hack kinh nghiem

Document Sample
hack kinh nghiem Powered By Docstoc
					ATM Backdoor… Why is no one talking about this?
Dave G. | September 20th, 2006 | Category: Disclosure, New Findings, Defenses

So, two people have sent me two links (YouTube) about this story. Apparently, a man came into a store that had an ATM. He walked up to the ATM with an ATM card (supposedly nothing special about the card, but it wasn‟t his), and typed in a magic security code. Supposedly, this code allowed him to reconfigure the ATM machine to believe that it was filled with 5$ bills instead of $20 bills. When you go to withdraw money, you get 4x the expected dollar amount. Of course, the criminal left the machine in that mode, which after 9 days of use, someone finally reported that the machine was giving out too much money to the clerk. Judging from the video, the ATM looks like it is a Tranax Mini Bank 1500 series. Tranax‟s website had this little gem in their knowledgebase: The ATM is programmed with the passwords that the distributor requests when the order is placed to program a new ATM. When special passwords are not requested they are left at the factory default (see your mini-bank operators manual) Every new ATM that is shipped from Tranax has a copy of the print setup included in the “open me first” box or envelope. The master password is hand written at the top of the print setup for the convienence of the installer. My questions:
    

ATMs have security codes that allow you to reconfigure the ATM with no one noticing? What other configuration changes can be made? Can these security codes be changed? Is this going to be as bad as the Simplex lock fiasco? How hard is it to get a Mini-Bank Operator‟s Manual? Anyone that has one of those can basically reconfigure any ATM where they didn‟t change the password. Which probably means MOST Mini-Bank ATMs.

Again from Tranax‟s website: Tranax ATM user manuals and basic training manuals are available for purchase through your Tranax Distributor. ATM software is available for download on the authorized distributor and authorized service provider (ASP) sections of this site. In order to access this section you will need your unique username and password given to you after becoming an authorized distributor or ASP. I am going to try and do a local news style expose on how easy or hard it is to obtain one of these legally. No I will not be sharing any information with anyone or do anything unlawful with the information.

15 Minutes Later

I am holding in my hands a legitimately obtained copy of the manual. There are a lot of security sensitive things inside of this manual. As promised, it includes:
  

Instructions on how to enter the diagnostic mode Default passwords Default Combinations For the Safe

Update: 9/21/06 3:30AM Someone was talking about this. I just didn‟t hear it. Someone else discussed a methodology they used to find similar issues two days prior to my post. I should know by now to be reading ImmunitySec‟s DailyDave mailing list regularly.

Update: 9/21/06 10:50AM We hate moderating comments. We‟re happy to host comments that say this is all an elaborate hoax and that we‟re just attention-seekers. But we‟ve made a decision not to publish details about where to find this information; we‟re already the web‟s #1 source for illicit stereo access for Volvo 850‟s. Please don‟t post comments explaining how to find the manual. We‟ll have to delete them, and we don‟t enjoy doing that.

Update: 9/22/06 2:52PM There is additional commentary on our blog right here.

71 Comments so far
1. Chris September 20th, 2006 3:58 pm My initial reaction was that the stories had to be wrong. There is no way that input from the keypad could reprogram the unit, I figured. Silly me. 2. name September 20th, 2006 4:47 pm Yeah right buddy. *15 minutes later* what a crock of shit. publish it if you actually have it otherwise fuck you! 3. b September 20th, 2006 5:32 pm LoL to previous comment, but he does have a point 4. Social Content Headline News September 20th, 2006 5:33 pm Built-in ATM Backdoor: Many ATMs have default-passworded admin interface!

[link][more] 5. BTW September 20th, 2006 7:26 pm Tranax ATMs aren‟t the only ones that have security codes that allow you to reconfigure them. The first comment on the article that you linked to said “investigators know the only people with these codes work for armored car services”. This statement is totaly untrue, as many ATMs are serviced and replenished by the business they are located in. There are three employees at the place I work, that know what the code is to the one located in the lobby. I, personally do not want to know it, as I am the type of person that would want to take advantage of it. Jail isn‟t any fun, either. 6. Jonah September 20th, 2006 8:07 pm My friend showed me this hack up in Boston probably 5 years ago. Amazing but true, I saw it with my own eyes. The drawback is that the ATM card swiped to make the change is in the system, so you have to be a bona fide bad actor and use a stolen/borrowed card with the full knowledge that whoever owns it is going to get dinged for this. But still a ridiculous feature and easily circumvented by Ed Felten or others smarter than I… And Diebold says “TRUST US” with their voting machines… heh. 7. Ben September 20th, 2006 8:12 pm I agree with the comment calling you a crock of shit. Why even write about it if you wont share the info. Its not like youre really stopping anyone dedicated from finding one, youre simply annoying them by saying its extremely easy to find but look elsewhere. 8. Thomas Ptacek September 20th, 2006 8:21 pm Ben, “name”, I apologize. On behalf of Matasano, I am authorized to offer you your money back. 9. cheapdaddy September 20th, 2006 8:23 pm The ATM story doesn‟t surprise me. I briefly worked as an alarm technician. The alarm systems have a default or INSTALLER password for when clients don‟t want to give their passwords. I was surprised how many people trusted an installer they had never met with their passwords or even used the original default password. Even most vending machines have diagnostic modes that can be accessed by pressing the right button combo or even remotely. My brother made a small fortune retrofitting cigarette machines before they became illegal. Most Windows computers are ridiculously easy to reset the motherboard password. I boot all my computers from a server which checks the time on the mobo and refuses to boot the machine if the time is off by more than a few minutes. Sometimes the lithium battery dies and the mobo forgets its settings. Any IT dept. could install security to prevent access if it cared to do so.

10. Josh Daymont September 20th, 2006 8:43 pm Ben, Matasano won‟t stoop to your level so I will. You are an idiot. Why? See your above comment. I rest my case. Josh 11. Reginald September 20th, 2006 10:36 pm Who cares about the motherboard password? just pull the drive… As to codes yes, there was one on youtube. I can do it and it works with all coke machines. Its either 1-3-2-4 or 2-3-4-1 as in, the drink selection buttons, and it drops you into a diagnostic menu where you can see items baught, costs and shit.. I never found out how to get free pop because it was in plain view and meddling with it for more than a few minutes wasnt fun. The change return is ESC if you get nervous and have to log out. 12. Reginald September 20th, 2006 10:38 pm 4231 Well it could have been one of four options lol. 13. Wired September 20th, 2006 11:06 pm LOL. The guy on Wired found it in a few seconds. 14. Ruddiger September 21st, 2006 2:11 am >> Yeah right buddy. *15 minutes later* what a crock >> of shit. publish it if you actually have it >> otherwise fuck you! I second that. Or at the very least tell us how you got it. 15. Nz September 21st, 2006 2:34 am cheapdaddy, Nice try, but anyone who has actually seen the inside of a PC knows the BIOS password has nothing to do with any installed OS.

And anyone that has actually worked with PCs (like you pretend to do) knows that you can reset the password (and all other bios settings) by flipping the CMOS Clear jumper, which is clearly labled on most motherboards. 16. toby September 21st, 2006 2:59 am Yeah! Just because you‟ve published a huge number of papers and in-depth discussions of vulnerabilities isn‟t any reason for us to believe you actually did this! If you aren‟t going to give us detailed instructions on how to get a copy ourselves then I want my money back too! With interest! “Worst Episode Ever” -Comicbook guy 17. Danny September 21st, 2006 7:42 am Lol…. Wahhh! You won‟t give me detailed instructions on how to hack an ATM. Grow up you script kiddies and try figuring it out yourself. /Go take something apart and learn how it works some time…. and get off my lawn…. 18. jash September 21st, 2006 8:32 am all of you nubs that are saying he didn‟t do it, and want instructions on how to get the manual are just mad that you don‟t have it. if you were really worth anything you would stop asking for everything to be handed to you on a silver platter and actually do something for yourself. god forgive me for even reading the comments, let alone making a comment myself. 19. ML September 21st, 2006 8:34 am What you have here is someone familiar with ATM installations. Regardless if it is a TRANAX, TRITON, TIDEL or any of the other models, it is easy to do this…..IF you know the password. This is one reason the merchant or installer should NEVER leave the ATM master password at default. This guy can also be an ATM installer…..and has a record of the new passwords that were put in the ATM, therfore making it very easy for him to do this. It is unlikely that any buffoon off the street would be doing this. 20. Chris September 21st, 2006 9:00 am I used to work at an Indian casino in the vault. We had 7 ATMs there that I serviced and refilled every night I worked. I knew the codes to all of them and could, if I had wanted to, reprogram the ATMs to think they had any dollar amount in the cassette. All without opening the ATM, just from the keypad.

