Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] ATM's That Crash and Have "Critical" Vulnerabilities

begin  oe_protect.scr 
Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
> __/ [ Mark Kent ] on Friday 17 November 2006 19:47 \__
> 
>> begin  oe_protect.scr
>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>> __/ [ Mark Kent ] on Friday 17 November 2006 04:45 \__
>>> 
>>>> begin  oe_protect.scr
>>>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>>>> Why not Embedded? ATM's Running XP Professional...
>>>>> 
>>>>> ,----[ Quote ]
>>>>>| This time, I happened to be there when it suddenly BSOD'd and began a
>>>>>| reboot cycle. Obviously, to BSOD it needs to run Windows, and moments
>>>>>| later, that was confirmed. But that's not the story here -- believe it
>>>>>| or not, most ATMs run Windows nowadays, and there's absoloutely nothing
>>>>>| wrong with that.
>>>>>|
>>>>>| [...]
>>>>>|
>>>>>| There's a million reasons why an ATM should must be RTOS, be it Linux
>>>>>| or VxWorks or Windows CE, but even if you don't go with RTOS, Windows
>>>>>| XP Professional most certainly isn't the answer. Especially if it's not
>>>>>| even SP2.
>>>>> `----
>>>>> 
>>>>> http://neosmart.net/blog/archives/287
>>>>> 
>>>> 
>>>> Do we know which banks and machines they are?  It would be extremely
>>>> useful to know which ones to avoid.  I'll change bank if I need to.  I'm
>>>> not taking this kind of risk!
>>> 
>>> I clearly recall an ATM in town (Link, IIRC) which just had a plain
>>> Windows 2000 desktop on it (you know, the briefcase, IE, and the blue
>>> background) for over a month. At one point, wired were sticking out of the
>>> ATM, which I assume is something that vandals were responsible for.
>>> 
>> 
>> Okay.  We /really/ need a list of which banks are not securing their
>> ATMs properly.  Do you recall which one?  Link is a network - although
>> it could be compromised by any of the "link" banks using Windows on what
>> should be a secure network.
> 
> Are you embraking on another crusade like the one that had you butting heads
> with a Dabs.com manager a couple of months ago? Will you level of authority
> permit you to take any action?
> 

I was quite right about the dabs issue, as far as I can tell - there is
a significant risk should their front-end machine be compromised.  This
is quite likely, as it is a windows machine.

On the banking issue, though, I'm really mainly interested in which
banks to avoid, and also in publicising the issue.

-- 
| Mark Kent   --   mark at ellandroad dot demon dot co dot uk  |
Be sure to evaluate the bird-hand/bush ratio.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index