Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Retailers Do you check your tills ?

Comments

  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    I can tell you from working with various clients that no, they don't. What's worse is, they are Windows based tills, no AV, no firewall, have full internet and network access. I've seen back office PC's that the tills report to being used as standard workstations. These PC's have had malware, virus all sorts of crap installed etc..

    What would really scare you is, these tills are linked to credit and debit card processing systems.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    BoB_BoT wrote: »
    I can tell you from working with various clients that no, they don't. What's worse is, they are Windows based tills, no AV, no firewall, have full internet and network access. I've seen back office PC's that the tills report to being used as standard workstations. These PC's have had malware, virus all sorts of crap installed etc..

    What would really scare you is, these tills are linked to credit and debit card processing systems.

    Bang on , used to work retail trade over 16 yers ago in IT sector , like you i was amazed , the store im on about was national and same setup same issues . Made me laugh alot. they are now out of business .


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Compustore.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    By now, i'd imagine it's at least on the radar of the larger international retailers due to the number of high profile breaches recently. The smaller ones just wouldn't have the resources or awareness to implement proper controls though. I'd imagine the pub trade in particular is likely wide open to abuse as the vast majority would be individual owners rather than chains.

    One thing I've noticed is that some pubs leave the touch screen terminals accessible from the front of the bar rather than behind it to make it easier for the waiters. I've been known to poke around with these (after a few ;)) some are wide open, others I've managed to log into simply by guessing employee id's and passwords.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Observation is not a hard thing to do while in a pub ;-)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    I've seen a couple of new systems in the hospitalities sector, basically all android tablets connecting over wifi, tied into cloud. They'll work fine if the internet is down, but can't sync to each other I'm guessing it's possibly a security issue or just lazy programming.

    It seems to be cheaper than running structured cabling and having a backend on site for the pos/tills to connect to. You'd hope the POS is connecting securely to the cloud service, but you never know until you test it.

    They do seem to be somewhat tied down, can't install apps etc.. However, they do have browser/internet access. I didn't have the opportunity to poke around much, but would like to get my hands on one to see how exactly it works / communicates to the cloud service. :P


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    I do know that all cetras and supervalues use an old dos based app that dials out to tramore road for EOD sales figures and orders and so on , the tills ccan go weeks without a sync and in those situations they often do. Dos based batch programs sending data to dialup connections in some cases.

    The Cheaper than cabling option seems off the wall , nothing should take precedence over the security , cabling is cheap as chips and easy to terminate. It will be using some form of ssl certified account connection if Azure based then from there possibly API calls ot a backend stack. AWS would be the same , VMware VCD or VC nested again also the same. Possibly some vpn tunnels dialled up , retailers can pretty much model this stuff any which way they want with the various cloud offereings out there.

    See Freak attacks will be very easy to do with open access browsers on open Wifi lan.


  • Registered Users, Registered Users 2 Posts: 36,548 ✭✭✭✭Hotblack Desiato


    Nothing new to see here, Windows tills have been easy pickings for years.

    I don't get your point about retailers using wifi, now if they're using no encryption or WEP (same thing really) then they are asking for it, but wired networks in public places are easy to plug dodgy things into, and most will get an IP address no questions asked...

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    No problem with secure wireless networks, my problem is I've seen some businesses share their wireless passwords with guests....


  • Registered Users, Registered Users 2 Posts: 36,548 ✭✭✭✭Hotblack Desiato


    FFS even the cheapest home routers have 'trusted' and 'guest' networks. Cue 'why I don't even' hair-tearing-out graphic.

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Advertisement
  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Nothing new to see here, Windows tills have been easy pickings for years.

    I don't get your point about retailers using wifi, now if they're using no encryption or WEP (same thing really) then they are asking for it, but wired networks in public places are easy to plug dodgy things into, and most will get an IP address no questions asked...


    Most war drivers can kick over wpa 2 and various others , wifi in my eyes is a no no in any business retail or other wise airmong aircap , airburst can all be used in unison to pown any wifi network provided you have decent dictionaries and grunt for brute force.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Thought i might drop this as any retailer in Ireland would need to be well aware of these risks
    http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf

    Target lets not forget,.....was well , an easy Target.


Advertisement