Hacker Turns ATM Machines into Magical Money Tree

Black-Hat-ConferenceWhen I was a kid, I used to wish that everyone had a magical money spewing tree. In the mind of a dreamy little kid that would have been the perfect solution to poverty. Even better, kids could then be kids, instead of having to understand why diamond is hard and graphite is soft. On Wednesday, Barnaby Jack, a security researcher, demonstrated how anyone could get their own magical money spewing machine. And frankly, it’s downright scary.

In a session titled “Jackpotting Automated Teller Machines Redux”, Jack demonstrated to attendees at the Black Hat security conference, how easy it is to hack modern day ATM machines to make them do your bidding. Although ATM Machines are secure physically, their digital underbelly has simply not managed to keep up with the times. Most of them are powered by ancient software that have primitive security measures.

In one instance, Jack simply used a master key available online, while on the other instance he remotely hacked into the system. Although, his demonstration was focused on machines manufactured by Triton and Tranax, Jack believes that he can manipulate practically any ATM installation.

Rumor: YouTube to Increase Video Duration to 15 Minutes

YouTubeAlthough, select partners have long been able to upload lengthy videos on YouTube, most uploaders have had to contend with 10 minute clips. BoingBoing is now reporting that YouTube is preparing to increase the maximum duration of uploaded content to 15 minutes.

Earlier, Google had revealed that although YouTube was serving 2 billion views per day, an average user spent only 15 minutes per day on YouTube. One of the biggest challenges for YouTube is to increase its engagement factor. It’s a great venue for some quick-fire entertainment, but it lacks the compelling programming offered by traditional television channels. The increased video duration will offer more leeway to content creators to come up with content that will hopefully be more attractive to folks looking for something more substantial than David After Dentist.

Update: It’s official. Google has just confirmed the news through the official YouTube blog.

PayPal Suspending Direct Deposits/Electronic Withdrawals in India

After suspending personal payments in India, making PAN Cards compulsory and putting a lot of Indian website owners and others at hassle, PayPal is now going to stop Electronic Withdrawals or Direct Deposits in India.

PayPal Logo

PayPal India has just sent out a notice to all their users stating that Electronic or Direct Deposits to banks in India will no longer be available after July 29, 2010 for an indefinite period. Once again this is because of problems it is having with the Central banking authority in India also known as Reserve Bank of India.

The official note from PayPal to Indian users says this:

In accordance with regulatory instructions, we would like to notify you about a change in our withdrawal functionality in India starting on August 1, 2010. At present you can request for either an electronic or cheque withdrawal of funds from your PayPal account if you are an India user.

From July 29, 2010 onwards, you will only be able to request for a cheque withdrawal of funds from your PayPal account.

While we are working hard to restore the electronic withdrawal service, in the meantime, we are bringing this matter to your attention so that you can plan your future withdrawal activities accordingly.

Though there is no note on why the Direct Deposits are being stopped or when they will resume, it is more likely that the Indian Government is cracking on the free flow of money to India through PayPal. However, what beats me is the they can easily track the transactions even if they are direct deposits, so why put everyone through an hassle with a cheque?

The one silver lining in this entire news is that PayPal will refund the $5 fee which users have had to be paid if they were using a cheque withdrawal.

Windows Shell Shortcut Vulnerability Is Being Actively Exploited

Earlier this week the exploit code for a highly critical Windows vulnerability affecting all versions of Windows from XP to 7 was made public. The bad news is that malware developers are already actively exploiting this bug. Symantec has identified that the W32.Stuxnet worm, which spreads using this vulnerability, has already affected thousands of systems.

The Shell Shortcut Parsing vulnerability is a particularly worrisome bug because there aren’t a lot of things a user can do to protect himself. Even if autorun and autoplay is disabled, users can still get infected. All that the user is required to do is to open the compromised device, network share or WebDav. The only preventive measure is to disable icon rendering. However, doing so will basically cripple the Windows environment. To make matters worse, Steve Gibson from GRC research is claiming that a security researcher has already figured out a way to exploit this vulnerability through favicons.

Microsoft is obviously working hard to patch this severe vulnerability. However, an official patch may take weeks to come. Until then, ensure that your system has up-to-date malware protection, and avoid using Internet Explorer (other browsers can also be exploited, but possibly to a lesser degree).

Was Yahoo Down For More Than an Hour?

Yahoo-Down Reports are coming in that Yahoo was not accessible to a certain subset of users for well over an hour. It’s not exactly clear what happened, but the problem appears to have impacted a significant number of users. DBKP notes that complaints have been received from users in diverse locations like Virginia, USA and Mumbai, India.

A discussion on Neowin suggests that at least a portion of the affected users were having trouble due to issues with Comcast and AT&T’s DNS service. The problems seem to have been resolved for most users. However, in case you are still having trouble accessing Yahoo Search or Yahoo Mail, try your luck with alternate DNS services like OpenDNS and Google Public DNS. If you are not comfortable with manually changing your DNS settings, DNS Jumper can do it automatically for you.

Yahoo has been accessible on my end throughout the day. However, I use OpenDNS, which apparently is not affected by this outage. Don’t forget to let us know if Yahoo is/was down for you.

Yahoo Starts Testing Microsoft Search Listings

Quite recently, we told you that Yahoo was going to start testing with Microsoft soon, and today, they have officially announced that Yahoo is now testing organic and paid search listings from Microsoft’s Bing powered search backend.

Yahoo has begun testing displaying organic and paid listings using Microsoft’s search engine Bing. The only difference between the older and newer search is that the results will no longer be served by Yahoo, however, the interface and design of Yahoo search will remain the same.


As seen in the screenshot above, the organic search results in the yellow boxes are powered by Microsoft and include a mix of both organic and paid listings, the rest of the content on the page is still processed by Yahoo themselves. Right now, the Microsoft powered search listings will only be displayed on Yahoo web search.

However, Yahoo is also planning to include the Microsoft powered search listings on Yahoo! Mobile properties. Yahoo plans to roll out full Microsoft integration to all US and Canada users by August/September timeframe. More at the Yahoo! Search Blog.

Type the Indian Rupee Symbol with Foradian Rupee Font

Indian-Rupee After contemplating on various designs for over a year, the Indian government finally zeroed in on an Indian Rupee symbol earlier this week. The government intends on adopting the chosen symbol nationally within six months, and internationally within 18 to 24 months.

One of the essential steps in this formal process is getting approved by Unicode Consortium. That would lend Rupee a place in the Unicode character map, which will make it possible to use and view the symbol on almost any computer around the globe. Keyboards incorporating the sign should start appearing in India, soon after.

In the meantime, the best option is to use a font, which incorporates the Rupee symbol. Foradian has already created an excellent free font with the Indian currency symbol. In order to use it, simply install the font on your system and press the ` key.

The limitation of this approach is that the symbol won’t be readable on system’s which don’t have this particular font installed. One possible solution is to simply embed the font while saving your document.

[ Download Indian Rupee Font ]

Justin Bieber’s “Baby” Is Now The Most Watched YouTube Video Ever

You can either love Justin Bieber or hate him, but you just can’t ignore him. The teenage pop star’s music video “Baby” is now the most watched video on YouTube. After fighting it out for the past few days, Bieber has finally displaced the reigning champion Lada Gaga’s “Bad Romance”. At the moment, Bad Romance has 247,146,961 views, while Baby has 249,386,942 views.


Justin Bieber’s supremacy is not restricted to YouTube. Earlier, his dominance on Twitter had forced the micro-blogging service to change its trending topics algorithm. He has also been declared as the most searched celebrity on the web.

The aforementioned videos are embedded below. Go ahead and knock yourself out. By the way, if any of you manage to decipher exactly what’s so captivating about Bieber’s music, feel free to enlighten us.

MySpace Begins Testing Redesigned Profile Pages

If you still care about MySpace, there is some exciting news for you. The social networking giant, which has been struggling to stay relevant, is currently testing a redesigned profile page.

We’re testing a new look and feel of our site among users and the response so far has been positive”, a MySpace representative confirmed to Mashable.


Among other things the new profile page offers improved navigation and more focused social stream. The screenshot obtained by Mashable suggests that the new profile page also includes a module to promote profiles on other social networks like Twitter and Facebook.

To be honest, the new profile page appears really slick and is definitely a significant improvement. However, is this a case of doing too little, too late?

RIAA Spent More Than $16 Million in 2008 To Recover Only $0.391 Million

RIAA-Sucks If there is one thing that RIAA is famous for, it is suing people. Unfortunately for RIAA, their sue-happy policy doesn’t seem to be paying off. The Recording Industry vs. The People blog has uncovered that RIAA managed to recover only $391,000, after spending more than $16,000,000 in 2008 on litigations.

The statistics look even more dismal if you consider the three year period between 2006 and 2008. During this period RIAA spent more than $64 million and managed to recover only $1.3 million.

It’s ironic how a trust whose primary purpose is to look after the interest of artists is wasting money on litigations. The only ones benefiting from RIAA’s actions are the law firms. RIAA paid Holmes Roberts & Owen more than $9.3 million, Jenner & Block more than $7 million and Cravath Swain & Moore $1.25 million.

Well done RIAA!