Posted on 01/17/2014 9:43:17 PM PST by Olog-hai
Nearly all of the ATMs in the world are running the Windows XP operating system, introduced by Microsoft 13 years agoand incredibly out of date, as any tech enthusiast will tell you.
On April 8, Microsoft will officially end the tech support for the aging OS, which was replaced by Windows Vista in 2007, Windows 7 in 2009, Windows 8 in 2012 and Windows 8.1 in 2013. [ ]
If an ATM isnt upgraded, it will continue to function, experts said. Withdrawals, deposits, and other transactions will work as they did before. But the machines will be more vulnerable to cyber robbers wielding malware and other attacks as time goes on.
(Excerpt) Read more at foxnews.com ...
Use a CD/DVD drive that connects via USB.
Thanks for your input and suggestions.
It is my daughter’s notebook laptop and she is currently in Spain. She is renting a router made by Astoria Networks (I believe a German outfit) and her Windows XP does not have a driver for wireless connection to that router. Windows update did not install that driver! But her cable connection via ethernet works so all is not lost.
I’m still running XP, and I hate the newer MS Office format, too. I’m not here to gawk at the graphics, I want to get things done.
hmmmm..... you fail to mention Windows ME
If she can’t connect wirelessly, it’s not because there’s a missing driver specific to that particular brand of router. There’s no such thing as brand-specific wifi connection drivers for an 802.11 wifi router.
Either she doesn’t have the correct driver for the internal wireless card in her laptop, or the router is on a different channel or frequency than her laptop. European routers have a few more channels on the b/g spectrum than US routers, so she may have to get the channel on the router set to one between 1 and 11 (it might be up on 12-15). Or, the router might be an 802.11a, and her laptop only has a b/g wifi adapter. If it’s an “a” vs “b/g” problem, she can get a USB adapter for almost nothing that will let her communicate over the router’s frequency.
I’m running a Dell box with a Core 2 Duo CPU @ 2.00 GHz and 3.5 GB of RAM along with a 512 MB video card and W98XP SP3 (I actually have 4GB of RAM but W98 only recognizes 3.5GB)
I also have HDMI output to my 42” LCD TV as well as a bunch of other toys. There’s nothing on W7/Vista/W8 that I want or need.
My Computer runs great and I love W98 and despise the newer Operating Systems as I had to use them at work.
They are basically bloatware and require extra hardware to run. I remember when W95 first came out. I believe the min. requirements were a 486 DX, P-90 recommended and 8 MB RAM, 12 MB Recommended.
Look at the min. specs for W7 for example. Insane.
My PC is fast, dependable and no problems, viruses or Malware.
I run AVG Internet Security as well as Malwarbytes AntiMalware and run weekly scans, and they’ll pry W98 out of my cold dead fingers!
Seriously, I’ll probably have to upgrade due to security reasons once MS stops supporting W98. Maybe they will continue to support W98 with all of these ATM’s running W98!
Win ME = Mistake Edition.
Who remembers “Microsoft Bob”?
Windows NT?
Windows 3.0/3.1?
Various versions of DOS?
Commands like “Edlin” to Edit files?
I wonder how many useful DOS commands I still remember?
Win 95 first came out on CD or 1.44 Disks. Lot’s of them. Over 100 I believe. That was a long install process.
If you were a computer nerd, it made for a satisfactory Friday night.
Most if not all ATMs are connected to private networks or run over highly secure VPNs. In these environments getting hacked is a very unlikely event. If security were truly a concern, the operating system used would not be Windoze. Most likely candidate would be a unix or linux variant.
Wow, and I thought India’s wall power was bad. DC? Really? I thought Europe in general was 220V/50Hz, and it was just the plug configuration that all the countries just had to be “special” about.
LOL!!!
Not if you want it to run quickly.
Win 7 is a big improvement over XP, but you will need more horsepower to run it.
You really want to go to a 64-bit OS which many XP machines won’t run. You need a 64 bit processor and room to utilize additional memory.
What caused the change to Windows XP? The American's With Disabilities Act.
ATM's were required by law as the result of several lawsuits to become more "friendly" to those who are blind, hard of hearing or deaf. Couldn't do that with character based mainframe 3270 software so many banks chose to go to Windows XP, some chose to go with Windows XP Embedded, others chose to go with a customized version of Windows XP Embedded for POS (point of sale. This is the version that was compromised in the Target retail stores breach.)
The bank I worked for (which I will not name..) at the time spent alot of time, effort and money to create a highly secure network for the XP enabled ATM's. We used customized software as many did, to present the User Interface for the ATM and relied heavily on our ability to implement tiered security: Within the ATM Software itself; The XP Embedded OS; ATM device breach monitoring (ie: someone attempting to open the device); hardware monitoring (ie: money grabber device, terminal display, physical ATM Buttons and on-screen UI's; audio jack input monitoring; and finally the Windows XP Embedded OS itself.
One of the keys to successfully locking down and monitoring XP Embedded was to secure the boot process by making sure no other boot device could be plugged into the ATM Hardware. This meant acquiring custom hardware that eliminated physical USB devices for example, and did not contain extra ports on the motherboard to connect other boot devices (CD/DVD devices for example.)
Additionally, Firmware on the motherboards was protected with complex passwords (non-dictionary type) making it as difficult as possible for a hacker who managed to gain physical access to the device to change the system configuration that way.
The other thing we did was secure the boot process forcing the ATM to validate the checksum of the core Windows XP Embedded OS, drivers, monitoring and security agents on the device itself against our back end systems. Any discrepancy would cause the ATM to automatically go out of service which would trigger an alert in our ATM NOC.
The network segment that our ATM's were on was also an isolated network, separate and non-routable to core banking systems. If our ATM network was to be breached, it would be contained ONLY to the network segment that the ATM devices was on.
It was just over a two year project to upgrade the more than 2,500 ATM's the bank I worked for (at the time) had.
Funny thing about the entire project for me was, I did not have an ATM card at all until I started working on the project.
BTW: I read the security analysis/write-up on the Target Retal Store breach yesterday which was a very sophisticated and long running breach. Target's breach was EASILY preventable if they had taken some of the security measures I identified above. There is literally no excuse for their lax security and anyone who continues to shop at Target is a fool.
The hackers that breached Target had easy and prolonged access to Target's entire network. They setup shop on one of Target's web servers from which they had unfettered access to the rest of Target's network. That's inexcusable.
Further, they were able to create their own virtual zombie servers on Target's core network from which they were able to deploy the malware that "infected" Target's Point of Sale Windows XP Embedded for Point of Sale Systems.
That malware was able to skim the memory of the POS systems reading credit cards directly from the credit card swipe device, then picking up the PIN by scraping memory.
That information was sent from every Target POS system to a database constructed by the hackers on Target's core network.
Here's where it gets really, REALLY bad. The Hackers were unable to setup a persistent connection to connect to a server outside Target's network -- so they constructed a database on Target's core network and then manually connected whenever they wanted to the same webserver they'd breached, and then connected to the Database they constructed inside Targets network (again, whenever they wanted and extracted the data from their database, manually FTP'ing it to one of their own servers outside Target's network.
Target's breach was easily preventable and is entirely unexcusable. This is why I say anyone who shops at Target going forward (and uses a credit or debit card) is a fool. If you must shop at Target -- PAY CASH!
The hackers that breached Target had highly customized the malware to avoid dectection and specifically work on Target's Windows XP Embedded for POS systems.
Now how did the hackers know Target was running Windows XP Embedded for POS systems? One of two ways. First, they had prolonged access to Targets systems so they could have discovered on their own that was the OS running Target's POS Systems OR Second, it was an inside job.
It's one of the two, and wouldn't I love to be a fly on the wall listening to the FBI discussions when they were trying to figure it out (if they even HAVE figured it out!)
For the next 6 months, you’re probably correct. However, I think after that Target will have the most secure paypoints in the United States. If not, they deserve to go out of business.
That situation with Target did not affect Target Canada, because Canada’s banking system makes it very difficult for things like that to happen. Canada’s financial sector is probably close to the most secure in the world. When there is a breach of somebody’s bank account, in Canada, it’s usually due to carelessness of the individual, not because they breached the bank’s firewalls.
Doc, you realize they call that pack ratting? heh
I remember those, and how cool they were, of course it still ran from DOS.
I’ve heard that it was likely the Russian mafia that was involved and it wouldn’t be that hard to get hired as an IT security specialist.
It didn't happen to Target in Canada because they use a different POS system in Canada. Target's announced they're going to bring that same POS system here to the US to solve their problems.
If you really want a secure retail and banking system the U.S. would do what Europe did years ago and implement smart chips in their banking & credit cards.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.