Restaurants Sue Vendor for Unsecured Card Processor

[Robert Portvliet <robert.portvliet () gmail com>]

Interesting article, plenty o' fail.... but who's doorstep does this
land on & do you folks think the outcome could have ramifications for
the industry?

http://www.wired.com/threatlevel/2009/11/pos/


*Seven restaurants have sued the maker of a bank card-processing
system for failing to secure the product from a Romanian hacker who
breached their systems.

The restaurants, located in Louisiana and Mississippi, have filed a
class-action suit against Georgia-based Radiant Systems for producing
a point-of-sale (POS) system that they say was not compliant with
payment card industry security standards and resulted in an
undetermined number of customers having their debit and credit card
numbers stolen.


*  According to plaintiffs, Computer World’s technicians allegedly
installed the remote-access program PCAnywhere on the systems to allow
its technicians to fix technical problems from off-site. The only
problem is, the company failed to secure the program. The suit alleges
that the system was not up to date with software patches, and the
PCAnywhere remote log-in and password that technicians used to access
the POS systems was the same at every one of the 200 Louisiana
locations where the system was installed. According to one of the
plaintiffs who spoke with Threat Level, the default login was
“administrator” and the password was “computer.”


* In April 2008, just a few months after installing the system, one of
his employees called to tell him that the mouse cursor on one of three
Aloha terminals he’d bought seemed to be moving on its own and that
employees were unable to take control of it.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.