funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: "Kitsune" <kitsune () sbcglobal net>
Date: Tue, 18 Mar 2008 11:07:41 -0700
let me be clear. If I had a desktop in that XPe ATM (unlikly), and that desktop had IE/FF/etc (highly unlikly), I could get to www.google.com on some networks. Certinally the outbound is going through a router and firewall and some web proxy, and there is no direct inbound path to that machine. Lest you say that it is "only" a web proxy, I have seen some (misconfigured devices) inside a LAN hit my internet facing NTP server. You can't tell me that their networks are isolated islands of security when NTP can leak out. Certinally not every network allows this. But it does happen, That number is more than zero, and I am not caging my response to hide that I am only talking about one. The vector is LAN(infected desktop) to LAN/WAN pounding at any ip it can find, be it another desktop, or an ATM. ----- Original Message ----- From: "der Mouse" <mouse () rodents montreal qc ca> To: <funsec () linuxbox org> Sent: Tuesday, March 18, 2008 10:27 AM Subject: Re: [funsec] Windows-based cash machines 'easily hacked'
"can they" the ATM, reach the internet. no, I really doubt they could, as I've said before, they are XPe. One would hope they didnt compile in IE into the runtime..Surely you're not under the delusion that "the Internet" equals the Web? Or that the only way to speak over the Internet is with IE? /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse () rodents montreal qc ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Windows-based cash machines 'easily hacked', (continued)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Rich Kulawiec (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)