Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: cspackler; general_re; Russian Sage
"If you were to break in through the 3 inch thick steel door in the back of the ATM, you would have full access and be able to have some real fun."

Nonsense. I can physically give you an ATM machine, but that won't enable you to access the accounts of the bank's customers.

Same goes for a POS terminal. You can buy one on eBay right now, but that won't give you access to the data that you want on someone else's network, even though you clearly have full physical access to it.

In short, claiming that physical access defeats security is just baby-talk for admitting that **your** own security is child's play.

Same goes for spouting off about needing big, long, complex passwords. POS terminals (and ATMs for that matter) only require a 4 digit password, yet the posters on this thread clearly can't get through that level of security due to the **architecture** involved.

So here's a tip: if you can't guarantee the physical secuirty of a PC, POS terminal, or ATM, then you simply don't place valuable data onto said "vulnerable" machines.

Store such data somewhere else. Somewhere safe.

That's how banks do it today. Steal an old ATM, drill through its armour, boot up the ancient AT&T 3B2 inside with any startup disk that you want, it still won't give you access to all of the customer accounts of any bank, even though said machine has its physical access compromised and even though said machine only asks for a simple numeric 4 digit password.

It ain't the tactics, people; it's the architecture.

81 posted on 07/23/2003 9:48:17 AM PDT by Southack (Media bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 79 | View Replies ]

To: Southack; general_re; Russian Sage
However, we are not talking about ATMs. These are apples and oranges that you are trying to compare *architectures*. If you are using Windows, that is your architecture. If someone can get access to a Windows pc on your corportate network inside your firewall, they can have access to all of your passwords. It really doesn't matter if there is any sensitive data on the exact machine that you are accessing. If your admin password is hacked, every pc on your network is wide open. That is the *architecture* that you are stuck with. That is the whole point of the thread. There is no way to *architect* around that vulnerabilty, unless you believe that you can run your corporation on a bunch of ATM machines.
82 posted on 07/23/2003 11:24:33 AM PDT by cspackler (There are 10 kinds of people in this world, those who understand binary and those who don't.)
[ Post Reply | Private Reply | To 81 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson