If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Irish Times)   In less than a month, 95 percent of world's ATMs will be a playground for hackers, and you can blame Windows XP   (irishtimes.com) divider line 66
    More: Interesting, Microsoft Windows, Windows XP, Trustworthy Computing, least developed country, virus  
•       •       •

2278 clicks; posted to Geek » on 19 Mar 2014 at 11:36 AM (18 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



66 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-03-19 08:57:33 AM
They're already a playground thanks to card scanners and such. But hey, if you think you can trick an ATM into opening up your phishing email to exploit an XML cross-scripting vulnerability, go for it.
 
2014-03-19 08:59:12 AM
Don't blame XP, blame the banks that won't upgrade the OS.
 
2014-03-19 09:00:34 AM
Don't blame the banks that won't upgrade the OS, blame Microsoft.
 
2014-03-19 09:14:12 AM
Yes subby, in less than a month XP will completely self destruct and become a security sieve. just like flipping a switch.
 
2014-03-19 09:22:51 AM

Dinki: Yes subby, in less than a month XP will completely self destruct and become a security sieve. just like flipping a switch.


The problem is that most the the patches that go out on Patch Tuesdays that they're finding now go all the way back to XP because of the shared codebase.  So when they deliver a patch in June that says this fixes an Arbitrary Remote Code Execution or an Escalation of Privilege issue, they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.

But we really should blame the banks for not at least upgrading to Vista or 7.  And before you laugh, if you were to install vista now and install all the updates, it's a pretty stable OS as opposed to what MS shipped.
 
2014-03-19 09:25:32 AM

Marcus Aurelius: , blame Microsof


I get it. I don't think it would be THAT hard to keep issuing these patches but how long do we really expect them to keep doing that.  Do you think Apple is still issuing patches of OS 9?  There has to be some time this has to stop. MS extended it for a long time. It went RTM in August 2001.  I mean, that was back when you could get on a plane without being molested.
 
2014-03-19 09:27:40 AM
This is going to be worse than Y2K
 
2014-03-19 10:10:15 AM
From Steve Gibson - Re:95

1. Run as a limited user as opposed to admin (studies show this will stop a huge amt of exploits)
2. Uninstall flash/java
3. Don't use IE
4. Update office
5. Don't do stupid things.

When was the last time you saw someone surfing porn on an ATM in the drive through?  It's XP for embedded systems which is most likely covered by a volume license that can still get xp updates if they pay MS for them.

Small banks could be SOL, but even then. It's not like your ATM is sitting on the open internet serving webpages.
 
2014-03-19 10:17:52 AM

reprobate1125: But we really should blame the banks for not at least upgrading to Vista or 7


And abandon OS/2?
 
2014-03-19 10:25:05 AM
At least upgrade to os2 warp. I bought that at egghead back in the day for $10. Good times.
 
2014-03-19 10:28:57 AM

reprobate1125: they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.


And how would a hacker gain access to an ATM?
 
2014-03-19 10:41:22 AM
Go ahead and hack my ATM card

/the goddamned fees will be more than the balance
 
2014-03-19 11:05:31 AM

Flab: reprobate1125: they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.

And how would a hacker gain access to an ATM?


My guess would be that they would have to gain access to an IntraNet from the bank and then run some form of exploit on the ATM itself.

The odds of that ATM being run in Admin mode are really low, so that knocks out a bunch of options. They probably don't have java or flash installed, so that knocks out a bunch of others.

I just think the odds of anything widespread are very low.

Personally, I think if you're smart enough to get onto a bank intranet (or have an inside job) you have easier things to hack other than the atms themselves.

I don't know jack about those portable independently owned atms in small stores though.
 
2014-03-19 11:40:56 AM
As if these "XP" based ATMs are all completely up-to-date right now...
 
2014-03-19 11:43:25 AM

Flab: reprobate1125: they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.

And how would a hacker gain access to an ATM?


You'd be surprised at the number of ATMs with unsecured USB ports, and yes it's a travesty that the ATM hasn't been locked down to not automount those drives.
 
