It was supposed to be a simple technology change to solve the problem of pumping water for women and children. Replace hand pumps with merry-go-rounds and when children play the water is pumped (like a windmill on its side) into a storage tank. Apparently $60 million was raised, including $10 million from the US government and $5 million from the founder of AOL.
Costello visited more PlayPump sites, the next one in a more remote part of Mozambique with fewer children around. Women tell her that spinning the merry-go-rounds is often hard work without help, and hard especially for the older women. They tell her the old hand pumps were much easier, and that no-one consulted them about the change. The PlayPump just arrived.
It’s a race to the bottom. Or, we learn how to improve from studying mistakes, ala target practice. Either way you look at it, Zuk offers an Android app with all the fixings.
Download the MoshZuk Application: contains the following vulnerabilities:
Stack Overflow
Heap Overflow
SQL Injection
Command Injection
Format Strings
Double Free
Directory Traversal
Race Condition
Hardcoded Passwords
Bad code habits
Overblown permissions
Bad file permissions
The best part is, we’ve specially constructed the vulnerabilities so it can be chained (extra points in this competition)
I look at it as the new Zuk standard for automated code analysis tests – the Zuk afikoman hunt. If a tool can’t find 100% it fails.
When the code is released it probably will be copied and used by developers who want to write apps but do not realize it was written to be vulnerable. The flip side is thus that attackers will create simple automation to quickly find and target apps ignorantly based on MoshZuk.
Data on ATM fraud in 23 countries has been released in the second European ATM Security Team (EAST) European Fraud Update for 2011.
Skimming attacks at ATMs continue with 20 countries reporting incidents. 8 countries reported increases in such incidents, and 2 countries decreases. 2 countries have reported a new variant of skimming device, and three countries that anti-skimming devices have been successfully over-ruled or removed by criminals.
This follows the recent EMV loophole investigations in Operation Night Clone (simultaneous arrest operations in Bulgaria, Italy, Spain, Poland and the USA involving over 200 police officers), as explained by Europol.
Organised crime groups are always looking for new criminal opportunities and for some time they have been targeting the vulnerability of payment cards with magnetic strips. Within the EU, criminals’ work has been made more difficult with the full implementation of EMV technology (chip and PIN), but criminals have since exploited a loophole in these security arrangements by making illegal transactions with EU issued cards in non-EMV compliant regions, including Africa and the USA. Payment cards in the EU are targeted for cloning, and the fraud committed in other regions which still accept payment by magnetic strip. This was the major feature of the criminal methodology used by the organised crime group in this case and is an increasingly common problem.
I suppose they would also consider on-line transactions or other card-not-present situations a “loophole”.
Stephen Colbert offers some brilliant word smithing on the Rupert Murdoch privacy scandal. He cites a former editor of Murdoch’s News of the World, Paul McMullan:
I’ve always said that I’ve just tried to write articles in a truthful way and, you know, what better source of getting the truth is to listen to someone’s messages.
Then Colbert follows the advice and offers exclusive access to Rupert Murdock’s messages.
This thing’s got out of control! I’m Australian for F@#$ed!