Feeds

back to article Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

"More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised"

So in El Reg speak - 1 in a BEEEElLION?

0
0
Silver badge

More than a thousand ... worldwide

I don't want to appear complacent, but a thousand worldwide isn't exactly an epidemic.

0
0
TRT
Silver badge

If only...

There were some sort of book of paper chits that you as a customer could sign and hand over to the cashier in order that the signature could be used to verify the transaction...

8
2

Re: If only...

Verify signature?? That's even more naive than expecting Internet banking to be secure!

7
1
Bronze badge

Re: If only...

Or...what if we came up with a commonly-agreed physical symbol of value that could be exchanged? We could, I dunno, make these out of paper or metal or both? Purchases would be completely anonymous!! What do you think? Would it catch on?

22
0
Silver badge
Stop

Re: If only...

Yup, just to be a complete dick I've started using checks at the local Target. 6 out of 8 cashiers so far didn't even know how to process one, which makes it even more fun. I'm going to do that until at least past New Year's.

I used my debit card there *ONCE* and got nailed by their breach.

9
0
Silver badge

There are a thousand greengrocers that the supermarkets havent forced out of business?

12
1
Silver badge

There's one near me, and he's doing very well despite there being a shopping centre with both a Coles and a Foodland within a kilometre of him. Although I do most of my weekly shopping online, I get my fruit and veg from the greengrocer because 1) he's often cheaper than the supermarkets, 2) his produce is a lot fresher and better quality than the supermarkets, 3) if I buy fresh produce online I usually get given whatever crap the onsite shoppers reject, so 4) I can pick out the particular fruit and veggies I want at the greengrocer.

Anyone who shops online and has ordered fruit and veg this way will soon discover that it's not a good way to get fresh produce. Which is why the greengrocer near me is always full of customers.

0
0
Anonymous Coward

Windows my dear Watson..

I'm guessing but I imagine it is just Windows malware.

4
6
Mushroom

Re: Windows my dear Watson..

I'm guessing but I imagine it is just Windows malware.

http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html

And you'd almost certainly have guessed wrong. Entrenched loyalties and miguided myopic viewpoints are the biggest threat to secure computing, not the hackers.

7
3
Silver badge
Unhappy

I found myself in a cab the other day...

And when it came time to pay the driver, I reached for my credit card. Then I remembered all the stories about corrupted POS systems, and I pulled out the cash.

0
0
Bronze badge

Re: I found myself in a cab the other day...

I did that and i have some bogus £10 charge against my card. I was in central London but still £10 to withdraw cash ! its a bit extreme.

1
0
Silver badge
Meh

So...

those Windows POS Terminal updates reported yesterday (http://www.theregister.co.uk/2014/05/26/german_tinkerer_gets_around_xpocalypse/) that are supposed to keep your XP system secure by pretending it's a POS haven't even kept real POS terminals secure?

3
0
Flame

Re: So...

Not all POS terminals are the same quality POS. Some POS are real POS terminals built on XP Embedded. Wheras other POS terminals are real cheapo hacked together PoS just built using the cheapest components and standard Windows XP Home slung together by a clueless droid just trying to maximise profit. The PoS is then installed in a shop and during setup this ID-10T "installation engineer" will then disable all the security while you are not looking, and then go onto the main Office Admin PCs and setup a file share on the whole C: drive open to everyone just to get their crud software installed.

With some suppliers, POS describes every part of these systems as some of them come from companies with a scary lack of interest in security. And when a real IT Engineer is brought in to fix problems, the POS suppliers tend to get a little upset when challenged over their POS practices. Even more frustrating when they think it is okay to put free editions of AV products on the PCs to "protect" them (ignoring the "not for business use" licences).

Some of the POS that is sold to shops is terrifying. The suppliers know the shop owners rarely know what they are getting, so the supplier can get away with murder. Overcharging for the privilege. And try and ask these suppliers why they were still shipping XP based tills in 2012 and what they plan to do to protect them... and you get all kinds of BS replies. Whereas the truth would be that they are just plain incompetent rip-off merchants.

Experience of POS may vary... and I am not naming clients or suppliers here. But down at the shop level of suppliers it is a stunning mess of scams. And that is even *before* they have been drawn into botnets.

2
0
Coat

But....

Shouldn't it be greengrocer's?

10
0
Silver badge

Re: But....

I was thinking the same thing.

0
0
Headmaster

Re: But....

But you might have more than one local supplier of rabbit food, so it could be

greengrocers' too.

But since this is greengrocers that we're talking about, on ElReg, shouldn't it be

green'gro'cer's'

1
0

If they're so easily compromised, perhaps the acronym for these Point Of Sale terminals should be changed for a different computing acronym that fortunately uses the same letters.

3
0
Silver badge

@ Maty

I rather agree with you, though I would love to see some point-of-sale vendor taglines such as "When you think POS, think of us" or "The POS leaders" before that happens.

1
0

This post has been deleted by a moderator

Silver badge

Re: All people and businesses NEED Anti KeyLogging Keyboard encryption to stop the bleeding

"Contact me for FREE advice"

I suppose that FREE advice would be to buy something from you that WASN'T free ?

A very tacky first post I must say.

3
0
Anonymous Coward

Point-of-sale systems infiltrated ..

"More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware"

What platform does this Nemanja botnet run on and what was the method of infiltration?

2
0
This topic is closed for new posts.