NUC (bottom). Andrew Cunningham When AMD sent us the Brix Gaming for review, it wasn’t alone in its box. We were also sent another, smaller Brix with an AMD processor, and it’s the antithesis of its big loud cousin. It’s basically the AMD take on the NUC : a small, quiet, unobtrusive little box that still tries to deliver the features and performance of a full-size entry-level desktop. We originally planned to review both in one shot, but there was so much to say about the Brix Gaming that the GB-BXA8-5545 (say that three times fast) got edged out. Rather than bury it, we’ve decided to give it its own evaluation. It’s the only AMD-powered desktop in the same size category as the NUC that doesn’t use a wimpy netbook-class processor. And as much as Intel’s integrated GPUs have improved in recent years, the name “AMD” still means something when it comes to graphics performance. Surprise, it’s a tiny cube! Like most other mini PCs, the Brix is a tiny box with a small external power supply. Andrew Cunningham Specs at a glance: Gigabyte Brix GB-BXA8-5545 OS Windows 8.1 x64 CPU 1.7GHz AMD A8-5545M, Turbo Boost up to 2.7GHz available with proper BIOS settings RAM 8GB 1333MHz DDR3 (supports up to 16GB) GPU AMD Radeon 8510G (integrated) HDD 128GB Crucial M500 mSATA SSD Networking 2.4GHz 802.11n Wi-Fi, Bluetooth 4.0, Gigabit Ethernet Ports 4x USB 3.0, 1x mini DisplayPort 1.2, 1x HDMI 1.4a, audio Size 4.24” x 4.5” x 1.18” (107.6 x 114.4 29.9 mm) Other perks Kensington lock, VESA mounting bracket Warranty 1 year Price $249.99 (barebones), $494.97 with listed components and software The other Brix boxes we’ve reviewed have been larger and more powerful machines, but the smaller Intel and AMD-based Brixes are a lot more like the original Intel NUC. This one’s a short, square little device that’s actually a little shorter than the NUC. It’s an understated all-black system with matte metal sides and a glossy plastic top, and while it has an external power brick it doesn’t add much to the total size of the package. With the adapters, it’s roughly the size you’d get with standard PC laptops and Ultrabooks, since the Brix uses low-voltage mobile parts rather than full-fledged desktop chips. Read 17 remaining paragraphs | Comments

View article:
Review: Gigabyte’s AMD Brix gives Intel’s mini PC a run for its money

Covert Bitcoin miner found stashed in malicious Google Play apps

Lookout Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins. The malware, dubbed “BadLepricon” by its creators, was stowed away inside six separate wallpaper apps that had from 100 to 500 downloads each, according to a blog post published Thursday by researchers from Lookout, an anti-malware provider for smartphones. Google employees promptly removed the offending apps once Lookout reported them. It’s at least the second time in a month that third-party researchers have discovered cryptocurrency-mining apps available for download on Google servers. Four weeks ago, researchers from Trend Micro reported they found two apps downloaded from one million to five million times that mined the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users. “These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to ‘epic smoke’ to attractive men,” Meghan Kelly, a Lookout security communications manager, wrote in Thursday’s blog post. “However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where—every five seconds—it checks the battery level, connectivity, and whether the phone’s display was on.” Read 3 remaining paragraphs | Comments

View article:
Covert Bitcoin miner found stashed in malicious Google Play apps

In just one year, Zynga has lost nearly half of its daily active users

It’s been a rough year for Zynga, which has relegated founder Mark Pincus to being chairman of the board. Fortune Live Media Zynga needs some good news, and fast: in its Tuesday quarterly earnings filling, the company reported that its daily active users rose from 27 million in the last quarter of 2013 to 28 million this quarter. But when compared to the first quarter of 2013 , Zynga had 53 million daily active users—which means the company has lost about half of its most active players in a year. Just months after Zynga spent $527 million on NaturalMotion , maker of Clumsy Ninja , the embattled social gaming firm also announced that it ended its first quarter by losing over $61 million. At this time last year, the company had profited $4.1 million during the first three months of 2013. Still, the company’s chief executive tried to play the loss down. Read 3 remaining paragraphs | Comments

See the original article here:
In just one year, Zynga has lost nearly half of its daily active users

“Russian Facebook” founder flees country after being forced out as CEO

Pavel Durov, founder and former CEO of Vkontakte. Pavel Durov/VK Pavel Durov, the founder of Vkontakte (VK)—the largest social network in Russia—said on Tuesday that he fled the country one day after being forced out of the company, claiming that he felt threatened by Kremlin officials. In a  post on his profile page on Monday, Durov explained that he was fired from his position as CEO of VK and that the so-called “Russian Facebook” is now “under the complete control” of two oligarchs close to President Vladimir Putin. Durov explained that after seven years of relative social media freedom in Russia, his refusal to share user data with Russian law enforcement has set him at odds with the Kremlin, which has recently been trying to tighten its grip on the Internet, according to The Moscow Times . Read 7 remaining paragraphs | Comments

Excerpt from:
“Russian Facebook” founder flees country after being forced out as CEO

