Python, Java, C++, Delphi, PHP—these programming languages were used create a virtual crypto ATM machine to be tested by the participants of the $NATCH contest at Positive Hack Days 12. The entire code was written by ChatGPT and proved to be exceptionally good. This time, we had reviewed the contest concept and decided to use a report system. In addition to standard tasks (kiosk bypass, privilege escalation, and AppLocker bypass), this year's participants faced new unusual tasks. Read on below to find out which ones.
Payment systems *
Sending money via the Web
I would like to draw your attention to some key insights from two comprehensive reports, shedding light on the importance of fraud prevention as a burgeoning field with substantial job prospects. The original reports can be accessed through the link provided at the end of this message.
Firstly, let's consider a couple of significant events from the previous year that remain highly relevant. Retail e-commerce sales surged to a staggering $5 trillion, with projections indicating a further increase to $8 trillion by 2026. Furthermore, the percentage of shoppers making cross-border purchases rose from 69% in 2019 to an impressive 76%.
These statistics affirm that online shopping is not a passing trend, as consumers are willing to make purchases from international vendors, even if it means enduring longer delivery times in exchange for lower prices. From a fraud prevention perspective, this highlights the escalating number of non-domestic payments and the rise in the use of lost or stolen cards for purchasing goods that can be resold in the future. Notably, refund fraud is becoming increasingly prevalent. However, many businesses have adapted their protocols to accommodate these emerging challenges. One such positive development is the gradual disappearance of restrictions on using payment methods that do not match the account country.
As cross-border purchases continue to proliferate, alternative payment methods are also on the rise. Current global statistics indicate that an average of four payment options are now available on merchant platforms. Additionally, open banking payment transactions are projected to surpass $330 billion globally by 2027, leading to a greater diversity of alternative payment methods. As companies embrace these methods, they are also becoming more aware of the associated risks. For instance, direct banking payment methods present unique challenges as they lack refund capabilities, while Buy Now Pay Later (BNPL) options introduce their own set of risks.
Hello everyone! We've already talked in our blog about how the Positive Hack Days 11 forum had a special Payment Village zone, where anyone could look for vulnerabilities in an online bank, ATMs, and POS terminals. Our competition to find vulnerabilities in an online bank is not new, but in recent years it has been somewhat supplanted by ethical hacking activities for other financial systems. In 2022, we decided to correct this injustice and created a new banking platform, making use of all our years of experience. We asked the participants to find typical banking vulnerabilities and report them to us. In the competition, the participants could play for either the "white hats" (participate in the bug bounty program of an online bank) or for the "black hats" (try to steal as much money from the bank as possible).
The Positive Hack Days 11 forum, which took place May 18–19, 2022, was truly epic. The bitterly fought ATM hacking contest featured no fewer than 49 participants. How cool is that? The winner of this year's prize fund of 50,000 rubles, with the handle Igor, was the first to hack the virtual machines. And he wasn't even at the event! :)
Besides Igor, eight other participants picked up prizes this year for their VM-hacking skills. They were: drd0c, vient, vrazov, durcm, zxcvcxzas7, asg_krd, hundred303, and drink_more_water_dude. A big thank-you to everyone who took part, and for those who weren't at PHDays, here are the links to the virtual machines.
Telegram Open Network (TON) is a platform by the same team that developed the Telegram messenger. In addition to the blockchain, TON provides a large set of services. The developers recently made the platform's code, which is written in C++, publicly available and uploaded it to GitHub. We decided to check the project before its official release.
This week I spent coding my very first public pet-app based on Telegram chat bot which acts as a Bitcoin wallet and allows to send and receive tips between Telegram users and other so-called “Lightning Apps”. I assume that you are familiar with Bitcoin & Telegram in general, i’ll try to post short and without deep jump into details. More resources about Bitcoin can be found here and Telegram is simply an instant messenger that allows you to create your custom apps (chat-bots) using their platform.
What are the key points of such app?
- Allows to rate other users ideas and answers with real value instead of
‘virtual likes’. This brings online conversation to completely new level
- Real example of working micro-payment app which can act with other entities
over internet using open protocol
- All the modules are open-source projects and can be easy re-used and adjusted
for your own project. App does not relay on third-party commercial services.
Even it falls under e-commerce field, which is currently almost closed, the app
is based on open solutions.
What are the use-cases?
something like this…