Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-disclosure] Bank of the West security contact?

From: "Sholes, Joshua" <Joshua_Sholes () cable comcast com>
Date: Wed, 2 Apr 2014 20:30:25 +0000
And how fast would those ATM manufacturers switch to a Linux or other
offering if, say, Bank of America said "We won't buy an ATM with an easily
skimmable reader or with an insecure OS on it?"

Diebold, for example, has a market cap of less than $3B.  BoA is sitting
around $182B.  With that much leverage, the big banks have NO excuse to
just accept whatever crap the vendors shovel out the door.
-- 
Josh





On 4/2/14, 4:01 PM, "Stefan Weimar" <stefan () meinhop3 de> wrote:


Hi,

Am 02. April schrieb raccoon:


This goes for all banks and is probably one of the reasons most ATMs
still run windows and are skimmable time after time by the simplest
exploits. 


That's not quite right. The manufacturer of the ATM chooses the OS.

When you -- as a bank -- buy an ATM you get a preinstalled device with
an underlying OS (Windows mostly) and a software stack consisting of
drivers for the card reader, dispenser, keyboard an so on. On top of
that you install your own application so the ATM will work with the
software running in your datacenter.

Yours sincerely
Stefan
-- 
make -it ./work

GnuPG-Key: 742ADF27 <stefan () meinhop3 de>
Fingerprint: 037F 17FC CF4B C1E0 598D  97B1 C2CE 7963 742A DF27



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: