Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wells Fargo Web-Enables ATMs

Posted by Zonk on from the free-money dept.

smooth wombat writes "Wells Fargo has completed a five-year project to Web-enable its 6,200 ATMs in 23 states. Now the ATMS will be Windows based rather than OS/2 based. Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn., said the move to Windows-based systems is "not great news for the security of the system. I'm sure there's a lot of holes that will be created because of this.""

15 of 576 comments (clear)

  1. was a change required? by Frogmum · · Score: 5, Interesting

    What was wrong with OS/2 atms?

    1. Re:was a change required? by Anonymous Coward · · Score: 4, Interesting

      http://en.wikipedia.org/wiki/OS/2

      The collaboration between IBM and Microsoft unravelled in 1990, between the releases of Windows 3.0 and OS/2 1.3. The increasing popularity of Windows prompted Microsoft to shift its development focus from OS/2, and IBM grew concerned about delays in development of OS/2 2.0. Initially, the companies agreed that IBM would take over maintenance of OS/2 1.0 and development of OS/2 2.0, while Microsoft would continue development of OS/2 3.0, then known as "NT OS/2". However, Microsoft decided to recast NT OS/2 as Windows NT, leaving all future OS/2 development to IBM. Windows NT's OS/2 heritage can be seen in its initial support for the HPFS filesystem (although write support was dropped in Windows NT 4.0 and read support was dropped in Windows 2000) and text mode OS/2 1.x applications (support dropped in Windows XP).

      So they basically upgraded to a newer version of OS/2 in a weird twisted Microsoft sort of way.

    2. Re:was a change required? by shaitand · · Score: 4, Interesting

      "The actual screens the customer sees are actually web pages so it's easy to make them look how you want and not be a programmer."

      Yeah but do you REALLY want a feature that allows unqualified individuals modify the interface of ATM machines? Isn't that something you want the bar set a little higher on?

    3. Re:was a change required? by The_Dougster · · Score: 4, Interesting
      The BOFH hates OS/2, and you DON'T want to make him mad.

      If the BOFH had done this job, he would have had Wells-Fargo purchase a super-deluxe QNX licensing contract, then he would have installed BSD on the machines and pocketed the change.

      Ahh, OS/2, I miss it. The last time I whipped out my OS/2 Warp disks and tried to install it, it didn't seem to like my 10 years newer hardware and couldn't find a HDD driver. Bummer. I can only imagine how fast it would have run on my 2GHz box.

      I think that Wells-Fargo should have used QNX, and now whoever made the decision is probably going to pay. Windows on an ATM connected to the internet is pretty damn frightening. Time to withdraw all my zorkmids out of the bank and stuff it under the mattress.

      --
      Clickety Click ...
    4. Re:was a change required? by Rohan427 · · Score: 3, Interesting

      Your source for this bit of info?

      In addition, they couldn't go to another OS because?

      I've been contemplating changing banks for some time now (from Wells Fargo), but haven't for several reasons. This could be the straw that breaks this camel's back.

      (FYI, a few years ago I walked up to a WF ATM, started to put my card in, and noticed a M$ Dev. Studio GPF dialog asking if I wanted to debug the application or cancel!!)

      PGA

  2. Why! by bstadil · · Score: 3, Interesting

    I RTFA and have no idea why they did this. OS/2 is not EOL'ed yet. Methinks someone did a snow job on thiese guys.

    --
    Help fight continental drift.
  3. Re:Yes, but... by Gilesx · · Score: 4, Interesting

    Maybe I'm wrong, but aren't they essentially the same kernel, with Embedded being a stripped down version?

    Either way, I wouldn't be the house on the kernel and networking components of XP being free from holes and possible exploits, Embedded or otherwise...

    --
    Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
  4. Netscape by danimrich · · Score: 4, Interesting

    A couple of weeks ago I saw an ATM that had crashed. It was running Netscape on some version of Windows.
    Surely enough, it was made by the same manufacturer who f***ed up US voting machines. I do have some pictures if anyone is interested.

    --
    where's all that Karma?
  5. s-l-o-w ATM keypad by anadem · · Score: 5, Interesting

    am I the only one who finds the new Wells Fargo ATM key response time to be laggardly?

    After I enter my pin, the beep sound and the asterisk that's displayed take so long that I think i've miskeyed, so press again getting a double entry which i have to cancel and slowly and carefully retry.

