[41310] in North American Network Operators' Group
Re: ATM failure - No the other kind of ATM
daemon@ATHENA.MIT.EDU (mike harrison)
Wed Sep 5 18:34:58 2001
Date: Wed, 5 Sep 2001 18:33:33 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <5.0.2.1.2.20010905175058.08e34c18@127.0.0.1>
Message-ID: <Pine.LNX.4.10.10109051822050.7734-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Somehow I think they would be extremely reluctant to tell anyone what they
> use inside their ATMs....
Security through obscurity... most of them are not even encrypted
and if they use dial-up lines (instead of dedicated lines)
it's often just like the point of sale stuff.. 1200/2400 baud dial-on
demand, it takes a few seconds to sync, send a short text string, get a
reply auth.
On the other side.. I just inherited some hardware encrypted triple-des
modems and serial interface cards, as well as a Cylink V.35 hardware
encryption 'shim' with valid keys for a large banks wire transfer
department... I guess I should ship it to them. From Argentina?
(Just kidding, I like being an American Citizen)
As a part of other work we do here, we deal with ACH money transfers.
The backup method of connection to one institution that we help a customer
move millions per day through is a plain text e-mail to an AOL address.
We've tried to explain, even refused to send the files, but no clue is in
sight. They don't even want them zipped. Secure e-commerce is a
farce, even at the corporate giant level. --Mike--
