Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Techrights Should be Even Faster Now: We're now better off
Richard Stallman (RMS) Gave 3 Talks in India in Less Than a Week: In India this month we've not seen a single negative comment about RMS
Microsoft Mass Layoffs Without Severance Pay Reported Hours After Microsoft Reported Weak Numbers and Microsoft Stock Fell: Microsoft has a bloodbath this month
Another Slew of Fake Articles About 'Linux' and 'Security' From Brittany Day at linuxsecurity.com (Spamfarm/Slopfarm): linuxsecurity.com is basically a pariah and parasite. It lessens the incentive to write real articles about "Linux" by generating fake ones to outrank the originals.
"Not one of us" by Dr. Andy Farnell: Elon Musk has brought embarrassment to nerds and technologists
Microsoft Staff Explains How Microsoft Swindled Employees and Avoided Paying Out Severance Pay (Microsoft Hasn't Much Money Left in the Bank): This is a classic way to avoid paying workers
Gemini Links 31/01/2025: "Bulletin Buble" and "Why Blog?": Links for the day
Static Site Generators (SSGs) Pay Off: Vastly Faster Sites, Much Smaller Hosting Bills: success story for SSGs
Of Note: Linux Foundation Has Already Let Linux.com Rot for About 4 Months (No Activity): there's no campaign aside from marketing spam there
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, January 30, 2025: IRC logs for Thursday, January 30, 2025
Indian Data Biases statCounter For or Against "Linux": In statCounter, the GNU/Linux increases and decreases are deeply tied to what it does with data collected in India
The Corporate Media Pretends That Facebook ("Meta") Has Performed Well, But Its Debt Doubles Every 2 Years Despite Mass Layoffs: That same media also helps parrot misleading financial claims
Microsoft's Debt Surged by More Than 6,000,000,000 Dollars in Just 3 Months: numbers released hours ago
The Sheer Irony of Microsoft Proxy Accusing Others of 'Stealing': Wherever DeepSick's data came from, Microsoft (or its proxy) is in no position to issue criticism.
The Difference a Decade (and GAFAM Money) Makes: Credibility cannot be purchased
[Meme] The Free Software Foundation (FSF) Has Critics Because Its Message is Effective: Applying to others the same standards one is willing to violate?
The Free Software Foundation (FSF) Raised $422,000 (Another $22k in the Two Weeks After Campaign Ended), Proving That Truth and Justice Tend to Find a Way: 10,000+ dollars a week even without campaigning for more funds
Faking Revenue Increase by Buying Your Own Products and Services (Through Scams and Scammers Like Scam Altman): Is this what society deserves? Media that instead of exposing corruption has chosen to participate in it and profit from it?
Links 30/01/2025: Fentanylware (TikTok) Causes Deaths, FBI Seizes Domains: Links for the day
Gemini Links 30/01/2025: Action vs Inaction, Gopherholes, and More: Links for the day
Links 30/01/2025: Microsoft Wants Convicted Felon to Give Fentanylware (TikTok) to It (After Making a Phonecall Asking for That in 2019), "Moving Away From Google's Ecosystem": Links for the day
Jack M. Germain (LinuxInsider) Seems to Have Turned to LLM Slop, Graphics Slop, and B2B SPAM: LinuxInsider is barely active anymore
Links 30/01/2025: Amazon Layoffs and DeepSeek Panic: Links for the day
Gemini Links 30/01/2025: Chaos Reigns, E-mail, Searching: Links for the day
IBM: Many Thousands of Layoffs in 2025: If 2025 is expected to be the same, then perhaps about 20,000 IBM workers will no longer be there
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 29, 2025: IRC logs for Wednesday, January 29, 2025
Google: Your Only Option is Google YouTube (Coming Soon: Mandatory DRM and Attestation?): Digital Restrictions (DRM) to follow? Only for "approved" (attestation) browsers?
Mastodon Was Always Biased (Just Like Twitter After Abandoning Chronological and Neutral Timelines in Order to Become More Like Facebook): So bury-brigading and click-farming control what people see
Certificate Authority Let's Encrypt Falls to Only 0.4% of the Total in Geminispace: Geminispace does not need to outsource trust
The Munich-Based EPO is Still Using a Platform That Promotes the Far Right and Rehabilitates Nazism: Active Twitter account
Links 29/01/2025: Dismantling Public Health in the US, Air Busan Plane Up in Flames (South Korea's Air Disasters Streak): Links for the day
Announcements and Administrivia: This week we're going out for two days in a row to celebrate an achievement that's very respectable
Gemini Links 29/01/2025: Japan, GTD, and More: Links for the day
Sir, Yes, Sir. The Life of EPO Patent Examiners.: If working for the EPO makes it harder to sleep at night, take action
How the EPO Pressures Staff Into Minting More Monopolies (Patents), Even Illegal Ones That Harm Europe and Ultimately Dismantle the Rule of Law: insights into the pressure examiners are under
LLM Slop Machines Are Not a Win for "Open Source" and If They Get Cheaper, It's Even Worse: If some program that claims to be "Open Source" pollutes the Web with fake articles (Microsoft SPAM and fake "Linux" articles), whose win is it?
Links 29/01/2025: Data Privacy Day and Growing Tensions in Europe: Links for the day
Nazi Twitter (aka "X") Became a Troll Site That Lets People Buy a Blue Tick While Its Boss Actively Promotes Neonazi Politicians: the intellectual level of people who infest the Web through "Twitter" or "X"
This is Why They're So Afraid of Richard Stallman (He Tells People the Correct History): Then they post about it to Microsoft's LinkedIn
Richard Stallman Speech in Bengaluru, "Silicon Valley of India": 62 years have passed since his "young nerd" days and he's still at it
Claim: Facebook Deletes Posts of IBM Red Hat Critics: As always, follow the money (advertisers)
Links 29/01/2025: Climate Crisis and "It’s time for the Xbox to fade away" (Microsoft Lose): Links for the day
Links 29/01/2025: Buying Groceries During a Trade War, Political 'Retro': Links for the day
More Illegal Patents at the EPO, Legality of Granted European Patents No Longer Matters to the Office: breaking the law for profit
Network Improvements Tomorrow: "Network maintenance" down in London
Sharing is Caring (But Advocating Copyleft Makes You a "Target"): GPLv3 does not close all the loopholes which the "Affero" helps close
Articles About Free Speech at Facebook: 'Facebook vs Linux' story is now receiving a lot more media coverage
We Were Right About stallmansupport.org Making an Error by Joining Social Control Media. mastodon.social Suspends stallmansupport.org.: From what we can guess, accounts can be banned by some oversensitive admin or a mob of users ("bury brigades")
"Latest Technology News" in BetaNews Still LLM Slop and SPAM Composed by LLMs (It's Basically a Spamfarm Disguised as a News Site): Only a fool would visit BetaNews in search of actual news
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 28, 2025: IRC logs for Tuesday, January 28, 2025
The EPO's Corruption, If It Remains Untackled, Helps the Far Right and Enemies of European Unity/Solidarity: Do not negotiate with evil
The Web, Including Wikipedia, Gets Filled With Lies About Bill Gates, Added by Bill Gates and His PR Team: Of course Wikipedia is funded by Gates
Facebook Banning Linux Sites (or People Who Link to Linux Sites) is Another Symptom of the Web's Demise: The state of media on the Web is really bad; Social Control Media amplifies the badness, as Facebook serves to show
Gemini Links 29/01/2025: Neovim Telescope and Writing Less: Links for the day

Why Crackers Prefer Windows on Cash Machines

Recent Techrights' Posts