Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Develops ATM Rootkit

Posted by CmdrTaco on from the well-that-doesn't-make-me-feel-better dept.

alphadogg writes "One year after his Black Hat talk on automated teller machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference. He plans to give the talk, entitled "Jackpotting Automated Teller Machines," at the Black Hat Las Vegas conference, held July 28 and 29. Jack will demonstrate several ways of attacking ATMs, including remote, network-based attacks."

54 of 181 comments (clear)

  1. OK, That's It! by WrongSizeGlass · · Score: 5, Funny

    I'm stuffing all my cash under my mattress from now on. If you can't trust a Deibold ATM, what can you trust?

    1. Re:OK, That's It! by MiniMike · · Score: 5, Funny

      If you can't trust a Deibold ATM, what can you trust?

      Weren't they voted as the #1 ATM?

    2. Re:OK, That's It! by Rogerborg · · Score: 5, Funny

      If you can't trust a Deibold ATM, what can you trust?

      Weren't they voted as the #1 ATM?

      By 107% of the respondents.

      --
      If you were blocking sigs, you wouldn't have to read this.
  2. Lawsuit? by _PimpDaddy7_ · · Score: 3, Interesting

    Can the banks file a lawsuit at him?

    I can't stand companies not taking security seriously.

    Remember when ATMs first came out? The data being sent from ATM to the bank's systems had NO encryption.

    1. Re:Lawsuit? by Capt+James+McCarthy · · Score: 4, Insightful

      Can the banks file a lawsuit at him?

      I can't stand companies not taking security seriously.

      Remember when ATMs first came out? The data being sent from ATM to the bank's systems had NO encryption.

      Why? For pointing out security flaws? I know people love litigation as a means to prevent actions, however once information can be presented at a conference, any conference, don't you think that the cat is already out of the bag somewhere else.

      Everyone should know that a lock can be picked. It's just a matter of return for a thief. Making the lock so time consumable to pick that it's not worth it. So the ATM manufactures have to create security that is not worth the criminals time. Now if these hacks are easy, then I think the consumers have a right to hold the banks accountable.

      --
      There are no loopholes. It's either legal or it's not.
    2. Re:Lawsuit? by _PimpDaddy7_ · · Score: 4, Insightful

      Don't you remember Verizon and other companies SUED people when they showed their websites were UNSECURE?

    3. Re:Lawsuit? by Yvanhoe · · Score: 2, Insightful

      Can the clients of the banks file lawsuits at them ? I can't stand companies not taking security seriously.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    4. Re:Lawsuit? by baKanale · · Score: 3, Informative

      Financially bankrupting someone for pointing out security flaws might dissuade others from doing so in the future, for fear of the same consequences.

    5. Re:Lawsuit? by Ubergrendle · · Score: 4, Interesting

      It would depend upon the nature of hte hack. The promotional materials for his speech are light on details. Is this a top end ATM from NCR, or a white label generic ATM which are little more than PCs with a cash handler attached? What level of physical access does he need to the cabinet? Is this an internal exploit (implying you get your software/rootkit installed as part of a distribution) or he looking an something more subtle?

      I'll reserve judgement on his expose until i read of the details; i understand why he wouldn't want to advertise the juicy details before his presentaiton, but on the other hand I'm skeptical around what he's implying.

      --
      John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
    6. Re:Lawsuit? by MBGMorden · · Score: 4, Informative

      Don't recall that one. Depends on the circumstances though. I remember a ton of other cases where the "showing they were insecure" part included hacking into the network in question. That's illegally accessing a computer system.

      It'd be akin to you telling your neighbor that his lock sucks and him just dismissing your idea.

      One of two possible scenarios then play out:

      a. You show at the next town meeting that your neighbor - John Q. Noob, is using a Lockatron LT-200 front door lock, and then proceed to show pictures, diagrams, and and example lock and how to pick it.

      b. He comes home the next day, and you're standing in his living room yelling "I TOLD YOU THE LOCK WASN'T ANY GOOD!!!!".

      A is fine. He'll get pissed and change his lock. B is trespassing. Too often in computer security terms people consider them the same action, and they aren't.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    7. Re:Lawsuit? by Daley_G · · Score: 3, Insightful

      As much as it's true that a thief won't bother with something that's not worth his time, there's another side of the coin to keep in mind. If it costs considerably more to make something more secure, the customer isn't going to purchase the product to begin with. I've gotta believe that the banks have accepted a certain amount of risk, and therefore they've determined what those ATM's are worth to them given the cost of the unit itself as well as the cost of dealing with any issues that arise - including penetration.

    8. Re:Lawsuit? by Capt+James+McCarthy · · Score: 2, Insightful

      As much as it's true that a thief won't bother with something that's not worth his time, there's another side of the coin to keep in mind. If it costs considerably more to make something more secure, the customer isn't going to purchase the product to begin with.

      I've gotta believe that the banks have accepted a certain amount of risk, and therefore they've determined what those ATM's are worth to them given the cost of the unit itself as well as the cost of dealing with any issues that arise - including penetration.

      Very good point. So how do you deal with that concerning your customers? Do you warn them with a signed statement that says there is a risk of theft on atm systems? Or are banks willing to eat the cost of a break in (reimbursement) when it happens and not warn customers.

      --
      There are no loopholes. It's either legal or it's not.
    9. Re:Lawsuit? by Anonymous Coward · · Score: 2, Insightful

      Yes, they did. Ever heard of "No More Free Bugs"?

    10. Re:Lawsuit? by halcyon1234 · · Score: 2, Funny

      Financially bankrupting someone for pointing out security flaws might dissuade others from doing so in the future, for fear of the same consequences.

      Not a chance. To get the cash to pay the fines, he'll just break into a bunch of ATMS.

      "Here's your $100,00, in $20 and $50s."

      --
      UTF-8: There and Back Again
    11. Re:Lawsuit? by evilandi · · Score: 5, Interesting

      Remember when ATMs first came out? The data being sent from ATM to the bank's systems had NO encryption.

      Dude, it was the 1950s.How were they supposed to encrypt punch cards? Colour them in?

      The data was "sent" using the secure process of having a burly security guard open the little door at the back and carry the deposits, punch cards and microfilm (they took a photo of all deposits) over to the back office.

      --
      Andrew Oakley - www.aoakley.com
    12. Re:Lawsuit? by Lumpy · · Score: 3, Interesting

      No it doesnt, you point out the flaws without any info about you attached. I.E. Publish all the info outside the country.

      Honestly it blows my mind that any Computer nerd tries to do the white hat thing and tell a company about a problem. Simply send it in a letter that is untraced and say, "I'm publishing this in 90 days. you are getting a heads up because I'm a nice guy"

      Then in 90 put it on the net.

      They cant sue you if they have no idea who you are. Problem is most of these white hats are looking more for street "cred" and getting their name out than actually being a good guy.

      --
      Do not look at laser with remaining good eye.
    13. Re:Lawsuit? by Bakkster · · Score: 4, Interesting

      The problem is that it's a catch-22: usually the only way to find these vulnerabilities is to exploit them in the first place. And companies often don't grant access to white-hats because they think their systems are secure (or at least want to believe so), which can't be disproven until said hackers show them wrong.

      One would hope that a company wouldn't press charges unless there was malicious intent (he dispensed and pocketed several hundred dollar for himself to 'test' the system). Of course, this is America, and I have nowhere near that much faith in our corporations or justice system...

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
    14. Re:Lawsuit? by evilandi · · Score: 2, Informative

      The threat alone is enough because no individual (or group) can afford to spend as much money on a bogus lawsuit as any of these companies

      Perhaps, in America. But civilised countries have systems of taxpayer-funded legal aid for those unable to mount their own defence, or have strict rules about misuse of court process. This kind of tomfoolery simply doesn't happen in the UK, for example; the most recent attempt being some chiropractors who tried to sue a British science journalist for proving their profession was bunkum. The chiropractors suffered the judicial equivalent of having flaming oil poured over them.

      --
      Andrew Oakley - www.aoakley.com
    15. Re:Lawsuit? by HungryHobo · · Score: 3, Insightful

      In the case of academics getting their names on the publications is more than an ego thing- it actually influences their chances of staying employed.

    16. Re:Lawsuit? by bws111 · · Score: 2, Interesting

      On what grounds? If you have been the victim of a fraud, and the bank didn't correct it, you can probably sue them. If you haven't been the victim of a fraud, but you just think their security is too lax, then don't use them. Kind of hard to rail at someone else for not taking security seriously when by definition you yourself aren't taking security seriously if you trust someone you consider non-trustworthy.

    17. Re:Lawsuit? by hrieke · · Score: 4, Insightful

      No, the real reason is liability.
      If you sell the machine and believe it to be secure and sell it as such with out the review & audit, and then it's proven to be insecure, fine, unknown bug.
      If you audit the machine with white hat hackers, they tell you of issues, you sell the machine anyways, it's hacked, you're on a very big hook.

      --
      III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIIIV IIVIIIIIIVIII...
    18. Re:Lawsuit? by ClosedSource · · Score: 3, Informative

      Perhaps you're thinking of a night deposit box which isn't an ATM. There were no ATMs in the 1950s.

    19. Re:Lawsuit? by Legion303 · · Score: 4, Interesting

      "There's a difference between pointing out that a lock can be picked and demonstrating in detail how to do it. Especially when the audience isn't limited to the owner of the lock."

      Not legally, there isn't. I'll be giving a talk on exactly this subject in 6 weeks. Marc Tobias, a lawyer, has co-authored an extremely detailed book on picking, bypassing, and completely ignoring the security of Medeco Biaxial locks. Find a better analogy.

    20. Re:Lawsuit? by Zenaku · · Score: 3, Funny

      That's like saying that keeping your money in a big pile on your front lawn will protect you from safe-crackers.

      --
      If fate makes you a motorcycle, you become a motorcycle.
    21. Re:Lawsuit? by Zenaku · · Score: 2, Informative

      The entire purpose of a man-in-the-middle attack is work around the fact that the attacker cannot eavesdrop directly on an encrypted channel. The attacker wants the authentication credentials for your bank account, but the communication is encrypted. So instead he tricks the client device into opening an encrypted channel to HIM instead, by poisoning a DNS cache for instance, and gets you to send him the credentials directly. The whole point is to get access to what he needs to access your account.

      If the data is transmitted in the clear, MITM is completely unnecessary. He just eavesdrops on the communication and gets the credentials.

      It's not about "seeing your money." It's about seeing the secret numbers needed to access your money. Perhaps it would have been a better analogy if I had said that it was akin to thinking that posting the combination to your safe on a sign right next to it would protect you from safe-crackers, but I still fail to see your point.

      --
      If fate makes you a motorcycle, you become a motorcycle.
  3. hmm... by Pojut · · Score: 2, Interesting

    I know this is the sort of thing that goes on at black hat conferences, but could this guy potentially get in some sort of legal trouble for demonstrating what he has found?

    --
    Living With a Nerd
    1. Re:hmm... by Ephemeriis · · Score: 2, Insightful

      I know this is the sort of thing that goes on at black hat conferences, but could this guy potentially get in some sort of legal trouble for demonstrating what he has found?

      I'm sure he can.

      Which is stupid.

      Because if he knows this stuff he probably isn't the only one. And just the news that these machines can be hacked is going to have other people trying to figure out what he knows, even if he doesn't say anything. So whether he opens his mouth or not really isn't going to change how secure these machines are.

      All it will do, hopefully, is scare the manufacturers into improving their security.

      --
      "Work is the curse of the drinking classes." -Oscar Wilde
    2. Re:hmm... by GrahamCox · · Score: 2, Insightful

      They'll only do something about it when it becomes really widespread and starts actually costing serious green

      And that will be a good thing. Which the publishing will help bring about. I don't follow your argument, unless it's that you don't want this published widely so *you* can personally exploit it.

    3. Re:hmm... by L4t3r4lu5 · · Score: 2, Insightful

      What pisses me off is that he is n't publishing this.

      FTFY, considering the tone of the rest of your comment.

      You want him to publish so the banks have to fix it, not have him keep it secret and leave the rest to exploit it.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    4. Re:hmm... by plover · · Score: 4, Insightful

      What pisses me off is that he is publishing this.

      Why does that make you mad?

      Only two groups of people should be upset by this revelation: any thieves exploiting the weakness who may soon lose their money stream, and the banks who have to plug these holes.

