Most ATMs Can Be Hacked in Under 20 Minutes

An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks. From a report: Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week. The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users' bank cards (also known as skimming). Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to. Researchers said that 27 percent of the tested ATMs were vulnerable to having their processing center communications spoofed, while 58 percent of tested ATMs had vulnerabilities in their network components or services that could be exploited to control the ATM remotely.

Diebold lol

Who buys these shitty things? Why are banks so fucking stupid about their core competency?

Re:Diebold lol

Probably because they got the wrong acronym on securing gaping holes.

Re:Diebold lol

Well, when you can print money and there's no repercussions....

Re:Diebold lol

[BeauHD++(19)+BeauHD]

The Treasury is what prints the money. Go back to your conspiracy theory forums fool. We don't like you're type here.

Re: Diebold lol

They should use the timer feature from a TACC safe. You canâ(TM)t query the machine for settings more often than every so many minutes

So what?

Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

Re:So what?

In my country with 15-20k you're set for many many years to come.

Re:So what?

[Nidi62]

Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

The majority of people in the US don't even have enough liquid money to afford a $1000 emergency and you think 15-20k is a small amount?

Re:So what?

[bob4u2c]

Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

[British Accent]Quite right you are my man. Unless Foofy needs a new rolls I try to limit my personal cashier boy to a similar small fund which they may withdraw from these mechanical money boxes. Least the less trustworthy boys have been known to drain a persons account to the point that one must take a public jet to the Alps instead our families private whirly birds.[/British Accent]

Re: So what?

I keep $150k in checking. It's pocket change

Re:So what?

Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

The majority of people in the US don't even have enough liquid money to afford a $1000 emergency and you think 15-20k is a small amount?

Gosh, I have foolishly been keeping a billion and a half dollars in my checking account connected to my ATM card... I should probably reduce that to 15 to 20 times the maximum amount I’ve ever HEARD of an ATM allowing someone to take out, (or more like about 40 times, for most ATMs I’ve ever used).

What I was going to suggest though, is that it’s okay for most ATMs to be hackable in under twenty minutes, as long as they alert the police when someone starts trying to hack them, and the time it takes for the police to arrive, and shoot the thief in the head averages, say... 10 minutes or less. As long as trying to steal from an ATM more often than not results in a dead thief, I’m not really sure how that’s a problem.

See, I’m normally pretty sympathetic to the poor, and someone who steals a loaf of bread to feed his starving family and has no other way, or someone who breaks some law by accident... but when you HACK into an ATM, that’s... yeah, I’m pretty sure you can’t, WOOPS, ACCIDENTALLY hack into an ATM, and if you’re stealing thousands or tens of thousands of dollars at a time, yeah-no.

You might even say you’re okay with theft from a bank or an ATM because banks, which own the ATMs, are rich. But that’s just the problem. You can’t steal from the rich. They find ways to turn around and make it so that when you try to steal from them, you really end up having stolen from their customers, most of whom are NOT rich. Same goes for petty theft from any place where I shop. You’re not stealing from MalWart, let’s say, you’re stealing from ME if I shop there, because to cover the loss, they have to raise prices... because they’ll be DAMNED before they cut profits or executive salaries. As for common worker salaries, they’ve already cut those to the bone. There’s no fat there left to cut. Hell, they’ve already half-way to done away with cashiers. I wonder how they’ll get us, the customers to stock their shelves for them.

I’m sure they’re working on it.

Re: So what?

Found the trust fund kid.

Re: So what?

It's not banks being rich...it's that they get bailed out every time. And there is no such protection for anyone else.

Re:So what?

He's probably talking about 15-20k rupees. ($300)

Re: So what?

Spare some pocket change?

Re: So what?

[HornWumpus]

'Trust fund kids' are the ones that the parents know are too incompetent to handle money (e.g. Jerry Brown, CA governor).

If they had 150k, they'd spend it on hookers and blow. That's why the trust has to dribble out a monthly allowance.

Someone claiming 150k$ in a checking account, is either a moron or a troll, depending on if it's true or not.

Re: So what?

What could I do with say a few million?

Re:So what?

20 minute hack is easy. How long does it take to strap a convenience store ATM to the back of a pickup truck and floor it?

Re: So what?

How's the return on that checking account?

Yeah, I thought so.

Re:So what?

[F.Ultra]

Don't you have the colouring anti theft measures in the ATMs in the US?

Re:So what?

You didn't read the article. They are literately talking about jackpotting the ATM's by telling the ATM's OS to dispense money at will, or intercepting data to the ATM network. The latter is likely easier to catch by the ATM network, but if someone jackpots an ATM nobody will know unless the ATM has been physically damaged in the process.

Here's a theoretical example. Someone installs the malware on the Windows XP ATM, Someone comes by and withdraws or deposits 20$, the crook then waits for them to go away and then tells the ATM to dispense $2000, and snatch it without the camera seeing them. So the person who just withdrew will look like they somehow withdrew $2020, and since there's no crook on camera, guess who gets accused of it?

But that's not the only theoretical example. There's also the possibility of using malware on the ATM to digitally skim the cards and then replay the transaction over and over again until the ATM is empty.

Re: So what?

I've never seen them in ATMs I've worked on. Mostly hollywood. Also, most convenience store ATMs don't have cameras, another hollywoodism. (Fancier huge Bank ATMs like diebold are sure to have die packs and cameras.)

Re: So what?

[mrvan]

'Trust fund kids' are the ones that the parents know are too incompetent to handle money (e.g. Jerry Brown, CA governor).

If they had 150k, they'd spend it on hookers and blow. That's why the trust has to dribble out a monthly allowance.

Someone claiming 150k$ in a checking account, is either a moron or a troll, depending on if it's true or not.

Or someone who assumes that the stock market will crash quickly, which will force the Fed to lower interest rates again, which will mean almost all asset classes will lose value over the coming month.

Re: So what?

[mysidia]

which will force the Fed to lower interest rates again, which will mean almost all asset classes will lose value over the coming month

No.... the Fed has been doing the opposite of Quantitative Easing they were aggressively doing during Obama's administration: attempting to trim their balance sheet, in addition to the aggressive interest rate increases --- the reverse QE will mean they could lower interest rates to 0 and still potentially make a catastrophe;

But leaders in the Fed have been looking disdainfully at the high stock market prices for a while now, and planning on how to take those prices down to what they personally feel they should be --- also, even though the Fed is supposed to be politically independent - I suspect some are political and upset with how well the economy appear to be doing during a Trump presidency; since appearance is everything, there are people in the Fed who would like to try and quietly use fed influence to cut back on liquidity at an excessive rate to make the economy appear to be a disaster for the next 2 years or so, in the hopes their result by Fed tampering is they get a democrat into office next.

They are not done yet by far... and they intend to accelerate the rate of reverse QE over the course of the next couple of years until they eliminate the excess reserves (electronic fictional cash they created).

Reverse QE reduces the size of the base money supply and will be evaporating 1.5 Trillion of $$ in deposits/lendable money out of the banking system.

Regardless of what they do with interest rates; the Uncertain affects of the reverse QE likely stand to have a high chance of causing not merely some loss in value but to crash nearly ALL asset prices
including precious metals, and there will be some more bank insolvencies that may make 2008 or the last time the Fed tried something like this.... 1937.. look tame.

Re: So what?

[F.Ultra]

over here they all have die packs and cameras

Re:So what?

[DethLok]

How does the camera in the ATM - that takes photos of every person pushing ATM buttons - not see the culprit?

How does the camera filming the area the ATM/s are in not see someone at an ATM?

If you are invisible, there are easier and safer ways to get rich.

Re: So what?

[HornWumpus]

You don't know what a trust is. It has nothing to do with the assets, only putting an adult in charge of the assets so the 'Trust fund kid' can't blow it all.

Jerry Brown's parents knew him better than the voters of CA. Like most true morons, he has only gotten dumber with age.

I HATE /. BULLIES like ZIP & c6gunner... apk

See subject: I'm so sick & tired of /. BULLIES. You shitweasels have nothing better to do than HARASS, STALK & IMPERSONATE little ol' me. I've done absolutely NOTHING wrong & just try to make everyone's lives better w/ my work that stops ads & malware.

* As soon as I post, I'm CENSORED to -1 w/ ABUSED downmodpoints by bullies like ZIP, who even admit to this. I caught c6gunner mocking then IMPERSONATING me when he forgot to log out. Zontar mailed me a postcard w/ THREATS on it, then LIES & STALKS me. All because you JEALOUS JOWIE "ne'er-do-wells" KNOW I'm World-Class & you're shit. It's why you hide behind FAKE names & UNIDENTIFIABLE ANONYMOUS.

I'm even improving my already GREAT PHYSIQUE by getting calf implants while you weezils sit around all day on /. STALKING & HARASSING your BETTERS. I repeatedly dust the no-mind bullshit blatherings you BULLIES post to attack me. Like always I WIN & YOU LOSE.

