Re: Windows-based cash machines 'easily hacked'

["Kitsune" <kitsune () sbcglobal net>]

----- Original Message ----- 
From: "Chris Buechler" <funsec () chrisbuechler com>
To: <funsec () linuxbox org>
Sent: Monday, March 17, 2008 5:32 PM
Subject: Re: [funsec] Windows-based cash machines 'easily hacked'

(snip)
> Note the only port they actually require is TCP 2000. Why is the Windows
> ATM listening for RPC, NetBIOS, and more?!  That aggravates me to no end
> every time I see it (I've scanned a ton of these things, they're all the
> same). Plus it's an unpatched machine that never updates itself. The
> *least* NCR could have done is firewall off everything but the one port
> required for the ATM to work. Then barring any issues in their software,
> it would be immune to Windows issues. These things have gaping holes
> from a long list of missing critical patches, if you have network access
> to a Windows ATM it's child's play to execute anything you want on one.

IIRC, these are XPE runtime machines, so 'windowsupdate' just doesn't do 
squat, you need to compile a new image and deploy it.

This is the root of the problem of why they are not 'patched'.

Does that open port lead to a known exploited function that was not compled 
in? That I couldn't tell you.




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.