nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Big Red alert: Oracle's MICROS payment terminal biz hacked

Old-fashioned physical crime just doesn't compare anymore to these digital shenanigans. Why skim a card at an ATM when you can just compromise a payment system at its global root and effectively skim a million cards? It's staggering.

8
0
Silver badge

Burning Chrome.

0
0
Facepalm

Yup, and these assholes can't be that much of an Oracle if they couldn't even see this coming.

1
0
Silver badge
Facepalm

MICROS payment terminals hacked

Are you sure it wasn't MICROS~1 computers that were infected. "Oracle Security has detected and addressed malicious code" Oh jezus god, is this the state of 'computer' security in late 2016. Wait until they start to put this kind of software in our Flying Spinners.

1
1
Silver badge

Re: MICROS payment terminals hacked

Oh jezus god, is this the state of 'computer' security in late 2016?

I'm afraid so, and these kind of events will never ever quite go away. Not whilst there is no reliable way for a computer to establish the identity of a human user. We have user names and passwords, biometrics, swipe cards, etc, but all of these have flaws that can and will be exploited.

It's not helped either by too many systems being connected to the public Internet when there is no true need for it. A till in a shop does not absolutely need to be connected to the Internet, and neither does the company network behind it. Connecting it to the Internet seems cheaper than having a private WAN right up until your entire business is hacked to smithereens.

4
0
Silver badge

Re: MICROS payment terminals hacked @bazza

Unfortunately, many small-business merchant services do use the Internet as a communication path (small shops don't want the cost of a separate communication infrastructure, and dial-up is becoming history), either via *DSL lines or mobile, and this means that the central servers for the merchant systems must also be connected to the Internet.

One hopes that they establish secure VPNs for the actual transmission of the transaction details, and that the central servers are properly secured, but I'm afraid with the advent of payment services run via mobile phones, like PayPal and others are doing, it could be the security of the mobile phone and attached card devices that will become the attack target,

0
0
Silver badge
Trollface

Are you sure?

Because I'm under the strong impression that Oracle has no clue what so ever as to what micro payment actually is, especially when thinking back at how previous Sun licenses all tripled in price after the take-over.

1
1

Oracle

Think they need a few working/advising them.

1
0
Anonymous Coward

Interestingly in October 2010 many Micros customers received an e-mail that tried to get them to open a Word document relating to Micros products.

Just a normal phishing attack, however it seemed to be very targeted. Every person in our organisation that had dealings with Micros received the e-mail, those that hadn't didn't.

Got the usual - no breach, just a simple random phishing attack, which I didn't believe and contacted our account manager. I asked how it was so targeted towards users of their system, how it was global etc. They said there was no breach and that only a small number (yawn) of their customers had received it.

I was convinced it was something to do with the support portal but they said it wasn't.

I bet this is related and this breach has been ongoing since at least before that time.

4
0

True Social Justice

The robbers have been robbed!

1
0
Joke

POS Terminals

That term always made me smile, even after I learned that it actuallly meant "point of sale" :D

2
0
Anonymous Coward

Unbreakable Oracle

Yet again, more evidence their marketing slogan is bullshit. ;)

1
0
Silver badge

I think it refers to the Iron Clad contracts their customers have to sign

1
0

This might explain it

I have had the occasional attempt to log in to my VPN using various micros related usernames - microsuser, micros, microsadmin to name but a few. They have usually come from China, Hungary and (apparently) Virginia, USA.

1
0
Bronze badge

Another Oracle failure

Oracle has been in charge of this company long enough to be held responsible for this.

It's just another in a line of failures for Oracle. A company who states they prize security, yet continue to have problems which shouldn't happen.

When failures happen with this frequency and magnitude you cannot blame coding or personnel; you must point the finger directly to management and policy.

We stopped using Oracle products nearly two years ago. It makes me shake my head whenever I see an organization using Oracle applications of any kind.

When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.

1
0

Re: Another Oracle failure

When I notice an organization using any Oracle product, it makes me wonder just how competent the CIO and information security management team is.

Information security managment team may not have any say as to which products are used. You also refer to the C-suite's role and competence in product selection, and I couldn't possibly comment on that.

0
0
Anonymous Coward

Micros Hacked

Every Micros terminal I have seen is not capable of reading the new encrypted transaction chipped credit cards. No wonder they got hacked.

0
0
Anonymous Coward

Re: Micros Hacked

Do you kust mean Chip and Pin? If so other countries have used this for tens of years and have Micros Terminals which all read them. The thing is with C&P the POS doesn't read it directly you use a C&P reader from Ingenico, Verifone etc and the Till communicates with that via your PSP.

You would never want a POS to have a C&P built in as it would be a secuirty nightmare and very unlikely to get PCI certification, so would be useless.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing