People enjoy playing video games, but often you just want to sit down at a table with friends and family and play a game, something that is known to cause conflict or start arguments. No game is more famous for this than Monopoly, the game where you use your money to buy, sell and charge rent for properties across famous locations. You could soon see the game change though with the new Ultimate Banking edition.
More than often enough you would find yourselves shoveling notes from one player to another, with a dedicated banker to not only play but handle the cash. The latest game though does away with everything involved with that corrupt and sly banker, instead replacing it with an ATM and debit cards.
Each player will be able to use their debit card to purchase properties by scanning a properties bar codes then their debit card. A second later and you’re the proud owner of the property, with your bank account showing the natural damage.
The game even allows you to transfer money from one player to another, to pay those high-end rents that often end games and friendships. The new version of Monopoly will set you back $25 (roughly £17.5), enough to let you buy it without breaking your own bank.
A downside of technical innovation lies in the unfortunate ability to hack devices with the aim of stealing information and scamming consumers out of their savings. ATM’s are not immune to this threat and a new breed of malware has the ability to allow an attacker the option to drain the ATM’s cash vault before erasing the evidence.
The malware in question is coined “Green Dispenser” and it implements an out of service message on the ATM, but, all is not well as attackers with access to the correct pin codes can then drain the ATM’s cash vault and erase Green Dispenser using a deep delete process, leaving little if any trace of how the ATM was robbed. Let’s take a look at the deployment and operation process of this greedy piece of malware.
Deployment and Operation
The only way this malware can be installed is via physical access to the machine, therefore it is not possible to walk up to an ATM which is situated in a shop or sunk into a bank wall and attempt to install such code, therefore this raises the option of a compromised employee with access to said machines. Green Dispenser has the ability to target “ATM hardware from multiple vendors using the XFS standard. It achieves this by querying for peripheral names from the registry hive before defaulting to hardcoded peripheral names”.
An operational functionality in the coded run date is “2015” with the month being earlier than September. This suggests to analysts that Green Dispenser was employed in a limited operation and designed to deactivate itself to avoid detection. A second layer which the attackers have implemented with the aim of hiding their activities lies in the authentication using a hardcoded pin which is then followed by a second pin which this time is dynamic.
It is believed the attacker in question derives this second PIN from a QR code which is displayed on the screen of the infected ATM, which is then read by an application that can be scanned onto a smart phone. Think of this as similar to logging into your favourite website, you input in a password before using a second two factor authentication method to unlock your account, by implementing this method it makes it more secure so that only the person in question can use the malware, provided they have the correct authentication.
Once the malware is run it attempts to verify if the month is earlier than September and the current year is 2015, if it finds the year to be say 2014, it simply shuts down. If the details are correct, Green Dispenser “creates a second desktop environment on the ATM called “dDispW” and creates a window in the second desktop called “Dispenser”. This is with the aim of overlaying an “Out Of Order” message within the ATM screen; it is worth noting that the message has appeared in Spanish as well as English.
Below is the QR code screenshot, “If the dispense cash option is selected, Green Dispenser attempts to query the registry location “HKEY_USERS\ .DEFAULT\XFS\LOGICAL_SERVICES\class=CDM” to find the peripheral name for the cash dispenser. If not found, it defaults to “CurrencyDispener1” which is the cash dispenser peripheral name on specific ATMs. It then makes a call to WFSExecute with the command set to “WFS_CMD_CDM_DISPENSE” and a timeout of 12000 to dispense cash”.
As you can see, it’s a complex piece of malware which aims to offer the option to take as much money as you would like, which is good, (Disclaimer – please don’t take as much money as you want, it may sound good but it is not) Manufactures and banks would need to work together to counteract these threats with updated modern security upgrades, if not, expect these methods to become a standard in attacks against machines.
Thank youproofpoint for providing us with this information.
Grand Theft Auto is a franchise which has captured the imagination of fans with an engrossing open player world and also regular updates which never fail to entertain. But, with every tech development lays the reality of scammers and hackers who regularly target consumers with the notion of “free” items which are not as generous as they appear to be.
This time around it’s the good old-fashioned money generator scams which are attempting to persuade GTA V players with the promise of free money to be used within the game. So, what are the potential traps for those who stumble onto the wrong site and decide to commit a bit of GTA of their own?
Example – gta5moneyserver(dot)com
This site is in the business of counterfeiting news articles from popular legitimate websites, this is with the aim of touting its own service while convincing consumers of its own credibility. There are problems which are easy to spot; firstly, the articles are badly written which is a red flag in itself; secondly, none of the articles appear on the genuine sites if cross referenced and the formatting is uneven.
