Sunday, December 20, 2009

PIN Payments News Blog Undergoes Makeover

The PIN Payments News Blog has undergone a makeover.  Each day, each of the full day's posts will appear as a summary. 

You can browse the daily postings in summary form or click "full story" to read the entire post.  (Note: You can click the title of the post as well)

Hopefully this is an improvement over the previous layout and allows visitors to to see the entire day's posts in order to assist the reader in determining breaking news that is of particular interest.


Reblog this post [with Zemanta]

Internet Security News: December 20th

This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 

Visit them at or email for more information on their available services.

Mobile internet to eat world, apparently

(from The Register at 19-12-2009)

Morgan Stanley has issued a set of reports asserting that the mobile internet will be much bigger than the desktop internet: "Regarding pace of change, we believe more users will likely connect to the Internet via mobile devices than desktop PCs within 5 years." There are five converging trends: 3G, social networking, video, voice-over-IP (VoIP) and improving mobile internet devices (MIDs). The report claims that Apple's iPhone and iTouch ecosystem are exhibiting the fastest user growth in co... read more»

Swedish bankers punt webcam smut to kiddies

(from The Register at 19-12-2009)

A Swedish bank has apologised for punting pxxx to wide-eyed schoolkids in a magazine sent out to over half a million 9 to 12-year-olds. Swedbank's Lyckoslanten ("Lucky Penny") is described as a “fun magazine about money", but an article in the latest issue listing the top ten most expensive domain names offered extra fun when it ranked the $1m at number five. Swedbank spokeswoman Anna Sundblad described the gaffe as "very unfortunate" - a fair description given that is h... read more»

Blighty to get own 'cyber range'

(from The Register at 19-12-2009)

The UK, following in America's footsteps, is to get a "cyber range" - a simulated network world where weapons-grade government malware and countermeasures can be tried out, much as bombs or missiles are on normal firing ranges. The cyber range is to be constructed under the auspices of the Technology Strategy Board (TSB), the Centre for the Protection of National Infrastructure (CPNI) and the Engineering and Physical Sciences Research Council (EPSRC). The overarching programme of which the ra... read more»

Return of MP3 spam punts penis pill sites

(from The Register at 19-12-2009)

MP3 spam has made an unwelcome return, two years after the tactic was first used to spamvertise products and services. The audio track file type briefly appeared in junk mail messages in October 2007 to tout pump and dump stock scams, before quickly dying out. Now junk MP3s have begun reappearing in messages touting Canadian Pharmacy websites, mail security services outfit MessageLabs reports. For more details : = read more»

Anti Virus Software company ESET Software (Nod32) Websites hacked

(from Zone-h at 19-12-2009)

The ESET Anti Virus Software company, known for its product Nor32 has its Websites and defaced by HcJ. See mirrors: ... read more»

Former FBI Contract Linguist Pleads Guilty to Leaking Classified Information to Blogger

(from FAS at 19-12-2009)

A former FBI contract linguist pleaded guilty today to unlawfully providing classified documents to the host of an Internet blog who then published information derived from those documents on the blog. Shamai Kedem Leibowitz, aka Samuel Shamai Leibowitz, 39, of Silver Spring, Md., pleaded guilty in federal court in Greenbelt, Md., to a one-count information (pdf) charging him with knowingly and willfully disclosing to an unauthorized person five FBI documents classified at the "secret" level ... read more»

Online Anti-Semitism - 'Imagine if Hitler had Facebook'

(from IsraelNationalNews at 19-12-2009)

Doctor Andre Oboler directed the working group entitled " Anti-Semitism Online: Cyberspace and the Media" at the Conference of the Global Forum for Combating Anti-Semitism. Dr. Oboler, Director of the Community Internet Engagement Project, explained to Arutz Sheva TV that a decade ago online anti-Semitism meant websites which were known by all as anti-Semitic.... read more»

CA Tips to Fight Xmas Cyber Crime

(from Irishdev at 19-12-2009)

