On Thu, Dec 10, 2009 at 11:50 AM, Larry Seltzer <[email protected]>wrote:
> For this approach to work the malware has to install on the system as a > privileged process. Once that happens almost any conceivable defense is > compromised. The mistake is that the system was left open to the > malware. > > Larry Seltzer > Contributing Editor, PC Magazine > [email protected] > http://blogs.pcmag.com/securitywatch/ > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of [email protected] > Sent: Thursday, December 10, 2009 11:57 AM > To: RandallM > Cc: funsec > Subject: Re: [funsec] ram scraper > > On Thu, 10 Dec 2009 10:17:58 CST, RandallM said: > > what is the types of processes to protect from RAM pilfering? I have > > to admit I never thought this one. > > > > http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/ > > "So-called RAM scrapers scour the random access memory of POS, or > point-of-sale, terminals, where PINs and other credit card data must be > stored in the clear so it can be processed. When valuable information > passes through, it is uploaded to servers controlled by credit card > thieves." > > So tell me - why is a POS terminal at all vulnerable to easy infection > by malware? Let me restate it: > > 'POS Terminal' == 'network-connected cash register'. > > These need to be easily reprogrammed (by owner or miscreant), why, > exactly? > > and the difference here to "allowing" any malware is....????? -- been great, thanks a.k.a System
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
