Dark Reading
Risky Business
Download Now
Download Now
Download Now
Parking Meters: The Next Big Hack?
Security researcher prepares to outline vulnerabilities at upcoming Black Hat conferenceJun 22, 2009 | 04:35 PM
By Tim WilsonDarkReading
There are a lot of ways for your identity stolen to be stolen. Until last week, however, parking legally wasn't one that had occurred to most of us.
Last week, security researcher Joe Grand offered a preview of his upcoming presentation at the Black Hat USA conference, which will take place in Las Vegas next month. The subject of Grand's presentation: parking meters.
Grand says that so-called "smart" parking meters -- which are computerized, often networked, and can accept credit cards -- could be vulnerable to hacking. Attackers could breach the meters to steal credit card data or to gain access to debit cards that could be reset or reloaded, he warns.
In some cities, the meters are connected by wireless or infrared systems that could be hacked to give free parking or expire another driver's spot, Grand says.
Grand didn't give away all of the details of his presentation during the preview, but he said it's likely that others are exploring potential vulnerabilities in the networked meters.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
China Shutters Hacker 'Boot Camp' 02/09/2010
Hacker Unleashes BlackBerry Spyware Source Code 02/08/2010
The Evolving Malware Threat: Is Your Organization Protected from All Angles? 02/17/2010
Daily log review sucks, here's how to make it easier 01/28/2010
DIGITAL ASSETS
All Roads Lead to Rome: How Cyber Terrorists are Exploiting Digital America" with Tom Kellermann
02/09/2010
The Tangled Web: Silent Threats & Invisible Enemies
02/02/2010
Subscribe to RSSChina Shutters Hacker 'Boot Camp'
GAO Report: NASA Still Facing Weaknesses In IT Security
Hospitality Industry Hit Hardest By Hacks
MORE KEYHOLE
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
|