21. Guest September 21st, 2006 9:31 am This is why hardware-access switches are a must. “What you know plus what you have” is a good rule of thumb. For some machines, such as vending machines where only the money-collector will be doing maintenance, the door-open or doorkey-turned sensor can be the switch. In others, such as an ATM, an ATM card unique to the machine or password-that-changes-every-minute code-generator can substitute for a door-opening key. 22. Landon Lewis September 21st, 2006 10:10 am Took me about twenty minutes to find it. Unbelievable. 23. TC September 21st, 2006 10:35 am Holy cow batman: Less than 5 minutes. I kid thee not 24. ixyk September 21st, 2006 10:43 am it took me less than 2 minutes to find a copy of this manual… 25. LonerVamp September 21st, 2006 10:49 am FYI, all of this is not new information, really. These attacks have been around for ages. Similarly, any sort of stationary electronic has been explored similarly. Do a search for videos on hacking programmable construction signs, for a popular one. The concepts are simple. Devices need to be configured such that a simple operator can install and/or use them. Manuals are kept on site, default passwords rarely changed (or if they are, are sometimes written inside the operator‟s panel), and information on how to use the device kept secret as much as possible. Barring this obscurity, the only other real protection has long been a simple lock and the good conscience of regular people. Likewise, many curious people have gotten hands on devices like old ATMs and such (illegally or not) and have tinkered and poked at them enough to publish their findings as well. Or just buy an operator some drinks and start asking the questions. This is all about as old as phreaking and ATM machines themselves. However, hopefully this publicity changes some policies (corps really only respond to economic pressures…). 26. xrayspex September 21st, 2006 11:20 am Seems like a lot of huzzah over nothing. I have a friend who was a locksmith for many years. According to him, about half of the people who locked themselves out of their safe (and thus called him) had left the combination set at the factory default. Stupid is what stupid does. Or something like that.

I wrote software for ATM machines for 6 years, so I have my own perspective on all of this. It‟s just like any other system which must be a) secure and b) usable by a variety of people. As part of my job I occasionally handled telephone support for ATM owners. Most of them were decent folks. Not too many of them were rocketscientist types, however. In fact, a sizeable percentage didn‟t speak enough english to be coached through even simple procedures. So what are the ATM manufacturers going to do? Secure it to the max, but frustrate technologically unsophisticated owners? Well, you COULD do that. Or you could make it simple(r) to user, and provide ADEQUATE security that does, unfortunately, require some extra diligence on the part of the operators. Nothing requiring an engineering degree; just common sense and the ability to read a bold sentence in the manual which says something like “CHANGE THIS PASSWORD”. Seems to me to be a little like those notices on an automobile radiator that says “don‟t stick your hand in this moving fan”, or on a gas can that says “warning: this is flammable”. But, well. There are a lot of ways to be dishonest. This particular scheme isn‟t really noteworthy except that everybody goes gaga when they hear that an ATM machine is involved. The company I worked for had a couple of thousand machines out in the real wicked world, and AFAIK none were ever compromised. We did have several snatched out the front door on the end of a chain dragged behind a pick up truck, though. That was the real-world problem most ATM owners actually worry about (and deal with.) Nothing to see here. Move along. 27. anonymous coward September 21st, 2006 11:27 am ixyk: I got it in 22 seconds. And 13 of those, I was distracted by a porn link. 28. Thomas Ptacek September 21st, 2006 11:27 am xrayspex: I couldn‟t possibly disagree with you more, but that‟s still one of the best comments we‟ve gotten this month. Thanks for writing it. You‟re laying out a microcosm of the whole problem of information security. Endusers will not educate themselves about security; they are too busy managing the cooling rods, trying cases in front of the Supreme Court, and repairing gall bladders. So the challenge vendors face is amplified: they can‟t take the easy route and “secure everything to the max”, and they can‟t leave everything wide open. What‟s left in between? Finesse. There‟s a whole other post you could write about simple mechanisms these ATMs could use that would not substantially increase end-user frustration but would make these attacks a lot less likely. The meta -lesson is that “security usability” is drastically underrated; “security usability” has less to do with human interface design and more to do with security engineering done under heavy constraints.

29. Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography) September 21st, 2006 11:41 am ATM Hack Uncovered. 30. tom September 21st, 2006 12:33 pm nice one… 31. Chris W. September 21st, 2006 12:58 pm For some manufacturers, default master password information is generally available in their user manuals. They put in big warnings that it be changed but of course that isn‟t always done. Here is an obvious google query so I am not posting a URL. -Chris 32. Chris September 21st, 2006 2:21 pm Of course ATM owners will be stupid and not RTFM. Of course ATM users want a system that is easy to use after 15 beers. Of course ATM manufacturers don‟t want to field a buttload of “Duh…I forgot the password” support calls, or lose sales to the other guy who makes a noticeably cheaper box. Tom‟s right — simple, obvious stuff can still help here: One manufacturer makes it so that if the master and admin passwords are identical then the ATM won‟t do all the good stuff 37337 hax0rs want. Why not also check that the values are not the defaults? If the concern is that recovery is impossible if the owner gets hit by a bus, then how about adding $1.50 to the cost of each ATM and storing the values in a module which is inside the “vault”? How about giving the owner the chance to print the passwords (with big letters saying “If you leave this in sight you are an idiot who deserves whatever he gets”)? How about giving each box random PWs, and supplying a card with what those values are, AND doing any of the above? None of these measures is perfect, but any of them is better than shipping a box full of money that can be opened, more or less, by typing “password”. 33. tom September 21st, 2006 3:51 pm hm, Kind of worrying, I mean it just seems too easy to get the information.

I always think that a mixture of physical security and software is needed, e.g. you need a key to add money to the machine, why don‟t you need a key to enter the setup of it ( + a password), how hard is it to say, enter your key, then enter your password, would also work to have the keyhole positioned away form the screen e.g, on the floor. “hello Mr customer, why are you bending down round the back of my ATM, oh you are inserting the security key, I think the police would like to know about that…” Surly it can‟t be that hard to program in a method to make sure that the default password is different for each machine, if wordpress can do it (which they do), why can‟t a manufacture of ATM‟s do it? oh well, strange how it dosn‟t surprise me that much… 34. Ralph L. September 21st, 2006 4:24 pm Chris W., I‟m shocked and appalled at the obvious gall you posess with posting google search links. You and your l0pht ilk have been promoting research and learning for too many years now! When will it all end? Please do better next time and just post: “” and leave it as an exercise for the expert search geeks. 35. grey September 21st, 2006 4:31 pm So, with regards to xrayspex‟s quip about safe‟s and default combinations. In _Surely you must be joking Mr. Feynman_ this is discussed a bit in a chapter on his lockpicking adventures while working on the a bomb. He had found a technique to simplify the notion of guessing a combination on a password, but a new general, locksmith and safe were brought once which no one knew the combo to. The locksmith opened it miraculously, and when Feynman and he later had an exchange trading tricks of the trade, while Feynman had actually been developing some lockpicking techniques, the locksmith just used a default combination which had never been changed. By the way just because it‟s common practice, doesn‟t mean it‟s not absolutely wrong and stupid. It‟s much more a case of „locks on doors only keep honest people honest‟ just putting up a show for those who don‟t care to subvert things, while those who do find it stupifyingly easy. Oh, one other nice bit from that chapter - Feynman tried to work with his superiors to get them to switch safes or report the weakness to the safe vendor. Their response? “Keep Feynman away from your safes!” Glad to know smart guys have been slain messengers long before I was born. A great read for this, and many other stories, quite a few of which discuss crappy security in what should‟ve been the highest security facilities in the world at the time. 36. roboknave September 21st, 2006 5:08 pm To everyone that says this is BS: You‟re wrong. I too obtained the said manual in less that 15 minutes. About 5. No, I won‟t post anything for the script kiddies either. I will say that the manual contains very detailed information on the master operator interface, does contain default passwords, the default passwords are what

