Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Breaching Wireless Networks
Wireless Point-of-Sale: The New Target

Wireless networks and endpoints offer convenience and connectivity, but unless properly secured, they also offer a means of egress into the network. As evidenced by recent headlines surrounding undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eye toward breaching wireless networks and taking advantage of the many weaknesses incumbent. At the same time, we continue to see a trend toward stealing cardholder information from retailers such as TJ Maxx and Hannaford Brothers. According to a recent study conducted by the Verizon Business Risk Team, 84 percent of the data compromised in documented breaches pertained to cardholder information. [1]

The use of mobile networks is not an uncommon way of providing access for employees throughout a corporate campus. However, these networks come with several often-ignored dangers, including the exploitation of WEP (Wired Equivalent Privacy) and access points being deployed with minimal security measures.

If not properly mitigated, these vulnerabilities can eventually result in the exposure of private information as well as compliance violations if an exposure were to occur through one of those vulnerabilities.

The Target: Wireless Point-of-Sale (POS)
From an architectural perspective, a POS system runs an operating system (see Figure 1), likely a version of Windows or Linux designed to limit functionality - meaning not all O/S functions are available to the logged-in user. These devices are physically divided into two different components:

  • Card Reader: A system that reads the card as it is swiped.
  • Transaction Unit: A system that sends the card information to an authorization source.

The POS system is the primary hub between the store and the internal branch servers and is usually part of a collection of networked POS endpoints located at checkout stands. The information read at the POS via the above components will be sent to an authorization source (e.g., Amex) through the transaction unit that in some cases is integrated together with a magnetic card reader, such as a Verifone device.

In addition, the payment information that is read at the POS when making a purchase may be sent over the network to a branch server to collect information for auditing purposes.

Normally the information sent between the retailer and the authorization source will use strong encryption to protect the information. However, network security between the POS and the internal branch servers may or may not be encrypted depending on the configuration.

About Ryan Sherstobitoff
Ryan Sherstobitoff is an Independent Security Researcher. He formerly was the Chief Corporate Evangelist at Panda Security, where he managed the US strategic response for new and emerging threats. Ryan is widely recognized as a security & cloud computing expert throughout the country. He blogs at http://ryansherstobitoff.ulitzer.com.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that delive...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build ...
Inzata is a powerful, revolutionary data analytics platform for integrating, exploring, and analyzing data of any kind, from any source, at massive scale. Powerful AI-assisted Modeling and a patented analytics engine help users quickly load, blend and model raw and unstructured d...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our ...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Fri...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
Most Read This Week
ADS BY GOOGLE