ATM failure - No the other kind of ATM

Sat Sep 8 18:43:22 UTC 2001

On Wed, Sep 05, 2001 at 06:33:33PM -0400, mike harrison wrote:
> 
> > Somehow I think they would be extremely reluctant to tell anyone what they 
> > use inside their ATMs....
> 
> Security through obscurity... most of them are not even encrypted
> and if they use dial-up lines (instead of dedicated lines)
> it's often just like the point of sale stuff.. 1200/2400 baud dial-on
> demand,  it takes a few seconds to sync, send a short text string, get a
> reply auth.
> 
> On the other side.. I just inherited some hardware encrypted triple-des
> modems and serial interface cards, as well as a Cylink V.35 hardware
> encryption 'shim' with valid keys for a large banks wire transfer
> department... I guess I should ship it to them. From Argentina? 
> (Just kidding, I like being an American Citizen) 
> 
> As a part of other work we do here, we deal with ACH money transfers.
> The backup method of connection to one institution that we help a customer
> move millions per day through is a plain text e-mail to an AOL address.
> We've tried to explain, even refused to send the files, but no clue is in 
> sight. They don't even want them zipped. Secure e-commerce is a
> farce, even at the corporate giant level.  --Mike--
> 

I've done work for a certain bank in Minnesota that actually had business customers
email their ACH deposit files (plain text) to a Hotmail.com address, where they downloaded
it from, and processed it without question (uh, hello?). At one point a company I worked
for was actually using them for ACH deposits, and were told that we would have to bring
the ACH file on a floppy disk because hotmail claimed that the email had a virus attached.

oh yeah, every computer in the building had a modem, connected to a POTS line, waiting to be 
dialed into.

Maybe burying money in mason jars is safer..

				Matthew S. Hallacy