Welcome to the Rank for $ales Weekly Newsletter. Clicking here will return you to the RFS Newsletter homepage.
Why spend thousands of dollars to have your Web site built by someone else? Do it yourself and save a bundle! Learn more by clicking here.


Get a free domain name registration with the hosting of your Web site at Orange Web Hosting. Learn more, click here.

You read correctly! Many people don't know that. Find out more by visiting Press Broadcast -- Click here.

Find the answers fast to any SEO or SEM-related question you have at the SEO Help Forum. Click here and get all your answers.

B2B people in the know read B2B News. Updated twice a day, Monday thru Friday.

(Continued)     The Rank for $ales Weekly Newsletter, Sep. 23, 2006. Page 18

Pages: 1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17  18

Get the most dependable Linux or Windows Web hosting at the lowest cost. Domain names at only $5.99 for a whole year. Click here to learn more.

Criminals using Google to steal from ATMs

Well now this piece of news really grabbed my attention yesterday!

Using some information obtained from a YouTube video and a simple four-keyword Google search engine query, a thief can now find certain step-by-step instructions on how to hack into bank ATMs scattered around North America.

More specifically, and following up on a CNN report, a criminal actually reprogrammed an ATM at a gas station to dispense $20 bills instead of $5 bills.

A New York-based security researcher did some old-fashioned online sleuthing and discovered that the operation manual for that specific model of ATM could be legally obtained in just 15 minutes.

Dave Goldsmith, CEO and founder of penetration testing company Matasano Security, in New York didn't say how he obtained the operator's manual, which contained master passwords and other extremely sensitive data about the cash-dispensing machines. However, a brief analysis shows that a simple Google query will return a 102-page PDF file that provides a full road map to the hack!

Goldsmith, a respected researcher who co-founded @Stake and previously led Symantec's Security Academy, said he traced clues from the video to identify the make and model of the ATM, a Tranax Mini-Bank 1500 Series and he then started an experiment to see how easy it would be to legally obtain an operator's manual.

Goldsmith said he first dug around on Tranax Technologies' Web site and found a knowledge base article that mentioned that the ATM is programmed with passwords that can be easily found in the operator's manual.

"If you get your hand on this manual, you can basically reconfigure the ATM if the default password was not changed. My guess is that most of these mini-bank terminals are sitting around with default passwords untouched," Goldsmith said.

Officials at Tranax did not respond to any requests for comment. According to a note on the company's Web site, Tranax has shipped 70,000 ATMs, self-service terminals and transactional kiosks around the U.S.

The majority of those shipments are of the flagship Mini-Bank 1500 machine that was rigged in the Virginia Beach heist.

In the operator's manual freely available on the Web site of a Canadian reseller, a section titled "Programming" provided the specific key sequence that will pop up a screen on the ATM that asks for the master password.

It then lists three default master passwords, and then service and operator passwords that could be used to successfully hijack and possibly rig a machine.

The manual also contains instructions on how to enter a diagnostic mode, how to program the ATM's number keys to spit out cash withdrawals and how to change the passwords to take future ownership of the machine. Read the whole story...

My take on all of this
As the above story goes to demonstrate, if your website has sensitive or very critical information in it such as passwords or any kind of delicate information you don't want thieves or some of your competitors to get ahold off, make sure it is well protected. If Google has access to to that sensitive data, it's only a matter of days or a week until that data is available on the Web for everybody to see!

There are a combination of many ways to guard against this. Here are some:

1) Password-protect the information
2) Use the robots.txt exclude protocol
3) Firewall protection
4) VPN (virtual private network)
5) PHP or Java script that can deny access
6) Use secure 128-bit encryption keys

If you use all six of the above methods simultaneously, you're certainly putting the chances in your favor. However, if you want to be 100% certain and if you like to sleep well at night, don't put ANY sensitive data on the Web, EVER-- protected or not. If Google can get to it, so can any hacker. In the above case, that data should NEVER have be uploaded on the Internet in the first place! You'd think ATM manufacturers would know better...

Well, thats it for this week. Have a pleasant and relaxing weekend. I will see you all next Saturday!

