How would malware get into the POS system?
You can’t use a cash register to go surfing on porn.com
And for those of us who believe Abstinence works, there is no problems at all with Identity Theft. If you do not make ANY electronic transactions you will be just fine.
Meanwhile CMS will testify in Congress today the Healthcare.gov is safe and secure and no security breaches have occurred.
Fascinating to read; wish I understood it...
Bank are making billions on electronic economy - they scarf 1-3% of every transaction - just for handling the transfer. They have been pushing electronic transfers - debit and credit cards as an alternative to cash.
The government likes it because now they have a record of virtually every cash transaction you make - read the ironically titled “Bank Secrecy Act” if you think the governement doesn’t have full access to your account informtion. What do they care if the system isn’t secure? You should have bought “idenity protection”, bub!
Not thousands. Millions.
Surprise, surprise. Compromised POS systems were all Windows systems. These companies are big that they could develop and utilize Linux-based POS systems.
That’s going to be the ONLY way to secure their systems. The ONLY way. Fundamentally, Windows as it now stands is essentially impossible to secure.
I’ve worked with Windows in depth for 16 years now, and know its ends and out enough to make the above statement with complete confidence.
With Linux, the main threat is using insecure passwords and insider attacks.
Not one hundred-ten thousand, (110,000) but 110 million. (110,000,000)
Fully 1/3 of the US population.
Times one thousand. That's 110 Million customers.
Why I won't get a debit card--straight pipeline into your funds.
Nevermind!
Better to write an autobiography and hope someone buys the book if I want my life history on view. At least I might make enough money for a cup of coffee now and then.
Ping to interesting details.
bookmarking this.
NOTE: If this blogger, KrebsOn Security hadn’t received a tip and researched it, then published it, none of us would have known about it. Target never even admitted it happened until two days after he published the info, and never, ever did anything to recompense customers. Even their offer of free credit monitoring came weeks after the news broke.
I can see how the POS data could be collected by this malware and sent to some obscure place on Target’s servers for later collection by the bad guys, but how did it get there? I suspicion that someone within Target’s IT department with access may have done this and opened a back door for the bad guys to retrieve the hacked information. It is also possible that someone could do this by hacking into the system from outside, but then why pick Target instead of some more high end stores where customers have more to steal?
We can still circumvent most by just leaving monthly bill money in checking - take rest in cash and use for purchase -
Why do you think they want to get rid of cash?
After the congress critter declared the Target problem to be like the Obama care problem,I am certain the hack was done by the treacherous tyrant in the White House to make himself look good.
“The bad guys were logging in remotely to that [control server], and apparently had persistent access to it,” a source close to the investigation told KrebsOnSecurity. “They basically had to keep going in and manually collecting the dumps.”
It’s not clear what type of software powers the point-of-sale devices running at registers in Target’s U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service (WEPOS).
If the malware was an attack on Windows XP Embedded/Windows Embedded for PoS" it'll be the first case I've heard of, though likely not the ONLY case out there.
XP Embedded happens to run quite a few ATM machines in the U.S. I was part of a large project for a big Chicago Based Bank (now B of A) back in 2003 which converted legacy mainframe based 3270 ATM's with Windows XP Embedded.
My guess is right about now there's a whole lotta banks double-checking their ATM security .....