Next-gen Thunderbolt doubles speeds but changes the connector

The leaked slide that purports to out the next-generation Thunderbolt controller. VR-Zone Thunderbolt 2 just started showing up in devices late last year, but a new slide leaked by VR-Zone is giving us our first glimpse at what the next version is going to look like. Dubbed “Alpine Ridge,” the new Thunderbolt controllers will double Thunderbolt 2’s bandwidth from 20Gbps to 40Gbps, will reportedly support PCI Express 3.0, and will reduce power usage by 50 percent compared to current controllers. The downside is that the new version will require the use of a new connector—it supports charging for devices that use up to 100W of power and it’s 3 mm shorter than current connectors, but adapters will be required to maintain compatibility with older Thunderbolt accessories. Doubling the available bandwidth will enable next-generation Thunderbolt controllers to drive two 4K displays simultaneously, where current controllers can only drive one. The new controllers will allegedly be compatible with a variety of other protocols as well, including DisplayPort 1.2, USB 3.0, and HDMI 2.0. Intel will offer two different versions of the controller—a version that uses four PCI Express lanes to drive two Thunderbolt ports and an “LP” (presumably “Low Power”) version that uses two PCI Express lanes to drive one port. This is consistent with the current controllers. High-end devices like the Mac Pro and Retina MacBook Pro use two-port controllers, while lower-end, lower-power devices like the Mac Mini and MacBook Air use the one-port version. Thunderbolt 2 gave the specification a performance boost but didn’t change all that much about the protocol. It combined the original Thunderbolt’s two 10Gbps channels to allow for higher maximum speeds, but it didn’t increase the total amount of bandwidth available or introduce any new protocols. The upside is that it maintained full compatibility with all of the original Thunderbolt cables and accessories, something that this next-generation Thunderbolt controller won’t be able to do without adapters (though to be fair, USB 3.1 and the new Type-C USB connector have the same problem). Read 2 remaining paragraphs | Comments

View original post here:
Next-gen Thunderbolt doubles speeds but changes the connector

Using bugs—aphids, specifically—to spy on plants’ electrical communications

I’m catching some signals, fellow aphid. Are you? benimoto Internal communications in plants share striking similarities with those in animals, new research reveals . With the help of tiny insects, scientists were able to tap into this communication system. Their results reveal the importance of these communications in enabling plants to protect themselves from attack by insect pests. Like any organism, plants need to transport essential nutrients from one part to another. This is achieved by two parts of the plant: the xylem and the phloem. Xylem, which is largely made of dead cells, transports water and dissolved nutrients obtained by roots up to the aerial tissues of the plants. By contrast, the phloem is made up of living cells—active tubes that transport a syrupy sap, rich in sugars made by photosynthesis in the leaves. In the 1980s, scientists discovered that phloem cells also function as a communication system through which electrical signals travel, similar to the electrical signals transmitted through the neurons in your nervous system. Read 14 remaining paragraphs | Comments

More:
Using bugs—aphids, specifically—to spy on plants’ electrical communications

Active malware campaign steals Apple passwords from jailbroken iPhones

Sophos Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads. News of the malware, dubbed “unflod” based on the name of a library that’s installed on infected devices, first surfaced late last week on a pair of reddit threads here and here . In the posts, readers reported their jailbroken iOS devices recently started experiencing repeated crashes, often after installing jailbroken-specific customizations known as tweaks that were not a part of the official Cydia market , which acts as an alternative to Apple’s App Store. Since then, security researcher Stefan Esser has performed what’s called a static analysis on the binary code that the reddit users isolated on compromised devices. In a blog post reporting the results , he said unflod hooks into the SSLWrite function of an infected device’s security framework. It then scans it for strings accompanying the Apple ID and password that’s transmitted to Apple servers. When the credentials are found, they’re transmitted to attacker-controlled servers. Read 6 remaining paragraphs | Comments

Link:
Active malware campaign steals Apple passwords from jailbroken iPhones

Lavabit held in contempt of court for printing crypto key in tiny font

Image by Rene Walter A federal appeals court on Wednesday upheld a contempt of court ruling against Ladar Levison and his now-defunct encrypted e-mail service provider, Lavabit LLC, for hindering the government’s investigation into the National Security Agency leaks surrounding Edward Snowden. In the summer of 2013, Lavabit was ordered to  provide real-time e-mail monitoring  of one particular user of the service, believed to be Snowden, the former NSA contractor turned whistleblower. Instead of adequately complying with the order to turn over the private SSL keys that protected his company’s tens of thousands of users from the government’s prying eyes, Levison chose instead to shut down Lavabit last year after weeks of stonewalling the government. However, Levison reluctantly turned over his encryption keys to the government, although not in a manner that the government deemed useful, and instead provided a lengthy printout with tiny type, a move the authorities said was objectionable. “The company had treated the court orders like contract negotiations rather than a legal requirement,” US Attorney Andrew Peterson, who represented the government, told  PC World . Read 5 remaining paragraphs | Comments

Read More:
Lavabit held in contempt of court for printing crypto key in tiny font

All sent and and received e-mails in Gmail will be analyzed, says Google

Google  added a paragraph to its terms of service as of Monday to tell customers that, yes, it does scan e-mail content for advertising and customized search results, among other reasons. The change comes as Google undergoes a lawsuit over its e-mail scanning, with the plaintiffs complaining that Google violated their privacy. E-mail users brought the lawsuit against Google in 2013, alleging that the company was violating wiretapping laws by scanning the content of e-mails. The plaintiffs are varied in their complaints, but some of the cases include people who sent their e-mails to Gmail users from non-Gmail accounts and nonetheless had their content scanned. They argue that since they didn’t use Gmail, they didn’t consent to the scanning. US District Judge Lucy Koh refused Google’s motion to dismiss the case in September. Koh also denied the plaintiffs class-action status in March on the grounds that the ways that Google might have notified the various parties of its e-mail scanning are too varied, and she could not decide the case with a single judgment. Read 2 remaining paragraphs | Comments

Read More:
All sent and and received e-mails in Gmail will be analyzed, says Google