Re: ram scraper

["Young, Keith" <Keith.Young () montgomerycountymd gov>]

> > what is the types of processes to protect from RAM pilfering? I have to
> > admit I never thought this one.
> >
> > http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/

> Considering "...The RAM scraper dumped the contents of the server’s
> live memory into a file named dumper.dll in the Windows system
> subdirectories..." it (the scraper) must have had at least local admin
> access, if not system access, in order to write a file there (unless
> security was thoroughly hosed on the system in the first place).
>
> Wouldn't simply zeroing out the buffer that held the data mitigate
> something like this?  Is that too easy?  I know security-savvy
> programmers are rare but it seems like an easy win.

The solutions are already there.

Hmm... if it is a POS terminal, why wouldn't it:
        1) be locked down to only allow running of the POS application, and
        2) have "file-integrity monitoring software to alert personnel to unauthorized modification of critical system 
files, configuration files, or content files;" [11.5]

--Keith

Keith Young, Security Official
Department of Technology Services
Montgomery County, Maryland
phone - (240) 777-2955 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.