Serge Thibodeau,
Editor,
The Rank for $ales Weekly Newsletter™.

Please note that I am available for SEO consultative work or to help you optimize your website for the major search engines. Feel free to contact me for an honest and fair assessment.

All logos, trade marks and service marks on this newsletter are the exclusive property of their respective owners.

Note: Although I always try my best to answer each individual question that I receive, there are times when it's just impossible for me to answer every one I get, as the amount of emails sent to me keeps increasing all the time. Also, please note that, for confidentiality reasons, the names of people writing to us are never disclosed.

Please send all your questions, comments or general enquiries to: questions@rankforsales.com

Subscribe to the free Rank for Sales Weekly Newsletter
If someone has forwarded this newsletter to you and you would like to subscribe to it, please click here and subscribe. The Rank for $ales Weekly Newsletter is a free publication.

<<< Previous page

Pages: 1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17  18

Bookmark the RFS Newsletter by simply clicking here.



Search engine industry news corner:
Read the most important search engine news that happened this week by clicking here. For the latest search engine trends, gossip, rumors, etc., visit my search engine blog at www.sergethibodeau.com

About Rank for $ales
In business since 1997, Rank for $ales is a professional search engine optimization firm involved in search engine positioning, placement and search engine marketing services. We work with small and medium size businesses, as well as with Fortune 500 companies, organizations and all levels of government.

Rank for $ales can be reached via email at info@rankforsales.com or you can call from anywhere in the US or Canada, via our toll free number at 1-800-631-3221. Our offices are located near Montreal, Quebec, Canada.

Visit our web site at www.rankforsales.com

About Serge Thibodeau
Serge Thibodeau is a professional search engine optimization consultant and practioner. Since 1995, Serge Thibodeau has been involved in some large SEO projects. Additionally, Serge was the project leader in the development of Pagina+ (tm), a powerful SEO solution for businesses and corporations of all sizes.

Pagina+™ is offered by Rank for $ale's parent company: GCIS Inc. Besides serving as editor and CEO of Rank for $ales, Serge Thibodeau currently writes professional search engine optimization articles in some of the following publications:

Renting links to your website will significantly increase your website's visibility in the major search engines. Find out how by clicking here.
Leasing links will greatly increase your visibility in the search engines

SEO Today (www.seotoday.com)
Business Week (www.businessweek.com)
The New York Post (www.nypost.com)
Dow Jones (www.dowjones.com)
Site Pro News (www.sitepronews.com)
Lil Engine (www.lilengine.com)
ISEDB (www.isedb.com)
Business 5.0 (www.business50.com)
High Rankings (www.highrankings.com)
Search Engine Guild (www.searchguild.com)
SEO Radar (www.seoradar.com)
Search Engine News (www.searchenginenews.ca)
Search Engine Journal (www.searchenginejournal.com)
Escalate (www.escalate.ca)
Tech Blog (www.techblog.org)
Montreal Web Design (www.montrealwebdesign.org)
plus many more.

Additionally, Serge Thibodeau has successfully developed and deployed Global Business Listing, a powerful and flexible 'paid inclusion' search engine that will further increase any company's rankings and visibility in the major search engines. On the Web, at: www.globalbusinesslisting.com

Bookmark the Rank for $ales newsletter by simply clicking here.

Legal Notice
If you find this publication interesting and of value to you, you are encouraged to link to it, using a normal H REF text link. The Rank for $ales Weekly newsletter is Copyright © Serge Thibodeau. Any reproduction, full or partial is prohibited without my prior written consent. Address all enquiries for the proper and acceptable procedures regarding certain limited reprint permissions to sthibodeau@rankforsales.com

This newsletter is sponsored by Rank for Sales, a professional SEO firm in business since 1997. We suggest you bookmark our newsletter and place it in the list of your favorite websites by clicking here.

Feel free to contact us if you need to have your website optimized by a professional SEO firm, or if you have any question on the subject of search engines.




Home | Archives | SE News | SE Blogs | Sponsors | Visit RFS | Contact

     © RFS Newsletter.