"can they" the ATM, reach the internet. no, I really doubt they could, as I've said before, they are XPe. One would hope they didnt compile in IE into the runtime..
Yet by many vectors, other devices/desktops in the network can reach the internet, get "infected" and start what ever it does to try and infect everything it can find. The number is larger than zero. As another poster said, why make it easy? ----- Original Message ----- From: Dennis Henderson To: Kitsune Cc: [email protected] Sent: Tuesday, March 18, 2008 9:40 AM Subject: Re: [funsec] Windows-based cash machines 'easily hacked' On Tue, Mar 18, 2008 at 10:27 AM, Kitsune <[EMAIL PROTECTED]> wrote: I didn't mean to imply that I could reach (ping) ATMs that were not part of the customer's network (ie STAR, MAC, etc). But to imply that the physical location is irrelevent. If it is the customers machine, it is on (one of) their networks which makes it reachable. Perhaps we're talking past each other. Yes our ATM's are on our company managed networks. Are they reachable by someone on the WAN? No. Can they talk to anything but the devices they need to talk to for transactions and monitoring? No. Can they reach the Internet? Hell no. :) But thats just one layer of the whole security model... Perhaps your ATM's are on your WAN. Not all banks share your strategy. Some banks have far more ATMs deployed at gas stations and malls than branches. Makes the isolated network strategy very easy to pull off. kit> I am not the bank, but a contractor. I am also in the US, YMMV. On many of my customer's networks, I can easily reach (ping) every ATM in every mall and gas station and branch from any other part of the network. I'm not trying to toot my own horn, for I have none, but my customers are quite large. and stupid. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
