News

12:11 PM
Connect Directly
RSS
E-Mail
50%
50%

11 Security Sights Seen Only At Black Hat

Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more.
Previous
8 of 11
Next


Hacking card readers--for fun, profit, or hotel-room entry--was a leading theme at this year's Black Hat. One of the more elegant, related attacks demonstrated involved a memory corruption vulnerability in some point-of-sale (POS) credit and debit card readers, detailed by "Nils," head of security research at MWR InfoSecurity, and security consultant Rafael Dominguez Vega.

While their attack has three variations, including targeting the magnetic-stripe card readers used in the United States, arguably the most interesting version targets chip-and-PIN smartcards used in Europe, which require the user to enter a PIN to authorize in-person transactions. But Nils and Vega detailed how a malicious smartcard could be used to rewrite the software running on the terminal, providing fake authorization that a transaction went through, or instructing it to record all credit card numbers and PIN codes that it sees. At the end of the day, an attacker could return to purchase goods and "pay" with a smartcard programmed to retrieve and store all data seen by the POS terminal during the day.

Credit card photograph by Flickr user Images_of_Money, via Creative Commons license.

RECOMMENDED READING:

Black Hat: 6 Lessons To Tighten Enterprise Security

Tired Of Security Problems? Change Rules Of Writing Code

HTML Access Control Busted By Security Researchers

Strike Back At Hackers? Get A Lawyer

5 Black Hat Security Lessons For CIOs

Internet Crime Focus Of Black Hat Europe

3 Big Security Themes At Black Hat Europe

Previous
8 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
8/2/2012 | 12:14:46 PM
re: 11 Security Sights Seen Only At Black Hat
The whole conference looked like it was a blast to attend and learn some state of the art defensive techniques. I have to make it to one of these I would love to sit through most of these speakers that attend. I have heard many different opinions in what the key theme was at the Black Hat conference, did anyone attend? What was in your opinion the theme of the conference that you viewed?

Paul Sprague
InformationWeek Contributor
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed