back to article What weighs 800kg and runs Windows XP? How to buy an ATM for fun and profit

Weighing in at 800kg secondhand, freestanding ATMs - a “safe with a computer on top” - are a logistical nightmare to own and research, security boffin Leigh-Anne Galloway warned delegates at the BSides Manchester infosec conference yesterday. b sides manchester talk on ATM. scrren grab from video Security boffin Leigh-Anne …

Anonymous Coward

Re: So Mr Darmore, girls are not fit for IT?

But straw men still seem to go far.

4
0
Bronze badge

Re: So Mr Darmore, girls are not fit for IT?

That was not the assertion by Mr. Darmore and not by me either. The question is who is more likely to be good at IT. We are all different.

Think of it this way. How many people know how to change the oil in an auto or put in new brake pads? Not many women know how to use an angle grinder but some do. Some are very good at it too. Same applies to men but the proportions are different.

6
6
Bronze badge

Re: So Mr Darmore, girls are not fit for IT?

Probably troll, but I'll bite...

For your information, as well as anyone else reading this, he has at no point claimed anything even remotely similar to that.

If you think I'm wrong (presumably because you read it in some "trustworthy" publication), please feel free to point out exactly where in the memo he claims that - it's online at https://firedfortruth.com/

5
2
Silver badge

Re: So Mr Darmore, girls are not fit for IT?

Here's a better article that makes his main point, which is one of supply and demand.

I’m An Ex-Google Woman Tech Leader And I’m Sick Of Our Approach To Diversity!

Trigger warning: She's teaching her preteen daughter Python!

5
1
Bronze badge

Re: So Mr Darmore, girls are not fit for IT?

I am testing to see how many women are reading this.

So far it appears to be less than 10 percent, including previous comments. I studied psychology at Berkeley.

2
0
Mushroom

Re: So Mr Darmore, girls are not fit for IT?

You want comments from women? OK. Fuck off, you don't speak for me.

3
1
Silver badge
Joke

Re: So Mr Darmore, girls are not fit for IT?

theelder....clearly the wrong time of the month to ask that question there...

toxicdragon its a joke! fuck! a joke. look at the icon. dont kill me please!

1
0
Anonymous Coward

Re: So Mr Darmore, girls are not fit for IT?

Nope, neither. They run Windows even for systems and applications where they don't need to. Grown up companies have realised this, the NHS hasn't.

0
0
Bronze badge

Money

Can buy almost anything. It makes no difference how strong the box is. The easiest thing to buy is people.

Would you sleep with me for a million dolllars?

(Hesitant... ) Yes.

How about 50 dollars?

What!!!??? What do you think I am????

We have already established that. We must negotiate the price.

13
1
Holmes

Re: Money

OK Mr Churchill - that's the great war leader not the f'ing fake dog "oh yes"

1
0
Bronze badge

Re: Money

Somebody has a guilty mind. I did not mention gender.

More data points for my testing.

3
0
Anonymous Coward

What weighs 800kg and runs Windows XP?

My knob.

3
3
Silver badge

Re: What weighs 800kg and runs Windows XP?

It's riddled with bugs and malware?

11
0
Silver badge

Re: What weighs 800kg and runs Windows XP?

Virus protection is needed!

6
0
Bronze badge

Virus protection is needed!

There are something like 10^10 viruses per litre of seawater.

More than 7.5 billion humans. We are teaching children how to code.

It does not seem promising...

1
0
Silver badge

Re: Virus protection is needed!

isnt that something to do with all the Seamen?

0
0
Silver badge
Trollface

Or...

You can make it run Doom ...

3
0
TRT
Silver badge

800kg? What's that in Reg units?

Or pounds. Or would that be confusing?

0
0
Silver badge

Re: 800kg? What's that in Reg units?

It's almost 0.9 great white sharks.

Converter

2
0
Silver badge
Thumb Up

Yep, that's a hacker

Hulking steel computer powered up in the rain, in a puddle, with live animals, but on a piece scrap wood for safety.

6
0
Anonymous Coward

Scare story

The reality is;

* very few ATM have an active USB port that can be accessed by cutting a hole in the front.

* Embedded XP is still supported by Microsoft

* The cut down nature of XPE also vastly reduces attack vectors

* XPE can be locked down much harder than regular XP, including booting from read only filesystem.

I've seen many people discredit their security credentials (including now it seems Leigh-Anne Galloway) by assuming XP and XPE are the same beast. Sure, they can be, but usually they are VERY different indeed.

A minimal XPe can be less than 100mb runtime and boot from read-only storage filtering out writes using a filter driver.

