![DEF CON 22 [Materials] Speeches from the Hacker Convention. artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts113/v4/82/04/33/820433a7-10a6-87a7-aea8-9e5e71907412/mza_1749050550477263526.jpg/100x100bb.jpg)
Nir Valtman - A Journey to Protect Points-of-sale
DEF CON 22 [Materials] Speeches from the Hacker Convention.
English - December 13, 2014 23:36 - 32.7 MBTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 22 def con 22 dc-22 dc22 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-A-Journey-To-Protect-POS-UPDATED.pdf
A Journey to Protect Points-of-sale
Nir Valtman ENTERPRISE SECURITY ARCHITECT, NCR RETAIL
Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done in order to minimize this threat. During this presentation, I will explain the long journey took me to understand how to mitigate it, while walking through the concepts (not exposing vendor names) that don’t work and those that can work.
Nir is employed in NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as co-founder and CTO in his start-up company, Crowdome. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D in the company. As part of his previous positions in the last decade, he was working as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personal\internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and written a publication about QRbot, an iPhone QR botnet POC he developed. Nir have a BSc in computer science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.