Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Greysard

And let’s not forget the 100,000’s of ATM machines across the country that are still running WinXP and -are- connected to the network, whether directly or indirectly.


35 posted on 04/27/2014 5:34:09 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 33 | View Replies ]

To: dayglored
And let’s not forget the 100,000’s of ATM machines across the country that are still running WinXP and -are- connected to the network, whether directly or indirectly.

The good part about ATMs is that they are wearing out much faster than a lightly used indoor equipment for scientists. There are those buttons, screens, slots, rollers, sensors... lots of stuff that deals with moving objects. Those things wear out first. ATMs can have short amortization period because they are very profitable, so their useful life can be set to just a few years.

I am not sure, though, that many ATMs are connected to the Internet. Not every "network" is the Internet. Here is what howstuffworks.com has to say:

Most host processors can support either leased-line or dial-up machines. Leased-line machines connect directly to the host processor through a four-wire, point-to-point, dedicated telephone line. Dial-up ATMs connect to the host processor through a normal phone line using a modem and a toll-free number, or through an Internet service provider using a local access number dialed by modem.

Dial-up was extremely common for several decades, and I guess it is still used today. It is pretty secure - you have to have physical access to the cable or to the switch, and still the connection is encrypted. In such configuration WinXP's vulnerabilities are not a concern because there is no data ports that one could tweak to exploit security holes. An ATM may not even have a network card, for example, just the modem. The buttons are connected to a custom peripheral controller, so no three finger salute for you. Such systems are only vulnerable to their own security holes - and with a very limited set of inputs you can mathematically prove that the software is correct.

The quoted text does mention that some ATMs may dial the ISP and be connected to the Internet. But those that do that most likely will not be using IE for encryption. It's more complicated than whipping up one's own https client, even if you call DLLs that came with Windows. As these connections are point to point, originated by the ATM to a fixed IP address of the bank, it is not practically possible to "trick" an ATM to connect to some other site and become hacked. Besides, what is the risk? That the machine dispenses all its cash to a hacker? Thieves are known to steal the whole ATM; a patch won't be effective against a steel cable and a powerful truck.

46 posted on 04/27/2014 6:13:46 PM PDT by Greysard
[ Post Reply | Private Reply | To 35 | View Replies ]
To: dayglored

ATM MACHINES!!!

EEK EEK EEK


63 posted on 04/27/2014 8:15:13 PM PDT by Scrambler Bob (You can count my felonies by looking at my FR replies.)
[ Post Reply | Private Reply | To 35 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson