ITNews

Some times banks just don’t get it. The CNET posting Windows-based cash machines ‘easily hacked’ is an example.

Up to 90 percent of the ATMs in the U.K. could be at risk from these attacks as they rely on desktop PC technology–usually Intel hardware and Windows operating systems–linked to other machines, some connected to the Internet, in the bank’s network, according to experts.

Beware when you next step up to an ATM machine.

(Credit: TechCrunch)

Here are a few things that may be lurking behind the facade.

… only the personal identification number was encrypted when information was sent from a U.S. ATM to networked bank computers. The card numbers, card expiration dates, transaction amounts, and account balances were clearly readable in plain text to anybody intercepting the data as it traveled through the network.

I can see it now. Microsoft’s patch Tuesday becomes a bank holiday.

“An ATM becomes like a PC with attached devices–it has to be kept up-to-date with hot fixes and patches. It is a much more complex beast, and the security aspects of that need to be at the forefront of a bank’s mind.”

De-evolution in action.

… the stability of Windows-based ATMs was worse than that of their OS/2-based predecessors, saying some ATMs suffered downtime of up to 30 percent.

Welcome script kiddies to the world of sloppy banking.

… the shift among ATMs to modern PC infrastructure means it now requires only minimal programming knowledge to hack ATM machines successfully once access has been gained to its system.

“If you are a programmer and you have some programming experience, then it is a cakewalk. If an exploit will work on a home or office computer then it will work on these ATMs,” …

Password, what password.

Researchers from IRM were even able to unlock and clear out the safes in two out of three U.K. cabinet ATMs, opening the safe using a default key code they obtained from a safe manual online. They also reset the cabinet ATMs’ software using a piece of wire jammed into the receipt slot, giving them access to the engineering mode where they could control the machine.

What part of basic network security 101 don’t bank technocrats get?

… the most effective way to protect against these new threats is to use a multifunction device with routing, firewall, intrusion detection system/intrusion prevention system and VPN (virtual private network) capabilities, positioned in front of, and protecting, the ATM network.

Well duh!

I don’t think ATM stupidity is unique to the U.K. So, beware when you next step up to an ATM machine, anywhere.

…John

The Washington Post posting Comcast Accused of Falsely Taking Hearing Seats tells the story of Comcast admitting it hired seat-holders for the Federal Communications Commission hearing on Net neutrality where one of the focuses was Comcast’s practice of “limiting,” also known as blocking, access to P2P file sharing applications such as BitTorrent.

Now in the aftermath of the Comcast seat-warming storm, the metaphorical gavel is coming down on Comcast. First, New York State Attorney General Andrew Coumo was reported to have issued a subpoena for Comcast’s records regarding P2P networks.

The other bit of retribution on Comcast is that site Valleywag is reporting that a second hearing is being scheduled to take place at Stanford. The Stanford community is already in favor against Comcast with big time Net neutrality advocate Larry Lessig on faculty. But the seat blocking incident may spur even more people to attend the hearing and voice out against Comcast.

Talk about a calamity of stupidity. Comcast was stupid to throttle their network services when net neutrality is such a hot topic. Then compounded their stupidity by hiring seat-holders.

I think Comcast has earned the right to join the ranks of stupid corporate antics, studied in business schools.

…John

The Seattle Post-Intelligencer posting Microsoft execs saw problems with early Vista paints a sleazy picture of Microsoft, Intel, and the release of Vista.

Microsoft and PC makers used “Windows Vista Capable” stickers in an attempt to maintain sales of Windows XP machines during the 2006 holiday shopping season, after Windows Vista’s retail release was delayed to early 2007. The internal e-mails reveal an extensive debate inside Microsoft over the hardware specifications needed to qualify.

One message points to chip maker Intel Corp., a key Microsoft partner, to explain the decision to lower the requirements a piece of hardware needed to qualify for the “Windows Vista Capable” designation.

“In the end, we lowered the requirement to help Intel make their quarterly earnings so they could continue to sell motherboards with the 915 graphics embedded,” Microsoft executive John Kalkman wrote in the message, referring to a class of Intel graphics technology that doesn’t work with Windows Vista’s most-advanced graphics technology, known as Aero Glass.

In another message, Microsoft executive Mike Nash wrote that he “personally got burned by the Intel 915 chipset issue.”

Looks to me like conspiring to “get the numbers,” and pumping and dumping an uncooked product onto unsuspecting wretches, was far more important than getting it right. The price for such unscrupulous actions may be a totally failed product and increased difficulties launching future products.

Someday, hopefully soon, the computer buying public is going to feel they have been had again and again by Microsoft and friends, and register their anger by choosing other products.

…John