[ale] New worm destablized Internet

Transam transam at verysecurelinux.com
Sat Jan 25 18:56:59 EST 2003


On Sat, Jan 25, 2003 at 04:58:41PM -0500, Jim wrote:
> On Saturday 25 January 2003 04:46 pm, Adrin wrote:
> > Just heard on the news that at least one bank is having trouble with ATMs.
> > Kind of makes you wonder what kind of security they have on their system.
> > And I thought the ATM network was separate from Internet?

> All of the ATM's I know about are on a separate network from the Internet. 
> Think about it. ATM's have been around a lot longer than the Internet. And 
> why would anyone in their right mind hool ATM's up to the Internet. Remember: 
> Banking is tightly regulated. And in spite of the popular perception that 
> government can't do anything right, the ATM network, in my experience, is 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> very secure and works very well.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You probably believe in the tooth fairy too.

ATM security actually is rather bad.  This is the realy reason why there is
a limit of $300-$1000 on the amount you can withdraw daily -- to limit the
losses in case of a security problem.  (I worked for one of the larger vendors
in that market, Stratus Computer, for five years.  I don't consider it
appropriate for me to discuss most of the vulnerabilities.)

In answer to "Who in their right mind would use Windows to manage your
account?", well, lots of banks, some of them rather large.  Scary.
My bank uses a highly hardened version of UNIX that I helped develop.

Bob Toxen
bob at verysecurelinux.com                [Please use for email to me]
http://www.verysecurelinux.com         [Network&Linux/Unix security consulting]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list