you‟d expect to see as defaults (i.e. lame and should be changed immediately), shows detailed info on how to use the keys and what screens should appear, and I would expect that EVERY Tranax machine should be disabled for “service” to update these default passwords so that the script kiddies reading this can‟t go out and steal a machine‟s cash. The only thing I can say is at least the guy who pulled this off didn‟t need to carry a gun. 37. name September 21st, 2006 5:52 pm How many years in jail if you get caught? Could you get a job with at ATM company after you got out? Most high tech or IT departments require a background check. Just some thoughts. 38. Tech Gadgets September 21st, 2006 6:14 pm ATM hack uncovered, financial freedom abounds? Filed under: Misc. GadgetsYou‟re probably familiar with the Virginia Beach trickster who reprogrammed 39. |333473|3|_||3 September 21st, 2006 8:57 pm grey, you made a mistake about Feynman. All he told people to do was to shut thier filing cabinets when not using them so he couldn‟t read the number by twiddling the dial. The ATM backdoor is an old hack which people didn‟t care about until it got into the news. I am aware of one ATM (well one ATM location), which has been hacked, stolen, or smashed open so many times things are geting rediculous, but no-one cares. 40. |333473|3|_||3 September 21st, 2006 9:04 pm Traffic Lisghts are anoth potential target. In Adelaide they are all controlled by an old P2 box sitting under someones desk, linked to the public phone network‟s fibre connection. at each of the traffic lights is a P1 running a DOS script which controls the lights. THe local units can be over-ridden by commands form the central server (i.e. for the Fire Brigade), and so the units can be hacked by anyone who can connect to the phone network, if they know how. 41. Chris September 21st, 2006 9:53 pm Over at 27B Stroke 6, Kevin Poulsen is reporting that Tranax (rhymes with Xanax!) is going to require a PW change in the new firmware rev. Who says responsible disclosure doesn‟t work? :^) 42. scalefree September 21st, 2006 11:42 pm Dave,

It‟s really funny for me to read this story. I found a Tranax 1500 manual on the sidewalk outside my apartment, maybe a year ago. No idea how it got there, there‟s no Tranax ATM anywhere near me; sometimes my life is just like that. I‟ve been waiting for this story to happen ever since. And Tom, don‟t ever change. 43. Thomas Ptacek September 21st, 2006 11:48 pm You can‟t control me! 44. Cyberknife September 22nd, 2006 12:19 am My god this is so idiotic its not even funny. I tried to find and almost choked on my soda I was drinking when I had the pdf. file. Then I tried the same theory to another ” brand ” of ATM and it worked the same. 45. ATM Tech September 22nd, 2006 12:24 am Okay, I‟m an ATM technician and have experience with these machines, so I‟ll provide some background on the hack. There are three passwords that can be imputted from the keypad: 1. Operator (guy who fills machine) 2. Technician (same access with more diagnostic options) 3. Master (Everything) If you want to perform the hack mentioned above, you need the Master password, which is obviously pretty easy to get. I‟ve seen armored car rent-a-cops on $12/hour use the Master passord for simply filling the machine. All passwords will give you access to the ATMs electronic journal which shows the last x000 transaction. When you wipe it using the “Clear Journal” option… If you‟re prepared to spend time reprogramming the machine to dispense $20s when it thinks it‟s dispensing $5s, go ahead. It may make people like the dumb f*cks who run the machines I service start taking things seriously. 46. GlenO September 22nd, 2006 2:32 am I like the one about traffic lights. Years ago I worked in Beijing for while, on the way from the pub one night I noticed the door to the traffic light controller was unlocked so we switched it off and sat back to watch the fun. Sure enough we were rewarded after a couple oiof minutes. Best thing though was the next night it was still unlocked. Stupid is as stupid does! 47. Chris September 22nd, 2006 8:27 am ATM Tech If the thief had used the “clear jounal” option would there be any way to trace who had done this?