Irish consumers are being warned to be extra vigilant when shopping, booking travel online or using social networks like Facebook to connect with friends and family this Christmas, as increased numbers of cybercriminals are poised to exploit naive and vulnerable computer users. A new report from CA has revealed increased levels of cyber criminal activity heavily focused on the major search engines, social networks and rogue/fake security software. CA's State of Internet Security Report, wh... read more»

Internet Sites Gather Private Info on Kids, Says Rights Group

(from IsraelNationalNews at 19-12-2009)

Research by the Eshnav organization shows that a majority of internet sites aimed at children gather private information about the children without their parents’ permission. The study was carried out by the members of the Eshnav management – Attorneys Yonatan Klinger and Shuki Peleg – and by organization volunteers. It surveyed 32 of the leading Israeli children’s internet sites, and found that 60 percent gather information on the children without their parents’ knowledge or specific consent... read more»

Chinese proposal to meter internet traffic

(from BBC at 19-12-2009)

China wants to meter all internet traffic that passes through its borders, it has emerged. The move would require international agreement - but it is being discussed by the United Nations body in charge of internet standards. It would allow countries which currently receive no payment for use of their lines to generate income. But an EU cyber security expert has warned the plan could threaten the stability of the entire internet.... read more»

'Iranian cyber army' hits Twitter

(from BBC at 19-12-2009)

Twitter has been hit by an embarrassing security breach. A group claiming to be the Iranian Cyber Army managed to redirect Twitter users to its own site displaying a political message. Twitter said the attack had been carried out by getting at the servers that tell web browsers where to find particular sites. The site said it would start an investigation into what allowed the "unplanned downtime" to take place.... read more»

Cedar Grove e-mail hacked, used to send phishing e-mail

(from sheboyganpress at 19-12-2009)

Picking up the phone at her Cedar Grove home Thursday morning, village clerk Karen Otte was surprised to learn she had traveled to London and gotten mugged. At least that was message attributed to her in an e-mail sent out from the village’s account. Village President Gene Jentink said the Hotmail account was hacked sometime between Wednesday afternoon and Thursday morning, and the message sent out to all contacts.... read more»

New Telecoms Rules enter into force

(from Europa at 18-12-2009)

New EU telecoms rules will officially become EU law tomorrow following their publication in today's Official Journal of the European Union. The new rules composed of the Better Regulation Directive and the Citizens’ Rights Directive will need to be transposed into national laws of the 27 EU Member States by June 2011. The new Regulation establishing the new European Telecoms Authority called "Body of European Regulators for Electronic Communications (BEREC)" is directly applicable and will ent... read more»

Announcement: Oracle Security Training in Washington DC, March 25-26 2010

(from petefinnigan at 18-12-2009)

In conjunction with our recent partnership with 1 Security Solutions Applied we are happy to announce a new public training event which is run by both companies. We are offering an oppertunity for students to experience the Limited two day seminar "How to security audit an Oracle database". The class will be held in the Washington DC area on March 25th and March 26th 2010. There is currently an early bird price of $1,199 and interest in the class is strong. Please register yo... read more»

Shift from attacks via websites and applications towards attacks originating from file sharing networks

(from itsecurityportal at 18-12-2009)

2009 was dominated by sophisticated malicious programs with rootkit functionality, the Kido worm (also known as Conficker), web attacks and botnets, SMS fraud and attacks on social networks. So what can we expect from 2010? According to Kaspersky Lab, in the coming year there will be a shift in the types of attacks on users: from attacks via websites and applications towards attacks originating from file sharing networks. Already in 2009 a series of mass malware epidemics have been “supported... read more»

Privacy concerns close Pierce County septic Web page after personal data found

(from thenewstribune at 18-12-2009)

The Tacoma-Pierce County Health Department has pulled a page from its Web site that allowed people to access county records on residential septic tanks. Department spokeswoman Joby Winans said Tuesday that the shutdown was prompted by the discovery of a homeowner’s credit card number on one of the 3 million documents posted on the site. A user discovered the number Dec. 3, Winans said.... read more»

No, Sending Spam Text Messages Is Not The Same As Hacking Someone's Phone

(from Techdirt at 18-12-2009)

