
Target Confirms Point-of-Sale Malware Was Used in Attack - techinsidr
http://www.securityweek.com/target-confirms-point-sale-malware-was-used-attack
======
ajclark
These systems are usually windows machines - typically "hardened" to various
degrees (lock out USB keys etc) and protected by enterprise anti-virus
solutions (mcafee, etc)

The windows build is typically a single "golden image" with a known checksum
that can be blasted down to machines over wan/lan during the evening.

Source: I used build and deploy the image to many thousands of POS systems at
Dixons Store Groups retail chains (UK)

~~~
rosswilson
Doesn't DSG use their own custom made EPOS system? Eclipse? Do you have any
experience with it and their security policies?

I've had quite a few experiences as a customer at PC World when they've had
"till failures" \- ironic for a computer store. They often blame head office
for overnight updates gone wrong.

------
InclinedPlane
In many ways this isn't surprising and has just been a matter of time. PoS
systems are some of the least thoroughly engineered and least well protected
yet critically important systems in existence. Hundreds of billions of dollars
in transactions are processed through these often half-assed engineered
systems.

~~~
phurley
Not commenting directly on your assessment of the state of PoS systems, but
how does a software vendor (not OS or sys admin) protect against targeted
malware that is able to get access rights to your RAM space from scanning for
well known track signatures?

I agree more can and should be done, but protecting against targeted malware
by a sophisticated attacker is a very difficult problem. The amount of money
at stake is large, so the resources expended by the attackers is also large.

Personally I believe that the current credit card system is broken and needs a
significant change, but this is a very difficult process.

------
dhyasama
Two questions:

1\. How do you get 40 million cards in a day from scraping RAM? Wouldn't it be
limited to live transactions? 40m seems like a huge number of transactions for
one day. An average ticket of $50 would make it a 2 billion dollar day.

2\. Why does the card data need to be decrypted on the POS system? Why can't
it be sent to a central service and decrypted there and an authorization code
is sent back?

~~~
er0k
From Target's press release, this happened between Nov. 27 and Dec. 15, so
it's closer to three weeks. Dec. 15 was just the first day they confirmed the
problem.

------
TwoBit
Does anybody know what kind of operating system is running on the devices?

~~~
techinsidr
It's likely a windows-based platform, as Windows has been almost exclusively
the platform targeted by memory parser POS malware.

~~~
Avshalom
Target is yes as far as I know a windows shop. All the staff computers are
Win7, all the PDAs and wall mounted price scanners are WinCE.

