Slashdot Mirror
Wells Fargo Web-Enables ATMs
smooth wombat writes "Wells Fargo has completed a five-year project to Web-enable its 6,200 ATMs in 23 states. Now the ATMS will be Windows based rather than OS/2 based. Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn., said the move to Windows-based systems is "not great news for the security of the system. I'm sure there's a lot of holes that will be created because of this.""
"We want to make sure our ATMs are integrated with every other channel so when I do a deposit in a [branch] I want to be able to go to [an] ATM immediately and see that deposit"
I do that regularly anyway. An ATM doesn't have to be on "the net" to do that. It has to communicate to the central handling server regardless of it's OS.
This is not a great move. Try and search for 0S/2 exploits even with Google. You're not going to find tons. I sure don't want to use an ATM running Windows and IE where someone that use the security expoit(s) of the month on it.
... darn I hope this gets submitted because my browser crashed when all the results came back.
Search on Windows security exploits and display the results and oh
So you are saying that Microsoft has no problems making the embedded version secure and they introduce the holes in XP just for fun? I fail to see how Microsofts track record should make me go "Ohhh, it the *embedded* version. In that case I trust your security completely!"
They're going to use Windows Embedded, not Windows XP. Two completely different code bases.
Hell, at this point I don't care whether or not it runs windows, its the "web enabled" part that scares me.
For how many years have ATM terminals been exposed to the entire internet?
Well, they weren't exposed to the entire internet. They were on a VPN. Such ATMs are always put on a VPN. But that's the fun part, because the VPN apparently had holes in it.
In other words-- at least this was the theory discussed at the time-- the ATMs had been put on a VPN so that they were inaccessible to the outside world. But other bank computers were apparently allowed in the same VPN. And somehow the Nachi worm got inside the VPN, at which point it was free to infect the ATMs...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
There's a Wells Fargo ATM close to where I work, not inside a bank, and the guy who puts the money in it is always accompanied by an armed guard.
I wouldn't trust a bank that had an untrained teller doing that.
Particularly one who is taking instructions from someone over the phone. Yeah, I really trust that system.
What bank do you work for? I want to be sure that I don't have any accounts with it.
Part of security is being correctly trained. An untrained person (problem #1) taking instructions over the phone (problem #2) to service a machine that is "web enabled" (problem #3) is a script for disaster.
They're from Diebold, and up until very recently, they ran OS/2. Why'd we switch?
They're from Diebold. Enough reason to switch right there.
Oh god, not another one.
In 2005, you should not have a perceptible delay between keypress and a simple ack. response like putting up an asterisk.
The problem, of course, is not technology. It's this god-damned "save every fraction of a penny at all costs, and fuck the customer/user!" mentality. A couple of cents more per terminal is probably all it would take to eliminate the delay, but, well, like I said, fuck the user.
I can't use Comcast digital cable boxes because of the multi-second delay before button presses react. (That one boggles the mind, I think they had to work to make it suck that bad.) It pisses me off that in the time it takes to navigate to one On Demand movie, the value of my time for the time it took to do the navigation would have been sufficient to make a snappy, responsive system. You could quite literally rack up hours spent just waiting for their interface to update in a year if you actually tried to use it (from what I gather from the way they keep dropping the price on On-Demand things, nobody does), and that says they care so little about my time that they'd rather save 5 cents.
Normally, I don't much care about "bloat" in desktop computers, I think most people bitching about it don't really understand what that "bloat" is buying them. But in the embedded space, fire away with your "bloat" accusations. The work it takes to make a machine in 2005 react more slowly than a machine from 1970, no exaggeration, boggles the mind.
Fuckers.
It's "based", not "bassed" and "procedure", not "proceedure". "Acutally" I can only assume was actually supposed to be "actually". Oh, and "stand point" is one word, "standpoint". "It uses regular Windows" should be "They use regular Windows"; plurality matters. I won't even get into the structure of that sentence. "The Windows ATM actually have help screens" should be the plural "Windows ATMs", with no apostrophe since the "M" is not lowercase.
Finally, "tellers" is plural, but "teller's" is possessive, as in "hold the teller's hand", which is what I believe was what you wanted, but that will never happen if you do not treat them with the respect another human being deserves.
Language and writing are tools like any other and you are obviously, well, "undertrained".
Most of the Wells Fargo ATMs I've seen recently, are Diebold machines.
I would imagine that Diebold was the one who made the decision to go to Windows.