* Posts by Eirik Iverson

6 publicly visible posts • joined 18 Mar 2009

Data-sniffing trojans burrow into Eastern European ATMs

Eirik Iverson

Lack of Daily Physical Access Doesn't Mean Safe for Windows

I've noticed in several different industries that run ATMs or PoS devices on Windows based systems that their administrators seem to perceive these devices differently, as they would a laptop. Evidently, they seem to regard them as considerably more secure because they are not physically accessible to ordinary people (I hope you know what I mean in the case of ATMs) or used for general purpose computing (at least, not supposed to be). Like a laptop, these systems need to be locked down, and they need to be protected by more than just a signature-based product using technology invented over a decade ago. Below are older posts that make the rest of my point:



Insurance giant coughs to malware-related data breach

Eirik Iverson

Any Breach Found is Only Tip of Iceberg

So somebody finds malware on a PC known for stealing information and for possessing some sophistication for multiple attack vectors and remote controls. Determining what damage has been done is a staggering challenge. I opined on it some in this blog post below:

PC Malware Driven Security Breach Disclosures—A Case of Worms http://www.securitynowblog.com/endpoint_security/pc-malware-costly-security-breach-disclosures



Cambridge hospital cleans up after mystery malware infection

Eirik Iverson

Doctor's Offices

Whenever I'm in a doctor's office or some other medical facility, I'm now in the habit of looking at their information technology. This usually results in my dwelling more on their lack of security than my case of the flu, re injured knee, or whatever brought me there.

My last visit left me alone in a room for about half an hour with a WinXP machine hanging from a wall. Later, when someone arrived to use it, I was quite distracted while talking with her as I kept thinking how easily one could compromise the records of everyone associated with their practice.

Unpatched PowerPoint flaw spawns Trojan attacks

Eirik Iverson

Another Week, Another Exploit

Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target. Every PC needs two forms of protection. One is the old familiar Anti-Virus/Spyware software that stops known virus, worms, Trojans, and other malware. The other tool is needed to stop the unknown or zero-day malware.

I've opined before, so..."Your Software Applications Cannot be Trusted":


How many weeks ago was Excel similarly in the news?




New DNS trojan taints entire LAN from single box

Eirik Iverson

Protect the PCs Better

I'm not much of a network wonk anymore. I'm into endpoint security issues these days. So, in addition to the network remedies suggested above (oh and I would like to see digitally signed DNS), we need to do a better job of protecting PCs, which are far too vulnerable with their typical defenses. I seem to rant a lot about this on www.securitynowblog.com If interested, a couple of posts:

We cannot trust the software that runs on our PCs: http://www.securitynowblog.com/endpoint_security/computer-software-hijacked-malware-attack-steal

And this one about signature-based defense limitations:


In smaller organizations, PCs are disturbingly vulnerable.

- Eirik

Card-sniffing trojans target Diebold ATM software

Eirik Iverson

More Info Would be Nice

I'm curious about the operating system (s) used for these ATMs and what privileges the typical technicians have on them. With such relatively static configurations, it would seem quite straightforward to lock these machines down and perform regular audits to counter these risks, even if the techs have admin rights.

Eirik Iverson