There's just something about the Computer Fraud and Abuse Act -- the "anti-hacking" law in the US -- that seems to leave it open for abuse in lawsuits. This is the law that was used to convict Lori Drew. Even though the judge eventually tossed the ruling, it showed how the broadly-worded law could be applied in dangerous ways. Still, at least some attempts at twisting the law aren't getting very far. For example, a woman in Minnesota tried to use the law against a company that sent her spam text... read more»

Fifteen significant social media & security events of 2009

(from ZDNet at 18-12-2009)

This year was momentous for social media. Twitter exploded, garnering global press and even a visit to the Oprah Winfrey Show. Facebook ate up rival social network FriendFeed and overhauled pretty much, well, everything. And, finally, businesses truly started attaching themselves to some sort of internal social media-related programs.... read more»

Strategic Business IT - The Security Management Industry

(from Typepad at 18-12-2009)

Security management is the combination of hardware, software, and services that normalizes, aggregates, correlates, and visualizes data from disparate security products. Security management is a broad term that encompasses several currently distinct market segments. With the presence of the Internet, spam is becoming increasingly costly and dangerous as spammers deliver more virulent payloads through email attachments. According to a recent (2004) study, the volume of spam messages sent dai... read more»

 exposed more than 32 millions of passwords in plaintext

(from baywords at 18-12-2009)

So i was reading this shit about how some lol company Imperva found a SQLi on Yea, right, you’re the best. Too late guys, too late. I’ve got every account downloaded from this shitty site. You were too slow, but what can i expect from you? There is 32 603 388 customers. Pretty nice list with plain text passwords. It’s so lame, and I’m sure that more than half does work for myspace and other sites. Don’t lie to your customers, or i will publish everything.... read more»

Zero-day vulnerabilities share little in common except for the threat they pose

(from Government Computer News at 18-12-2009)

Zero-day vulnerabilities take many forms. The one thing they have in common is that the hackers know about them before vendors and users. That's what the term means: They are available for exploit on “day zero” of their public exposure because only the black hats are aware of them. Vendors and security professionals must start from behind with a zero-day vulnerability in developing patches, fixes and workarounds to close the window of opportunity to attackers for exploiting these security wea... read more»

Microsoft Apology for Code Theft May Not Do, Plurk Says

(from PCWorld at 18-12-2009)

Microsoft may still face a lawsuit after apologizing for the theft of software code used in MSN China's microblog service, Juku, from rival Plurk, a popular provider from Canada. "We are definitely looking at all possibilities on how to move forward in response to Microsoft's recent statement," Plurk cofounder Alvin Woon said Wednesday. A "lawsuit is definitely one of the many options we have considered and will continue to look closely to," he added.... read more»

Heartland pays Amex $3.6M over 2008 data breach

(from ComputerWorld at 18-12-2009)

Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year. The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks.... read more»

.sg 10th-riskiest domain in the world

(from asiaone at 18-12-2009)

THE next time you click on an unfamiliar website ending with .sg, think twice. Spam masters are zeroing in on the .sg domain. Singapore was singled out as the 10th-riskiest domain out of 104 worldwide in a recently released McAfee report - and the rise of such sites, said experts, could cause Internet users worldwide to lose trust in Singapore websites. The report warned that more .sg domains are being used for phishing and spam activities and to serve up viruses - almost one out of every ... read more»

Government lets CCTV watchdog off the leash

(from theregister at 18-12-2009)

Reblog this post [with Zemanta]

The HomeATM Solution

HomeATM ePayment Solutions, is a leading provider of secure hardware and software financial transaction solutions. The Safe-T-PIN point of sale terminal, manufactured by HomeATM, is the first ever Internet PIN entry device (PED) PCI certification 2.x. The Safe-T-PIN™ provides secure multi-factor authentication for e-commerce transactions and secure log-in, including;

  • Cardholder Card Control

  • Device Level Encryption

  • 4-Factor Authentication

  • Fraud Reduction/Elimination

  • Quick and Cost Effective

  • Credit and Debit transaction agnostic

HomeATM's PCI PED certified device and patented solution; is portable, cost effective, secure with instantaneous implementation and completely ubiquitous (integration into any processing platform). Just like the grocery store, gas pump or bank, users simply swipe their card and enter their PIN to authenticate themselves. Merchants can confidently process orders knowing that this method of authentication to represents the lowest fraud risk of any transaction and therefore help provide the lowest fees saving them countless dollars each month. The process is adaptable to niche applications that extend its reach beyond simply online commerce, specifically.

