[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Nachi worm infected Diebold ATMs
- To: bcv <bcv@xxxxxxxxxxx>
- Subject: Nachi worm infected Diebold ATMs
- From: Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Nov 2003 19:21:14 -0700
- Delivered-to: mailing list bcv@booyaka.com
- Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
This is a pretty relevant story. Of course we're told that Diebold is
very careful with their security, uses private networks, etc. so
we shouldn't worry.
And that the financial industry is super-cautious with their systems
which deal with real money.
Well, that isn't enough. Reliance on Microsoft is a real achilles
heel, as has been demonstrated over and over.
Neal McBurnett http://bcn.boulder.co.us/~neal/
Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60
Below are some excerpts from the story. For more, see:
http://www.theregister.co.uk/content/55/34175.html
The Nachi worm compromised Windows-based automated teller machines at
two financial institutions last August, according to ATM-maker
Diebold, in the first confirmed case of malicious code penetrating
cash machines.
The machines were in an advanced line of Diebold ATMs built atop
Windows XP Embedded, which, like most versions of Windows, was
vulnerable to the RPC DCOM security bug exploited by Nachi, and its
more famous forebear, Blaster.
...
The incident highlights new dangers for financial institutions, as
legacy ATMs running OS/2 and propriety communications protocols give
way to more versatile and cost effective terminals built on Microsoft
Windows and TCP/IP -- with all the attendant security problems.
Though ATMs typically sit on private networks or VPNs, the most
serious worms in the last year have demonstrated that
supposedly-isolated networks often have undocumented connections to
the Internet, or can fall to a piece of malicious code inadvertently
carried beyond the firewall on a laptop computer.