Networking

Security news roundup: 7-Eleven's Citibank ATMs hacked

This week's security events includes news of the most spammed man in Britain, and a compromise involving Citibank's network of ATMs in 7-Elevens nationwide, and yet another patch Tuesday coming up -- but with no "important" updates this time round.
  • Most spammed man in Britain receives 44,000 unwanted mails a day

ClearMyMail - a British anti-spam service company, has revealed a list showing some of the "most spammed" folks over in Britain. The dubious honor of the most spammed man goes to a Colin Wells, who works as a workshop foreman at a local bus company. Apparently, he receives a staggering 44,000 lottery winnings, inheritance scams and organ enlarging solicitations a day, among other things. For the arithmetically challenged, this works out to about 1,338,363 pieces of spam a month, or 16,060,365 junk mails a year.

Wells said that it was taking him at least two hours a day to delete all the spam from his inbox before signing up with ClearMyMail. Personally, I would take the results with a pinch of salt. I mean, honestly, I'll probably sooner switch my email address than waste that much time simply clearing my emails.

However, it does bring the following question to mind though, if you don't doing the following poll.

How many spam mails do you get per day?

  • Criminals successfully hack Citibank ATMs in 7-Eleven's

Hackers have successfully penetrated into and stole from Citibank's network of ATMs located in 7-Eleven stores. According to some reports, they have made off with what amounts to millions of dollars. Though the breach was estimated to have began as early as October last year, it is still unclear how many of the ATMs were affected. Citibank has declined to comment on technique used to gain access as well as the number of accounts that were affected.

It did note in a released statement that "We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts." Apparently, affected customers have already been notified and been issued with new debit cards.

What is known is that the affected machines were actually owned by Cardtronics, who also operates the majority of the machines. Hackers also apparently broke into the ATM network via a server at a third-party processor to access customer PIN numbers, and not via the ATMs themselves. While it is not confirmed, these systems tend to run on Microsoft's Windows operating system.

  • No critical updates for July's patch Tuesday

Tomorrow's patch Tuesday will see only four security updates that has been classified as "important." This is despite the fact, as noted by heise Security that one of two problems could allow remote code to be execute in Vista and Windows 2008. The other updates deals with spoofing, as well as updates for SQL Server and Exchange to prevent the unauthorized elevation of privilege.

You can read the Advanced Notification for July 2008 here.

Feel free to discuss the various security news updates here.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
Jaqui
Jaqui

take a look for the banking software, it's all for windows. other than the database used in the central banking offices, which is run on a mainframe, every teller workstation and most server software for processing transactions is only available for windows.

paulmah
paulmah

This week?s security events includes news of the most spammed man in Britain, and a compromise involving Citibank?s network of ATMs in 7-Elevens nation-wide, and yet another patch Tuesday coming up ? but with no ?important? updates this time round.

Neon Samurai
Neon Samurai

They seem to have an "advanced" user account to the same webforms available to common clients through webbanking when I'm able to spot a screen. If it's not DirectX or win32/win64 only supported stuff like .NET then the platform on the local terminal can start to take less importance. Of course, the Windows underpinnings does make it easier to get something in and spying on the browser to network link.

Editor's Picks