viernes, 5 de junio de 2009

Voto Electronico

Cada tanto aparece el voto electronico como la panacea, el antifraude por excelencia, quizas caben dos comentarios
1. Lo que importas no es el voto sino quien lo cuenta, y, aca entraria la maquina perfecta
2. No debe haber nada mas controlado, en teoria, que los cajeros electronicos, al fin y al cabo, es la viscera mas sensible

y aca, una pequeña nota, me dio fiaca traducirla

solo el titulo y el primer parrafo

Troyanos que leen datos escondidos en Cajeros Automaticos del Este de Europa

Expertos de seguridad han descubierto una familia de troyanos que roban datos que se han escondido dentro de Cajeros Automaticos en el Este de Europa los ultimos 18 meses

sigan divirtiendose

Data-sniffing trojans burrow into Eastern European ATMs


Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.

The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.


"They're following more of a rapid development lifecycle," Nicholas Percoco, vice president and head of SpiderLabs, told The Register. "They're seeing what works and putting out new versions."

SpiderLabs researchers delved into four of the more recent versions and what they found was a highly capable family malware written with professional standards. Once installed, it monitors the ATM's transaction message queue for track 2 data stored on inserted cards. If it contains data belonging to a banking customer, it logs it, along with the PIN code that was entered.

The software also works with controller cards that allow the attackers to operate infected machines. When such a card is inserted, the ATM's display shows a window offering 10 command options that can be selected using the keypad. Options include the ability to print collected data, restore log files to the condition prior to the malware installation, and uninstall the malware altogether.

A secondary menu also allows the person to force the machine to dispense all its cash. There is also documentation for another feature that would upload intercepted card data to a chip on the controller card, but that capability doesn't seem to work yet. Controller cards include both master and single function. The former is presumably for people higher up in the organization while the latter would be used by mules who are not fully trusted.

The findings build on a report issued in March by Sophos that documented card-sniffing trojans that targeted ATMs made by Diebold. The ATM manufacturer said several suspects had been apprehended following an incident "isolated in Russia" in which attempts were made to use the malware.

SpiderLabs' Percoco said he didn't know if the malware his researchers studied was tied to the Sophos report. Both malicious programs can be installed only by people with physical access to the machines, making some level of insider cooperation necessary. But unlike the Sophos report, SpiderLabs said the software targeted ATMs made by multiple vendors, though Percoco declined to say which ones. The SpiderLabs report said only that the targeted ATMs ran on the Windows XP operating system.

"These are systems that are connected to financial networks that are literally sitting out in the open, and they are vulnerable," Percoco said. "All these systems are unattended, or most of them are. You often walk by when they're being serviced."

2 comentarios:

Ulschmidt dijo...

En realidad el problema a resolver es la crónica falta de fiscales y el fuerte desinterés de los presidentes de mesa. En países donde la gente concurre a votar un 70%, en algunos ni el 50%, el despliegue de personal electoral es cada vez más complejo.
Es evidente que las escasas fuerzas - a veces sólo la primera del distrito - que pueden poner fiscales en todas las mesas tienen una posible ventaja con eso.
Así que puede ser la urna electrónica, o puede ser la boleta única con tachas, o boletas magnetizadas para que el recuento sea más veloz y se vote en menos mesas... pero el asunto se ocupar menos gente en las votaciones!

Ester Lina dijo...

Todos los sistemas tienen sus puntos débiles... y sus resquicios para burlar la seguridad...
Aprovecho para comentarte un rumor, del cual, los que seremos fiscales, tenemos que tomar en cuenta. Dicen que la oposición imprimirá boletas casi idénticas a las del partido justicialista, y van a omitir un candidato. Cuando hagan el recuento de votos van a impugnarlas.
De Narváez está en este momento en la TV, y dice que hay que tener mucho cuidado con los K... y yo le aplico a él un refrán que dice "el ladrón ve a todos de su condición"
Saludos