Old-fashioned physical crime just doesn't compare anymore to these digital shenanigans. Why skim a card at an ATM when you can just compromise a payment system at its global root and effectively skim a million cards? It's staggering.
Big Red alert: Oracle's MICROS payment terminal biz hacked
Hackers infected hundreds of computers within Oracle, infiltrated the support portal for its MICROS payment terminals division, and potentially accessed sales registers all over the world. The miscreants installed malware on the troubleshooting portal to capture customers' usernames and passwords as they logged in. These …
COMMENTS
-
Tuesday 9th August 2016 02:01 GMT Anonymous Coward
MICROS payment terminals hacked
Are you sure it wasn't MICROS~1 computers that were infected. "Oracle Security has detected and addressed malicious code" Oh jezus god, is this the state of 'computer' security in late 2016. Wait until they start to put this kind of software in our Flying Spinners.
-
Tuesday 9th August 2016 05:36 GMT bazza
Re: MICROS payment terminals hacked
Oh jezus god, is this the state of 'computer' security in late 2016?
I'm afraid so, and these kind of events will never ever quite go away. Not whilst there is no reliable way for a computer to establish the identity of a human user. We have user names and passwords, biometrics, swipe cards, etc, but all of these have flaws that can and will be exploited.
It's not helped either by too many systems being connected to the public Internet when there is no true need for it. A till in a shop does not absolutely need to be connected to the Internet, and neither does the company network behind it. Connecting it to the Internet seems cheaper than having a private WAN right up until your entire business is hacked to smithereens.
-
Tuesday 9th August 2016 11:49 GMT Peter Gathercole
Re: MICROS payment terminals hacked @bazza
Unfortunately, many small-business merchant services do use the Internet as a communication path (small shops don't want the cost of a separate communication infrastructure, and dial-up is becoming history), either via *DSL lines or mobile, and this means that the central servers for the merchant systems must also be connected to the Internet.
One hopes that they establish secure VPNs for the actual transmission of the transaction details, and that the central servers are properly secured, but I'm afraid with the advent of payment services run via mobile phones, like PayPal and others are doing, it could be the security of the mobile phone and attached card devices that will become the attack target,
-
-
-
-
Tuesday 9th August 2016 08:09 GMT Anonymous Coward
Interestingly in October 2010 many Micros customers received an e-mail that tried to get them to open a Word document relating to Micros products.
Just a normal phishing attack, however it seemed to be very targeted. Every person in our organisation that had dealings with Micros received the e-mail, those that hadn't didn't.
Got the usual - no breach, just a simple random phishing attack, which I didn't believe and contacted our account manager. I asked how it was so targeted towards users of their system, how it was global etc. They said there was no breach and that only a small number (yawn) of their customers had received it.
I was convinced it was something to do with the support portal but they said it wasn't.
I bet this is related and this breach has been ongoing since at least before that time.
-
-
Tuesday 9th August 2016 12:37 GMT Aodhhan
Another Oracle failure
Oracle has been in charge of this company long enough to be held responsible for this.
It's just another in a line of failures for Oracle. A company who states they prize security, yet continue to have problems which shouldn't happen.
When failures happen with this frequency and magnitude you cannot blame coding or personnel; you must point the finger directly to management and policy.
We stopped using Oracle products nearly two years ago. It makes me shake my head whenever I see an organization using Oracle applications of any kind.
When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.
-
Tuesday 9th August 2016 17:01 GMT Down not across
Re: Another Oracle failure
When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.
Information security managment team may not have any say as to which products are used. You also refer to the C-suite's role and competence in product selection, and I couldn't possibly comment on that.
-
-
-
Wednesday 10th August 2016 08:03 GMT Anonymous Coward
Re: Micros Hacked
Do you kust mean Chip and Pin? If so other countries have used this for tens of years and have Micros Terminals which all read them. The thing is with C&P the POS doesn't read it directly you use a C&P reader from Ingenico, Verifone etc and the Till communicates with that via your PSP.
You would never want a POS to have a C&P built in as it would be a secuirty nightmare and very unlikely to get PCI certification, so would be useless.
-