begin oe_protect.scr
Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
> __/ [ Mark Kent ] on Friday 17 November 2006 19:47 \__
>
>> begin oe_protect.scr
>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>> __/ [ Mark Kent ] on Friday 17 November 2006 04:45 \__
>>>
>>>> begin oe_protect.scr
>>>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>>>> Why not Embedded? ATM's Running XP Professional...
>>>>>
>>>>> ,----[ Quote ]
>>>>>| This time, I happened to be there when it suddenly BSOD'd and began a
>>>>>| reboot cycle. Obviously, to BSOD it needs to run Windows, and moments
>>>>>| later, that was confirmed. But that's not the story here -- believe it
>>>>>| or not, most ATMs run Windows nowadays, and there's absoloutely nothing
>>>>>| wrong with that.
>>>>>|
>>>>>| [...]
>>>>>|
>>>>>| There's a million reasons why an ATM should must be RTOS, be it Linux
>>>>>| or VxWorks or Windows CE, but even if you don't go with RTOS, Windows
>>>>>| XP Professional most certainly isn't the answer. Especially if it's not
>>>>>| even SP2.
>>>>> `----
>>>>>
>>>>> http://neosmart.net/blog/archives/287
>>>>>
>>>>
>>>> Do we know which banks and machines they are? It would be extremely
>>>> useful to know which ones to avoid. I'll change bank if I need to. I'm
>>>> not taking this kind of risk!
>>>
>>> I clearly recall an ATM in town (Link, IIRC) which just had a plain
>>> Windows 2000 desktop on it (you know, the briefcase, IE, and the blue
>>> background) for over a month. At one point, wired were sticking out of the
>>> ATM, which I assume is something that vandals were responsible for.
>>>
>>
>> Okay. We /really/ need a list of which banks are not securing their
>> ATMs properly. Do you recall which one? Link is a network - although
>> it could be compromised by any of the "link" banks using Windows on what
>> should be a secure network.
>
> Are you embraking on another crusade like the one that had you butting heads
> with a Dabs.com manager a couple of months ago? Will you level of authority
> permit you to take any action?
>
I was quite right about the dabs issue, as far as I can tell - there is
a significant risk should their front-end machine be compromised. This
is quite likely, as it is a windows machine.
On the banking issue, though, I'm really mainly interested in which
banks to avoid, and also in publicising the issue.
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
Be sure to evaluate the bird-hand/bush ratio.
|
|