[FoRK] pos POS malware ram scraper

Stephen Williams sdw at lig.net
Thu Jan 16 12:28:02 PST 2014


You're an idiot if you run Windows, especially to create a pos POS.
You're an idiot if you leave RDP ports open to the Internet
You're an idiot if you run an operating system full of holes in the wild 
(Windows on POS) that allows RAM scraping from anything that can easily 
be run on that machine.
You're an idiot if you allow POS machines to make outgoing exfiltration 
TCP connections.
You're an idiot if you have a POS application that leaves sensitive data 
in plaintext in memory for more than a moment, if even that.

I've written POS systems from scratch and as part of NCR Retail's 
department store systems (both long ago).

I've designed, built, evaluated, and defended the design and 
implementation choices of high profile, highly secure distributed 
systems.  This includes being the project lead grillee with GAO, NIST, 
and an invited panel including Boeing experts.

Therefore, I can say with authority that from the POS vendor to everyone 
involved at Target that they are all idiots.

http://www.zdnet.com/likely-candidate-for-target-breach-malware-found-7000025247/

sdw



More information about the FoRK mailing list