APK

P.S.=> This BULLYING of me is SO UNFAIR & is probably a HATE CRIME because I'm gay. GROW UP... apk

rip barnaby jack

rip barnaby jack

Can they be hacked

[toonces33]

with a hacksaw?

Re:Can they be hacked

[Locke2005]

Pickup trucks appear to be the meth addicts tool of choice. (Google it)

Re: Can they be hacked

Thanks, found several videos of idiots ripping their back axel off. Was very funny.

This must be why

The elderly people in line always take that long

This will be fixed

This will be fixed... when the loss caused by hackers exceeds the cost of implementing proper security.

Re:This will be fixed

[olsmeister]

Hmmm. I guess I never thought about it before, but who is liable for theft from an ATM? The bank? The company that built the ATM? The FDIC? The customer?

Re: This will be fixed

This shows that most hacks are merely able to download log files. How is that a hack?

Re:This will be fixed

The bank is on the hook for the money, and by extension the bank's insurance company. I work for a bank and am familiar with this issue. A bigger issue is online scamming where somebody gets the login info for a legitimate customer's account and then orders a transfer to Paypal or some other online service, and then walks away with that money. The FBI won't even bother investigating for a few thousand bucks. And the transfer recipients generally don't help out either because they're prohibited from giving out their customer info without a warrant.

Under 20 minutes and even less?

Is that the same as even less than under 20 minutes?

Re:Under 20 minutes and even less?

The article details several hacking scenarios, with 20 minutes being the biggest time, but many others taking much less.

Cuz

X509 is hard.

Banks

[Zorro]

Good thing they got rid of those banks with safes and armed guards.

Might take some real risks to rob a bank.

Diebold made voting machines

[bluefoxlucid]

Diebold made voting machines.

Everyone else in that industry is just as bad. No threat models, at all. That's why I'm getting into the industry.

Re:Diebold made voting machines

A threat model is one tool among many and only the best at it's job when there is a well-defined, necessarily finite and small number. The CS equivalent would be to complain about companies not using a single pointer.

Re:Diebold made voting machines

[phantomfive]

Which industry? "Stealing from ATMs" industry? I hear it's profitable.

Re:Diebold made voting machines

[bluefoxlucid]

No, the voting machine industry. They're all terrible. It's so bad people are calling for paper ballots--computer science people, not infosec people, because infosec people would look at paper ballots and cringe...oh, wait, no, Bruce Schneier has also fallen for that noise.

Let's be honest here: paper ballots are data packets. You have a distributed network in which a few trusted individuals are in possession of the packets at any time. Start from the sender (polling center), put the data packet on a truck (router) operated by a few trusted individuals (ISP employees) who promise not to clone seals (checksum) and tamper with the data (ballots). It looks like the Internet, but slow.

We need authentication before the packets leave the polling center. With voting, we need universal verification: the ballots must be counted while in view, accounted for, and then signed by a mathematically-derived number we can regenerate by counting exactly-identical ballots. The number must be observed by anyone present--if you want to just wander into the polling center and watch, you are the security control.

For electronic voting machines in particular, we need universal verification that the software image is unchanged from a published image at the moment polling begins. That only lets you know the state of ballots until they're removed from the machine, so the machines need to produce proof of the ballot set before tampering is possible.

A lot of people focus on usability issues, counting time, and miscounting paper ballots. These are all technical; the long view only really involves two issues.

First, direct-recording electronic voting machines are the future. Surprisingly-few people really care about paper ballots, and paper audit trails have been shown manipulable (paper isn't an audit trail anyway: you can print a false audit trail). We're going to have DRE voting machines in the next generation, and it's never going back.

Second, paper ranked ballots are complex and difficult to resolve to real, stable proof. I've been able to alter votes and produce similar statistics for number of times each candidate appeared in each position, pairwise race results (they'll be the same if you rotate vote order, allowing selection of a winning candidate), and a few other outcomes. I haven't been able to make them match simultaneously, and haven't proven you can't. Mathematically, the amount of information increases exponentially with the candidate pool.

In other words: certain ballots are going to need ballot data format and sorting rules plus a strong hash algorithm (SHA-512) and statistics. While modifying the statistics involves tweaking the ballots in valid ways, finding a hash collision involves tweaking data: any collisions could, conceivably, involve inaccurate data. For a given number of ballots and candidates, the number of variations is limited; it's further limited when generating the same statistics.

