Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Crooks Need Just Six Seconds To Guess A Credit Card Number (independent.co.uk) 110

schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found... Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack...

According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.

One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."
Security

Hackers Steal $31 Million at Russia's Central Bank (cnn.com) 78

The Bank of Russia has confirmed Friday that hackers have stolen 2 billion rubles ($31 million) from correspondent accounts at the Russian central bank. Central bank security executive Artiom Sychev said it could've been much worse as hackers tried to steal 5 billion rubles, but the central banking authority managed to stop them. CNNMoney reports: Hackers also targeted the private banks and stole cash from their clients, the central bank reported. The central bank did not say when the heist occurred or how hackers moved the funds. But so far, the attack bears some similarity to a recent string of heists that has targeted the worldwide financial system. Researchers at the cybersecurity firm Symantec have concluded that the global banking system has been under sustained attack from a sophisticated group -- dubbed "Lazarus" -- that has been linked to North Korea. But it's unclear who has attacked Russian banks this time around. Earlier Friday, the Russian government claimed it had foiled an attempt to erode public confidence in its financial system. Russian's top law enforcement agency, the FSB, said hackers were planning to use a collection of computer servers in the Netherlands to attack Russian banks. Typically, hackers use this kind of infrastructure to launch a "denial of service" attack, which disrupts websites and business operations by flooding a target with data. The FSB said hackers also planned to spread fake news about Russian banks, sending mass text messages and publishing stories on social media questioning their financial stability and licenses to operate.
Security

Russia Says Foreign Spies Plan Cyber Attack On Banking System (reuters.com) 88

Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust. From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."
United States

US Economy Added 178,000 Jobs in November; Unemployment Rate Drops To 4.6 Percent (washingtonpost.com) 533

The U.S. economy added 178,000 jobs in November, while the unemployment rate fell to 4.6 percent from 4.9 percent the previous month, according to new government data released (Editor's note: the link could be paywalled; alternate source) Friday morning. From a report on the Washington Post: Economists surveyed by Bloomberg News had expected U.S. employers to create 180,000 new jobs last month -- roughly in line with the average number added in the first 11 months of the year. The first release after a contentious election in which the candidates disputed the health and direction of the economy, the data showed a job market that is continuing to steadily strengthen from the recession. The unemployment rate fell to levels not seen since August 2007, before a bubble in the U.S. housing market began to burst. The fall was driven partly by the creation of new jobs, and partly by people retiring and otherwise leaving the labor force. The labor force participation rate ticked down to 62.7 percent. Average hourly earnings declined by 3 cents to $25.89. The decrease pared back large gains seen in October, but over the year average hourly earnings are still up 2.5 percent, the Bureau of Labor Statistics said.
The Almighty Buck

South Korea To Kill the Coin in Path Towards 'Cashless Society' (cnbc.com) 258

The central bank in South Korea, one of the world's most technologically advanced and integrated nations, is taking a major step in getting rid of coins in the nation in what is an attempt to become a cashless society. The first step is to get rid of the metal, a feat authorities hope to achieve by 2020. From a report on FT: The Bank of Korea on Thursday announced it will step up its efforts to reduce the circulation of coins, the highest denomination of which is worth less than $0.50. As part of the plan it wants consumers to deposit loose change on to Korea's ubiquitous "T Money" cards -- electronic travel passes that can be used to pay for metro fares, taxi rides and even purchases in 30,000 convenience stores. The proposals are just the latest step for a nation at the forefront of harnessing technology to make citizens' lives more convenient. Online shopping is the norm, as are mobile payments for the country's tech-savvy millennials. South Korea is already one of the least cash-dependent nations in the world. It has among the highest rates of credit card ownership -- about 1.9 per citizen -- and only about 20 percent of Korean payments are made using paper money, according to the BoK. But while convenience is at the crux of the central bank's plan, there are other considerations. The BoK spends more than $40m a year minting coins. There are also costs involved for financial institutions that collect, manage and circulate them.
Security

ATM Hacks in 'More Than a Dozen' European Countries in 2016 (zdnet.com) 22

Cybercriminals have hacked ATMs in more than a dozen countries in Europe this year using software that forces the machines to spit out cash, according to Russian cybersecurity firm Group IB. ZDNet adds: This type of attack, known as "jackpotting", is part of hackers' shifting focus from stealing card numbers and online banking details towards a more lucrative method that gives them access to both ATMs and electronic payments. The firm said attacks had successfully compromised banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia. However, the firm declined to disclose the banks' names. ATM makers Diebold Nixdorf and NCR Corp said that they are aware of the attacks, and have been working with customers to mitigate the threat. Dmitry Volkov, head of intelligence at Group IB said that he expects more heists on ATMs in the future.
Businesses

Symantec To Acquire LifeLock for $2.3B (usatoday.com) 41

Symantec is acquiring identity-theft protection firm LifeLock for $2.3 billion, the companies announced today. It's the company's latest move to branch out from malware protection into cybersecurity, following its purchase of Blue Coat, a company that safeguards web transactions. "With the combination of Norton and LifeLock, we will be able to deliver comprehensive cyber defense for consumers," Symantec said. From a report on USA Today:Symantec will finance the deal with a combination of cash and $750 million of new debt, the company said in a statement. The deal will close during the first calendar quarter of 2017. The combination of LifeLock and Norton, Symantec's suite of antivirus and anti-spyware tools, will help the company deliver "comprehensive" protection for consumers, said Symantec CEO Greg Clark. "This acquisition marks the transformation of the consumer security industry from malware protection to the broader category of digital safety for consumers," said Clark. Symantec sees a growing market for digital safety, estimated at $10 billion and 80 million consumers. "People's identity and data are prime targets of cybercrime," said Symantec board chairman Dan Schulman. "The security industry must step up and defend through innovation and vigilance."
Twitter

Spammers Compromised Popular Twitter Accounts Including Viacom And Microsoft Xbox (engadget.com) 23

"A number of popular Twitter accounts suddenly wanted to help you add more followers," joked Engadget. An anonymous reader writes: Early Saturday morning, due to a breach of the Twitter Counter analytics service, the compromised Twitter accounts started posting images touting services that sell Twitter followers. The affected accounts include @PlayStation, @Viacom, @XboxSupport, @TheNewYorker, @TheNextWeb, and @Money (Time's finance magazine) as well as @NTSB (the National Transportation Safety Board) and @ICRC (the Red Cross), and the Twitter accounts of famous individuals include astronaut Leland Melvin, Minnesota Governor Mark Dayton, and actor Charlie Sheen. "We can confirm that our service has been hacked; allowing posts on behalf of our user," Twitter Counter posted Saturday, announcing minutes later that "hackers CANNOT post on our users' behalf anymore."
"Apologies for the spam, everyone," tweeted the account for Xbox support, adding "We're cleaning things up now."
Security

Bangladesh Hopes To Recover $30 Million More From Cyber Heist (reuters.com) 16

In February, Bangladesh's central bank was thrown under the bus after hackers stole a whopping $81 million from it. The central bank has now said it hopes to retrieve $30 million more of the stolen amount. From a report on Reuters: Hackers used stolen Bangladesh Bank credentials to try to send three dozen SWIFT messages to transfer nearly $1 billion from its Fed account. They succeeded in transferring $81 million to four accounts at Rizal Commercial Banking Corp in Manila. Most of the money was laundered through casinos in Manila. On Friday, Philippine authorities began the process of handing over $15.25 million to Bangladesh. "We are hoping to get back around $30 million which remains frozen," Bangladesh Bank deputy governor Abu Hena Mohammad Razee Hassan, who heads its financial intelligence unit, told Reuters.
Piracy

University Bans BitTorrent To Stop Flood of Infringement Notices (torrentfreak.com) 123

A university in Canada has taken sweeping action in an effort to stem the tide of piracy notices. Following changes to Canada's copyright law in early 2015, ISPs are now required to forward copyright infringement notices to their customers. Over the past years, copyright owners have aggressively targeted users and ISPs with volumes of notices to generate more revenue. TorrentFreak adds:The phenomenon has also been felt at the University of Calgary, which acts as a service provider to thousands of students. Inevitably, some of those students have been using their connections to obtain music and movies for free, which has led to the university receiving large numbers of notices. So, in an effort to reduce the instances of alleged infringement, the university has recently banned BitTorrent usage on several Wi-Fi networks. Speaking to student newspaper The Gauntlet, vice-president finance and services Linda Dalgetty said that the effect was felt immediately. During the first eight days of the ban, the university received 90% fewer notices than usual. "I think what we're finding is it has definitely made a difference. But we have to monitor that, because statistically, we have to go through a longer time frame than eight days," Dalgetty said.According to Dalgetty, reducing the number of infringement notices wasn't the only consideration. The volume of traffic and other threats were also on the agenda. "The more streaming we have on the campus, the more it impacts network performance and that takes away the user experience for other pursuits," she said. "The third [reason] is security. The more streaming we have, the [higher chance] of inadvertently downloading something that would create issues."
Security

Russian Banks Floored by Withering DDoS Attacks (theregister.co.uk) 103

An anonymous reader shares a report on The Register: At least five Russian banks weathered days-long DDoS attacks this week. A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims including Sberbank and Alfabank both confirmed DDoS attacks on their online services, RT reports. The attacks were powered by compromised IoT devices, according to an unnamed Russian Central Bank official. Early indications are that the Mirai IoT botnet that disrupted DNS services for scores of high-profile websites might be behind the latest attacks but this remains unconfirmed. DDoS attacks on Russian banks are far from unprecedented. The last attack on this scale affected eight major banks in October 2015. David Kennerley, director of threat research at Webroot, commented: "These latest DDoS attacks are extremely similar to the recent ones targeted at Dyn last month, and really drives home the security issues of the Internet of Things. While attacks like these are complicated, there's still an element of basic security that could have reduced success -- password management.
EU

