funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Mon, 17 Mar 2008 08:37:02 -0500
On Mon, Mar 17, 2008 at 7:57 AM, Larry Seltzer <Larry () larryseltzer com> wrote:
"Windows-based cash machines 'easily hacked'" This article basically makes two charges: ATMs aren't encrypting enough data and the boxes they are stored in can be broken into. The former is obviously an application error
Not an error, just an accepted level of security that is obviously now outdated and needs to be changed. At least everyone has moved from DES to 3DES for the PIN. :) Also the account information is not the real account, its an offset based on the PIN. Thats why the PIN is encrypted. The translation to the real account is made at the clearing house. So its really not that big of a deal. Unless you can decrypt the PIN and have access to the translation table, the account number is not particularly valuable. Once again, its a commercially reasonable level of security that was established many years ago.
and the latter is obiously a hardware issue. What was the point of putting "Windows" in the title? Yes, they do make a quick vague accusation about Windows ATMs being less reliable than OS/2 ATMs. Right. The ATM's that allow programming from the front keypads are the ones that
are most easily hacked. I agree with Larry. I dont think the OS matters Not to say that the other systems are bulletproof, but when the keypad is used only as a basic data entry device and is not allowed to interact programatically with the application or OS, then its much more difficult to get into the system. Dennis
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Windows-based cash machines 'easily hacked' Juha-Matti Laurio (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Andy Sutton (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Nick FitzGerald (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Chris Buechler (Mar 17)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)