funsec mailing list archives
Restaurants Sue Vendor for Unsecured Card Processor
From: Robert Portvliet <robert.portvliet () gmail com>
Date: Tue, 1 Dec 2009 12:34:09 -0500
Interesting article, plenty o' fail.... but who's doorstep does this land on & do you folks think the outcome could have ramifications for the industry? http://www.wired.com/threatlevel/2009/11/pos/ *Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems. The restaurants, located in Louisiana and Mississippi, have filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen. * According to plaintiffs, Computer World’s technicians allegedly installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. The only problem is, the company failed to secure the program. The suit alleges that the system was not up to date with software patches, and the PCAnywhere remote log-in and password that technicians used to access the POS systems was the same at every one of the 200 Louisiana locations where the system was installed. According to one of the plaintiffs who spoke with Threat Level, the default login was “administrator” and the password was “computer.” * In April 2008, just a few months after installing the system, one of his employees called to tell him that the mouse cursor on one of three Aloha terminals he’d bought seemed to be moving on its own and that employees were unable to take control of it. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Restaurants Sue Vendor for Unsecured Card Processor Robert Portvliet (Dec 01)