Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...
What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS passwords, missing patches dating back 8+ years (many of which are easily exploitable via Metasploit to boot) open network shares and so on. Not long ago, I came across an ATM controller system (the big system typically running UNIX that controls all the ATMs across the bank) that had a blank password for the root account. How's that for accountability?
Seeing what's going on with ATMs it's no surprise to me that this Wells Fargo outage occurred. I'm not saying a vulnerability was exploited in this situation, but you never know. I am surprised these types of outages don't occur more often. When these types of security holes are present in ATMs, all it takes is a rogue insider with a little bit of technical sense to take everything offline, and more.
Remember if it's got an IP address, anything's fair game.
Thursday 17 February 2011
Not surprised by the Wells Fargo ATM outage based on what I see
Posted on 04:37 by Unknown
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment