Loading recent posts...

Oct 8, 2014

ATM Programmer’s Reference Manual Leaked Online

A document containing various references for programming automated teller machines (ATMs) has been found online using the Chinese Baidu search engine.

News of malware designed specifically for ATMs has become more frequent lately, and with such an asset at the disposal of malware authors, things may have just started to get worse. Security researchers at F-Secure found the API documentation for cashpoints manufactured by NCR Corporation, which would help a malicious actor create malicious code that can interact with the ATM. These machines run on Windows Embedded operating system and feature some differences when compared to the regular editions of the OS.

Understanding malware behavior prompts documentation search

The search for this type of file was determined by the fact that the researchers could not connect the dots about specific inner working of an ATM malware they analyzed. In particular, for the attackers to be able to control the malware, a connection to the machine’s pin pad had to be created through available APIs. However, what F-Secure could not put together was how the malware author knew which process should be used for this task, since Microsoft does not provide documentation on a DLL library (MSXFS.dll) that seems to be specific to ATMs and self-service terminals running Windows Embedded. “Therefore, we did some web searches for the API documentation using the API name and the pin pad service name,” the F-Secure says in a blog post.

It seems that finding the documentation was not a painstaking job, which means that malware authors should also have no trouble accessing it. And when a document has been leaked online, despite all efforts to remove it, there is no guarantee that it has been completely eliminated.

Malware added to ATM from CD, just like Tyupkin

F-Secure started their search after learning news about ATMs in Malaysia having been robbed of approximately $1 million / €790,000. According to the Malaysian police report, the thieves infiltrated malware identified as Backdoor.Padpin by Symantec installing it from a CD, which means physically tampering with the ATMs lock to get access to the CD-Rom drive. PadPin creates a file called “ulssm.exe” and attempts to remove the “AptraDebug.lnk” shortcut file from the operating system’s startup folder and the registry key “AptraDebug.” All this, including the DLL library used, is consistent with a recent report from Kaspersky about Tyupkin ATM malware, which was discovered to target cashpoints in Russia. However, as per Kaspersky’s data, one sample has been detected in Malaysia, too.

It appears that Tyupkin has been used in Russia to extract millions of dollars without the need to insert a card into the cash machine. “The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure,” said Vicente Diaz, principal security researcher at Kaspersky Lab’s Global Research and Analysis Team. “We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions,” Diaz added.

ATM programming documentation found online
Image credits to F-Secure

HTC Desire Eye Gets Benchmarked Ahead of Official Announcement

With just a few hours left until HTC’s “Double Exposure” event is scheduled to begin, new details confirming some of the specs of one of the devices to be unveiled today leaked online.

The folks over at Techtastic have just spotted the HTC Desire Eye, the selfie smartphone to be announced later today, at GFX Benchmark site. Along with the smartphone’s benchmark scores, a list of specs is available as well. Although we knew most of the hardware and software configuration of the Desire Eye, it’s nice to have another confirmation of the smartphone’s capabilities. According to the listing at GFX Benchmark, HTC Desire Eye will be equipped with an impressive 13-megapixel rear-facing camera with dual-LED flash, autofocus and full HD (1080p) video recording. Previous rumors also mention that the smartphone will come with a similar 13-megapixel camera in the front, along with a dual-LED flash for better capturing in low-light conditions.

Another piece of information leaked on the benchmark site is the 2.2GHz quad-core Qualcomm Snapdragon 801 processor inside the HTC Desire Eye, which was mentioned in previous reports as well. Obviously, Qualcomm’s chipset also accommodates an Adreno 330 graphics processing unit, along with 2GB of RAM, which are enough for a high-end smartphone. Furthermore, the Desire Eye is likely to pack 16GB of internal memory, but the benchmark mentions only 9GB of storage will be available for users. Luckily, the smartphone will also pack a microSD card slot for memory expansion (up to 128GB).

The selfie smartphone is likely to be equipped with dual 13MP cameras

The soon to be unveiled smartphone is said to sport a 5.2-inch capacitive touchscreen display that should support full HD (1080p) resolution. Last but not least, HTC Desire Eye will ship with Android 4.4.4 KitKat operating system out of the box. The good news is the Taiwanese company will probably offer an Android L upgrade for the smartphone a few months after the official release of the new OS. In the same piece of news, the Desire Eye won’t be the only smartphone to be introduced by HTC later today at the “Double Exposure” event. Word is that the handset makes plans to unveil another top-tier Android smartphone in just a few hours, the HTC One M8 max. Even though previous rumors claim this handset will boast a stunning QHD (2560 x 1440 pixels) display, according to the latest hearsay, the One M8 max will in fact be packed with a full HD (1080p) screen.

Oh well, we’ll only have to wait a few more hours for HTC to unveil its new high-end smartphones, so stay tuned for more updates on the matter.

HTC Desire Eye specs
Image credits to GFXBenchmark

China’s Youngest Hacker Wants to Be a White Hat

13-year-old Wang Zhengyang, considered the youngest hacker in China, was invited to speak at this year’s China Internet Security Conference, where he said he wanted to be one of the good guys in the security industry.

The boy is regarded as a prodigy child as far as computer security is concerned, mainly because he came to media attention when he hacked into one of his school’s websites. At that time, media outlets informed that the reason for leveraging the security flaw he discovered was that Wang wanted to avoid submitting his homework. The boy, however, came out with a different story, saying that the website he breached wasn’t even intended for his junior class, and held records of high-school students. Another of his deeds included finding a vulnerability in the password validation scheme of an online shopping website. He took advantage of the flaw and changed the price of a product from 2,500 yuan ($407 / €321) to 1 yuan ($0.16 / €0.13) before leaving.

In both cases, it appears that the teenager disclosed the security glitches. “You have to attack the websites first to find its weaknesses,” he said at the conference. At the security conference held in Beijing in September, Wang said that his actions were intended to determine admins to fix the websites and that he felt excited whenever he discovered a new bug that could compromise a website’s security. “I think those who hack all day for profit are immoral,” Want China Times quoted him as saying. He also said that he would not use his talent for illegal purposes.

Teenage hacker determined to be a good guy
Images credits to Xinhua / Want China Times

Nokia HERE Maps Beta for Android Now Available for Download on Samsung Galaxy Smartphones

Nokia has finally released the long-awaited HERE Maps application for Android. Even though it’s only available in its beta version form, Android fans will probably be happy that they now have a worthy alternative to Google Maps service.

There’s a catch though. It looks like Samsung has paid Nokia a lot of money for exclusivity over HERE Maps, at least for period of time. Although Nokia revealed its plans to make the navigation service available on the most important mobile platforms in the market, Android and iOS, it appears that now everyone will have access to the beta version from the beginning. HERE Maps, in its final version form, is only available on Windows Phone, but that’s about to change as the Finnish company is trying to push one of its most prolific products to other platforms. We’re sure Android users will definitely try Nokia’s HERE Maps service, which will be available for free when the final version is released.

In fact, for a lot of people who are now using Android smartphones, HERE Maps is the only navigation service that would be able to compete with the wildly popular Google Maps. For the time being though, the beta version of HERE Maps is only available to those who own Samsung Galaxy smartphones. The application through which the service can be accessed can be downloaded via Galaxy Apps Store.

The app can only be downloaded via Samsung's Galaxy Apps store

Previously known as Samsung Apps, the Galaxy Apps requires a valid account, just like Google Play Store does. Speaking of which, do not check HERE Maps on Google Play Store, as Samsung, as mentioned earlier, has exclusivity over the application. We’ve already downloaded the beta version of HERE Maps and can confirm that the offline maps feature is available, which is one of the advantages the application offers over Google Maps. While Google Maps allows users to download maps for offline use, they are only available for smaller regions, while HERE Maps provides users with the option to navigate whole countries without having to connect to the Internet, assuming they already downloaded the map on their smartphone.

That being said, we have no doubt that many Android users will switch to HERE Maps if Nokia does a great job at porting it on Google’s mobile platform. You can now download HERE Beta for Android for free via Galaxy Apps. Keep in mind that the application is only compatible with Samsung Galaxy smartphones.

