funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: "Kitsune" <kitsune () sbcglobal net>
Date: Mon, 17 Mar 2008 21:29:20 -0700
----- Original Message ----- From: "Chris Buechler" <funsec () chrisbuechler com> To: <funsec () linuxbox org> Sent: Monday, March 17, 2008 5:32 PM Subject: Re: [funsec] Windows-based cash machines 'easily hacked' (snip)
Note the only port they actually require is TCP 2000. Why is the Windows ATM listening for RPC, NetBIOS, and more?! That aggravates me to no end every time I see it (I've scanned a ton of these things, they're all the same). Plus it's an unpatched machine that never updates itself. The *least* NCR could have done is firewall off everything but the one port required for the ATM to work. Then barring any issues in their software, it would be immune to Windows issues. These things have gaping holes from a long list of missing critical patches, if you have network access to a Windows ATM it's child's play to execute anything you want on one.
IIRC, these are XPE runtime machines, so 'windowsupdate' just doesn't do squat, you need to compile a new image and deploy it. This is the root of the problem of why they are not 'patched'. Does that open port lead to a known exploited function that was not compled in? That I couldn't tell you. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Windows-based cash machines 'easily hacked', (continued)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Rich Kulawiec (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)