General discussion

Locked

Places where Windows shouldn't be used, but is; Bankmachines

By Neon Samurai ·
Having recently visited my local bank for a card replacement after finding my access deactivated, I've been pondering the list of ways it may have been breached:

- double swiping - I watch at the cash when they swipe my card for the second swipe or two readers in line. The local shops seem pretty safe.

- rogue reader in the bank machines - unlikely but possible though the ones I use are all in open areas and bank operated.

- shoulder surfing - only once has there been an odd person at the block of machines but maybe she was some kind of ninja.

I've also seen the BSOD galleries. Billboards and similar viewers are not so bad because it's a network connection in you'd have to make unless your going to climb the sign thinking there is value in exploiting it's powerpoint presentation or whatever displays the pictures. Public terminals; not great but one can expect them to be hostile environments (eg. not for banking). Traffic lights are a more scary thing but yes, they too run the world most popular swiss cheese.

Sometimes, I come across things that just make me go WTF where the designers thinking and how much drinking was involved in the development meetings?

Case in point. Bank machines with BSOD displays are sad but at least the system is already halted. Bank machines with rogue scanners take some physical effort. Bank machines with known vulnerabilities are another thing entirely though.

http://www.schneier.com/blog/archives/2009/06/malware_steals.html

Some things should simply not be running the worlds most vulnerable platform. The machines that authenticate me, access my banking records and provide me cash. The servers behind the interface systems that maintain the data saying how much I have and how I authenticate before interacting with banking records.

There are valid uses for Windows but in security critical situations, why are such things still run with Windows?

Anyone else have a WTF rant to share?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Last year

by The Scummy One In reply to Places where Windows shou ...

I had a card replaced because someone(s) tried charging it in N. and S. Carolina at several Home Depot stores. However, I had a limit set for verification, so they didnt get anything (had to call me to verify purchase).

I hadnt used the card in 2 months, except -- at a Best Western 2 weeks before and an auto pay for Vonage.

Collapse -

I have that fincy chip on mine now

by Neon Samurai In reply to Last year

The only odd bit is swiping it then being told to insert in the interac handset slot. It's a bit of a tossup weather it's going to swipe or ask to run off the chip.

I will say that I'm happy it's a contact chip not an RFID. I'd have fallen out of my chair if they'd handed me a card with one of those in it.

In my case, I'd been doing banking the day before so I had the "can you list some of your recent transactions" answer fresh in my head.

Collapse -

Fancy Chip

by The 'G-Man.' In reply to I have that fincy chip on ...

That Fancy Chip is the standard in the UK, has been for years. Even longer in places like France.

Collapse -

I can't remember when it started turning up here but it's been a while too

by Neon Samurai In reply to Fancy Chip

I think it was first on credit cards that I noticed it but I don't update my card frequently. I should do some reading into the details of that little bit of silicon and contacts.

Collapse -

Not just security; accuracy as well

by esq In reply to Places where Windows shou ...

In colour dependent environments such as printing, Windows is a bad choice as well. Colour accuracy and closely abiding by standard colour profiling is not well supported on Windows --any version.

Not as scary as bank machines, but can be expensive when the 6-colour print run of 2 million brochures turns out to have off-colours...

Collapse -

do you have proof of this?

by Slayer_ In reply to Not just security; accura ...

I ask because it really really really sounds like a bad printer/driver/application issue, I can't see how an operating system could cause a printer to print the wrong colours.

Collapse -

I'd guess between display and printer drivers also

by Neon Samurai In reply to do you have proof of this ...

I believe you can get hardware verified against industry standards like the Pantone codes. I've also heard of a device you hang on the corner of your monitor which measures the colours being put out so you can balance them correctly. With every monitor displaying colour differently, that sounds like a pretty important meter to have available.

Collapse -

I seem to remember an article from many years ago

by Deadly Ernest In reply to Places where Windows shou ...

about the problem with the Patriot Anti Missile Systems not tracking incoming missiles was due to a very small inaccuracy in the handling of decimal places within the Windows operating system (NT I think they said it was) not being an issue if the system is only up for a few hours, but when up more than a day or so the accumulated error caused the system to be looking in the wrong place.

Wham bam, you gone man.
........

I particularly liked a cartoon I saw some years ago-

Big jet liner coming into land, the entire cockpit is computer controlled screens. Four hundred feet from the runway and they all blank out as everything turns off with a screen message 'Your licence has expired, please contact Microsoft to by an extension of your licence on ........'

A joke, but it could happen with the period licence thing.

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums