Surprise, surprise. Compromised POS systems were all Windows systems. These companies are big that they could develop and utilize Linux-based POS systems.
That’s going to be the ONLY way to secure their systems. The ONLY way. Fundamentally, Windows as it now stands is essentially impossible to secure.
I’ve worked with Windows in depth for 16 years now, and know its ends and out enough to make the above statement with complete confidence.
With Linux, the main threat is using insecure passwords and insider attacks.
The compromise was at the server level. The hackers installed a compromised server on the network and read the data from the POS terminals in real-time.
IOW, they had insider help or used social engineering to gain admin-level network access.
So, in this case, at least, using Linux would have made no difference at all.
You’d be foolish to omit network vulnerabilities as part of the issue. As a server administrator and network engineer, I can tell you that everything from your ISP modem to your iPhone are scanned on a regular basis from points all around the world for port and protocol vulnerabilities every day, every hour, every minute.
I run a VM server and host several gaming clan sites and voice services from my home, and my logs are flooded with requests from all over the globe: Romania, France, Sweden, Russia, China, Vietnam, the Phillipines, Venezuela, Brazil, you name it. I’ve set up filters on my proxies to prevent IPs from Russia and China, specifically, but my firewall logs are constantly hammered. They’re scanning every possible port from lowly SSH (22) up through the higher random ports most Windows systems use (1024-65K). If they find something, they’ll get in.
This is where I tell everyone who is using Windows XP to STOP USING WINDOWS XP! I don’t care if you’re in your 60s and XP “just works,” for us younger whippersnappers, there’s nothing more laborious or frustrating than getting a call from our elders about computer problems and coming to find out you’re running XP. Would you still be driving around an Edsel if you could? C’mon! XP is a giant vulnerability matrix. You’re on your own VERY soon, as MS no longer supports the OS in any way.
Many POS systems are running XP or some screwy Windows variant. There are plenty of FREE Linux distros for POS. Most large businesses like Target don’t want to invest the money for the right people to do a large-scale implementation, but we do exist.
That is complete BS. First Windows XP is no longer in regular support and is going to be completely unsupported in April.
Try getting a version of Linux from when XP was launched that is still secure today.