It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
FBI Raids Chinese Point of Sale Giant Pax Technology
page: 2share:
a reply to: AugustusMasonicus
I do a lot of work with NCR, i'm sure most of the card readers those machines use here in the UK are Ingenico, now you've raised this issue i'll be paying more attention that's for sure.
Do Pax manufacture and re-brand EPOS hardware or just the EFT readers?
I do a lot of work with NCR, i'm sure most of the card readers those machines use here in the UK are Ingenico, now you've raised this issue i'll be paying more attention that's for sure.
Do Pax manufacture and re-brand EPOS hardware or just the EFT readers?
a reply to: AugustusMasonicus
That's crazy...8 years!
With the level of cyber tracking they already use in china I imagine they would know quite a lot about everybody anywhere that used their terminals. Wonder if it was state sponsored and if they will skip back to china before being arrested?
I just literally got home from loading out money 2020 show. Did you see the game show stage out in the expo hall? That's the one I helped build.
That's crazy...8 years!
With the level of cyber tracking they already use in china I imagine they would know quite a lot about everybody anywhere that used their terminals. Wonder if it was state sponsored and if they will skip back to china before being arrested?
I just literally got home from loading out money 2020 show. Did you see the game show stage out in the expo hall? That's the one I helped build.
a reply to: AugustusMasonicus
POS systems combined with Wi-Fi or similar, whether through the Internet or an Intranet are NOT secure to begin with.
It doesn't matter WHICH system it is....RUBY, PAX, etc...
As you know, Wireless Security is an oxymoron, and, most, if not, all of these systems use wireless somewhere.
They'd be stupid not to utilize these systems as part of a botnet.
POS systems combined with Wi-Fi or similar, whether through the Internet or an Intranet are NOT secure to begin with.
It doesn't matter WHICH system it is....RUBY, PAX, etc...
As you know, Wireless Security is an oxymoron, and, most, if not, all of these systems use wireless somewhere.
They'd be stupid not to utilize these systems as part of a botnet.
originally posted by: ElGoobero
So Chin has had eight years to get our info
and now its safe for Bai-Den to close the door and be a security hero?
Not really seeing the political angle, this is more of an economic issue in my opinion since most of the United States likes cheap Chinese garbage.
originally posted by: Hypntick
These types of supply chain style attacks are one of the reasons that some of us in the know have been discussing supply chain security for years now. Not only when it comes to hardware and validating that what you're buying actually is what you're buying, but also the software side of things that the code is secure and has not been tampered with. It's just now gaining traction when it comes to those types of assessments and audits, when myself and other colleagues have been talking about it for a decade now.
I agree, however the standards are loose at best right now and there is no compulsion to be proactive.
originally posted by: RickyD
With the level of cyber tracking they already use in china I imagine they would know quite a lot about everybody anywhere that used their terminals. Wonder if it was state sponsored and if they will skip back to china before being arrested?
They are claiming it was a third party attack privately and only addressed the stock drop publicly. Needless to say that if Fiserv got pissy about it it's probably something very serious.
I just literally got home from loading out money 2020 show. Did you see the game show stage out in the expo hall? That's the one I helped build.
I did. Did you work the Journey performance too?
originally posted by: MykeNukem
POS systems combined with Wi-Fi or similar, whether through the Internet or an Intranet are NOT secure to begin with.
The issue is the extra data in kernel transmission, it provided information that you would normally have to try and piece together with corresponding data in other transmissions which made it easier to identify the owner.
Just an FYI, outside of the local TV station which filmed the raid by drone there is almost no word of this in the news.
Reminder: Ask which brand of payment device a merchant is using and do not use a Pax terminal.
Reminder: Ask which brand of payment device a merchant is using and do not use a Pax terminal.
a reply to: AugustusMasonicus
Insurance providers are starting to wise up to it, most of the engagements I've been on involving supply chain assessments or audits have been driven by their cyber insurance providers. So even if there is no legal or regulatory standard stating they must perform these things, the folks who hold the money are making sure that their clients have at least some bare minimum protections and validation in place. It's not how I would have started enforcing it personally, however when a lot of the lack of controls is tied to "budget" or "headcount costs", this is a good way to give them a financial kick in the pants to start at least acting like they're doing something.