To carry this out, you need to enter the ballots into a computer.

To validate the ballots, you need to re-enter exactly the same ballots.

There's no hope of integrity guarantees and certified ballots leaving the polling center--not in any way verifiable by anyone but the election judges themselves--without a way to maintain integrity of a computer system unless we use voting rules like First Past The Post Plurality or Instant Runoff Voting, in which case we can hijack the election by nominating or retiring candidates or by gerrymandering the district.

Diebold made ATMs. Then they made voting machines. A future of Diebold-descended voting machines is a nightmare.

No they can’t. Not in a bank?

These attacks seem to require you to be alone with the machine, while having access to its backside where the cables come out.
Yeah... veeery realistic. --.--

Try again with a vandalism-hardened ATM in a brick wall with cameras and security personnel looking at them. Then and only then do you get to write sensationalist headlines like this.

Why do you think the PIN only has 4 digits most of the time? Not because that's so hard to crack. It's only a token. The security is provided by what's around it.

(And yeah, they should still improve these things anyway, because it's always good to have multiple layers of security. Then again, if we'd think this though, we'd get rid of banks altogether, as they are untrustworthy thieves by their very definition. [Actually worse than thieves, as thieves usually don't make up money on the spot [$92 for every $8] and get the government to side *with* their imaginary money being real.])

Re: No they can’t. Not in a bank?

The vast majority of ATMs are not in banks and do have little security. Some gas station ATMs don't even have a camera.

Re: No they can’t. Not in a bank?

[Riceballsan]

Pretty large amount of gas station atms... have a gas station. I haven't seen one before that isn't in sight range from the cash register. You can push a few buttons maybe pull off 1-2 minutes worth of tasks... I wouldn't imagine much in the way of opening doors, plugging in computers etc... as particularly viable, though even the summary mentions something along the lines of "wireless signal spoofing", OK yeah I can see it being fairly easy to get away with a wifi signal hijack

Re:No they can’t. Not in a bank?

Did you miss the part of the summary that involved spoofing the wireless connection a lot of ATM's use?

the title, blah blah

[BringsApples]

What constitutes "hacking" these machines? Root access? Money shooting out? Transfer of funds from accountA to accountB?

Re:the title, blah blah

[deathguppie]

apparently it means somehow pulling the machine out of the wall to access it's physical network connections. I was thinking this was a great idea for extra cash but.. seriously this isn't a realistic hack for the average Joe thief.

Re:the title, blah blah

The average Joe thief may be able to rent a small black box that he can splice into the cable for a (significant) fraction of the proceeds. Use of the box will require the thief to request an activation code for each ATM he's hacking.

20 minutes?

[The+Grim+Reefer]

These guys did it in 36 seconds. Granted, network hacks and elegant solutions need to be addressed. But what's the point if you cant keep a couple of guys with a pickup truck and a chain from driving off with it. It always reminds me of this xkcd.

Re:20 minutes?

[DethLok]

Damnit, I don't have mod points at the moment! :)

Zach Patterson / ZIP "Greatest Hits" (lol, not)

See how STUPID "ZIP" (Zach Patterson) the CHIMP is (tried to take credit for what I solved before him) https://tech.slashdot.org/comm... (he needs to LEARN TO READ)!

I even SHOW ways to do it YOURSELF https://tech.slashdot.org/comm... (he couldn't).

Delphi/FreePascal/ObjectPascal HAS no issue w/ null-term'd string bufferoverflows https://developers.slashdot.or... - C does, C++ can UNLESS you do what I said 1st loser.

Tell us about CODE SIGNING (which has been STOLEN & ABUSED) https://www.helpnetsecurity.co... MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON no less) https://it.slashdot.org/commen...

"I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082)

BIG TALK - Yet ZIP has nothing to show in programs. I can https://news.slashdot.org/comm... from registered /.ers liking/using/praising my work (& 100k users worldwide too). He can't.

LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

APK

P.S.=> KEEP IMPERSONATING ME CHIMP https://science.slashdot.org/c... - this comes out every time EXPOSING your BLOWHARD incompetence... apk

Re:Zach Patterson / ZIP "Greatest Hits" (lol, not)

[cyborg_monkey]

Shut up you fucking moron.

Re:Zach Patterson / ZIP "Greatest Hits" (lol, not)

[cyborg_monkey]

I told you to shut the fuck up.

Re:Zach Patterson / ZIP "Greatest Hits" (lol, not)

No you shut up.
i'm the best noober hacker there is,
i even make APK host file engine.
i'm so noob.