2014-03-19 11:43:28 AM
ATMs use a different variant of XP than consumers and support for that variant is not ending in April.  So go find something else to be terrified of.
 
2014-03-19 11:43:37 AM

reprobate1125: It's XP for embedded systems which is most likely covered by a volume license that can still get xp updates if they pay MS for them.


Nope. The whole point is that MS is ending *all* support for XP.

http://www.microsoft.com/en-us/windows/enterprise/end-of-support.asp x
 
2014-03-19 11:45:43 AM
One of my friends is in the ATM software business, so I'm getting a kick...
 
2014-03-19 11:47:21 AM
I'm pretty sure this version of XP doesn't work like the rest of them, and is what ATM's are using . . .

www.automation-drive.com

The OS is likely stripped down of almost everything, except for the bits that run an ATM. The OS can and may be even run/boots from a CD-ROM, so writing new information to the OS is impossible.
 
2014-03-19 11:48:25 AM
Companies can still pay Microsoft to provide fixes and updates to the OS, they will still be supported for quite a long time.
 
2014-03-19 11:49:51 AM
Oh hey, this thread again.
 
2014-03-19 11:50:25 AM

Flab: And how would a hacker gain access to an ATM?


You can get keys for ATMs, vending machines, gas pumps etc. online (you have to do some searching on the "dark side" of the internet, but they are available). An unpatched XP unit has a default setting which causes it to auto-run USB sticks.
 
2014-03-19 11:50:35 AM

Fubini: Nope. The whole point is that MS is ending *all* support for XP.

Congrats at being wrong.

Windows XP Embedded is under support until 2016 and some variants until 2019.

http://www.zdnet.com/microsoft-remember-some-xp-based-embedded-syste ms -to-get-support-to-2019-7000026449/
 
2014-03-19 11:51:15 AM
We have a dozen HMI's where I  work running Windows ME.  They have been for years  no faults, and no hacks.  And for the same reason i'm not worried about ATM's.  Only one proprietary piece of software runs on them and limited to 0 Access(physical or electronic).
 
2014-03-19 11:52:31 AM

Fubini: reprobate1125: It's XP for embedded systems which is most likely covered by a volume license that can still get xp updates if they pay MS for them.

Nope. The whole point is that MS is ending *all* support for XP.

http://www.microsoft.com/en-us/windows/enterprise/end-of-support.asp x


I would be surprised if MS totally pulled all XP support for some specific customers. They developed/modified a version of XP explicitly for the Air Force. It wouldn't surprise me if they supported that for a bit longer. It also wouldn't surprise me if they kept doing so for ATM companies as long as they had MS assisting in a transition plan for OS migration. I mean, Sony was still providing PS3s with Other OS capability to the Air Force after the original snafu.
 
2014-03-19 11:56:38 AM

MrSteve007: Congrats at being wrong.

Windows XP Embedded is under support until 2016 and some variants until 2019.


The operating system component, Windows XP Professional Embedded, stops support this August. The toolkit and runtime are separate items.

https://www.microsoft.com/windowsembedded/en-us/product-lifecycles.a sp x
 
2014-03-19 11:57:39 AM
I'm more worried about DDoS attacks from millions of XP zombies.  ATMs don't exactly have USB ports exposed for you to plug your malware sticks in.
 
2014-03-19 11:58:43 AM

Flab: reprobate1125: they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.

And how would a hacker gain access to an ATM?


Looks pretty easy to me.

tctechcrunch2011.files.wordpress.com
 
2014-03-19 12:01:21 PM

reprobate1125: At least upgrade to os2 warp. I bought that at egghead back in the day for $10. Good times.


Le sigh... OS/2 was pretty nice. I understand why IBM stopped developing it after Windows 95 came out but it's a real shame. I was pretty bullet proof when it came to running Windows apps.
 
2014-03-19 12:01:44 PM

Relatively Obscure: This is going to be worse than Y2K


It's worse than Hitler stealing your chair at Christmas
 
2014-03-19 12:02:16 PM

Fubini: The operating system component, Windows XP Professional Embedded, stops support this August. The toolkit and runtime are separate items.

