Am I crazy in thinking that the shop I was in that has CentOS 3 running their self checkouts should have a more up to date and currently supported OS? These are brand new self checkouts (the shop has had them for about a year now, but you get my point.)
It’s a genuine question. Am I wrong in thinking that using this OS on a self checkout is a terrible idea? (FWIW this shop is an international retailer)
I have no stake in the shop or anything. I just happened to be there when they had to reboot a self checkout and I noticed the OS version as I was going by.
What is the risk if it's all on a closed internal network? You can safely run Windows 98 as long as you're very careful about what goes in and out at your gateway.
Commerical networks tend to be a bit more robust than Joe Schmoe's basement router. It's a giant pain to keep up with each and every update on everything a store uses (not just self checkouts, things like CCTV systems, HVAC monitoring, electronic signage like smart screens, etc.) so usually it's all controlled at the network level.
I install CCTV, I guarantee you more than three quarters of the DVRs and PoE cameras I install never get updated and are "set and forget". I've pulled out 10-15 year old cameras still with original firmware in giant national chain stores when they do refreshes of their infrastructure.
Its a POS. By definition its internet connected.
I'm sure it's not directly connected with an externally accessible IP. It's either communicating with a backoffice server, or on a secure VPN tunnel to the rest of the corporate network.
The point is that it shouldn't be accessible, but a vulnerability would make it accessible. Its connected to the internet. Its a risk.