funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Tue, 18 Mar 2008 19:22:20 -0500
On Tue, Mar 18, 2008 at 3:16 PM, Rich Kulawiec <rsk () gsp org> wrote:
On Tue, Mar 18, 2008 at 11:40:36AM -0400, der Mouse wrote:There's just no excuse - IMO - for using the most insecure (in practice) operating system on the planet for an ATM...especially in the presence of all the alternatives. (Not all the alternatives are really _good_, but practically anything else is better than Windows.)I strongly concur. And I'll go one step further: use of ANY general-purpose operating system on an ATM is a bad move. It only needs to perform a small subset of the computing operations available in a general-purpose OS, therefore it shouldn't be running one. What it *should* be running is something tailored explicitly for the task at hand, which deliberately omits every bit of functionality that's unessential. (Every excess function represents increased potential for exploitation as well as increased software maintenance and testing effort.) Now whether that OS/monitor is built from the ground up or whether it's built by stripping an existing OS is an interesting question. I think for this particular application, "ground-up" is a better approach, since cost is obviously not an issue and because it diminishes the risk of propagating known flaws in the general-purpose OS downward. Moreover, ground-up allows for the full SDLC -- where I'd hope that security requirements would be allowed to trump all others. (Which is often not the case in general-purpose OS design.)
Great ideas and I couldnt agree more. You're about 5 years too late. :)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Windows-based cash machines 'easily hacked', (continued)
- Re: Windows-based cash machines 'easily hacked' Chris Buechler (Mar 17)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Rich Kulawiec (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Chris Buechler (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)