OK, let’s imagine I believe this, I don’t of course, that would be idiotic, the perpetrators of the site would need to implement a technique in order to send users free GTA cash. According to them, they have “exploited a cloud server through a very private 264bit encrypted DNS IP” If a user submits a gamer tag through the site then he/she would be promoted to fill in a scam survey, which has plagued the internet for what seems like forever and a day. You won’t be receiving your coins anytime soon so it’s best to avoid.
All sites purporting to offer free in-game, well, anything, that is not from an official URL address site or provider is in all probability too good to be true. It will either contain a survey, virus or some .exe file which is little more than a fake, it might also ask for personal details which is also to be avoided. Oh, and while you’re at it, avoid any sites which “offer” in game Money, free DLC generators, rank improvements, account unbanning and any kind of DNS code tricks.
These scams will vary in order to seem relevant, but it will be in all likelihood the same outcome.
Thank you malwarebytes for providing us with this information.
When was the last time you pulled out some cash from your pocket to pay for something? I think my last time was around 3 weeks ago when I played poker with some friends; all my other purchases are by my debit card and mainly contactless.
It has now been revealed that most of UK are in a similar sort of position, in 2014 it was found that 52% of purchases were made by methods other than cold hard cash; with 24% being made by debit cards.
With the fast paced society that we are, new payment methods such as contactless and Apple Pay are growing exceedingly quick. With that in mind, the number of free to use ATM’s is growing; so we aren’t expected to go completely cashless, but we should see the number fall from 52%.
One of the newest payment method, contactless, will be having a universal limit boost from £20 to £30 in September; this could make more consumers use this method over cash. Some are still reluctant to take up the banks offer on contactless payment due to some security flaws, but there are security flaws with all forms of payments.
Are you one of the 52% who use card over cash? Let us know in the comments.
Thank you to engadget for providing us with this information.
The deal has been finalised and the British operation of Telefónica, O2, has been sold to Three. The people behind Three, Hutchison Whampoa have signed the final deal and O2 is being sold for £10.25 billion (€14 billion).
The sales price is divided into £9.25 billion in cash and another £1 billion “once the cumulative cash flow of the combined company in the UK has reached an agreed threshold”.
The next step will most likely be the removal of the O2 brand as the two companies get merged and Three will get a lot more customers and infrastructure at their disposal. While it removes one competitor from the market, it strengthens another. It will be interesting to see how this plays out in the long run.
Bethesda has launched an online MMO of its Elder Scrolls title last year, but it did not receive the attention it had hoped. While it took strong criticism for its derivative and boring nature, it also came with a monthly £8.99 subscription. This made the title go into a slow downspiral.
The poor sales made Bethesda rethink its strategy and came up with the only solution. The company dropped the monthly subscription and players now can buy a copy of The Elder Scrolls Online: Tamriel Unlimited and play as much as they want, while users who already had a subscription can just log into the game and play as usual. The console port is said to have been delayed until June.
However, Bethesda still needs to make it work and pay for the MMO infrastructure. This is why the company is adding its own in-game shop that will allow players to pay real-world cash for virtual items. It is said that there is still an optional ESO Plus subscription, where users can pay monthly and receive in-game cash, downloadable content and character bonuses.
Thank you Bitgamer for providing us with this information
We’ve all been warned of the many ways thieves can take our card information from ATMs. There’s all the elaborate card readers, cameras and other devices that criminals secretly attach to cash machines in an attempt to take our card information. Never have we seen one like this though.
Greater Manchester Police have shared details of a plot by thieves involving an iPod nano taped to the top of a cash machine. The 5th generation of the nano came with a tiny camera on its rear – something the criminals thought would be useful in snatching card numbers as people used the machine.
They taped up the iPod in a small box and attached it to the top of the machine. With the video recording, anyone that used the machine would expose their details to the camera, allowing the thieves to snatch the information.
The iPod in question is now in the possession of Greater Manchester Police and is being used to warn the public about this type of activity.
Erik Finman is the 15 year old founder of Botangle, an online education program designed to link students with instructors across the globe. He’s said to be following in similar footsteps to his mentor, Alexis Ohanian, who started the ever-growing online platform Reddit at the young age of 22.
After being inspired by Ohanians book “Without Their Permission: How the 21st Century Will Be Made, Not Managed”, Finman cashed in a $1,000 check from his Grandma and invested it in the online currency, Bitcoin.
A pretty daring move for someone at only 15 years of age you could say. Ohanian agreed in an interview with CBS News:
“I’m shocked by Erik’s success at this age, compared to where I was”
However, Finman went in with full confidence:
“I just thought it was an amazing tool, and it was going to be really big,” Finman said. “I hit the jackpot.” CBS News
As the title explains, his jackpot reached a total of $100,000. But why stop there? Finman was frustrated by being stuck in school in Idaho, where he was experiencing a lack of interesting subjects to quench his learning thirst – his solution being Botangle.
Botangle gives registered members a place to keep in contact with instructors and learn about almost any subject they wish, ranging from languages to science.
After Botangle’s launch in May, there are now more than 1,700 registered users and employs 20 people full-time.
“You can choose to register as a student and learn something, or become an instructor and teach something. I wanted it so that any person like me, who doesn’t have the same opportunities as someone living in a really nice school district, can go on my site and learn anything they want.” CBS News
Most gamers have dreamt about it – wouldn’t it be great to be paid to play video games all day in my room? In this day and age, that is quite a logical possibility – all you need to do is stream it to others at the same time.
Twitch.tv is the current common vehicle for such people to broadcast their games, tournaments or practise out to the world – with their main competition, own3D.tv being shut down recently after quite a stint of drama.
There have been many jokes made online about Google’s apparent upcoming world domination with them reportedly accounting for 40% of the whole internet, this claimed acquisition may be bringing them one step closer to controlling our feeble minds.
As reported today on Venturebeat, their ‘sources’ have confirmed the take-over although no official statements have been found from either of the concerning parties.
“We don’t know everything about this deal, such as when it will be announced and the exact purchase price. We do know that Twitch investors who participated in past rounds are pleased that they will be getting significant returns that are multiple times the amount they originally invested.” Venturebeat
This deal is no big surprise to us, given how much Twitch has grown over the past few years. Since distancing itself from its parent, Justin.tv, Twitch has been the mainstay for all large streaming personalities and tournaments throughout the world.
For example, Twitch recently was the official streaming partner (alongside ESPN) for Valves latest International Dota 2 tournament boasting a massive prize pool of over $10m USD, more than that of some world-class sporting events. Unfortunately, the International 4 (2014) viewership hasn’t been yet released to the public, but from reports, the Twitch streams were garnishing over 250k concurrent viewers throughout the group stages.
Interested in some more mind-blowing stats?
“Twitch has more than 50 million monthly active users and more than 1.1 million members who broadcast videos each month. Back in June 2011, Twitch had just 3.2 million monthly active users. Twitch also distributes shows from partners including CBS Interactive’s GameSpot, Joystiq, and Destructoid, all gaming-news sites. More than 13 billion minutes of video are watched per month on Twitch.” Venturebeat
Where are we going with this? Gaming is getting massive. Huge! It only makes sense for Google to get on board now as we believe gaming is on the tipping point of exploding into the ‘mainstream’.
Google and Twitch are currently silent on the matter, but they’re booked to be speaking at the GamersBeat 2014 event coming this September – here’s hoping for more information.
Stay tuned for more Twitch and Google partnership news in the near future on eTeknix.
The Hidden Cash “anonymous social experience for good” is going to hit London this weekend, where people have the chance to snag £100. A total of 20 envelopes with £100 each will be hidden throughout the city.
During fun sprees in select U.S. cities, tens of thousands of dollars have been hidden, with clues to the location Tweeted from @hiddencash.
Jason Buzi, a San Francisco Bay Area millionaire real estate investor, launched the effort less than one month ago in San Francisco. The operation also launched similar campaigns in Houston, Texas, Chicago, Illinois, Los Angeles, and Las Vegas, Nevada – and has led to handfuls of local residents scouring their neighborhoods for the hidden cash.
A British member of Hidden Cash, reportedly located in Birmingham, will be responsible for hiding the money. Looking ahead, it’s possible Hidden Cash will visit Paris and Madrid in the future.
There has been some criticism of the contest, as participants frantically drive, run, and pedal their way to find the money. Furthermore, others have accused Buzi of conducting a social media competition as a means for guerrilla marketing – accusations he denies, saying he just wants to help brighten someone’s day and give back to the community.
Thank you Guardian for providing us with this information
GitHub has launched its GitHub Bug Bounty, a program aimed to help security researchers in finding bugs and flaws in system. The company is reportedly willing to pay between $100 and $5,000 for each security vulnerability discovered and responsibly disclosed by hackers.
Only the GitHub API, GitHub Gist, and GitHub.com. GitHub are available for the above mentioned program, but the company says its other Web properties and applications are not part of the program though vulnerabilities found “may receive a cash reward at our discretion.”, as they pointed out.
The amount of money given for bugs and flaws is said to be “based on actual risk and potential impact to our users.” Meaning, the bigger the potential scope and the bigger the severity of the issue, the larger the payout.
“If you find a reflected XSS that is only possible in Opera, which is 60% of our traffic, will earn a much larger reward.” GitHub gave as an example.
Even spotting a very low-level bug is worth disclosing for the extra cash. Not only are you getting paid for your hard work, but you’re making the Web safer in the long-run. Bug bounty programs are becoming more and more popular because they work. The damages caused by exploited bugs are much greater than simply paying security researchers for finding them first.
Thank you TheNextWeb for providing us with this information Image courtesy of GitHub