A disaster in the making: 95% of ATMs still run Windows XP

Discussion in 'other security issues & news' started by lotuseclat79, Jan 18, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
  2. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    Yeah, right, because Windows XP was made yesterday and it will be insecure from tomorrow.

    I'm amazed, though, that these machines run XP and not some linux custom made distro. Also, do they really use XP or some stripped XP custom made system by Microsoft? I can't really imagine an ATM with 2+ GB space and more than 512 RAM which the XP required to actually work without a flow.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    They follow a simple philosophy, if it works, do not fix it. But it is not like its IT fault, they would surely installed Linux or 8, but managers would ask, how much would it cost?
    Linux is not as free you might imagine, yes you can install Linux for free, but in a corporate sphere, you have to think about maintenance and deployment and well Linux is 1%.

    XP is actually the best Windows ever, even though Microsoft tries to denies it, instead of being proud on it. You can run it on 128MB without problems, you just need a good memory managment software like CachemanXP or Cleanmem, if you use nLite it is unbeatable, I got its RAM usage as low as 40MB and Windows Folder had 400MB only.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I worked at a bank, directly with the ATMs. I won't go into details because that just wouldn't feel right, but, yeah, they were running XP. They were largely unpatched, and I mean that in a very very serious way - we aren't talking a week behind updates, we are talking a year.

    They are networked.

    They have significant attack surface in kernelmode drivers, exposed easily to attackers.

    And I can say the above and still be leaving out the really bad stuff.
     
Loading...
Thread Status:
Not open for further replies.