HERE Beta for Android
Image credits to Samsung Galaxy AppStore

ASUS Brings Out ROG G751 Gaming Laptops with NVIDIA GTX 980M / 970M GPUs

Traces of the upcoming high-end ASUS ROG G751 gaming system appeared a while ago and since NVIDIA has unveiled its latest GTX 980M / 970M graphics cards, the device maker is free to roll out the machine into the wild.

The ROG G751 family is composed of four laptop models, three of which take advantage of Intel’s Core i7-4710HQ processor while the last one makes use of Intel’s Core i7-4860HQ processor.

The four models bring different characteristics

In the GPU department, the G761JT-CH71 and the G751JT-DH72 will take advantage of NVIDIA’s GeForce GTX 970M GPU with 3GB of GDDR5 VRAM. If you want more, there’s also the G751JY-DH71 and G751JY-DH72X which take advantage of NVIDIA’s GeForce GTX 980M with 4GB of GDDR5 VRAM. Naturally, these models will be sold at more expensive price-tags, as they also take advantage of a DVD Super-Multi optical drive. The GTX 970M models are equipped with a Blu-ray burner, instead. They also pack 16GB of DDR3 memory, while the DH71 has 24GB of DDR3 and the DH72X comes along with 32GB of DDR3 memory. As for storage, the CH71 has 1TB 7200 RPM hard drive, the DH72 and DH71 boast 1TB 7200 RPM hard drive and a PCIe 256 GB SSD and the DH72X has a 1TB 7200 RPM hard drive and PCIe 512 GB SSD.

All four laptops offer a 17.3-inch form factor and will be shipped with an anti-glare IPS screen with LED backlighting and 1920 x 1080 pixel resolution. The notebooks have a built-in HD camera, one-piece Chiclet keyboard and run Windows 8.1 out of the box. All machines come with the F-22 Raptor inspired lines characteristic of previous G series iterations. Customers will recognize the familiar and stylish finish and illuminated ROG logo. The gaming machines boast dedicated keys for instant access Steam and one-click game recording. For example, the Macro Key can be used to set up three commands for various in-game multi-key actions or launching of specific applications.

The gaming experience is further enhanced by the presence of ASUS’ SonicMaster and ROG AudioWizard audio technology. On top of all that, we can add the benefits of NVIDIA’s latest GPU architecture, which brings about longer battery life, better performance and extended game-play times while the laptops are unplugged. The ASUS ROG G751 family starts shipping as of this week with a starting price set for $1,499 / €1,186.

Press Release:FREMONT, Calif., Oct. 7, 2014 /PRNewswire/ -- ASUS today begins shipping the ROG G751 Series gaming laptop and ASUS Transformer Book T200 2-in-1 ultraportable for the holiday season. The G751 features up to an Intel® Core™ i7- 4860HQ processor, enthusiast-grade NVIDIA® GeForce® GTX970M/980M graphics, and exclusive ASUS TurboMaster GPU-overclocking technology that delivers gaming desktop level performance. T200 is a stylish and fully-featured 64 bit Windows 8.1 laptop powered by the latest Intel® Atom™ 'Bay Trail-T' quad-core processor. Its detachable 11.6-inch IPS display gives users the 2-in-1 benefits of a powerful laptop and the portable convenience of a tablet.
ROG G751 - Gaming desktop levels of performance
ROG G751 holds an Intel Core i7 processor that delivers smooth and powerful performance. It also features the latest enthusiast-grade NVIDIA GeForce GTX970M/980M for sharp, vivid visuals. All that performance is enhanced by ASUS TurboMaster technology to boost real-time GPU overclocking up to 5%.
The G751 demonstrates exceptional thermal efficiency with minimal noise thanks to copper heatsinks and intelligent dual fans that expel hot air via rear vents, keeping CPU and GPU temperatures low even under overclocking conditions.  G751 also has GameFirst III which gives users lag-free gameplay by prioritizing game packets and allocates more bandwidth for smooth, lag-free gaming. It features four preset packet-priority modes, and manual settings for users who want total control over their network. The built-in Network Monitor tool even lets users manage network traffic and test connection speeds.
ROG G751 has a matte, anti-glare Full HD IPS display with wide 178-degree viewing angles for minimal color shift even when viewed from extreme angles. G751 supports external 4K/UHD (ultra-high-definition) displays too, with Trinity Display technology giving users a total of four displays (notebook display and three external displays)  to work on simultaneously through HDMI 1.4, mini DisplayPort, and VGA output ports. This arrangement is ideal for multi-screen gaming, movie watching, or multi-tasking.
ROG G751 retains the classic stealthy F-22 Raptor-inspired lines found on previous G Series iterations; and sports an aluminum finish and illuminated ROG logo. Specially designed for gamers, G751 has dedicated keys for instant access to Steam and one-click gameplay recording. The ASUS ROG Macro Key can be programmed with up to three commands for complex in-game multi-key actions, launching applications, or loading up a specific website with one keystroke. ASUS SonicMaster and ROG AudioWizard enable powerful, optimized audio for all game genres.
The seamless one-piece chiclet keyboard is ergonomically-angled for user comfort, making it ideal for marathon gaming sessions. Keys have an adjustable backlight that glows red in dark environments, and there are even specially-marked WASD cursor keys.

ASUS ROG G751 is made up of four models

ASUS ROG G751 is offered with either GTX 970M or 980M

ASUS ROG G751 keyboard detail

ASUS ROG G751 is the latest gaming family from the company

ASUS ROG G751 offers enhanced GPU performance
Images credits to ASUS

Google Confirms Nexus 5 Battery Drain Issue Will Be Fixed in Android L

The latest smartphone in the Nexus family is a great device. Those who managed to grab one via Google Play made a great deal getting the Nexus 5.

However, even though the smartphone is more than decent when it comes to specs, there are still a few software issues that need to be fixed. One of the most annoying problems currently affecting Nexus 5 is related to the smartphone’s camera. The so-called “mm-qcamera-daemon” process that remains in the phone’s memory will drain the Nexus 5 battery quite fast. Even keeping the smartphone in idle mode will result in a complete depletion of the battery in less than a day. The main problem is the “mm-qcamera-daemon” process can’t be killed manually or using a third-party application. Even after doing a full factory reset, the issue still persists because “mm-qcamera-daemon” is an important part of the camera subsystem, so it needs to run in order for users to be able to take advantage of the Nexus 5’s camera.

As explained by Google, the main issue lies in the fact that “mm-qcamera-daemon” gets stuck most of the time in a state where it uses large amounts of CPU, which in return prevents camera use and drains the battery like crazy. If you have been affected by this issue, you will immediately notice it, as the Nexus 5 will become very hot even in idle mode. Those who managed to disable “mm-qcamera-daemon” completely will not be able to use the camera anymore. This is the bad news, but the good news is the issue only affects Nexus 5 smartphones, as other Android devices that have the same process called “mm-qcamera-daemon” are based on different source code, customized for that particular smartphone.

Non-Nexus devices do not seem to be affected by this issue on a large scale

Those who own the Samsung Galaxy S5 and Motorola Moto G, and have similar problems, should contact manufacturers directly, as the fix that Google is working on will not solve their issues as well. AndroidPolice reports Google recently confirmed it’s been able to identify more solutions to the Nexus 5 camera code issue and that it hopes to resolve the rest of the 100% CPU usage cases very soon. Here is what a Google official had to say about the “mm-qcamera-daemon” issue on the Nexus 5: “We've also added a watchdog which tries to clean things up if the daemon gets stuck like this, in case there are still unaddressed issues.

“I'm marking this bug as FutureRelease, which means we've put fixes in place in our internal builds, and the fixes will be included in the next major update for the Nexus 5.” This means that we should expect a fix for the Nexus 5 camera problem to be delivered with Android L, Google’s next major OS release.

mm-qcamera-daemon issue on Nexus 5
Image credits to AndroidPolice

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | coupon codes