back to article Hackers rely on weak passwords when brute-forcing PoS terminals

New research takes a fresh perspective on the passwords hackers use while scanning the web rather than the weak login credentials users often pick. Security analysts Rapid7’s results come from a year’s worth of opportunistic credential-scanning data collected from Heisenberg, the MetaSploit firm’s public-facing network of …

  1. Mark 85 Silver badge


    Point of Sale! or Piece of Shitte!! Both definitions are interchangeable here.

    1. MrDamage

      Re: POS

      I normally reserve Piece of Shit for the brain dead operators of said terminals.

  2. Tristan

    There's a firm I know of that uses the pos company name in lowercase as the WiFi key for the cash register networ, which always has wifi even where there's cable point everywhere. It's just moronic.

    I'm just lucky no-one's asked me to make anyone using their junk PCI compliant!

  3. Anonymous Coward
    Anonymous Coward

    Back when my wife worked in a shop, her username and password for the POS system were both the same single character. Her argument was that she was constantly having to step away from the till, and the hassle of having to type a long username and password every few minutes was too great. Which is why a lot of older POS systems, especially in the hospitality industry (i.e. down the pub), use a physical security token for fast logins.

  4. Anonymous Coward
    Anonymous Coward


    "implying a belief by hackers in the widespread use of defaults and passwords chosen out of convenience instead of security necessity"

    Or the script-kiddies are all using the same common password file they downloaded from the web in the year 2000.....

    1. MachDiamond Silver badge

      Re: Passwords

      The sad thing is that the file still works well.

      1. Tom 13

        Re: The sad thing is that the file still works well.

        Yes and no.

        Look at the percentages on those tries. Now think about what they would have been back in 2000 and what they would have hit. Yeah, much bigger piece of the pie because back then computer security was still pretty much a joke outside of the NSA and banks. Even in 2005 one of the Jr Sys Admins where I worked use to bitterly complain that he'd take security seriously AFTER they changed the Admin DB password for all of the over the wire backup software installed for one division to something other than a blank.

        Facepalm because it hurts so much to think about the fact that for all things suck now, they were even worse back then.

  5. This post has been deleted by its author

  6. allthecoolshortnamesweretaken

    People. Do. Not. Understand. Computer. Security.

    1. Tom 13


      But if you ask them they'll tell you they do: it's a conspiracy to stop them from doing their jobs.

      Obligatory Dilbert:

  7. DougS Silver badge

    WTF - bl4ck4ndwhite and alex?

    These must be default passwords for some brands of PoS terminals, or been the password used by a couple large companies with thousands of PoS terminals. I can't see them having so many uses otherwise.

  8. David Roberts Silver badge

    Success rate?

    Plenty of stats on the common passwords used in attacks.

    I can't see any on the success rate of these passwords (unless I missed something in the article).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019