Cash only then?
Is it time to go back to cash only? Or maybe checks?
Trend Micro researcher Anthony Joe Melgarejo says the sophisticated Angler exploit kit popular in cybercrime circles is now targeting point-of-sale (PoS) systems. It appears to be the first time an exploit kit has included PoS in its list of hackable platforms, putting them alongside the likes of Adobe Flash, Reader, Java, and …
Or time for the NSA and GCHQ to put some of their mighty resources to squash some of these nasties.
I don't want them to give up on other stuff, but given that most recent terrorist attacks have been executed by perps known to the agencies which they have failed to follow up on they may as well divert some resources to stuff they are best placed to actually deal with.
Cash isn't all that reliable these days, I've had a few places recently refuse to take my folding stuff because they thought it was suspect. And don't get me started on the 'cash loaders' I have to use at work to charge up my staff card, they regularly fail to accept any notes so I go hungry.
Maybe if my company spent a billion or so less on football rights and just a little bit more on staff services things would be better?
But Mr Darroch tells me all is well so who am I to argue?
They don't. Flash is simply a point of entry to the overall network. So a "Luser" clicks on an infected Flash file (How many Russian language emails with .zip attachments can you get before you figure something is up?), is on the same network as the POS systems and the exploit works it's way through to the POS equipment.
The real issue is why is there a reason to have the POS directly connected to a network that is facing the Internet. It should be on it's own segregated network. In fact, I wouldn't trust a VPN or use a subnet.
Just take them off the regular network entirely. The vendor who manages the POS should be required to come to the site and download any consumption data rather than using the Internet.