[Politech] Windows worm infected Diebold ATMs

From: Declan McCullagh (declan@private)
Date: Wed Dec 03 2003 - 07:08:43 PST

Next message: Declan McCullagh: "[Politech] Request for help in suing the pants off of 132 spammers [sp]"

Previous message: Declan McCullagh: "[Politech] Weekly column: Adam Smith's lessons for technology firms today"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Mon, 24 Nov 2003 19:35:21 -0800 (PST)
From: Joseph Lorenzo Hall <jhall@private>
Reply-To: joehall@private
To: Declan McCullagh <declan@private>
Subject: Diebold ATMs infected with Nachi worm (RPC DCOM bug)

Hi Dave, Declan,

Why is this story on Diebold ATMs infected with viruses interesting?

Diebold runs Windows CE[1] on it's voting machines.  Not only could
votes be misrecorded and/or stolen, but they could also be affected by
viruses, worms and the like.

(For the Geeks: Granted, CE hasn't been specifically vulnerable to
worms, but it could be to one specifically designed for Diebold's
version of CE. To boot, their Windows CE software isn't certified by
election officials--they claim it is COTS or "commercial
off-the-shelf".)

[1] March, Jim. See: http://www.equalccw.com/sscomments2.pdf

---
http://www.securityfocus.com/news/7517

Nachi worm infected Diebold ATMs

By Kevin Poulsen, SecurityFocus Nov 24 2003 3:18PM

The Nachi worm compromised Windows-based automated teller machines at
two financial institutions last August, according to ATM-maker
Diebold, in the first confirmed case of malicious code penetrating
cash machines.

The machines were in an advanced line of Diebold ATMs built atop
Windows XP Embedded, which, like most versions of Windows, was
vulnerable to the RPC DCOM security bug exploited by Nachi, and its
more famous forebear, Blaster.

[...]

A patch for the critical RPC DCOM hole had been available from
Microsoft for over a month at the time of the attack, but Diebold had
neglected to install it in the infected machines. Billett defended the
company's patching process, which he said involves testing each new
bug fix, and deploying at a wide variety of institutions with a mix of
network architectures. "A lot of those machines actually have to be
visited by a service technician" to be patched, said Billett. "Our
experience in the past is we are able to turn those around in one or
two days."

[...]

(In accordance with Title 17 U.S.C. Section 107, this material is
distributed without profit to those who have expressed a prior
interest in receiving the included information for research and
educational purposes.)

-----------------------------------------------------------------
Joseph Lorenzo Hall                    http://pobox.com/~joehall/
Graduate Student             blog: http://pobox.com/~joehall/nqb/
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

Next message: Declan McCullagh: "[Politech] Request for help in suing the pants off of 132 spammers [sp]"
Previous message: Declan McCullagh: "[Politech] Weekly column: Adam Smith's lessons for technology firms today"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 03 2003 - 08:03:23 PST