Hackers use SMS to get cash from ATMs

Microsoft is going to drop out Windows XP from its service from next month, and about 95 percent of the ATM's all over the world will get effected by this, as All ATM's machine runs on Microsoft Windows XP. This is will be the major problem for all the Banks worldwide. Some of the Banks have decided to pay sum of the amount to Microsoft to keep the security update. But India is the only country who is migrating from Windows to Linux, and applying their own developed Linux distro "BOSS" to ATM's through out the country.
As usual ATMs are in the target of cyber criminals from a long wide, and once again hackers have found the new way to get the pay from the ATM in a illegal way. According to the Symantec, hackers have found a way to steal money from ATM's using a text message. This attack was first noticed by the firm in late last year, when the attacks were happening in Mexico.



On Monday, Symantec made a post which stats that Firm have noted a new malware called Backdoor.Ploutus. The Ploutus malware allows attackers to send an SMS message to a phone that is attached to an ATM. The ATM will then spit out the amount of money requested.



Symantec explains "The attacker first needs to upload the Ploutus malware to the ATM using either aUSB drive or a CD-ROM. Once Ploutus has been uploaded, the attacker also needs to attach a cell phone to the ATM using USB tethering. This allows the ATM and the cell phone to share an Internet connection while simultaneously charging the cell phone. The attacker then needs to send the attached cell phone two SMS messages. According to Symantec, the first “must contain a valid activation ID in order to enable Ploutus in the ATM” and the second “must contain a valid dispense command to get the money out”. The Ploutus malware will then tell the ATM to dispense a preset amount of money, which is then picked up by what Symantec calls a “money mule”.

To prevent this attack, Symantec recommends to update the operating system from XP to Latest version. Apart from this, physical security also to be taken, as attacker cannot be done entirely remotely. Symantec also recommends full-disk encryption and preventing booting up from unauthorized disks or USB drives.

Watch Video about ATMs Malware attack:  http://www.youtube.com/watch?v=53vjNDV4RAY&feature=youtu.be

Google now encrypts its emails for better security

Internet giant Google has announced encryption of its popular Gmail service as part of its move to make communication over its server more secure and reliable and to prevent breach into its security.

"Your email is important to you, and making sure it stays safe and always available is important to us," said Nicolas Lidzborski, Gmail Security Engineering chief.

"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010, we made HTTPS the default," Lidzborski said in a blog post yesterday.

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers - no matter if you're using public WiFi or logging in from your computer, phone or tablet," he said, announcing the latest move by Google to reassure customers following whistleblower Edward Snowden's revelations about surveillance by American National Security Agency.

According to the Google official, every single email message one sends or receives - 100% of them - is encrypted while moving internally.

"This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centres - something we made a top priority after last summer's revelations," he claimed.

In 2013, Gmail was available 99.978% of the time, which averages to less than two hours of disruption for a user for the entire year.

"Our engineering experts look after Google's services 24X7 and if a problem ever arises, they're on the case immediately. We keep you informed by posting updates on the Apps Status Dashboard until the issue is fixed, and we always conduct a full analysis on the problem to prevent it from happening again," Lidzborski said.

Hackers are now targeting your router

Many service providers give you a cable or DSL modem with a built-in router. These steps still work for combined units.

First, let’s protect your router. There are three simple steps.

1) You need to do a geeky thing called “updating the firmware.” Every router maker’s process is a little different, but here’s the basic outline.

First, find your router’s program on your computer. Fire it up and it should automatically find your device.

If you don’t have a router program, look up your router’s manual online and see what the device’s IP address is.

Type the number that corresponds to your router’s address into your browser and enter the default login password found in the manual.

While you’re in the router settings, make sure to change the default login password that came with the router. There should be a button labeled “update firmware.” Hit that and go through the process. That will, at least in theory, provide the company’s latest protection. (Bonus: It might increase your device’s performance, too.)

2) Make sure you turn on wireless encryption and provide a strong password. Strong passwords are a pain, but for your home network you just have to enter it once for each gadget. Just remember to keep it written down in a safe place in case you forget it.

Because computer manufacturers want to make our life more complicated, we are confronted with another blinding array of complicated acronyms when it comes to choosing what encryption to set. Look around for an option to secure the network using WPA2. It’s the best protection right now.

It’s smart to put in a long and complex password. Again, it’s a pain, but it will make your network secure from anything but industrial-strength attacks.

3) Finally, take your router offline and make it invisible to passers-by. In the settings, turn off SSID (or network name) broadcasting. This keeps your network hidden unless you know the name. Be sure to change the network name to something that’s hard for someone to guess.

Now your router is safe from attacks. Let’s save you some money and improve your Internet service.

Check your Internet speed using the handy testers available at Speedtest.net or Speakeasy.net. Do it with your computer plugged in to your modem with an Ethernet cable. Keep notes on the plugged-in speed.

If you are one of those lucky folks who have competing Internet and cable providers in town, the first step is to call your cable company and try to negotiate your bill down. If your download speed is significantly slower than what’s promised, start off giving them heck about that.

For cable companies, call and say you’re looking at an offer from a satellite provider. If you have a cable modem for Internet service, say that you’re looking at a cellular, satellite and DSL offer.

Next, make sure you have the fastest modem available. Most cable customers are paying a per-month cable modem rental. If that’s your deal, make sure you’ve got a DOCSIS 3 modem. Get an upgrade if you don’t.

Finally, there’s your wireless router. This gobbledegook nomenclature is a pain, but you have to make sure you have one that uses the 802.11n standard. If it’s 802.11 b or 802.11g, you should know those are very old standards. The cost of a new “n” one will really be worth it in terms of speed.

If you are buying a new router, consider whether you’re going to be getting a new computer or tablet soon. If so, consider paying a little extra for the very newest standard or 802.11ac. That won’t help most older computers, but it’s a speedy step forward for routers. You’ll be glad you did as you get new devices that adhere to that standard.