Slashdot Mirror
Card-Sniffing Malware On Diebold ATMs
angry tapir writes "Diebold has released a security fix for its Opteva automated teller machines after cyber-criminals apparently broke into the systems at one or more businesses in Russia and installed malicious software. Diebold learned of the incident in January and sent out a global security update to its ATM customers using the Windows operating system. It is not releasing full details of what happened, including which businesses were affected, but said criminals had gained physical access to the machines to install their malicious program. Arrests have reportedly been made."
the banks hold up you.
There is a Diebold ATM machine in Brazil, São Paulo state, that regularly crashes. When it crashes, you can see that it is running Microsoft Windows 98.
That amazes me. It seems that even someone with very little understanding would not use an OS that is known to have literally thousands of vulnerabilities.
As far as ATM venders go, how does Diebold rank in security?
Does it really matter, when their customers are allowing the bad guys to physically work with the machines? Bad guys who get to touch system like that have a real leg up. Machines that - even if the user allows the bad guy to play with the hardware - could withstand a serious onslaught by organized Russian techie criminals would probably be substantially more expensive for the average [Insert Name of Russian 7-11 here] or their banking vendor to deploy.
Don't disappoint your bird dog. Go to the range.
That line really wasn't needed. The crime requires physical access to the box. A linux,mac,whatever box is just a vulnerable in that situation.
Somewhat OT, but my wife was one of the early recipients of a credit card which expired after 1999. She used to crash gas pumps whenever she tried to pay at the pump.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
You know, that has been bugging me, along with a general WTF? when it comes to why they are using a consumer OS on these machines in the first place. The stupidest part by a country mile is the fact that they have a VERY secure and reliable OS for these things that have years of real world use: OS2.
My banks have the OS2 machines(I think Diebold) and frankly they are built like tanks. They are always running 24/7(you think I'm joking but the bank down the street has the pretty Windows ATMs and there is some guy out there working on the damned thing every time you turn around) and it frankly just works. Is it pretty? Nope, just a blue and black screen with very basic function buttons. But it is a ATM. It doesn't NEED to be pretty. It just needs to be secure and work. And since eComstation still sells OS2 licenses I honestly don't see why they just don't stick with old reliable OS2. If it ain't broke, don't fix it.
ACs don't waste your time replying, your posts are never seen by me.
the bank down the street has the pretty Windows ATMs and there is some guy out there working on the damned thing every time you turn around
Why? Are you trying to say that something about the Windows Operating system is causing this ATM to fail? I hope not, because it would be foolish to assume that without more data. A lot can go wrong with an ATM. From faulty hardware to sloppy programming.
It's far more likely that in this case the benefit comes from simplicity in the hardware and software design, not anything to do with OS/2. From your description, the whole design is much older. Whatever bugs that may be present in the software or the operating system don't interfere with the machines day to day operation, so from the standpoint of a casual observer, it's perfect.
Using this single (biased) example as an endorsement for using OS/2 isn't insightful, it's just stupid.
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee