Diebold ATMs are the least secure
And these douchebags want to proved "voting machines" in addition to their malware-laden ATMs? No thanks, I'll do that all with paper and punches. Live by embedded XP, die by embedded XP.
Cybercriminals have retrofitted a strain of ATM malware first discovered in 2009 to create an even more potent threat. Skimer was the first malicious program to target ATMs*. Seven years later, Russian cybercriminals are reusing the malware – but both the crooks and the program have evolved, to pose an even more potent threat …
Seems like the banks are going to have to man up and lay down some money to get a proper, secure solution in place.
Then again, if the crooks can get access to the internal network, it's game over anyway.
Still, it seems high time that banks up their security along with the rest of us.
Even a properly set Winbloat system should be using user accounts not admin accounts
Didn't think Embedded XP had any concepts of "user", least of all User and Admin accounts.
What I'm surprised at is that the ATM system isn't CRC/MD5 checked and/or reimaged upon receipt. Kind of like when I buy a new laptop, I'll wipe the disk and install from a known-good CD/DVD
"...which has certain records on the magnetic strip. After reading the records... ...and if the criminal inserts the right session key from the pin pad... ...such as dispensing money (40 bills from the specified cassette)..."
Any one know what the certain records or right session key are? I'd like to test a few ATM's around my town.
For, y'know, research purposes.