      The only reason the banks should have to be mad is that they may not have budgeted the costs of these fixes for this year. Well that's too bad, I'm all broke up for them.

      So again I ask, why you are mad? Are you a banker or a thief? (And yes those are usually different unless you're on Wall Street.)

      --
      John
    5. Re:hmm... by Anonymous Coward · · Score: 2, Interesting

      I don't know about banks but credit unions care about security and keeping their ATMs up to date. Unfortunately, they are at the mercy of the ATM manufacturers, vendors and whoever provides the maintenance. I suppose banks could have different maintenance contract due to their size but normally software updates are part of the annual support contract.

    6. Re:hmm... by plover · · Score: 4, Insightful

      His talk is a year old already. You don't think he's disclosed it to the banks long ago? No, they've had all the warning they need. Now it's time to prove they've fixed their equipment.

      Seriously, if he never releases his info, it will never get fixed. You can talk to the I.T. staff for a year about the problems and nothing will get done. The banks can even have a guy inside I.T. shouting "we gotta fix this!!" and he'll be ignored.

      Post it on the internet, deliver it to a roomful of blackhats, THEN something will get done. Until then, however, we're all still vulnerable to the bad guys who are already exploiting this kind of crap.

      --
      John
  4. ATM machine by Anonymous Coward · · Score: 5, Funny

    You almost made it through the whole summary without saying it.

  5. Why can't the ATM suppliers just... by drc003 · · Score: 5, Funny

    ...just get a deal going with McAfee? Then there systems would be completely safe and always online!

  6. Come on Taco, more imagination! by Dystopian+Rebel · · Score: 4, Funny

    "from the well-that-doesn't-make-me-feel-better dept."

    Where's the zip, the punch in your writing? This is the news business! If Larry Wall can be funny AND write Perl code, so can you!

    Suggestions:

    "from the All Your ATM Are Belong To Us dept"

    "from the Who Says Cybercrime Doesn't Pay dept."

    "from the Your Money Is In Good Hands -- NOT dept"

    "from the Can We Have Human Tellers Again dept"

    "from the It'll Be The Debit Of Me dept."

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
  7. Operating System specific? by tecker · · Score: 2, Interesting

    The title says it is multi-platform but doesnt mention that anywhere in the article. So is this one that runs on CustomFW, Windows and Linux based ATMS?

    To me it would seem better to create a system that would raise the "your-not-with-OUR-bank-so-we-can-stiff-you" charge (charge em 3.50 for the transation then send 2 back to the bank per normal). Slow but would make money over time if EVERY atm had your code.

    --
    Procrastinating life a way at a rapid rate of speed.
    1. Re:Operating System specific? by IBBoard · · Score: 2, Insightful

      You get charged for using ATMs that aren't from your own bank? What weird kind of economy is that? The only way you generally get charged in the UK is a) if you're using a credit instead of a debit card (and then it is your card company charging you "cash advance" fees), b) if you're using one of those "convenience" ATMs that are in a pub etc or c) if you're not in the UK, at which point it is to "cover" international fees and talking with other banks in other countries (apparently).

  8. Re:Did anyone else read it as saying..... by ProfMobius · · Score: 3, Funny

    It is just you. I know a good specialist if you want.

    --
    EULA : By reading the above message, you agree that I now own your soul.
  9. ATM Machines by ThrowAwaySociety · · Score: 4, Funny

    Can anyone determine if these are Automated ATM Machines?

    I'd better be careful entering my personal PIN number into these from now on.

    1. Re:ATM Machines by spidrw · · Score: 3, Funny

      I find it best to use part of my vehicle's VIN number when picking out my personal PIN number for use at the automated ATM machines. That way I can just read the reflection off my dash when punching the numbers into the LCD display.

  10. What OS? by AlecC · · Score: 4, Insightful

    As far as I can tell, all ATMs are based on data processing OSes - either ones with a desktop heritage then multi-processing and networking added on (Windows) or with a data processing/networking heritage with desktop added on (*nix families). It seems to me that they ought to be based on real-time control OSs, such as those used in the automotive and aerospace industry, I don't see how an ATM is any more complicated than a Digital Engine Control system, especially for state-of-the art engines. People who design such systems know about reliability, which can include security in a limited function machine. The problem with general-purpose machines is that they have generalized functionality, just hidden away. Such systems can be subverted and the extra functionality exploited. Machines built from the ground up to do only what they have to do do not have the functionality to be subverted.

