Eric M Russell (10/30/2014)
The impression I get is that most of these hacks targeting big retailers are actually not database penetrations. Malware gets installed on the Point Of Sale terminals, which then skims data from credit card transactions. There are also cases where hackers sniff unencrypted wifi network traffic from POS terminals. Corporate headquarters can lock down their database servers, but sensitive data originates at 100s of local retail outlets which perhaps arn't following the corporation's own security policies when it comes to how the computer equipment is configured or used. I mean, how does malware end up on a POS terminal? Are employees browsing the web on their POS in between customers?
Some installations of ePOS systems based on PCs rather foolishly leave the base unit on the counter and the back of the base exposed with ports clearly visible. All it takes is plugging in a USB key which runs software on connection. If the machine is not locked down then it is a simple task.
EDIT: Posted without checking spelling due to automatic install that rebooted PC with 1 minutes warning!!! :angry:
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!