Presented at
Black Hat USA 2014,
Aug. 7, 2014, 3:30 p.m.
(60 minutes).
Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer's and software-vendor's perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done in order to minimize this threat. During this presentation, I will explain the long journey to understand how to mitigate it, while walking through the concepts (not exposing vendor names) that don't work and those that can work.
Presenters:
-
Nir Valtman
- NCR
Nir is employed at NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as Co-Founder and CTO of his start-up company, Crowdome. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant, and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personal internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and has written a publication about QRbot, an iPhone QR botnet POC he developed. Nir has a BSc in computer science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
Links:
Similar Presentations: