User comments on ISPs
  >> TalkTalk Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | [3] | (show all)   Print Thread
Standard User deleted
(deleted) Sun 11-Dec-16 22:58:24
Print Post

Re: TalkTalk's great approach to security... not!


[re: deleted] [link to this post]
 
I think the CCTV will be okay. I checked today with the installer and apparently in order to see the internet stream the software on the device has to scan a QR code on the screen first.

I know he scanned my Ipad and phone for when I am away - so therefore hope I am the only one with access (and the remote monitoring company)
Standard User ukhardy07
(knowledge is power) Mon 12-Dec-16 00:08:18
Print Post

Re: TalkTalk's great approach to security... not!


[re: deleted] [link to this post]
 
The best card machines are the ones which do encryption in the pinpad, because in this instance all cardholder data is encrypted in the device when the card is inserted and PIN entered. Here no cleartext cardholder data propagates through the network and it does not even enter the POS memory (where memory scrapers have been known to exfiltrate that data).

Look at solutions namely P2PE... That said it is very common to see organisations where cleartext cardholder data is transmitted from the pinpad into the POS (windows XP or Windows 7 typically), out into the network, to a backend store server, over an MPLS link to a server of some-kind (sometimes windows server 2003 despite this being a critical vulnerability), and then onto the payment acquirer. Where windows server 2003 or XP is used, as part of PCI-DSS that is flagged as a major vulnerability and the company has to take a decision whether they accept the risk or not. We will always flag it and the risk is made very clear.

Reasons for accepting the risk could be the vendor who installed the POS worldwide in year 2002 is no longer in business, so new POS systems, new pinpads, new backend store servers etc all need to be sourced etc which could be multi-million pounds. Here we commonly see companies trying to upgrade to Windows 7 on POS, and they will try to run the old vendor software, but when it fails and the vendor no longer exists, there is little option but to go back to XP until they can get budget to effectively scrap the whole solution.

Luckily we are seeing so many large firms moving to end to end encryption.

A lot of this stuff seems elementary, but doing the basics such as changing default passwords for webcams, switches, routers etc and any server software running (ie Apache Tomcat etc) helps enormously, as does keeping the latest OS patches installed.

Edited by ukhardy07 (Mon 12-Dec-16 00:09:00)

Standard User deleted
(deleted) Mon 12-Dec-16 12:45:03
Print Post

Re: TalkTalk's great approach to security... not!


[re: ukhardy07] [link to this post]
 
Thanks I will do that. I know the machine does the encryption but that's about it. I would need to ask the Manufacturer, however it's the same machines you get in your local ASAD/Tesco - I forget the name of it right now but it starts with "O"

I do need to ring TTB anyway because for some reason one of my worksafe options are working. So I will ask them about all of this when I do.


Register (or login) on our website and you will not see this ad.

Pages in this thread: 1 | 2 | [3] | (show all)   Print Thread

Jump to