Ireland Will Bring the Fight Over Apple Taxes To the EU Court (digitaltrends.com) 71

An anonymous reader quotes a report from Digital Trends: The tax debate between Apple, Ireland, and the European Union may escalate in the next few months. According to recent reports, the Irish Finance Minister, Michael Noonan, will bring the debate to the EU court, a move that could trigger a years-long court battle. The battle stems from a European Commission finding that Ireland had been giving Apple tax breaks, something that has attracted a number of multinational employers to Ireland. The EU, however, has ordered the practices to change. After a three-year probe into Ireland's relationship with Apple, the European Commission ordered Ireland to collect $14.5 billion in back taxes from the company. That is the largest state-aid payback demand in history. The decision has been the subject of criticism, particularly from this side of the Atlantic. The U.S. Treasury Department says the decision is a threat "to undermine foreign investment, the business climate in Europe, and the important spirit of economic partnership between the U.S. and the EU." Apple has also vowed to fight against the EU decision, and those appeals will follow the ones already pending in Luxembourg, where the EU is headquartered. Those pending appeals include cases against Starbucks.
Security

British Retail Tesco Bank: 20,000 Customers Lose Money (bbc.com) 65

An anonymous reader writes:Tesco Bank has halted online payments for current account customers after money was taken from 20,000 accounts. The bank's chief executive Benny Higgins told the BBC he was "very hopeful" customers would be refunded within 24 hours. About 40,000 accounts saw suspicious transactions over the weekend, of which half had money taken, he said. Customers will still be able to use their cards for cash withdrawals, chip and pin payments, and bill payments. The bank is blocking customers from making online payments using their debit card, although transfers between accounts and to other people are still allowed, a spokesperson said. Earlier, the bank confirmed some accounts "have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently."
United States

Secret Service, DHS Scramble To Secure America's Election (yahoo.com) 360

Secret service agents rushed Donald Trump off a stage in Nevada Saturday night, CNN reports. "A scuffle could be seen breaking out in the audience, but it was not immediately clear what happened... Secret Service and police tactical units rushed in to detain a man [who] was then rushed by a throng of police officers, Secret Service agents and SWAT officers armed with assault rifles to a side room... A law enforcement official told CNN no weapon was discovered. The GOP nominee was apparently unharmed and returned to the stage minutes later to finish his speech." Meanwhile, an anonymous reader writes: "All but two U.S. states have accepted help from the U.S. Department of Homeland Security to probe and scan voter registration and election systems for vulnerabilities, a department official told Reuters." Ohio is relying on the National Guard's cyber protection unit, while Arizona says they've held discussions with the FBI, DHS and state-level agents on cyber security. But in addition, "U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News."

American officials believe Russian hacking efforts will continue through 2018, according to the Wall Street Journal. "By hacking and dumping emails, Russia is trying 'to denigrate the American electoral system, to make it look chaotic, make it look manipulable, make it look subject to intrusion, cheating and vulnerable so you can't trust it...to make us look no better than the Russian electoral system,'" said one senior White House official. Russia is also expected to extend their efforts toward elections in Europe.

Yahoo!

Verizon Says Yahoo Name Isn't Going Away (cnet.com) 27

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: "The deal makes strategic sense," said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. "We won't jump off of a cliff blindly." She continues to believe there's value in the Yahoo name, noting that it won't go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a "material impact" to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.
The Media

More NFL Players Attack Microsoft's $400M Surface Deal With The NFL (yahoo.com) 236

An anonymous reader writes; "These tablets always malfunction," complained one NFL offensive lineman in January, foreshadowing a growing backlash to Microsoft's $400 million deal with the NFL to use Surface tablets. Friday the coach of the San Francisco 49ers and their controversial quarterback Colin Kaepernick both complained they've also experienced problems, with Kaepernick saying the screen freezes "every once in a while and they have to reboot it."

Friday Microsoft called their tablet "the center of the debate on the role of technology in the NFL," saying they deeply respect NFL teams "and the IT pro's who work tirelessly behind the scenes to help them succeed." It included quotes from NFL quarterbacks -- for example, "Every second counts and having Microsoft Surface technology on sidelines allows players and coaches to analyze what our opponents are trying to do in almost real time." But Yahoo Finance wrote that "The quotes read like they were written by the Microsoft public relations team," arguing that Microsoft's NFL deal "has been a disaster... The tablets failed to work during a crucial AFC Championship game last January -- again for the New England Patriots... sports media interpreted that the malfunction benefited the Broncos on the field, giving the team an unfair advantage -- the very last thing Microsoft's tablets, meant to aid coaches in their play calling, should be doing."

