"More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised"
So in El Reg speak - 1 in a BEEEElLION?
More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
Yup, just to be a complete dick I've started using checks at the local Target. 6 out of 8 cashiers so far didn't even know how to process one, which makes it even more fun. I'm going to do that until at least past New Year's.
I used my debit card there *ONCE* and got nailed by their breach.
There's one near me, and he's doing very well despite there being a shopping centre with both a Coles and a Foodland within a kilometre of him. Although I do most of my weekly shopping online, I get my fruit and veg from the greengrocer because 1) he's often cheaper than the supermarkets, 2) his produce is a lot fresher and better quality than the supermarkets, 3) if I buy fresh produce online I usually get given whatever crap the onsite shoppers reject, so 4) I can pick out the particular fruit and veggies I want at the greengrocer.
Anyone who shops online and has ordered fruit and veg this way will soon discover that it's not a good way to get fresh produce. Which is why the greengrocer near me is always full of customers.
I'm guessing but I imagine it is just Windows malware.
http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html
And you'd almost certainly have guessed wrong. Entrenched loyalties and miguided myopic viewpoints are the biggest threat to secure computing, not the hackers.
those Windows POS Terminal updates reported yesterday (http://www.theregister.co.uk/2014/05/26/german_tinkerer_gets_around_xpocalypse/) that are supposed to keep your XP system secure by pretending it's a POS haven't even kept real POS terminals secure?
Not all POS terminals are the same quality POS. Some POS are real POS terminals built on XP Embedded. Wheras other POS terminals are real cheapo hacked together PoS just built using the cheapest components and standard Windows XP Home slung together by a clueless droid just trying to maximise profit. The PoS is then installed in a shop and during setup this ID-10T "installation engineer" will then disable all the security while you are not looking, and then go onto the main Office Admin PCs and setup a file share on the whole C: drive open to everyone just to get their crud software installed.
With some suppliers, POS describes every part of these systems as some of them come from companies with a scary lack of interest in security. And when a real IT Engineer is brought in to fix problems, the POS suppliers tend to get a little upset when challenged over their POS practices. Even more frustrating when they think it is okay to put free editions of AV products on the PCs to "protect" them (ignoring the "not for business use" licences).
Some of the POS that is sold to shops is terrifying. The suppliers know the shop owners rarely know what they are getting, so the supplier can get away with murder. Overcharging for the privilege. And try and ask these suppliers why they were still shipping XP based tills in 2012 and what they plan to do to protect them... and you get all kinds of BS replies. Whereas the truth would be that they are just plain incompetent rip-off merchants.
Experience of POS may vary... and I am not naming clients or suppliers here. But down at the shop level of suppliers it is a stunning mess of scams. And that is even *before* they have been drawn into botnets.