48. NightStalker September 22nd, 2006 12:48 pm It is hilarious, I found the master password in 5 minutes after skimming through the .pdf, and it‟s as easy as the coke machine hack. Is there a way to make the ATM think you never got any cash out, before it writes your card balance/limit to the card, like the pre-1989/1979 ATM glitch? As I understood the manual, clearing the journal just “audited” the entrys, didn‟t erase them. Is there a way to erase the entrys? Can you “load” the bill-transporter, and THEN purge it? Would make for a hell of a way to get money without having to insert a card. 49. slavo September 22nd, 2006 12:54 pm A nema niekto aj manual pre slovenske bankomaty? 50. jack- September 22nd, 2006 4:18 pm fuck yourself with your pathetic blog and die… dont give advices for the machine operators you fool because I cant use these passwords then, I sick of kiddies like you who belive they are big hackers and do social things like this, fuck man… you are nothing more than a pathetic [expletive removed], peoples like you screw the internet, thanks. 51. NightStalker- September 22nd, 2006 5:14 pm You‟d better not be talking to me, [wah!] 52. jack- September 23rd, 2006 11:17 am yeah then what? I will skin your [wah!] after I [wah wah!] her then I put a shotgun to your [wah wah wah] and rip off your [wah!] head, after that I torture and [wah wah wah wah] your whole family if you open your mouth again [wah!]… 53. retards September 24th, 2006 5:37 am why are you all so suprised? 54. NightStalker- September 24th, 2006 10:22 am jack, [wah!] your mothers [wah! wah!]. 55. Ma petite parcelle d'Internet... September 24th, 2006 2:58 pm Quand le DAB qui perd la boule… Un distributeur de billets qu‟on peut reprogrammer pour donner des billets de 20$ la place de ceux de 5$, juste en en tapotant sur le clavier, vous y croyez ? C‟est pourtant ce qui s‟est produit r cemment en Virginie, aux tats-Unis. )

56. halfkoreanstudmuffin September 24th, 2006 9:41 pm whoa, that‟s one clever sonofabitch! lol. 57. [Wah!] Jake's Mom September 25th, 2006 10:47 am Hell yes I believe it, in fact the woman who issued me my first VISA card, took me OUT TO THE ATM, and put the card in, and PRESSED THE KEYS to bring up a SPECIAL MENU, in which she ACTIVATED MY VISA. 58. ATM Tech September 26th, 2006 1:35 am @ Chris, Yes, you can still get hold of a copy of the TRANSACTION journal from the switch which links the bank‟s computer to the ATM. However, the transaction journal does not include terminal-only entries like power on/off, change of receipt layout or changes to passwords. Dial-up machines like the Minibank only communicate with the switch (and bank‟s computers) when there is something “interesting” happening, like a request for cash to be dispensed. 59. mrskin October 1st, 2006 1:53 am This reality stuff is scary. 60. Chico October 2nd, 2006 9:04 am For all those who have “found” the manual. Isn‟t there a switch that needs to be flipped before you can enter the “Master Password” I serviced many different types of ATM machines, and they all had a service switch/key that was located under a locked hood on the stand alone models or in the rear of the machine on the through the wall modeld. This switch needed to be activated before anyone could go into diagnostic or programming modes. I think there is more to this story that is being left out. Perhaps the armored car company, left the machine in service mode, or the thief did more than just enter a password. 61. Chico October 2nd, 2006 9:34 am Wow, I found out for myself. The manual is out there still, but you have to view it as HTML, to get the cached version of it. What a piece of Garbage. I remember seeing the prototype of the Tranax at the BAI trade show in Dallas somewhere around 1999. It‟s a real Rube Goldberg contraption. I believe this thing was developed in some guys garage. It cannot be compared to the real ATMs that are made by Diebold, NCR, and Fujitsu which are remarkably secure and reliable. 62. The Lazy Genius October 2nd, 2006 3:26 pm ATM Hack Uncovered *Working Link Update* A security expert in New York has learned how to get free money from some ATMs by entering a special code sequence on the PIN … 63. Blank October 7th, 2006 5:02 am

