Reply to post: Re: Baffled

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Tom 13

Re: Baffled

The vendors do enable proper security. The banks just fail to implement them.

A couple of posters have noted "proprietary networks" and that's the way it OUGHT to run. But all too often a bean counter says "we're paying for high speed internet in that office, why can't we just use that." And an IT guy starts talking about VLANs and firewalls so it gets approved. Because that proprietary network at slower speeds will cost as much or more than the connection they already pay for.

Likewise the logging and the access controls. I think I was only ever called to work on an ATM machine a couple of times. But I was never required to log my access to the system. Yes, I did my work while an authorized bank agent watched. But they really had very little clue about what I was doing. If I slipped in a USB drive to run an authorized update and the USB had a silent trojan installer they never would have known. Worse, they wouldn't have been able to trace it. Fortunately I'm an honest sort of person.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon