ATM skimmer that doesn’t require any modifications to the ATM

Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.

The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.

The crooks usually return later in the evening to remove the theft devices. Armed with skimmed card data and victim PINs, skimmer thieves are able to encode the information onto counterfeit cards and withdraw money from compromised accounts at ATMs across the country.

More…

I was thinking the same attack on Saturday morning..

Serious 0-day Found in Every Version of IE

Stop using IE. Seriously, just stop. At least for now. A serious 0-day vulnerability which exploits MME HTML has been discovered in every existing version of Windows / IE. Until this gets patched it is essential not to use IE as a browser at all.

While this has just recently been made public, you have to wonder how long this has been exploited quietly by the “bad guys”

[External Link]

ShmooCon 2011 Streams!

Streaming Video

Posted On: 2011-01-27 10:26:36

Apparently ShmooCon is actually ShnowCon – who knew!  We’re still on track for tomorrow and hope to see you all there.  For those of you who have to bail last minute or didn’t get a ticket during the enormous five minute window they were available – Have no fear! ShmooCon will be streamed to you live absolutely free of charge and available from Ustream.

Each track will have a dedicated Ustream channel set up for the duration of the conference so you can tune in and pretend you are right here with us.  (Throwing Shmooballs at your screen may not be a great idea)

Tune in at the following URLs.

One Track Mind

http://www.ustream.tv/channel/one-track-mind-2011

Break it!

http://www.ustream.tv/channel/break-it-2011

Build it!

http://www.ustream.tv/channel/build-it-2011

Bring it on!

http://www.ustream.tv/channel/bring-it-on-2011