Full Disclosure mailing list archives
Re: [Full-disclosure] Bank of the West security contact?
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 3 Apr 2014 02:13:52 -0400
On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand <eric.rand () brownhatsecurity com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BoA has no incentive to switch, as the customers have not demanded more secure ATMs, and it's cheaper to have 'hacking insurance' to cover any losses than it would be to replace all their ATMs.
Sad, but true. I doubt they have the hacking insurance, though. There's a reason US banks suffer losses at a rate of 600x that of a German bank. For the discussion, see Gutmann's Engineering Security, page 542 (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). I'm amazed that the losses get passed onto shared holders, and then executives give themselves a bonus for a job well done. Jeff
On 04/02/2014 01:30 PM, Sholes, Joshua wrote:And how fast would those ATM manufacturers switch to a Linux or other offering if, say, Bank of America said "We won't buy an ATM with an easily skimmable reader or with an insecure OS on it?" Diebold, for example, has a market cap of less than $3B. BoA is sitting around $182B. With that much leverage, the big banks have NO excuse to just accept whatever crap the vendors shovel out the door.
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: [Full-disclosure] Bank of the West security contact? raccoon (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Stefan Weimar (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Sholes, Joshua (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Eric Rand (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Jeffrey Walton (Apr 03)
- Re: [Full-disclosure] Bank of the West security contact? raccoon (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Stefan Weimar (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Sholes, Joshua (Apr 02)
- Re: [Full-disclosure] Bank of the West security contact? Stefan Weimar (Apr 02)