Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Improving Clarity When Presenting LLM Slop and Slop Images: There will likely be more changes (improvements) to improve the visibility of our labels
Articles About "Linux" That Are Actually Promotions of Microsoft Windows: The solution is to leave Windows, not get something "like Linux" or "similar to Linux"
Local Occupational Health, Safety and Ergonomics Committee (LOHSEC) in The Hague: Staff Representation Surprised at "Recent Changes in the Staffing of OHS Occupational Health Services (OHS)": Once upon a time the Office offered to-notch services to all staff
IBM Exits Continue This Week: Some people talk about it anonymously, naming their role/position/unit, number of years (or band) etc.
The EPO's Own 'Drug Bust': Berenguer is Gone, But Who Else?: EPO latest news
Trying to Cancel People and Projects That You Don't Like by Changing the Focus to Politics: Don't fall for it
What Kind of Bubble is AI? We'll Find Out Very Soon: In 2022 and 2023 Cory Doctorow was one among many who asserted "AI" was a bubble
Mandrake's Gaël Duval Debunks Clickbait Nonsense From ZDNet, a Non-Coder Pushing Bot-Made 'Code' (Plagiarism Done Poorly): "Why AI won't "Kill Open Source”
Groklaw Won't be the Latest (Nor the Last) Major Site We Lose: Many other sites will go offline; the more popular among those will get hijacked by rogue actors
Slopwatch Turns 1 Next Month: 2024-12-14 is when Slopwatch began
The Issue With Firefox is Not Its Brand: Mozilla seems to be the biggest enemy of Firefox at this point
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 11, 2025: IRC logs for Tuesday, November 11, 2025
Gemini Links 11/11/2025: Kentucky, Bluesky, and Slop: Links for the day
The European Patent Office (EPO) is Still Hiding From Scandals: "No answers from VP1 to our letters to two Directors"
Like the Serial Strangler From Microsoft, Donald Trump is Out of Time and Has Jurisdiction Issues in the UK: The court system or the courts of a nations are meant to serve the nation and its media, not media lawyers or litigation profiteers
Slopwatch: Many Fake Articles About "Linux" on Monday and Today: A lot of the Web is pure garbage. A lot of 'articles' are 100% fake.
Richard Stallman to be First Speaker at Ethereum Cypherpunk Congress 5 Days From Now, FSF Looking to Raise $400,000 by Year's End: the 40+ years-old FSF, which Dr. Stallman created to help promote Software Freedom and support GNU, is starting a new fund-raising campaign
Links 11/11/2025: Misinformation/Disinformation in Twitter/X and BBC in Trouble: Links for the day
Links 11/11/2025: Slop Ruins Music, Facebook "to Discontinue Like and Comment Buttons on Third-Party Websites": Links for the day
Adrian & Diana von Bidder-Senn, Debian: detailed history of a death: Reprinted with permission from Daniel Pocock
The Voice of Microsoft: Marketing disguised as a science
"MIT Technology Review Insights" is the Selling of Ponzi Schemes for Sponsors (MIT Lacks Integrity): Just like IBM, they're chaining buzzwords now
Rust Keeps Breaking Ubuntu in All Sorts of Extraordinary Ways (and All Distros Based on Ubuntu Will Break Also): The FSF's stance on this is unclear
Boot-locking Laptops and Desktops After Falsely Marketing That As 'Security' and Not Obligatory: If anyone can confirm this to us
With Net Income of One Billion Dollars Tesla Claims It Can Pay a Fake Founder (Who Paid for This Lie) 1,000 Billions: What does this tell us about Wall Street?
GNU/Linux Cannot Buy Fake Journalism and It Won't Bribe Large Publishers: Free software developers don't purchase "sponsored" placements and that will never change
The 'Politics' of Operating Systems (or Exclusion for Inclusion's Sake): This whole 'wrongthink' policing is getting out of hand
Static Site Generators (SSGs) Save You Lots of Money and Problems: We've basically reduced the environmental/carbon footprint of the site by a factor of ~100 (2 orders of magnitude)
IBM Does Not Care About Families, Communities, and Even Its Own Workers: Red Hat isn't a family and to believe that it is would be the makeup of cults
Too Much of Today's Web is Fake, Not Just Fake News: We'll continue to advocate for adoption of Gemini Protocol
Simulating a Downtime Tomorrow Night: It is expected that network redundancy will make this maintenance invisible to us, but IRC hangups or general slowness are still a possibility
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, November 10, 2025: IRC logs for Monday, November 10, 2025
Links 11/11/2025: Conflicts and Politics From National Broadcasters: Links for the day
Gemini Links 11/11/2025: Poetry and Electronics Studies: Links for the day
Apple's Debt Grew by About 16 Billion Dollars This Past Year, "Disappointing iPhone Sales" Reported: People who buy Apple's goods based on some false notion that Apple is "cool" or ethical or "underdog" (late 90s) aren't just living in the past; they're fools
Turning Down Proprietary Software is About Making Society Better: We should not be tempted to shame people for merely trying to keep programmers honest and human rights-respecting
Debian GNU/Linux Became the Most Popular (Most Distros Are Based on It) Owing to Richard Stallman: New presentation
The Internet is Becoming Dead or a Zombie: The Internet is becoming like a giant botfarm
A Day for Poppies: This site will run as usual today. We continue our fight for Software Freedom.
"Modern" Doesn't Mean Better, It Typically Just Means Newer: RMS demonised as someone who rejects "modern society" ("rejecting modern society") by a site that uses slop extensively
The Cocaine Patent Office - Part IV: European Patent Office to Come Under Media and Political Scrutiny: We'll persist until we get some answers
Gemini Links 10/11/2025: Homelabs and KeePassRX Manual Now Available: Links for the day
63-Page Response to the EPO's Effort to Decrease the Salaries of Workers While EPO Management Snorts Cocaine for 20,000 Euros a Month: "Read more in these written comments we sent to the members of the GCC"
Response to Another New Hit Piece About Richard Stallman (RMS): We see similar smears floating about and tackling them can help not only RMS but anyone who thinks similarly about computers
Shrinking and Cheapening the Workforce: the Future of Red Hat and IBM: Does Red Hat cheapen the workforce?
Links 10/11/2025: BBC Turmoil and Iranian Drought Crisis: Links for the day
The Register MS Still Occasionally Uses Slop: some articles don't use real images
Links 10/11/2025: "Scam Altman Gets Served Subpoena" and "China will Rule Renewable Energy": Links for the day
ubuntupit.com Has Paused the LLM Slop (for Now): No slopfarm ever offered any real value
More Media Coverage From Austria Regarding Cocaine Use by EPO Management: The ultimate goal is full accountability
Ponzi Economics and the Media's Role in Defending Ponzi Economics: We occasionally notice weak or almost-non-existent coverage regarding the economy
Links 10/11/2025: Very High Windows TCO and XBox Continues to Languish: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, November 09, 2025: IRC logs for Sunday, November 09, 2025

Why Crackers Prefer Windows on Cash Machines

Recent Techrights' Posts