APK.

Zach Patterson / ZIP "Greatest Hits" (lol, not)

See how STUPID "ZIP" (Zach Patterson) the CHIMP is (tried to take credit for what I solved before him) https://tech.slashdot.org/comm... (he needs to LEARN TO READ)!

I even SHOW ways to do it YOURSELF https://tech.slashdot.org/comm... (he couldn't).

Delphi/FreePascal/ObjectPascal HAS no issue w/ null-term'd string bufferoverflows https://developers.slashdot.or... - C does, C++ can UNLESS you do what I said 1st loser.

Tell us about CODE SIGNING (which has been STOLEN & ABUSED) https://www.helpnetsecurity.co... MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON no less) https://it.slashdot.org/commen...

"I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082)

BIG TALK - Yet ZIP has nothing to show in programs. I can https://news.slashdot.org/comm... from registered /.ers liking/using/praising my work (& 100k users worldwide too). He can't.

LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

APK

P.S.=> KEEP IMPERSONATING ME CHIMP https://science.slashdot.org/c... - this comes out every time EXPOSING your BLOWHARD incompetence... apk

msmash still not k-rad, despite trying so hard

The usual method is gas. No, not petrol, bottled cooking gas. Or some heavy vehicle for a battering ram. Shades of the 5$ wrench.

Is this a real problem or just theoretical?

[King_TJ]

I mean, are banks actually running across a regular problem where they go to refill an ATM machine and verify all the transactions, and discover somebody emptied out a few hundred or thousand bucks that they can't account for?

Seeing the attitude they seem to take with credit card fraud (just cancel the card, refund the fraudulent transactions and move on) ... I guess nothing would surprise me. But I have to think the number of folks with the expertise to pull these hacks off who ALSO would risk jail time to do them is really small, vs. the number of common criminals who try the brute force methods we see on the TV news all the time. (Attach tow hook to machine and try to yank it out of the wall with a big truck, etc.)

Re: Zach Patterson / ZIP "Greatest Hits" (lol, not

I read that your software was decompiled/reverse engineered, and that it's a total joke. Despite all your bragging and attacks on others, your work is garbage.

Re: Zach Patterson / ZIP "Greatest Hits" (lol, no

- Bruce Schneinerdoodle.

20 minutes?

If someone can stand at an ATM for that long without being brought to a backroom and interrogated, then there's already a problem--and it has nothing to do with the machine being at risk of being hacked.

Worry not

[TimMD909]

20 minutes to hack an ATM seems pretty crazy, right? Don't worry, I have a solution.

Let's start an ATM Thieves Guild. It's unacceptable that in today's busy world that it takes so long to commit crimes. We promise to make Moore's Law work for you, and get that time down to 10 minutes or less.

It the USA perhaps.

In most of Europe, they are nearly exclusively in banks or in a wall next to a bank.
Only rarely do you see free-standing ones. And they are kinda a joke, since anyone can presumably just drive off with them.

Or do you mean card payment terminals?
Those are usually rather secure too. Since they are nothing more than a router for encrypted packets between the card's chip and the bank server, and serving a keypad and display to that chip too, in a physically tamper-detecting and usually tamper-resistant case. Sure, you could theoretically make the keypad and display show something else, but you can't get more than nabbing somebody's PIN via one of the countless other means that you can use in any case. Don't put your "something you know" secret into anything whose trustworthiness you haven't checked. *No* amount of technology can help you otherwise.

In these cases, physically breaking it open!

[evanh]

Every one of the methods involved opening/unlocking the physical casing! Obviously, being able to remove the HDD or insert a USB drive is going to make the hack a lot easier.

Don't Worry, Be Happy

Ignore the article above.

Your door locks, microwave, door bell, and baby monitor will all be quite safe, we assure you!

Uhh, what?

[dnaumov]

What are you talking about. Why would an ATM have wifi-anything and why would you have an ATM with an ethernet cable accessible in a timeframe that less than what it takes for cops to arrive?

Re:Uhh, what?

What are you talking about. Why would an ATM have wifi-anything and why would you have an ATM with an ethernet cable accessible in a timeframe that less than what it takes for cops to arrive?

Most places don't know or give a shit about security, especially the banks. Most ATMs are running XP.