The NFL issued a statement calling Microsoft "an integral, strategic partner of the NFL," adding "Within our complex environment, many factors can affect the performance of a particular technology either related to or outside of our partner's solutions."
Power

Will Tesla Install Home Solar Panels To Charge Cars? (buffalonews.com) 81

Earlier this week, Tesla signed a non-binding agreement to buy solar cells from a new Panasonic factory in Buffalo, New York -- but it's part of a much bigger maneuver. An anonymous Slashdot reader writes: "If all goes to plan, Tesla will be supplying customers with the solar panels that generate electricity that could then be used to charge the battery in their Tesla car or the battery in the Tesla Powerwall home energy storage system," reports the Christian Science Monitor. The Wall Street Journal reports that Musk's SolarCity "will sell, finance and install the panels."

But the Buffalo News suggests the deal is really "aimed squarely at skeptical shareholders" who may be leary of a proposed merger between Tesla and SolarCity," which one analyst calculates will require nearly $6 billion in extra capital. Panasonic could help shoulder the costs of the Buffalo factory, while also putting a more experienced manufacturer in charge of producing high-efficiency solar modules.

The Stack reports some shareholders have actually filed a lawsuit against the merger.
Windows

Macs End Up Costing 3 Times Less Than Windows PCs Because of Fewer Tech Support Expense, Says IBM's IT Guy (yahoo.com) 524

An anonymous reader shares a report on Yahoo (edited): Last year, Fletcher Previn became a cult figure of sorts in the world of enterprise IT. As IBM's VP of Workplace as a Service, Previn is the guy responsible for turning IBM (the company that invented the PC) into an Apple Mac house. Previn gave a great presentation at last year's Jamf tech conference where he said Macs were less expensive to support than Windows. Only 5% of IBM's Mac employees needed help desk support versus 40% of PC users. At that time, some 30,000 IBM employees were using Macs. Today 90,000 of them are, he said. And IBM ultimately plans to distribute 150,000 to 200,000 Macs to workers, meaning about half of IBM's approximately 370,000 employees will have Macs. Previn's team is responsible for all the company's PCs, not just the Macs. All told IBM's IT department supports about 604,000 laptops between employees and its 100,000+ contractors. Most of them are Windows machines -- 442,000 -- while 90,000 are Macs and 72,000 are Linux PCs. IBM is adding about 1,300 Macs a week, Previn said.
Open Source

Blockchain Platform Developed by Banks To Be Open-Source (reuters.com) 32

A blockchain platform developed by a group that includes more than 70 of the world's biggest financial institutions is making its code publicly available, in what could become the industry standard for the nascent technology, reports Reuters. From the article: The Corda platform has been developed by a consortium brought together by New-York-based financial technology company R3. It represents the biggest shared effort among banks, insurers, fund managers and other players to work on using blockchain technology in the financial markets. Blockchain, which originated in the digital currency bitcoin, works as a web-based transaction-processing and settlement system. It creates a "golden record" of any given set of data that is automatically replicated for all parties in a secure network, eliminating any need for third-party verification. Banks reckon the technology could save them money by making their operations faster, more efficient and more transparent. They are racing to build products using the technology that will generate new revenue, with dozens of patent applications filed for blockchain-based products by Wall Street's top lenders. R3 says it hopes its platform will become the industry standard, although its intention is indeed for firms to build products on top of it.
The Almighty Buck

Apple is 'Intransigent, Closed and Controlling' Say Banks (afr.com) 289

Apple is increasingly trying to get banks to implement its Apple Pay mobile payments solutions, but some banks are avoiding Cupertino giant's offer, saying that the company is "closed and controlling". From a report on Financial Review: Three of Australia's big four banks have described technology giant Apple as being "intransigent, closed and controlling" and accused it of attempting to freeload on their contactless payments infrastructure while slowing innovation in digital wallets. In an increasingly acrimonious dispute, Commonwealth Bank of Australia, National Australia Bank, Westpac Banking Corp and Bendigo and Adelaide Bank are arguing that the engineering of Apple iPhones prevent them from delivering mobile wallets to millions of customers. This is because Apple Pay is the only application that works with the iPhone's "near field communication" (NFC) antenna, which communicates with payment terminals. In their latest, 137-page submission filed with the competition regulator, the banks argue that by locking them out, "Apple is seeking for itself the exclusive use of Australia's existing NFC terminal infrastructure for the making of integrated mobile payments using iOS devices. Yet, this infrastructure was built and paid for by Australian banks and merchants for the benefit of all Australians."

Slashdot Top Deals