You may want to double check that -
http://support.microsoft.com/lifecycle/search/default.aspx?alpha=Win do ws+XP
 
2014-03-19 12:03:21 PM

Myria: I'm more worried about DDoS attacks from millions of XP zombies.  ATMs don't exactly have USB ports exposed for you to plug your malware sticks in.


http://www.extremetech.com/extreme/173701-atms-running-windows-xp-ro bb ed-with-infected-usb-sticks-yes-most-atms-still-run-windows
 
2014-03-19 12:05:22 PM
Sure they can upgrade all they want, but it won't stop a determined skanky meth head and her meth head boyfriend from stealing it and breaking it open in their living room. Of course they aren't accessing your account, so I guess it's not a big deal.

/skanky, skanky, skank.
 
2014-03-19 12:22:23 PM
I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...
 
2014-03-19 12:31:21 PM

Flab: reprobate1125: they're telling hackers EXACTLY where to look in XP, because there's a great chance it's there too.

And how would a hacker gain access to an ATM?


Drill a hole right over the USB socket
 
2014-03-19 12:32:03 PM

NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...


XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?
 
2014-03-19 12:57:15 PM
ATMs are appliances not connected to the internet. They aren't constantly patched but run a locked down release which rarely changes.

Go find something else to worry about.
 
2014-03-19 12:59:46 PM

lohphat: ATMs are appliances not connected to the internet. They aren't constantly patched but run a locked down release which rarely changes.

Go find something else to worry about.


Did you just ignore the entire thread?
 
2014-03-19 01:17:54 PM

Marcus Aurelius: Don't blame the banks that won't upgrade the OS, blame Microsoft.


Not sure if serious
XP is 12 years old. Banks can get a embedded Windows 7 or even touch ready W8 right now
 
2014-03-19 01:36:22 PM
Run, you fools.
www.blastr.com
This April to the Apple store!
 
2014-03-19 01:39:19 PM

Smeggy Smurf: Relatively Obscure: This is going to be worse than Y2K

It's worse than Hitler stealing your chair at Christmas


Its like Microsoft is Hillary Clinton and she just killed Vince Foster...only Vince Foster is all of the ATMs in the world.
 
2014-03-19 01:39:45 PM
www.blastr.com
 
2014-03-19 01:51:48 PM
Shodan!
 
2014-03-19 02:32:11 PM

redmid17: NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...

XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?


???
 
2014-03-19 02:36:12 PM

sethen320: redmid17: NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...

XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?

???


Microsoft forked their OS/2 development to create Windows NT and utilized a lot of the existing codebase in doing so.
 
2014-03-19 02:37:48 PM
www.gnu.org
 
2014-03-19 02:46:15 PM

redmid17: NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...

XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?


Because then they'd know exactly what it was and wasn't doing? I feel like this is obvious...
 
2014-03-19 02:47:17 PM

redmid17: sethen320: redmid17: NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...

XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?

???

Microsoft forked their OS/2 development to create Windows NT and utilized a lot of the existing codebase in doing so.


Huh.  You learn something every day.  Thanks.
 
2014-03-19 03:03:03 PM

NateAsbestos: redmid17: NateAsbestos: I've never understood why such specialized systems as an ATM didn't run a proprietary embedded OS rather than XP (even if it is Embedded XP). ATMs don't actually do all that much, they don't need a full fledged OS...

XP is a proprietary OS. You can't get the source code for it can you? Most ATMs ran OS/2, you know the Windows NT predecessor, before they migrated to XP. Why would NCR and Diebold write their own OS when they can utilize and existing OS and make MS customize it to their needs?

Because then they'd know exactly what it was and wasn't doing? I feel like this is obvious...


Do you think it costs more money to create something from scratch when you probably don't have the expertise in house or use an existing product and hire its creators to help you customize it? I feel like this is obvious...
 
2014-03-19 03:04:55 PM
Because the 53458762783745 daily patches currently being released for XP are to keep hackers out of ATMs...
 
Displayed 50 of 66 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report