----- Original Message ----- From: "Chris Buechler" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, March 17, 2008 5:32 PM Subject: Re: [funsec] Windows-based cash machines 'easily hacked'
(snip) > Note the only port they actually require is TCP 2000. Why is the Windows > ATM listening for RPC, NetBIOS, and more?! That aggravates me to no end > every time I see it (I've scanned a ton of these things, they're all the > same). Plus it's an unpatched machine that never updates itself. The > *least* NCR could have done is firewall off everything but the one port > required for the ATM to work. Then barring any issues in their software, > it would be immune to Windows issues. These things have gaping holes > from a long list of missing critical patches, if you have network access > to a Windows ATM it's child's play to execute anything you want on one. IIRC, these are XPE runtime machines, so 'windowsupdate' just doesn't do squat, you need to compile a new image and deploy it. This is the root of the problem of why they are not 'patched'. Does that open port lead to a known exploited function that was not compled in? That I couldn't tell you. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
