2014年3月27日星期四

Attackers get cash out of ATMs by sending SMS messages

Criminals are using SMS messages to get cash out of ATMs, according to Symantec.

The crooks begin by loading ATM malware into the cash machine. In the Monday post, Symantec used Ploutus, a piece of malware observed circulating Mexico in October 2013 that was later discovered to have been updated with an English-language version.

Uploading Ploutus to the ATM is as easy as accessing the CD-ROM drive or the USB drive on the machine. In previous operations, criminals picked the locks on the ATMs to access the drives, or even bored holes in the machine's casing and covered up the openings.

Next, the criminals must hook a specially configured mobile phone to the ATM using USB tethering, which allows the money machine and the cell phone to share an internet connection, but also keeps the mobile device charging indefinitely.

Now the criminals can send SMS command messages to the mobile phone in the ATM, which will be converted into network packets and forwarded to the ATM, Daniel Regalado, a Symantec security researcher, wrote in the post.

“As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number “5449610000583686” at a specific offset within the packet in order to process the whole package of data,” Regalado wrote. “Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus.”

The end result is that the ATM almost instantly dispenses however much cash the malware is preconfigured to spit out, according to the post, which adds that criminal operators typically work in tandem with money mules to maximize profits.

Using full disk encryption, preventing booting from unauthorized USB sticks and CD-ROMs, and providing adequate physical defense and surveillance will help slow down criminals, Regalado wrote, but updating to Windows 7 or 8 from Windows XP seems to be the most prominent suggestion.

Microsoft will no longer be supporting Windows XP starting next month and, according to various reports, the popular operating system is being used in 95 percent of ATMs around the world.

In a Monday email correspondence, Charles Henderson, director at Trustwave, a security company that helped analyze Ploutus back in October 2013, told SCMagazine.com that the lack of support for Windows XP may create serious security weaknesses, but added that it is not the only issue.

“In our penetration tests against ATMs, many of our most successful attacks have not been OS-dependent,” Henderson said. “Vectors involving man-in-the-middle (MITM) attacks on the ATM network have been more effective and less time consuming than attacks against the underlying OS.”

2014年3月7日星期五

開源多媒體文件共享的完美解決方案-FUSE Media

Fuse Media屬於開源內容管理系統drupal的衍生版,支持多種多媒體文件的DAM-媒體分佈管理系統,提供簡單的用戶界面和預置UI來管理和共享多媒體文件。
目前,FUSE MEDIA內置如下多媒體解析引擎:圖片,office文檔,pdf,音頻,視頻。
支持的文件格式大體包括以下文件後綴:
jpg jpeg gif png txt doc docx xls xlsx pdf ppt pptx pps ppsx odt ods odp mp3 mov mp4 m4a m4v mpeg avi ogg oga ogv weba webp webm.
 
Fuse Media不需要VPS和獨立服務器,只需要有共享虛擬主機即可。
安裝過程也十分簡單:
1.下載-
2.解壓-
3.上傳(或者直接用SSH wget命令下載到服務器上解壓)-
4.將fuse-media文件夾下所有文件轉移到站點根目錄-
5.打開站點會自動提示安裝,重要的是將sites/default文件夾權限更改為777(chmod -R 777 sites/default)

注意:安裝過程中有兩點是比較重要的,
1.填入數據庫名稱時,不能指定數據表前綴,否則,後面安裝的時候會出錯,可能是版本本身的設置問題。
2.在設置完站點名稱和管理員帳號密碼後,會提示你是否要導入youtube和flikr內容,請不要導入,全面留空進入下一步安裝完成即可,如果選擇導入youtube和flikr內容,會提示API錯誤導致安裝失敗。

fuse media project url:
https://drupal.org/project/fuse