Re: ram scraper

[The Security Community <thesecuritycommunity () gmail com>]

The last time I rented a car (August, Enterprise) the ass-end of the
POS terminal I was served at presented me (the customer) with two USB
sockets.  The counter people were in and out of the office constantly
and although there was video surveillance it wouldn't have been
difficult to plug a thumb drive in on the off chance autorun wasn't
disabled.

Also, why on Earth do POS terminals have enough Internet/Web access to
upload files to anywhere?  So the help can watch hulu between
customers?

On Thu, Dec 10, 2009 at 11:57 AM,  <Valdis.Kletnieks () vt edu> wrote:
> On Thu, 10 Dec 2009 10:17:58 CST, RandallM said:
> > what is the types of processes to protect from RAM pilfering? I have to
> > admit I never thought this one.
> >
> > http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/
>
> "So-called RAM scrapers scour the random access memory of POS, or
> point-of-sale, terminals, where PINs and other credit card data must be stored
> in the clear so it can be processed. When valuable information passes through,
> it is uploaded to servers controlled by credit card thieves."
>
> So tell me - why is a POS terminal at all vulnerable to easy infection by
> malware?  Let me restate it:
>
> 'POS Terminal' == 'network-connected cash register'.
>
> These need to be easily reprogrammed (by owner or miscreant), why, exactly?
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.