Angels of security » 2010 » April

Archive for April 15th, 2010

ATMs and embedded machines

Thursday, April 15th, 2010

Bank of America recently discovered that one of its employees had planted malware on some ATMs and had stolen a little over $300,000. Two very obvious countermeasures come to mind – use embedded devices instead of COTS, and whitelisting. There is really no reason that arbitrary code should be run on an ATM, and therefore there’s no reason to allow it.

Tags: ATM, crime, embedded device
Posted in random thoughts | Comments Off

About this blog

This is not your normal information security blog. This blog is where I vent and struggle against the standards of infosec orthodoxy (wow - I can't even believe there is such a thing). If you're looking for a place to just get the standard security professional line on everything then this is not the place for you. This is a place to read the opinions (and I have many) of someone who often disagrees with standard conventions and isn't afraid to say so.