Le 2010-11-04 09:10, Invisible a écrit :
>>>> Many ATMs are just running a web browser with appropriate plug-ins for
>>>> running the hardware. It's much easier to add new features to 100,000
>>>> machines that way than it is to go around with secure storage operated
>>>> by a trained technician updating the machines. I.e., for all the
>>>> reasons
>>>> any other business creates an intranet instead of a desktop app.
>>>
>>> ...so what you're saying is that many ATMs are trivially hackable?
>>
>> You'd need access to the lan they're on. I will make the educated guess*
>> that most banks will put the ATMs on a dedicated subnet isolated form
>> the rest of the branch to prevent a virus that the mortgage officer
>> caught on her laptop to propagate to the tellers' PCs and the ATMs.
>>
>> *Banks have been operating on the assumption that everyone is a thief
>> for hundreds of years. Security is not new to them.
>
> And yet, the above statements suggest that what is "easier" comes before
> what is more secure.

Banks have also been in the business of making a profit for a few 
hundred years.  They have to balance "secure" with "easy".  They are not 
the CIA, who will go for "secure" regardless of cost.

-- 
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/*    flabreque    */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/*        @        */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/*   gmail.com     */}camera{orthographic location<6,1.25,-6>look_at a }

Post a reply to this message