On Sat, Apr 11, 2009 at 11:10 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Joe Greco: > >> The ATM machine is somewhat protected for the extremely obvious reason >> that it has cash in it, but an ATM is hardly impervious. >> >> http://www.youtube.com/watch?v=4P8WM8ZZDHk > > Heh. Once you install ATMs into solid walls, the attacks get a tad > more interesting. In some places of the world, gas detectors are > almost mandatory because criminals pump gas into the machine, ignite > it, and hope that the explosion blows a hole into the machine without > damaging the money (which seems to work fairly well if you use the > right gas at the right concentration).
also, there is the fact that some very large percentage of ATM machines were installed with the same admin passwd setup. I recall ~1.5 yrs ago some news about this, and that essentially banks send out the ATM machines with a stock passwd (sometimes the default which is documented in easily google-able documents) per bank (BoFA uses passwd123, Citi uses passwd456 ....) I'm not sure that the manholes == atm discussion is valid, but in the end the same thing is prone to happen to the manholes, there isn't going to be a unique key per manhole, at best it'll be 1/region or 1/manhole-owner. In the end that key is compromised as soon as the decision is made :( Also keep in mind that keyed locks don't really provide much protection, since anyone can order lockpicks over the interwebs these days, even to states where ownership is apparently illegal :( -Chris
