Attackers get cash out of ATMs by sending SMS messages

Criminals are using SMS messages to get cash out of ATMs, according to Symantec.

The crooks begin by loading ATM malware into the cash machine. In the Monday post, Symantec used Ploutus, a piece of malware observed circulating Mexico in October 2013 that was later discovered to have been updated with an English-language version.

Uploading Ploutus to the ATM is as easy as accessing the CD-ROM drive or the USB drive on the machine. In previous operations, criminals picked the locks on the ATMs to access the drives, or even bored holes in the machine's casing and covered up the openings.

Next, the criminals must hook a specially configured mobile phone to the ATM using USB tethering, which allows the money machine and the cell phone to share an internet connection, but also keeps the mobile device charging indefinitely.

Now the criminals can send SMS command messages to the mobile phone in the ATM, which will be converted into network packets and forwarded to the ATM, Daniel Regalado, a Symantec security researcher, wrote in the post.

“As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number “5449610000583686” at a specific offset within the packet in order to process the whole package of data,” Regalado wrote. “Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus.”

The end result is that the ATM almost instantly dispenses however much cash the malware is preconfigured to spit out, according to the post, which adds that criminal operators typically work in tandem with money mules to maximize profits.

Using full disk encryption, preventing booting from unauthorized USB sticks and CD-ROMs, and providing adequate physical defense and surveillance will help slow down criminals, Regalado wrote, but updating to Windows 7 or 8 from Windows XP seems to be the most prominent suggestion.

Microsoft will no longer be supporting Windows XP starting next month and, according to various reports, the popular operating system is being used in 95 percent of ATMs around the world.

In a Monday email correspondence, Charles Henderson, director at Trustwave, a security company that helped analyze Ploutus back in October 2013, told SCMagazine.com that the lack of support for Windows XP may create serious security weaknesses, but added that it is not the only issue.

“In our penetration tests against ATMs, many of our most successful attacks have not been OS-dependent,” Henderson said. “Vectors involving man-in-the-middle (MITM) attacks on the ATM network have been more effective and less time consuming than attacks against the underlying OS.”

開源多媒體文件共享的完美解決方案-FUSE Media

Fuse Media屬於開源內容管理系統drupal的衍生版，支持多種多媒體文件的DAM-媒體分佈管理系統，提供簡單的用戶界面和預置UI來管理和共享多媒體文件。
目前，FUSE MEDIA內置如下多媒體解析引擎：圖片，office文檔，pdf，音頻，視頻。
支持的文件格式大體包括以下文件後綴：

jpg jpeg gif png txt doc docx xls xlsx pdf ppt pptx pps ppsx odt ods odp mp3 mov mp4 m4a m4v mpeg avi ogg oga ogv weba webp webm.

 

Fuse Media不需要VPS和獨立服務器，只需要有共享虛擬主機即可。

安裝過程也十分簡單：

1.下載-

2.解壓-

3.上傳（或者直接用SSH wget命令下載到服務器上解壓）-

4.將fuse-media文件夾下所有文件轉移到站點根目錄-

5.打開站點會自動提示安裝，重要的是將sites/default文件夾權限更改為777（chmod -R 777 sites/default）

注意：安裝過程中有兩點是比較重要的，

1.填入數據庫名稱時，不能指定數據表前綴，否則，後面安裝的時候會出錯，可能是版本本身的設置問題。

2.在設置完站點名稱和管理員帳號密碼後，會提示你是否要導入youtube和flikr內容，請不要導入，全面留空進入下一步安裝完成即可，如果選擇導入youtube和flikr內容，會提示API錯誤導致安裝失敗。

fuse media project url:

https://drupal.org/project/fuse

debian/ubuntu導入goagent和APJP證書

不少大陸朋友使用開源的goagent和APJP翻牆看youtube，facebook，twitter等。
在windows導入證書是很容易的事，直接在瀏覽器導入即可，網上的教程很多，這裡不說了。
而在linux中導入全局證書，當然過程也是很簡單的。
本人使用的是Debian GNU/Linux 7.4，ubuntu的導入也是一樣的。
導入goagent證書：
打開root terminal，進入goagent/local目錄下
輸入以下命令
cp CA.crt /usr/share/ca-certificates/goagent.crt
chmod a+r /usr/share/ca-certificates/goagent.crt
dpkg-reconfigure ca-certificates
在彈出的框中他會問你是否要配置證書，選yes回車，再彈出的下一步中將goagent用空格鍵選中回車即可。

