Pwnie Express’ Pwn Plug R2 lets you hackproof networks over 4G

Pwnie Express' Pwn Plug R2 lets you hackproof networks over 4G

Pwnie Express has a knack for stuffing powerful security testing tools into innocuous housings, and this time their flexing that unique talent with the Pwnie Plug R2. Ars Technica's gotten ahold of the contraption ahead of its debut at the Black Hat conference, and it's boasting a healthy number of upgrades, including 4G service through AT&T and T-Mobile. Security hawks keen on testing network safety will be greeted with a fresh UI, one-click penetration tests and a new OS dubbed Pwnix, which is a custom version of the Debian-based Linux distro Kali. When it comes to hardware, the box packs a 1.2GHz Armada-370 ARM CPU, 1GB of RAM, a 32GB microSDHC card, a pair of gigabit Ethernet ports, a high-gain industrial Bluetooth adapter, two USB slots and a microUSB port. Naturally, the package supports WiFi 801.11 b/g/n and carries a SIM slot for those cases where you need to SSH in from halfway 'round the globe. If the $895 asking price doesn't make you flinch -- or you dig daydreaming about hacking for good or evil -- venture to the source for a breakdown of the gear's abilities.

Filed under:

Comments

Source: Ars Technica

Security experts hack payment terminals to steal credit card info, play games

Security experts show payment terminal vulnerabilities by playing racing game with pinpad

If a payment terminal could be forced into servitude as a crude handheld gaming device, what else could it be made to do? Researchers at the Black Hat conference showed just what mischief a commonly used UK PoS terminal could get up to when they inserted a chip-and-pin card crafted with malicious code. That enabled them to install a racing game and play it, using the machine's pin pad and screen. With the same hack, they were able to install a far less whimsical program as well -- a Trojan that could record card numbers and PINs, which could be extracted later by inserting another rogue card. On top of that, criminals could use the same method to fool the terminal into thinking a transaction was bank-approved, allowing them to walk out of a store with goods they hadn't paid for. Finally, the security gurus took a device popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control. Makes you want to put those credit cards (and NFC devices) away and stick to cash -- at least you can see who's robbing you blind.

[Original image credit: Shutterstock]

Filed under:

Security experts hack payment terminals to steal credit card info, play games originally appeared on Engadget on Fri, 27 Jul 2012 06:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourcePC World  | Email this | Comments

Apple to present at Black Hat conference for first time, talk about iOS’ padlocks

iPhone 4 rooted with Cydia

Apple is taking a different, more cautious tack when it comes to security these days. That doesn't make it any less surprising that the company is planning to give a presentation at the Black Hat conference: the company will have someone on stage for the first time and won't just socialize in the corridors. When he takes to the podium on July 26th, platform security manager Dallas De Atley will go into detail regarding iOS' security measures in front of an audience used to finding a way around them. The company hasn't said whether that involves current or future technology; we suspect that Apple may be eager to show what iOS 6 brings to the table, however. If it all goes down like Black Hat general manager Trey Ford says it will, Apple may both open up a bit on security and set more of the agenda this week -- instead of letting conference goers set it themselves.

Filed under: , ,

Apple to present at Black Hat conference for first time, talk about iOS' padlocks originally appeared on Engadget on Tue, 24 Jul 2012 11:51:00 EDT. Please see our terms for use of feeds.

Permalink Bloomberg  |  sourceBlack Hat  | Email this | Comments

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets

Windows 7 with Gadgets

Whether you see Windows Vista and Windows 7 Gadgets as handy tools or a blight upon a pristine desktop, you might want to shut them off for safety's sake. Mickey Shkatov and Toby Kohlenberg have found that the desktop widgets' web-based code have flaws that would allow malicious Gadgets, or even hijacked legitimate Gadgets, to compromise a PC without having to go through the usual avenues of attack. Microsoft's short-term answer to the vulnerability is a drastic one, though: a stopgap patch disables Gadgets entirely, leaving just a barren desktop in its wake. There's no word on a Gadget-friendly solution arriving before Kohlenberg and Shkatov present at the Black Hat Conference on July 26th, but we suspect Microsoft's ultimate answer is to move everyone to Windows 8, where Gadgets aren't even an option. We understand the importance of preventing breaches, of course -- we're just disappointed that we'll have to forgo miniature stock tickers and weather forecasts a little sooner than expected.

Filed under:

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets originally appeared on Engadget on Wed, 11 Jul 2012 14:42:00 EDT. Please see our terms for use of feeds.

Permalink Computerworld  |  sourceMicrosoft, Black Hat Conference  | Email this | Comments