Re: Windows-based cash machines 'easily hacked'

["Dennis Henderson" <hendomatic () gmail com>]

On Mon, Mar 17, 2008 at 7:57 AM, Larry Seltzer <Larry () larryseltzer com>
wrote:

> "Windows-based cash machines 'easily hacked'"
>
> This article basically makes two charges: ATMs aren't encrypting enough
> data and the boxes they are stored in can be broken into. The former is
> obviously an application error


Not an error, just an accepted level of security that is obviously now
outdated and needs to be changed.

At least everyone has moved from DES to 3DES  for the PIN.  :)

Also the account information is not the real account, its an offset based on
the PIN. Thats why the PIN is encrypted. The translation to the real account
is made at the clearing house. So its really not that big of a deal. Unless
you can decrypt the PIN and have access to the translation table, the
account number is not particularly valuable. Once again, its a commercially
reasonable level of security that was established many years ago.



> and the latter is obiously a hardware
> issue. What was the point of putting "Windows" in the title? Yes, they
> do make a quick vague accusation about Windows ATMs being less reliable
> than OS/2 ATMs. Right.
>
> The ATM's that allow programming from the front keypads are the ones that
are most easily hacked. I agree with Larry. I dont think the OS matters Not
to say that the other systems are bulletproof, but when the keypad is used
only as a basic data entry device and is not allowed to interact
programatically with the application or OS, then its much more difficult to
get into the system.

Dennis

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.