12:11 PM
Connect Directly

11 Security Sights Seen Only At Black Hat

Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more.
8 of 11

Hacking card readers--for fun, profit, or hotel-room entry--was a leading theme at this year's Black Hat. One of the more elegant, related attacks demonstrated involved a memory corruption vulnerability in some point-of-sale (POS) credit and debit card readers, detailed by "Nils," head of security research at MWR InfoSecurity, and security consultant Rafael Dominguez Vega.

While their attack has three variations, including targeting the magnetic-stripe card readers used in the United States, arguably the most interesting version targets chip-and-PIN smartcards used in Europe, which require the user to enter a PIN to authorize in-person transactions. But Nils and Vega detailed how a malicious smartcard could be used to rewrite the software running on the terminal, providing fake authorization that a transaction went through, or instructing it to record all credit card numbers and PIN codes that it sees. At the end of the day, an attacker could return to purchase goods and "pay" with a smartcard programmed to retrieve and store all data seen by the POS terminal during the day.

Credit card photograph by Flickr user Images_of_Money, via Creative Commons license.


Black Hat: 6 Lessons To Tighten Enterprise Security

Tired Of Security Problems? Change Rules Of Writing Code

HTML Access Control Busted By Security Researchers

Strike Back At Hackers? Get A Lawyer

5 Black Hat Security Lessons For CIOs

Internet Crime Focus Of Black Hat Europe

3 Big Security Themes At Black Hat Europe

8 of 11
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/2/2012 | 12:14:46 PM
re: 11 Security Sights Seen Only At Black Hat
The whole conference looked like it was a blast to attend and learn some state of the art defensive techniques. I have to make it to one of these I would love to sit through most of these speakers that attend. I have heard many different opinions in what the key theme was at the Black Hat conference, did anyone attend? What was in your opinion the theme of the conference that you viewed?

Paul Sprague
InformationWeek Contributor
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Twitter Feed