I'm not saying XPe is secure, but it could slot more secure than a fully patched windows10 system in certain situations.

1
2
Anonymous Coward

Re: Scare story

Downvote as while you may be 100% correct, I doubt any of those attack vectors are the ones the criminals will use!

0
0
Silver badge

ATMs are for life..

When she's done with it, she can always play Doom:

Doom on ATM

0
0
Silver badge

Re: ATMs are for life..

She'd need two more ATMs to play on the LAN against the cats.

1
0
Anonymous Coward

Sorry, I didn't manage to get past the first photo as I'm the product of millions of years of evolution where primates that didn't notice what an arrow was pointing to got eaten and produced no offspring, and she's wearing two huuge girt big arrows pointing to her juicy bits.

0
3
Bronze badge
Holmes

First gas, now TNT to open ATMs

Just saying

Dutch criminals for years used gas explosions to lay their hand on the contents of ATMs. Now these are better protected, they are starting to use TNT and other high-explosives. Articles in Dutch, the photos speak for themselves.

https://www.nrc.nl/nieuws/2017/07/20/eerst-gas-toen-tnt-politie-en-plofkrakers-spelen-kat-en-muis-12139639-a1567270 Police and criminals play cat(!) and mouse.

https://nos.nl/artikel/2162190-plofkraken-met-pentriet-tnt-of-een-zelfgemaakte-bom.html

0
0
Silver badge
Silver badge

Re: QED

Arkansas chicken-farmers are only imitation rednecks. (Remember always, Slick Willy Clinton was from Arkansas...) True Rednecks(tm) use pickup trucks. http://www.nola.com/crime/index.ssf/2017/08/3_accused_of_ramming_stolen_pi.html

http://wnep.com/2017/07/18/crooks-steal-atm-from-deli-in-monroe-county/

http://www.wmcactionnews5.com/story/24109393/police-men-smash-pickup-truck-into-gas-station-steal-atm

Texans are True Rednecks(tm), just incompetent ones. (Remember always, Boy George Bush was from Texas...)

http://dfw.cbslocal.com/2017/07/27/pair-tries-steal-atm/

http://www.khou.com/news/crime/burglars-crash-truck-into-montrose-gas-station-steal-atm/431241579

They broke the truck while stealing the ATM!

1
0
Anonymous Coward

Leigh-Anne Galloway, gosh! Why is there nobody this hot and intelligent at where I work? Oh... I remember why, because I work at home, alone, in my pants!

2
0
DrM
WTF?

Oh no!! Old software!!!!!!! OMG!!!!!!!!

Oh no! Old software!!!! They are running WIN-XP!!!!! How can anyone use /old/ software, you /must/ have the new version!

Can the IT crowd who specialize in always-defective SW always in need of repair ever understand fixed function appliances? These will be working perfectly as ATM's running XP till they crumble to dust.

There is *no* reason to change to the newest OS, none. They are on VPN's and not on the Internet. They don't need to support some new application or anything new. They run as ATM's, period.

Look at the attacks on ATMs, the compromises in the article? Any have anything to do with XP?

0
1

Even Windows XP is too advanced for some banks

About 6 or 7 years ago now, here in darkest Southern California, I was waiting in line for an ATM from a major American retail bank chain. The person in front of me appeared to be having problems and walked away in disgust. As they did so I could see the ATM had crashed and was rebooting.

At the time, never having worked in banking, I had naively assumed a modern ATM would just be a thin terminal of some kind with a custom hardware link to the cash dispensing machinery. However not only could I see this was a regular PC from the BIOS POST but that the OS it was booting was not any version of Windows at all, XP or otherwise. It was running IBM OS/2. It was not even OS/2 Warp!

This floored me for a minute until I understood the sheer brilliance of this. Whilst I don't doubt there are plenty of vulnerabilities in this dinosaur oddity of an OS where would go to you get hacking tools for it? Could you even setup a OS/2 VM to test against it on a modern hypervisor?

0
0

I worked for Siemens in the late 90's and early 00's and they won a contract to supply ATM's for Barclays. The safe is damn strong, but the PC that operates the rest is readily accessible. Pretty flimsy lock and the whole backside opens and not really much security for the important bit. The PC unlocked with a few torx screws and could be removed in less than minute. I was also entrusted to make sure the various anti vandal systems worked. This involved me tapping a tack hammer on the keypad, camera/card guard, to ensure the robustness against the criminal hordes. I got through a lot of keypads, cash flaps, screens and was eventually told to cease tests....Apparently I was too heavy handed. A real criminal wouldn't resort to such measures...... I still see a few in service from time to time, so pushing 16 to 17 years old now. Probably still running NT and a Pentium III.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017