On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand <eric.r...@brownhatsecurity.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > BoA has no incentive to switch, as the customers have not demanded > more secure ATMs, and it's cheaper to have 'hacking insurance' to > cover any losses than it would be to replace all their ATMs. Sad, but true. I doubt they have the hacking insurance, though.
There's a reason US banks suffer losses at a rate of 600x that of a German bank. For the discussion, see Gutmann's Engineering Security, page 542 (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). I'm amazed that the losses get passed onto shared holders, and then executives give themselves a bonus for a job well done. Jeff > On 04/02/2014 01:30 PM, Sholes, Joshua wrote: >> And how fast would those ATM manufacturers switch to a Linux or >> other offering if, say, Bank of America said "We won't buy an ATM >> with an easily skimmable reader or with an insecure OS on it?" >> >> Diebold, for example, has a market cap of less than $3B. BoA is >> sitting around $182B. With that much leverage, the big banks have >> NO excuse to just accept whatever crap the vendors shovel out the >> door. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
