nanog mailing list archives
Re: ATM failure - No the other kind of ATM
From: "Matthew S . Hallacy" <poptix () techmonkeys org>
Date: Sat, 8 Sep 2001 12:43:22 -0600
On Wed, Sep 05, 2001 at 06:33:33PM -0400, mike harrison wrote:
Somehow I think they would be extremely reluctant to tell anyone what they use inside their ATMs....Security through obscurity... most of them are not even encrypted and if they use dial-up lines (instead of dedicated lines) it's often just like the point of sale stuff.. 1200/2400 baud dial-on demand, it takes a few seconds to sync, send a short text string, get a reply auth. On the other side.. I just inherited some hardware encrypted triple-des modems and serial interface cards, as well as a Cylink V.35 hardware encryption 'shim' with valid keys for a large banks wire transfer department... I guess I should ship it to them. From Argentina? (Just kidding, I like being an American Citizen) As a part of other work we do here, we deal with ACH money transfers. The backup method of connection to one institution that we help a customer move millions per day through is a plain text e-mail to an AOL address. We've tried to explain, even refused to send the files, but no clue is in sight. They don't even want them zipped. Secure e-commerce is a farce, even at the corporate giant level. --Mike--
I've done work for a certain bank in Minnesota that actually had business customers email their ACH deposit files (plain text) to a Hotmail.com address, where they downloaded it from, and processed it without question (uh, hello?). At one point a company I worked for was actually using them for ACH deposits, and were told that we would have to bring the ACH file on a floppy disk because hotmail claimed that the email had a virus attached. oh yeah, every computer in the building had a modem, connected to a POTS line, waiting to be dialed into. Maybe burying money in mason jars is safer.. Matthew S. Hallacy
Current thread:
- ATM failure - No the other kind of ATM Sean Donelan (Sep 05)
- Re: ATM failure - No the other kind of ATM Brian Whalen (Sep 05)
- Re: ATM failure - No the other kind of ATM Patrick W. Gilmore (Sep 05)
- Re[2]: ATM failure - No the other kind of ATM Richard Welty (Sep 05)
- Re: ATM failure - No the other kind of ATM Chris Woodfield (Sep 05)
- Message not available
- Re: ATM failure - No the other kind of ATM Patrick W. Gilmore (Sep 05)
- Re: ATM failure - No the other kind of ATM Jeff Gehlbach (Sep 05)
- Re: ATM failure - No the other kind of ATM mike harrison (Sep 05)
- Re: ATM failure - No the other kind of ATM Matthew S . Hallacy (Sep 08)
- Re: ATM failure - No the other kind of ATM Majdi S. Abbas (Sep 05)
- <Possible follow-ups>
- RE: ATM failure - No the other kind of ATM Chris Boyd (Sep 05)
- RE: ATM failure - No the other kind of ATM Rowland, Alan D (Sep 05)
- RE: ATM failure - No the other kind of ATM Reid Fishler (Sep 05)
- Re: ATM failure - No the other kind of ATM Miquel van Smoorenburg (Sep 05)
- RE: ATM failure - No the other kind of ATM Roeland Meyer (Sep 05)
- RE: ATM failure - No the other kind of ATM Patrick W. Gilmore (Sep 06)
- Re: ATM failure - No the other kind of ATM Steven M. Bellovin (Sep 06)
- Re[2]: ATM failure - No the other kind of ATM Richard Welty (Sep 06)