    I see no reason why such fixed-function machines should be much more expensive that those based on general purpose machines. There is an up-front cost in getting started, probably compensated by reduced security testing later. Wat will be harder is all the dreams the marketing people will have, of using the ATM to do other things, such as sell insurance. It will do only what it is built to do. Inflexible, but secure.

    --
    Consciousness is an illusion caused by an excess of self consciousness.
    1. Re:What OS? by Miser · · Score: 5, Informative

      Seconded. Diebold (specifically, Opteva line) run plain old Windows XP. Some of them run Win XP Embedded. All of the "peripherals" in this case such as the cash dispenser, card reader, depositor if equipped, etc are just USB devices. The computer is NOT in the vault portion of the ATM, so if you can get into the flimsy door, you can get access to the computer.

      If you know the passwords (they are surprisingly easy ... or just use Hiren's to blank them out) you can get into the OS itself.

      I'm not sure why Diebold picked Windows, I would have preferred Linux of course, or perhaps back in the old days when the ATM wasn't a general purpose computer - it was a board with discrete circuitry and firmware. Everything to the network may be 3DES encrypted, but since it's Windows just get yourself a piece of malware on there and capture everything. Come back, retrieve the data, make yourself some cards, PROFIT. Of course, this required physical access.

      The older model ATMs (like the Cashsource Plus 200/400) still run eComstation (OS/2) and can connect via modem (really just serial) or TCP.

      NOT posting anonymously either. It's not like it's some big secret. If they secured their stuff, they wouldn't have to worry about it.

      -Miser

    2. Re:What OS? by spidrw · · Score: 2, Interesting

      I managed to crash an ATM once (not a good feeling when you just deposited 50 big checks). When it rebooted, there was the Start menu. Before the 'ATM software' fired up I was able to easily open a command prompt and even get IE going. Then the ATM stuff went full screen and everything was hunky dory - except for my deposit.

    3. Re:What OS? by Miser · · Score: 2, Insightful

      I'll address some of your points - you weren't totally wrong, but it is also not as cut and dry as you say. Never think what is malice could not be mistaken for stupidity, or whatever the saying goes. The human element is in play here more than the technological one, even more so when you have short sighted MBA's at the helm of some of these financial institutions ...

      1. The flimsy door is rigged. Fiddle with it for a while and a big red light goes off at the bank telling them to check their security cameras as some bozo is playing with an ATM.

      Not necessarily. In all of the offsite (10+) ATMs I have had experience with, they were all for small, mid, and largish institutions. You'd be surprised how "penny wise, pound foolish" financial institutions are - they either don't connect them, or just flat out don't have the offsite ones alarmed at all. ($50 per month is too expensive for a POTS line, or $20 per month is too expensive for cellular alarm, I guess ...)

      Now if this ATM is inside a bank or other F/I, well then you need to assume that it is connected to the premise alarm system - HOWEVER, that could also mean just the vault, and NOT the flimsy door. YMMV of course.

      2. The bank sets the passwords, the banks I'm aware of used random strings of 20-30 characters. Not guessable. That's for the OS password, the password to the software to just do normal tasks like restock the ATM or print off some data would be simpler.

      In the case of Agilis, the Diebold software for Opteva and other series ATM's, it's just all zeros to get into Agilis - that's the master password. Hardly any institution that I have seen changes it. Oh, and BTW - the Windows XP side auto logs in. There is an opportunity to "stop" the Agilis software from running, and you get - you guessed it Explorer - free to do whatever you wish with an admin level account.

      3. Windows is the industry standard. Diebold, Wincor, and NCR all use it. They all used OS/2 before Windows. The presentation layer is a *huge* part of an ATM's duty, and at the time Linux wasn't up to the task. Or do you not remember swearing at your X.conf files for days?

