Card-Sniffing Malware On Diebold ATMs

angry tapir writes "Diebold has released a security fix for its Opteva automated teller machines after cyber-criminals apparently broke into the systems at one or more businesses in Russia and installed malicious software. Diebold learned of the incident in January and sent out a global security update to its ATM customers using the Windows operating system. It is not releasing full details of what happened, including which businesses were affected, but said criminals had gained physical access to the machines to install their malicious program. Arrests have reportedly been made."

Uh...why are they running Windows?

[Coopjust]

Windows CE, XP, whatever, an ATM shouldn't be running a consumer OS for a variety of reasons (security holes, stability, error rate). Why not use either a very trimmed down Linux distro or roll your own OS? I mean, there is a bit of investment having to make the drivers and all- but surely it can't be too expensive to do (not with what is at stake).

Still, it's a trojan (has to be put on individual ATMs) - and criminals would have to gain physical access to the computer inside the ATM, which would mean breaking the ATM itself or somehow getting the keys (pretty difficult). So it's not the most widespread issue.

Should of not droped OS/2 For windows on the ATMs

[Joe+The+Dragon]

Should of not droped OS/2 For windows on the ATMs. Also was the administrative passwords set to the default like the other ATM's that got hacked?

Is the locked-down version of Windows that Diebold provides to locked down for some banks use? Locked in to Diebold for getting the windows updates? Vs being able to do it on your own / use your own WSUS system?

Are diebold voting machines just as easy or easier to hack?

Why use Windows at all for high-security embedded

Why use Windows at all for high-security embedded applications? Seems to me that using a stripped-down Linux kernel would be a better deal!!