Salt water with a little soap and a syringe

The tamper sensors are usually little piezoelectric pucks. Under pressure these complete a circuit. If the circuit broke that triggers the tamper detection. Salt water with a bit of soap will also complete the circuit allowing many of these devices to be opened. There were other simple physical hacks against these devices. I was always frustrated because I couldn't publish the attacks so that the manufacturers could prevent them. It got to the point where a device passed if it took me more than 4 hours to compromise it. There were a few companies that made good machines but their machines were significantly more expensive than the other crap.

Software was terrible. Banks didn't want good software security they wanted the security that everyone else had. That way if they were hacked they could claim they were doing industry standard practices.

If it makes people feel better, it is worse in England. If anyone finds an exploit there the banks and vendors harass you to the point were it really isn't worth your while.

IMPERSONATING ME AGAIN? apk

Zach Paterson/ZIP + c6gunner 'Greatest Hits': "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082)

BIG TALK - ZIP has no programs to show as proof.

I do https://news.slashdot.org/comm...

(From registered /.ers liking/using/praising my work + 100k users worldwide)

ZIP tried to take credit for what I solved before him https://tech.slashdot.org/comm...

He codes? He can't EVEN READ!

I show 2 ways to do it YOURSELF https://tech.slashdot.org/comm... - he can't.

Delphi/FreePascal/ObjectPascal HAS no null-term'd string bufferoverflows https://developers.slashdot.or... - C does, C++ can UNLESS you do what I said 1st.

He likes CODE SIGNING (it's been STOLEN & ABUSED) https://www.helpnetsecurity.co...

MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON) https://it.slashdot.org/commen...

ZIP says he has no /. acct "I don't have an account so I don't have mod points" https://news.slashdot.org/comm...

Yet ZIP says he downmods me (IMPOSSIBLE w/ no /. acct.): "I down-modded a few of your post" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058)

APK

P.S.=> KEEP IMPERSONATING ME like https://science.slashdot.org/c... (I'd never say that OR bitch to do-NOTHING "ne'er-do-wells" like ZIP OR c6gunner https://linux.slashdot.org/com... (he 1st mocked me & impersonated me TWISTING /.ers words & after I FAIRLY challenged him to show HE DID BETTER & that was his response (weak))!

Above EXPOSES your BLOWHARD incompetence... apk

Re:IMPERSONATING ME AGAIN? apk

i'm the biggest noober hacker there is,

apk.

Zach Paterson/ZIP + c6gunner 'Greatest Hits'

"I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082)

BIG TALK - ZIP has no programs to show as proof.

I do https://news.slashdot.org/comm...

(From registered /.ers liking/using/praising my work + 100k users worldwide)

ZIP tried to take credit for what I solved before him https://tech.slashdot.org/comm...

He codes? He can't EVEN READ!

I show 2 ways to do it YOURSELF https://tech.slashdot.org/comm... - he can't.

Delphi/FreePascal/ObjectPascal HAS no null-term'd string bufferoverflows https://developers.slashdot.or... - C does, C++ can UNLESS you do what I said 1st.

He likes CODE SIGNING (it's been STOLEN & ABUSED) https://www.helpnetsecurity.co...

MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON) https://it.slashdot.org/commen...

ZIP says he has no /. acct "I don't have an account so I don't have mod points" https://news.slashdot.org/comm...

Yet ZIP says he downmods me (IMPOSSIBLE w/ no /. acct.): "I down-modded a few of your post" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058)

APK

P.S.=> KEEP IMPERSONATING ME like https://science.slashdot.org/c... (I'd never say that OR bitch to do-NOTHING "ne'er-do-wells" like ZIP OR c6gunner https://linux.slashdot.org/com... (he 1st mocked me & impersonated me TWISTING /.ers words & after I FAIRLY challenged him to show HE DID BETTER & that was his response (weak))!

Above EXPOSES your BLOWHARD incompetence... apk

Good thing that we do not use this tech for voting

[aberglas]

... here in Oz.

Oh please

"...The research team did this by either unplugging and tapping into Ethernet cables..."

Oh please. For Such scams you need to get inside (perhaps as a fake technician) and behind the said machines to physically unplug the ethernet cables. That kind of access goes far beyond typical client-bank relationship whom usually only have access to said ATM-terminal.

Unless US ATM's have their ethernet cables routed outside the cabinet into the street?

Some of these supposedly security breach reports are so ridiculous. Sure driving a car into the bank is a security threat, so why don't you just ditch the doors and windows altogether.

Link to research article

[183771]

https://www.ptsecurity.com/ww-...

Re: Zach Patterson / ZIP "Greatest Hits" (lol, not

i'm such a noober hacker.

APK