Re: Windows-based cash machines 'easily hacked'

["Kitsune" <kitsune () sbcglobal net>]

let me be clear. If I had a desktop in that XPe ATM (unlikly), and that 
desktop had IE/FF/etc (highly unlikly), I could get to www.google.com on 
some networks. Certinally the outbound is going through a router and 
firewall and some web proxy, and there is no direct inbound path to that 
machine.

Lest you say that it is "only" a web proxy, I have seen some (misconfigured 
devices) inside a LAN hit my internet facing NTP server. You can't tell me 
that their networks are isolated islands of security when NTP can leak out.

Certinally not every network allows this. But it does happen, That number is 
more than zero, and I am not caging my response to hide that I am only 
talking about one.

The vector is LAN(infected desktop) to LAN/WAN pounding at any ip it can 
find, be it another desktop, or an ATM.


----- Original Message ----- 
From: "der Mouse" <mouse () rodents montreal qc ca>
To: <funsec () linuxbox org>
Sent: Tuesday, March 18, 2008 10:27 AM
Subject: Re: [funsec] Windows-based cash machines 'easily hacked'


> > "can they" the ATM, reach the internet.  no, I really doubt they
> > could, as I've said before, they are XPe.  One would hope they didnt
> > compile in IE into the runtime..
>
> Surely you're not under the delusion that "the Internet" equals the
> Web?  Or that the only way to speak over the Internet is with IE?
>
> /~\ The ASCII der Mouse
> \ / Ribbon Campaign
> X  Against HTML        mouse () rodents montreal qc ca
> / \ Email!      7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list. 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.