    Is it because of being Windowized, or just bad programming? The old OS/2 ATMs responded instantly.

  6. My ATM had crashed - UK by Anonymous Coward · · Score: 5, Interesting

    I went to the hole in the wall (ATM) and it was displaying a windows taskbar, a dos window with some process running with a dos full stop sequence progress meter and another McAfee window - I asked in the bank and they said it had been on and off all morning and an "engineer" was trying to fix it.

    I remember a /. article on UK banks going ove to windoze but I never thought i'd see the day.

    Was I ever laughing.

    I wonder if my atm card has a virus by now. ;-)

    PS It was Bank of Scotland

    Well I guess an OS and their money are easyily restarted.

    1. Re:My ATM had crashed - UK by Iason+Baldes · · Score: 3, Interesting

      My friend had an atm crash on him while he was withdrawring money (this wasn't one near a bank, it was infront of the cinema). He called the company that ran the atm and was informed that they no longer handled maintenance. One phone call later he was told that a person might be there the next day to fix it. He never got his card back. I guess he learnt his lesson of not typing 1337 into ATM's.

  7. os/2 everywhere by Lys0l · · Score: 5, Interesting

    I used to work for IBM in OS/2 TCP/IP support. People would be amazed at how much OS/2 is still out there. Banking, industry, CIA, NSA, Vatican Bank, etc. Heart/Lung machines, ATM machines and the machines that make fritos. When OS/2 went down at friot-lay, no more fritos...not good times. I'm sad to see it go, it was great for apps such as these.

  8. Re:Yes, but... by Baricom · · Score: 4, Interesting

    TFA says these ATMs are web-based and Windows-based. That means they are almost certainly running the same rendering engine as Internet Explorer.

    I wouldn't trust Firefox in an ATM, let alone Internet Explorer. If my bank of choice starts deploying these in large quantities (they're around, but less prevalent than the old kind), I will run, not walk, to the competition.

  9. Re:Yes, but... by shaitand · · Score: 4, Interesting

    On another point, HTML and TCP/IP are HEAVILY stress tested. There are flaws but they are known and everybody and their dog has had a chance to work out flaws with them.

    The greatest possibility for one of these to get hacked is that the one admin is not really familiar with the system and makes a mistake on setup that leaves things functional but insecure. With HTML and TCP/IP the admin is more likely to be familiar and less like to make a mistake with the system.

    "I don't know what my bank's ATMs run as their operating system, and that's a good thing because it means the bad guys may not, either."

    The bad guys know in detail how the circuit processes the image of a dollar bill in a change machine so they can fool it. Do you? Of course not, they know because they have no scrupples and they want to know.

    Microsoft spends hundreds of billions of dollars writing custom and obscure protocols, deliberately designing every aspect of systems far more complex than these to be difficult to reverse engineer. It is the ultimate example of security through obscurity. And with MS it is what, 3-4yrs tops for their interfaces to be reverse engineered by hackers?

    You trust obscurity. I'll take a system that is easy to setup properly; is built on tried, true, tested, and stable technology (windows meets none of these critera embedded or not); and requires a bad guy to get past someone with a gun to get to the wire. If the bank wants to remote admin that is fine, they better use fiber links with quantum encryption, otherwise the cost is needed.

    I was once the technician at a small consulting firm trying to explain to a bank manager that he shouldn't have the network the bank terminals are on connected to the web and that a bank really should get something a tad more secure than norton internet security on their internet connection. In the end the bank just wanted something that said intrusion detection on the label to get the bank inspector off their back.

  10. And then the ATM ate my card.... by jeffroe · · Score: 4, Interesting

    What a timely post! Today I got back from a week long contract job and went to deposit some checks at the bank. Well, the local Wells Fargo closes at 4pm and I just missed it by about 10 minutes, so I went to deposit in the ATM. I inserted my card as instructed and voila, a nice windows fatal error message requiring me to click OK, but of course no mouse to click the button with and the Green enter button does nothing. In fact, none of the buttons did anything. Eventually, the ATM rebooted itself and came up with a nice "This ATM is out of service." message, and of course kept my card. So, I called Wells Fargo customer service to find out how long it would take to replace my business ATM card and it's 7-10 business days!!! Ouch! Why exactly am I paying for a business account when I get the same service as for my personal checking account? I don't know. *sigh*