導入APJP證書與goagent證書有一步不一樣：
進入APJP_LOCAL_JAVA目錄下，其中有一個自己生成的APJP_LOCAL_JAVA-1.0.1.pem這個證書，是用JAVA生成的，導入到ca-certificates目錄下時，將文件名直接改成APJP.crt即可。
cp APJP_LOCAL_JAVA-1.0.1.pem /usr/share/ca-certificates/APJP.crt
chmod a+r /usr/share/ca-certificates/APJP.crt
dpkg-reconfigure ca-certificates
在彈出的框中他會問你是否要配置證書，選yes回車，再彈出的下一步中將APJP用空格鍵選中回車即可。

Godaddy2014年2月優惠碼

2014年二月更新。
你是否正在找 GoDaddy續費優惠碼？你是否想以較低價格來給域名，主機和SSL續費？
如果是，那麼這些Godaddy.com優惠碼總有一個合適你。

GoDaddy 2014年2月優惠專用

iap50hh – 2014新購GoDaddy主機 50%*折扣
iapoff32 – 新購任意產品優惠32%，僅限2014年2月
點此查看詳情: http://www.godaddy.com/

GoDaddy .COM續費優惠碼

gdbbx1705 – $9.99 .COM 續費 + $0.18 ICANN fee，僅限2014年2月
BB2086D60 – $10.67/year.COM域名續費僅限2014年2月
注意：你可以使用優惠碼為.com域名續費，年數不限。
點此查看詳情: http://www.godaddy.com/

GoDaddy .NET續費優惠碼

gdbbx1705 – $9.99/year .NET 續費 + $0.18 ICANN fee 僅限2014年2月
BB2086D60 – $12.07/年 .NET域名續費僅限2014年2月
BIGWIN30 – $12.07/年 .NET域名續費僅限2014年2月
注意：你可以使用優惠碼為.net域名續費，年數不限。
點此查看詳情: http://www.godaddy.com/

GoDaddy .ORG續費優惠碼

gdbbx1705 – $9.99/year .ORG renewal + $0.18 ICANN fee.
注意：你可以使用優惠碼為.org域名續費，年數不限。
點此查看詳情: http://www.godaddy.com/

GoDaddy所有域名續費優惠碼

gdbXX1026 – 所有域名續費優惠31%, 2014年2月21日過期
使用優惠碼後請查看“Total Cost”
注意: 所有域名後綴優惠碼 .COM, .NET, .ORG, .CC, .CO, .ME, .in, …
點此查看詳情: http://www.godaddy.com/

GoDaddy 主機續費優惠碼

gdbXX1026 – 30% off all Renewals for hosting or website builders.
Note: Offer expires Feb 21, 2014.
Use the coupon and look at the “Total Cost”
如果你還沒有主機，你可以使用以下優惠碼以50%價格新購主機.
iap50hh – Save 50%* OFF Hosting Plans,Expires Mar 31, 2014
注意：可以購買的年數不限.
點此查看詳情: http://www.godaddy.com/

GoDaddy SSL續費優惠碼

gdbXX1026 – 所有SSL續費優惠31%，2014年2月21日過期
點此查看詳情: http://www.godaddy.com/

GoDaddy二月專用優惠碼

iap50hh - 主機優惠50%，僅限2月
iapoff32 - 新購任意產品優惠31%，截至3月31日
點此查看詳情: http://www.godaddy.com/hosting/web-hosting.aspx

解決由sendmail郵件服務器造成的VPS內存佔用過高

情人節當天，由於用phplist群發郵件6萬多封，造成sendmail郵件服務器大量郵件隊列，同時內存佔用達900多M（VPS內存總量1G），開啟webmin圖形管理界面查看進程，一看吓一跳：

全是由sendmail所佔用，平均每個進程佔用約70M。
解決方案如下：
1.清空sendmail郵件隊列：
rm /var/spool/mqueue/*

2.終結所有有sendmail字樣的進程。kill掉

最後內存佔用恢復到300M以下