With everyone wanting to get ahold of the manual now, it raises a question since I received mine in about 2 minutes. Am I the only one with access to Google? 64. Dan Walter December 29th, 2006 11:23 pm Mmmmm… all of this makes me think of the disaster Diebold has going with their electronic voting machine! If it‟s electronic you can bet your „arse‟ someone can manipulate it. 65. FBI February 3rd, 2007 11:30 am you are a fucking stupid arsehole nothing but a typical deadbeat scamming bastard just close this site down Ill report you son of a bitch to the FBI for money laundering and fraud you‟ll get 10 years I have copied this website for proof and have your IP adress and adress details and thats all proof they need to aresst your scamming arse , just a reminder when your in prision dont drop the soap 66. Thomas Ptacek February 3rd, 2007 11:38 am I‟m so sorry! 67. Dan Walter February 9th, 2007 8:00 pm “FBI” needs to take advantage of our public school system before he(she?)makes any sort of legal declarations. “DUH” would be a better handle. :O/ 68. ATM Guy March 22nd, 2007 2:16 pm I work on and program these machines every day. There is a fact you are missing. You can program whatever denomination of bill you want into the machine, however the processor the machine dials into and connects to has to have the matching amount programmed in. If it is set at the processor server end to $20, you can enter $5, $10 whatever the hell you want, it still knows it should have $20‟s in it. The average layman or even medium tech aware can do little more than screw the machine up by going into management and playing with settings. 69. ATM Guy March 22nd, 2007 2:20 pm >What a piece of Garbage. I remember seeing the >prototype of the Tranax at the BAI trade show in >Dallas somewhere around 1999. It‟s a real Rube >Goldberg contraption. I believe this thing was >developed in some guys garage. It cannot be >compared to the real ATMs that are made by Diebold, >NCR, and Fujitsu which are remarkably secure and >reliable. The Tranax machine is by far the best 3rd party bank machine made. It is professionally made, well designed and operates flawlessly. We operate a large number of these. I would rather own these than the others you mention, which I have also worked on.

70. Dan Walter March 29th, 2007 5:27 pm What is this blog about? I scroll and find a bunch of kids making asinine threats to one another. Are any of you nitwits older then say 13? 71. Thomas Ptacek March 29th, 2007 5:32 pm Yes. But not by much.

Leave a reply
name (required)

email ( will not be shown ) (required)


Submit Comment

New To Our Blog?
Start here for what we're all about, our "beat", and some of our favorite posts.

Search this site

People We Are
    

Thomas Ptacek Window Snyder (Emeritus) Jeremy Rauch Dave Goldsmith Dino Dai Zovi

Things We Do
  

Security services: design, code, and binary security review The product. Write this blog.

Things We Write About
                 

Apple Bitching About Protocols Branding Rants Defenses Development Disclosure Gatherings Guests Industry Punditry Interviews Malware Matasano Navel Gazing New Findings Reversing Slashdot Rounddown This Old Vulnerability Uncategorized

People We Read

                  

Adam Shostack & Friends Security, privacy, says nice things about us. Amrit Williams As soon as I fix my copy of Illustrator, the PunditCon's got Amrit's name all over it. Andrew Donofrio Security, NYC, says nice things about us. Bunnie Huang Reversing, hardware, could destroy us with pinky finger. Cambridge Security Lab Blog Security, privacy, society, British, must be smart. Dowd, McDonald, and Schuh The best secure coding blog, by three of the world's best code reviewers. Eric Rescorla Security, IETF punditry, wrote SSLdump. Halvar Flake Reversing, security, if you click him he'll write more. Ilfak Guilfanov Reversing, wrote IDA Pro. Jeremiah Grossman Like us, but for web application security. Ken "Skywing" Johnson Skywing made windbg bearable for us. Our favorite Win32 internals blog. Metasploit Team Exploits, reversing, Freshmeat for vulnerabilities. Mike Rothman Excellent security market coverage. Lando to Lindstrom's Vader. Nate Lawson Nate Lawson can divide by zero. Nate Lawson can win a game of Connect 4 in just three moves. Nate Lawson counted to infinity. Twice. nCircle Team Security, vulnerabilities, high-frequency, high-quality blog. Peter Lindstrom Peter Lindstrom thinks we should be in jail. Richard Bejtlich Security, networking, the TaoSecurity guy, best network security blog. Richard Steinnon Formerly of Webroot and Gartner, now an indie security analyst. Ross Brown at eEye Marketing at eEye sounds like a fun job. We wouldn't want to manage Maiffret though.

                         

April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005

 

January 2005 December 2004



Theme fSpring, design by Fredrik Fahlstad Proudly powered by WordPress.