using-the-most – Tech Today w/ Ken May

For some ATM thieves, swiping card data involves too much patience — they’d rather just take the money and run. The US Secret Service has warned ATM makers Diebold Nixdorf and NCR that “jackpotting” hacks, where crooks force machine to cough up large sums of cash, have reached the US after years of creating problems in Asia, Europe and Mexico. The attacks have focused largely on Diebold’s front-loading Opteva ATMs in stand-alone locations, such as retail stores and drive-thrus, and have relied on an combination of malware and hardware to pull off heists. In previous attacks, the thieves disguised themselves as technicians to avoid drawing attention. After that, they hooked up a laptop with a mirror image of the ATM’s operating system and malware (Diebold also mentioned replacing the hard drive outright). Security researcher Brian Krebs understands American ATMs have been hit with Ploutus.D, a variant of “jackpotting” malware that first launched in 2013. The mirror image needs to be paired with the ATM to work, but that’s not as difficult as you might think — the intruders used endoscopes to find and press the necessary reset button inside the machine. Once done, they attached keyboards and used activation codes to clean out ATMs within a matter of minutes. NCR hasn’t been explicitly targeted in these attacks, but it warned that this was an “industry-wide issue” and urged caution from companies using its ATMs. It’s definitely possible to thwart attacks like this. The Secret Service warned that ATMs still using Windows XP were particularly easy targets, and that updating to Windows 7 (let alone Windows 10) would protect against these specific attacks. Diebold also recommended updating to newer firmware and using the most secure configurations possible. And both organizations recommended physical security changes, such as using rear-loading ATMs, locking down physical access and closely watching for suspicious activity like opening the machine’s top. The catch, of course, is that ATM operators either haven’t been diligent or may have a hard time justifying the updates. It’s telling that victim machines have been running XP, a 16-year-old platform whose official support ended in 2014 — the odds aren’t high that companies will keep their ATMs up to date, let alone replace them with more secure models or institute advanced defenses. You may not see a widespread attempt to combat jackpotting in the US until the problem becomes too large to ignore. Via: Reuters Source: Krebs on Security

Continue reading here:
ATM ‘jackpotting’ hacks reach the US

Some types of electrical discharge phenomena like blue jets and red sprites occur way above the altitudes where normal lightning occurs. That makes it tough to see them or even to confirm that they actually take place. There’s a group of people living in just the right place to witness them happen, though: astronauts aboard the International Space Station . ESA astronaut Andreas Mogensen filmed thunderstorms from the ISS in September 2015 using the most sensitive camera in the orbiting lab. Now, Denmark’s National Space Institute has finally confirmed that Mogensen indeed caught 245 blue flashes on cam — you’ve really got to watch the video after the break. Apparently, satellites tried to capture upper-atmosphere lightning in the past, but their viewing angles aren’t ideal for filming them. ESA says Mogensen’s successful attempt proves the ISS is “a suitable base for observing these phenomena.” Back in 2012, the ISS crew also successfully captured an image of a red sprite by accident. Now that researchers know how to best observe these little-understood phenomena, they’ll be able to study them further and help us better understand how the atmosphere protects us from radiation. Source: ESA

More:
Astronaut filmed elusive blue lightning aboard the ISS