  • Person to Person (P2P)

  • Business to Consumer (B2C)

  • Business to Business (B2B)

  • On line banking, authentication

  • Field Services (food delivery, MLM, home sales, taxi, etc)

  • Prepaid, gift card, stored value and payroll card fund loading

  • Cross-pollination of brick and mortar clients to the retailer’s dot-com site

  • The most cost efficient POS hardware available

The cardholder and their card are present in all scenarios driving increased security, fraud reduction, and favorable interchange rates.


Using impregnable, unimpeachable security we eliminate fraud in the ePayment ecosystem. HomeATM’s secure architecture is bank and military grade insuring the highest integrity behind every transaction.

Defend Against Hackers who can easily

  • Screenscrape

  • Phish

  • Mouseclick log

  • Keystroke logg

  • Install malware

Security experts unanimously agree that the Safe-T-PIN is the only secure means of using a PIN on the internet – “swipe, encrypt and transmit”. 

HomeATM's Safe-T-PIN Certification at PCI Security Standards Council

HomeATM is not a payment processor and does not collect, store or transmit any personal or card information during the transaction. Only the purchase details necessary to complete the transaction are transmitted using encryption technology that exceed industry and government guidlines..

HomeATM is committed to continue to provide safe, secure and reliable payment products and services to protect your business, your customers (cardholders), and the integrity of the payment system. These efforts help every segment of the payment card industry - from business partners to financial services institutions - to law enforcement agencies globally.

HomeATM uniquely creates E2EE (end-to-end encryption) that exceeds PCI (Payment card Industry requisites) and FFIEC recommendations thus assuring your security from the moment you take your debit card out of your wallet to the time you put it back.

HomeATM's certified device is the only technology in the world that delivers a bank/military grade secure environment in this fashion.

Download our latest white paper:

PIN Debit Payment with PC Software? No, Thanks!

Press Release:

Chicago, IL.  Mar 19, 2009 – HomeATM ePayment Solutions, a leading provider of secure hardware and software solutions, today announced their newest product, Safe-T-PIN™, has been Payments Card Industry (PCI) PIN Entry Device (PED) 2.0 certified.

The Safe-T-PIN point of sale terminal, manufactured by HomeATM, is the first ever Internet PED to achieve such certification. Safe-T-PIN™ provides secure two factor authentication for e-commerce transactions and secure log-in.

The pocket-sized Safe-T-PIN™ is USB “plug and play”, eliminating the need for drivers or downloads. Additionally, it works with any operating system or browser. The device provides users with the added convenience of swiping their cards versus keying in their numbers and will work with any bank, card processor, and currency.

The significance of this feat is that bank/military grade encryption of financial data from beginning to end is now affordable to the masses.

HomeATM’s mission was to design, build and provide an affordable POS that brought End-to-End-Encrypted (E2EE) security and thus lower fees to merchants and consumers.

The Safe-T-PIN™ also allows authorized secure person-to-person (P2P) money transfers in real-time. “We are proud of our engineering team and extremely excited to provide a cost-effective solution to those who can least afford fraud and risk,” said Ken Mages, CEO.

"The Safe-T-PIN™ exponentially reduces the likelihood of a breach and provides the dual authentication solution that e-tailers and money remittance companies  have been seeking in order to fill the current fraud/security void in secure transactions on the web. HomeATM is already in advanced discussions with several  Fortune 100 companies and this certification will certainly result in expediting those talks.”

HomeATM Corporate Site

Click Here to Go to HomeATM Corporate Website

Disqus for ePayment News