Well...
I've read his presentation and all I can say is "ARRRGHHH, MY EYES!".
ATM hack presentation ditched after legal threats
A planned presentation about ATM security at the Hack in the Box conference in Amsterdam last week was cancelled following legal pressure from vendors. Italian ethical hacker Raoul Chiesa intended to explain how vulnerabilities and security shortcomings that that cyber criminals were using to break into ATMs as part of his …
This topic is closed for new posts.
Was that the sound...
... of stable doors being slammed as the horse disappears over the horizon...?
Transparency is the best way - legal threats are usually worthless
Obviously the trade group has a lot to hide as it's members terminals have flaws, like so many other things including voting machines. Why should these defects be protected speech?
For a copy of the official document check with: < http://www.enisa.europa.eu/act/ar/deliverables/2009/atmcrime >.
Also note:
Ref. code: ISBN-13 978-92-9204-023-9
Publication date: Sep 07, 2009
Authors: ENISA
Pure Genius
"The difference between stupidity and genius is that genius has its limits." - Albert Einstein
So vendors and banks *know* ATM's have vulnerabilities
That just don't want Joe citizen to realize it.
What's that? Nothing to hide, nothing to fear?
Funny how you never hear that from a corporation.
BTW Skip the online version. It's been sanitised.
You bet they do
I worked on ATMs when they first arrived in the UK. People used to get duplicate transactions on their statements and the banks lined up to appear on the news telling people that they must have been careless with their pin, it was their sons and daughters, or maybe spouses that had stolen the money from them. The technology COULD NOT duplicate a transaction so the punter was liable for all withdrawals.
At the same time, I was employed by one of them to help resolve the duplicate transaction issue with the atms.
Heads in the sand
Shouting:
"I can't hear you; I can't hear you; There's nothing wrong; na na na na.."
Whispering:
"I think I heard something, send in the attack lawers"
Shouting:
"I can't hear you; I can't hear you; There's nothing wrong; na na na na.."
Slides available online...
Technically yes, but the slides about ATM hacking were removed, you just see:
ATM frauds generations
THIS IS A SANITIZED VERSION OF MY TALK: YOU WILL NOT FIND THIS SLIDES HERE.
YOU SHOULD HAVE ATTENDED NULLCON 2010!!!
TIIIIIIIIIIIIIIIIIIIIIIITLE!
"The talk focused on security flaws that have been well understood among banking security experts, if not among the general public, for years. "
Am I alone in thinking that the qualifier after the first comma may be a significant factor in trying to shut down these sorts of presentations?
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