      Ok, point slightly conceded that I don't like swearing at x.conf files, HOWEVER - with a company as big as Diebold they could save the licensing costs (they may have a bad reputation here on slashdot, but they employ some smart cookies) and use that to make what essentially is a "pattern disk" with all the little intricacies already worked out. Remember: these are little more than appliances, with the only difference is peripheral mix and what network they are connected to.

      4. I wrote ATM software at one point. Even with the program to send signals to the hardware and direct access to the PC inside getting cash out is not trivial. There's generally a sequence of 6-7 events that need to be sent to the right pieces of hardware in the right order to get the cash from the drawer to the slot.

      I'll agree with you there, although I wasn't suggesting attacking the USB peripherals directly, I was more thinking of attacking Agilis itself. It's a windows app, leaks memory something terrible, and I'm betting could be easily exploitable by those with access to an ATM. And before you say "good luck getting one" I could easily get a refurb stand up Opteva with no safe for about $4k. Chump change for the bad guys.

  11. Not Sarah, John This Time! by Scholasticus · · Score: 3, Funny

    John Connor did this way back in '91 ... which means the machines ... oh shit.

  12. Pick one by Anonymous Coward · · Score: 2, Funny

    ...just get a deal going with McAfee? Then there systems would be completely safe or always online!

    Fixed that for you.

  13. MITM? by ArcCoyote · · Score: 2, Insightful

    I'm wondering if this is more of a Man-in-the-Middle attack on the ATM's communication with the EFT network.

    The ATMs I've seen that aren't stuck right in a bank building's wall use some form of dial-up, be it a land line or a GSM modem.

  14. Re:My friend is a Linux hacker... by Yvan256 · · Score: 4, Funny

    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

  15. Great way to get money out of ATMS by Rogerborg · · Score: 4, Interesting

    Threaten to disclose the vulnerabilities, get paid hush money to pull your presentation (again). Rinse, repeat.

    --
    If you were blocking sigs, you wouldn't have to read this.
  16. There is NOT always a paper trail by hAckz0r · · Score: 2, Insightful
    May I ask how using a live teller keeps someone else from empting out your bank account electronically? After all, you can't prove a negative. You simply can't prove you did not use a machine unless you are lucky enough to be out of town at the time your account was emptied out. But even that does not work if the transaction was electronic and from somewhere other than a physical ATM. We are talking about rootkits on ATM's that by definition have a direct connection into your banking system, and no doubt have a way to export whatever information they want from it.

    Granted, the fact that the ATM will not be given the opportunity to capture your personal pin code is a step in the right direction, but having a corrupt hacker on the inside of your banking network cant be good for your bottom line either. There are security vulnerabilities in ALL computer systems and if a hacker has a foothold inside the network proper the rest of the system can fall like dominoes if the bank is naive enough to think they are safe from such an exploit.

    1. Re:There is NOT always a paper trail by Rockoon · · Score: 2, Insightful

      None of my accounts have an ATM/DEBIT card attached to them.

      "But don't you want a debit card?" asks the bank manager when opening the account.

      "Nope. I use a credit card."

      Yes, my bank account can be raided electronically, but I have very plausible deniability. Can't say that I used my ATM card to withdraw the funds, or my debit card to buy all that junk.

      --
      "His name was James Damore."
  17. I hope by pjbgravely · · Score: 2, Funny

    I hope they didn't use my hack where I type in 790 and get all the money I want.

    --
    Star Trek, there maybe hope.
  18. ATM Security by MC68040 · · Score: 2, Insightful

    I live in Europe, during my time having all sorts of cards that works in ATM's I've came to the conclusion that.. Most of them seem to run Windows (I've seen more BSOD's than its decent to mention).
    I'm not wanting to get in to a debate about Windows security here; rather the point that there are plenty of rootkits for any given platform on the go today.

    The interesting point would be the actual attack vector; getting in to a bank's internal network to access the ATM nodes would mean (from my point of view) that the ATM's are pretty uninteresting, however what else might lurk on the bank's network would be worth a lot more? On the other hand, if you could perform the "hack" quickly with just regular customer access to the machine, that'd be interesting... (thinking of terminator movie here...) ;)

    According to my bank balance that is my... well, I've no cents left, damn recession!

  19. XKCD already did that one... by Joce640k · · Score: 2, Funny

    http://xkcd.com/463/

    --
    No sig today...