funsec mailing list archives

Re: ram scraper

From: Valdis.Kletnieks () vt edu
Date: Thu, 10 Dec 2009 11:57:24 -0500

On Thu, 10 Dec 2009 10:17:58 CST, RandallM said:

what is the types of processes to protect from RAM pilfering? I have to
admit I never thought this one.

http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/


"So-called RAM scrapers scour the random access memory of POS, or
point-of-sale, terminals, where PINs and other credit card data must be stored
in the clear so it can be processed. When valuable information passes through,
it is uploaded to servers controlled by credit card thieves."

So tell me - why is a POS terminal at all vulnerable to easy infection by
malware?  Let me restate it:

'POS Terminal' == 'network-connected cash register'.

These need to be easily reprogrammed (by owner or miscreant), why, exactly?

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

ram scraper RandallM (Dec 10)
- Re: ram scraper Valdis . Kletnieks (Dec 10)
  - Re: ram scraper Larry Seltzer (Dec 10)
    - Re: ram scraper RandallM (Dec 10)
  - Re: ram scraper The Security Community (Dec 10)
    - Re: ram scraper Michael Collins (Dec 10)
- Re: ram scraper The Security Community (Dec 10)
  - Re: ram scraper Young, Keith (Dec 10)