So on the August 21st episode of Curb Your Enthusiasm, Larry David gets in a protracted discussion about bowing with a restaurant owner. Standard fare for the show; take an insignificant social interaction and mine it for tremendous hilarity:

But what’s that? Between LD and the restaurant owner. It looks familiar. Let us zoom, and enhance:

It looks like restaurant software on a random POS computer. Still not big enough. Let us zoom and enhance once more!

I’ve got it! Aldelo Pro software is being used at that restaurant, on what appears to be a Posiflex pos computer. That’s some pretty solid placement, though I doubt many people would pick up on what it is unless they’re firmly ensconced in the POS industry. But hey, there it is.

I learned the other day that Datamax-O’Neil is part of the Dover corporation. Dover, for the unitiated, build elevators. You may recognize their logo with “Ben” scrawled next to it. Or at least I did when I took the physics department elevator in college. That’s not really the point of the story, I just really wanted to share the Ben Dover thing. Anyway, in my previous post I mentioned that they make remarkably durable printers, and the RL4 mobile printer is their newest.

The RL4 is designed for mobile label printing in industrial environments. It has a max print width of about 4″, so this fits in with shipping applications and industrial product labeling. It also sports a 4″ per second print speed, which seems pretty snappy for a mobile printer. Print jobs can be sent over RS-232 serial or USB connections, or wirelessly through the Bluetooths or 802.11a/b/g, and the RL4 supports ZPL, CPCL, DPL, IPL, and EZ Print languages, so it should be compatible with with most software out there.

Easy operation is important in a fast-paced printing environment, and the RL4 was designed with ease of use in mind. An LCD screen and four control buttons adorn the top of the printer, giving you status updates at a glance. It’s also way easier to decipher than three blinking lights. Paper rolls can be replaced with one hand, which has be nice if you’re hanging onto a mobile computer or driving a forklift.

Datamax-O’Neil is known for their heavy duty printers, and the duty is massive with the RL4. Hinges and peeler gears are made of metal, instead of cheap plastic, so repeated opening won’t bust it up, nor dropping it on concrete. They’ve also created a substructure within the RL4 to house the circuitry, so it can hold up to a lot of drops of 6-feet to concrete. It also operates in temperatures as low as 14 degrees F, so you can label frozen things if you’d like. And I just learned from wikipedia that most permanent and peelable adhesives have a service temperature limit of 14 degrees F. How convenient. The RL4 doesn’t have an IP rating, but you can buy a bag that will give the printer an IP54 seal.

Some of the applications Datamax-O’Neil covered in their webinars & brochures is on-demand or high value labeling. For batch labeling of large or bulky products, being able to be at the product itself before printing the label is a good way to eliminate potential mislabeling. And because it prints quickly, you wouldn’t see a huge time difference between printing a few hundred labels with the RL4 as opposed to batch printing the labels on an industrial printer. While industrial printers can be twice as fast, you’re eliminating a potential failure point by printing on-demand.

Datamax-O’Neil makes some burly, long lasting printers. Their industrial tabletop printers use metal gears instead of pully & belt systems, so you’re likely to buy one printer and be set until… forever. Their mobile printers are just as beefy, especially the microFlash line. These printers have a double-reinforced body to protect the internals from drops and hits, and maybe even getting dragged behind a car.

To drive home the point, they made a video of a wide series of abuse given to the microFlash 4t/4te, one of their industrial mobile printers. Behold!

Read Write Web has an interesting article up covering potential Square credit card reader vulnerabilities. To catch up, Square is a card reader designed by Jack Dorsey (inventor of Twitter), and allows people to take credit card payments with their iPhones. They also act as the credit card processor, cutting out traditional merchant account providers & transaction hardware manufacturers.

Anyway, at this year’s Black Hat security conference, a couple presenters figured out a couple ways to exploit the Square payment system, either by accepting cardless transactions or by skimming card data into a secondary app. One method involved converting track data as an audio signal, then piping it into the software through the headphone jack. The second and more useful method allows the Square card reader to send credit card data to another app, which is a little more disconcerting.

The card skimming exploit outlined in the article requires a jailbroken iPhone, custom software that reads the input data from the Square reader, and a Square reader. In this way, it’s remarkably easy to capture and store credit card data. The software could even be designed to look like the Square processing software, further adding to the illusion of a safe transaction.

The crux of the article was that hardware encryption would render this technique moot, and that’s a great point to make. Encrypting the data before it’s even sent to the iPhone/iPad makes it nigh impossible to turn the encrypted gibberish into legitimate credit card data. However, there are already a ton of unencrypted Square readers now in the wild, and on Ebay for a couple bucks, so the potential for fraud sticks around. I emailed Square to find out if, when the encrypted readers come out, they’ll exchange them with existing customers, but haven’t heard back.

While it is a little scary to think of iPhones as a new vector for committing fraud, the steps required to achieve it are a little steeper than exist for standard retail PCs with credit card readers attached. Most POS systems in retail & restaurant locations run some flavor of Windows and are connected to the internet to process transactions. But that also means they’re connected to the internet for idle people to surf the web, catch malware, and generally cause problems. Grabbing an encrypted card reader for your business or even switching to a separate payment terminal can definitely mitigate these issues.

So to sum up: Square credit card readers can potentially be used for evil. So can regular credit card readers. As a customer, don’t hand your card over unless you trust the business or person running the transaction. As a merchant, make sure you have methods in place to prevent your customers’ credit card data gets in the wrong hands.

%d bloggers like this: