funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Mon, 17 Mar 2008 15:36:30 -0500
On 3/17/08, Andy Sutton <newslists () pessimists net> wrote:
On Mon, 2008-03-17 at 08:37 -0500, Dennis Henderson wrote:Thats why the PIN is encrypted. The translation to the real account is made at the clearing house. So its really not that big of a deal. Unless you can decrypt the PIN and have access to the translation table, the account number is not particularly valuable.Encrypting the entire communication stream is important because if I can spoof the "approved" message back from the processor you'll get one empty ATM.
The only saving grace is that you would have had to sniffed the actual request and properly format a response that the ATM is expecting within its timeout. The ATM just doesnt accept a "do it". It will be expecting a certain formatted message complete with specific information that it included in its request. Not perfect, but once again, designed and accepted years ago when private networks were considered "private". Some smart banks are looking to use TLS as a bridge to secure the data until the vendors come up with a endpoint solution. --
- Andy Thoughts of doubt and fear never accomplish anything, and never can. They always lead to failure. Purpose, energy, power to do, and all strong thoughts cease when doubt and fear creep in. -- James Allen _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Windows-based cash machines 'easily hacked' Juha-Matti Laurio (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Andy Sutton (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Nick FitzGerald (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Chris Buechler (Mar 17)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)