Hacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system’s remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the…

An Army private suspected of leaking classified information to WikiLeaks was admonished as a trainee in 2008 for uploading YouTube videos discussing classified facilities, according to an Army official with direct knowledge of the incident. Bradley Manning, now 22, was three months into his 16 weeks of training as an intelligence analyst when about 25 of his fellow students got together to report him for the videos in July 2008, says the official, who spoke on …

LAS VEGAS — Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can’t determine whether the activity was state-sponsored? Retired General Michael Hayden, former director of the National Security Agency, said Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an attack is state-sponsored and hold nations responsible for malicious activity coming from their cyberspace. His words were greeted with applause from the audience of…

LAS VEGAS — Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can’t determine whether or not the activity was state-sponsored? Retired General Michael Hayden, former director of the National Security Agency, said on Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an attack is state-sponsored or not and hold nations responsible for…

Cisco recently released the 2010 Midyear Security Report and I caught up with one of the principal authors, Mary Landesman, Senior Security Researcher at Cisco.

“Who controls the off switch?” by Ross Anderson and Shailendra Fuloria. Abstract: We’re about to acquire a significant new cybervulnerability. The world’s energy utilities are starting to install hundreds of millions of ’smart meters’ which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay…

LAS VEGAS — In a city filled with slot machines spilling jackpots, it was a “jackpotted” ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills. The demonstration was greeted with hoots and applause. In one of the …

A federal appeals court has ordered Virginia’s attorney general to back away from threats of suing a privacy advocate who publishes Social Security numbers of elected officials on the internet. The decision by the 4th U.S. Circuit Court of Appeals means Betty Ostergren avoids being sued by the state’s top law enforcement official for breaching a state law that prohibits publication of such information. The Richmond, Virginia, court, however, stopped short of striking down the law, which was adopted…

The DNSSEC root key has been divided among seven people: Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate…

LAS VEGAS — A hacker group known as the Ninjas has created what may be the best DefCon badge ever. The badge allows wireless ninja battle between badge holders. Unlike the official badge, attendees can’t buy this one: it’s free. DefCon, the world’s largest hacker convention, is more than just a group of hackers getting together to exchange the latest exploit code and hacking techniques. It’s a time for hackers who may only see one another once a year, to socialize face to face. One of the most exclusive venues for fraternizing at DefCon is the Ninja party. To attend the…