Insurance providers are starting to wise up to it, most of the engagements I've been on involving supply chain assessments or audits have been driven by their cyber insurance providers. So even if there is no legal or regulatory standard stating they must perform these things, the folks who hold the money are making sure that their clients have at least some bare minimum protections and validation in place. It's not how I would have started enforcing it personally, however when a lot of the lack of controls is tied to "budget" or "headcount costs", this is a good way to give them a financial kick in the pants to start at least acting like they're doing something.
a reply to: AugustusMasonicus
Nah I worked on the general session stage on day 1 then helped build the serendipity stage for 3 days. I wasn't the board operator for this gig though so I wasn't there for the show run. I was happy to get out of downtown though...EDC was a pain to deal with when coming and going.
Nah I worked on the general session stage on day 1 then helped build the serendipity stage for 3 days. I wasn't the board operator for this gig though so I wasn't there for the show run. I was happy to get out of downtown though...EDC was a pain to deal with when coming and going.
originally posted by: AugustusMasonicus
originally posted by: MykeNukem
POS systems combined with Wi-Fi or similar, whether through the Internet or an Intranet are NOT secure to begin with.
The issue is the extra data in kernel transmission, it provided information that you would normally have to try and piece together with corresponding data in other transmissions which made it easier to identify the owner.
Yea this one is interesting for sure. I was just speaking of POS in general.
I'd like to see the PCAPs and what tipped them off.
Makes it spiffy when all the data is nicely packaged.
ETA: I used to take care of a POS system called RUBY for Shell Canada that we would push firmware updates after closing with zero interaction from the owner (this was early 2K. I wonder if these have the same capability? if so, the hardware has to go for sure. Wish there was more info.
edit on
10/28/2021 by MykeNukem because: eta
originally posted by: RickyD
Nah I worked on the general session stage on day 1 then helped build the serendipity stage for 3 days. I wasn't the board operator for this gig though so I wasn't there for the show run. I was happy to get out of downtown though...EDC was a pain to deal with when coming and going.
Well, the show looked much better set up than it was attended. Kind of a dud compared to the Amsterdam show and the pre-Vid shows.
originally posted by: MykeNukem
I'd like to see the PCAPs and what tipped them off.
Same. I'm sure at some point whatever the FBI gets from Fiserv will come out especially with Pax claiming a hack and in light of retailers dropping them. If it was a hack I'd think they'd want to clear this up right away.
ETA: I used to take care of a POS system called RUBY for Shell Canada that we would push firmware updates after closing with zero interaction from the owner (this was early 2K. I wonder if these have the same capability? if so, the hardware has to go for sure. Wish there was more info.
Good question. I think at this point we need more info to determine where the scrypt originated and how widespread it was but I keep going back to the one person who claims they reported this 8 years ago.
new topics
-
Happy St George's day you bigots!
Breaking Alternative News: 1 hours ago -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 2 hours ago -
Hate makes for strange bedfellows
US Political Madness: 4 hours ago -
Who guards the guards
US Political Madness: 7 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 9 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 4 hours ago, 14 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 14 hours ago, 11 flags -
Who guards the guards
US Political Madness: 7 hours ago, 10 flags -
1980s Arcade
General Chit Chat: 16 hours ago, 7 flags -
Deadpool and Wolverine
Movies: 16 hours ago, 4 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 2 hours ago, 3 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 9 hours ago, 2 flags -
Happy St George's day you bigots!
Breaking Alternative News: 1 hours ago, 2 flags
active topics
-
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 240 • : TzarChasm -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 615 • : daskakik -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 718 • : Threadbarer -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs • 16 • : pianopraze -
1980s Arcade
General Chit Chat • 21 • : chris_stibrany -
Hate makes for strange bedfellows
US Political Madness • 30 • : nugget1 -
Who guards the guards
US Political Madness • 3 • : theatreboy -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat • 5 • : TzarChasm -
A Better Choice I Think
2024 Elections • 31 • : burritocat -
Russia Ukraine Update Thread - part 3
World War Three • 5716 • : Oldcarpy2