Presented at
Black Hat Europe 2014,
Oct. 17, 2014, 11:45 a.m.
(60 minutes).
Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both a retailer's and a software-vendor's perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done in order to minimize this threat. During this presentation, I will explain the long journey it took me to understand how to mitigate it, while walking through the concepts (not exposing vendor names) that don't work and those that can work.
Presenters:
-
Nir Valtman
- NCR
Nir is employed at NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as Co-Founder and CTO of his start-up company, Crowdome. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant, and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personal internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and has written a publication about QRbot, an iPhone QR botnet POC he developed. Nir has a BSc in computer science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
Links:
Similar Presentations: