• Isn't life wonderful

    From Chris Elvidge@3:770/3 to All on Tue Sep 5 15:19:14 2023
    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    --

    Chris Elvidge, England
    I WILL NOT FAKE RABIES

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Marco Moock@3:770/3 to All on Tue Sep 5 17:01:42 2023
    Am 05.09.2023 um 15:19:14 Uhr schrieb Chris Elvidge:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    And that is called security?
    For me it looks like bank's security isn't real security if that can be disabled with a product that can be bought by everyone.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Ahem A Rivet's Shot@3:770/3 to Marco Moock on Tue Sep 5 17:37:56 2023
    On Tue, 5 Sep 2023 17:01:42 +0200
    Marco Moock <mo01@posteo.de> wrote:

    Am 05.09.2023 um 15:19:14 Uhr schrieb Chris Elvidge:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    And that is called security?
    For me it looks like bank's security isn't real security if that can be disabled with a product that can be bought by everyone.

    Many things can be broken with the aid of a battery powered drill
    or angle grinder that anyone can buy.

    The article talks about interception or tapping so it sounds like
    they managed to tap the link between the ATM and the bank and figure out
    how to fake a bank's OK response to the request from the ATM using a Pi to
    do the work.

    Chances are the bank was depending on the line being secure rather
    than using good encryption to provide secure communications over an insecure line.

    --
    Steve O'Hara-Smith
    Odds and Ends at http://www.sohara.org/
    Host: Beautiful Theory meet Inconvenient Fact
    Obit: Beautiful Theory died today of factual inconsistency

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to Ahem A Rivet's Shot on Tue Sep 5 20:52:58 2023
    Ahem A Rivet's Shot <steveo@eircom.net> writes:
    Chances are the bank was depending on the line being secure rather
    than using good encryption to provide secure communications over an
    insecure line.

    Banks have been aware of the need to encrypt communications for many
    decades.

    In this case:

    | According to court records, the three used a device called a
    | “raspberry pi” that is plugged into ATMs and deactivates its security
    | systems so they could remove the cash drawer.

    My guess is they compromised some kind of software-controlled electronic
    lock.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From druck@3:770/3 to Chris Elvidge on Tue Sep 5 22:27:34 2023
    On 05/09/2023 15:19, Chris Elvidge wrote:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    Don't wander around at night carrying a Raspberry Pi or you might be
    arrested for "going equipped"!

    ---druck

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Adrian Caspersz@3:770/3 to Richard Kettlewell on Wed Sep 6 06:12:34 2023
    On 05/09/2023 20:52, Richard Kettlewell wrote:
    Ahem A Rivet's Shot <steveo@eircom.net> writes:
    Chances are the bank was depending on the line being secure rather
    than using good encryption to provide secure communications over an
    insecure line.

    Banks have been aware of the need to encrypt communications for many
    decades.

    In this case:

    | According to court records, the three used a device called a
    | “raspberry pi” that is plugged into ATMs and deactivates its security
    | systems so they could remove the cash drawer.

    My guess is they compromised some kind of software-controlled electronic lock.


    My guess is that the ATMs were the on-third-party premises kind. They
    are available second-hand in an uncontrolled market, and various online
    videos have surfaced showing teardowns - for which some study has
    revealed software exploits.




    On the subject of ATMs

    Funny true story
    "The ATM Glitch That Made a Millionaire" https://www.youtube.com/watch?v=m4Fi_a9QATM

    --
    Adrian C

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Marco Moock@3:770/3 to All on Wed Sep 6 12:50:20 2023
    Am 05.09.2023 um 20:52:58 Uhr schrieb Richard Kettlewell:

    | According to court records, the three used a device called a
    | “raspberry pi” that is plugged into ATMs and deactivates its
    security | systems so they could remove the cash drawer.

    Why is it possible to plug something in without having to crack a door
    open or similar?
    Why isn't the software access directly at the hardware secured by a
    password?

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to Marco Moock on Wed Sep 6 12:49:18 2023
    Marco Moock <mo01@posteo.de> writes:
    schrieb Richard Kettlewell:
    | According to court records, the three used a device called a
    | “raspberry pi” that is plugged into ATMs and deactivates its security >> | systems so they could remove the cash drawer.

    Why is it possible to plug something in without having to crack a door
    open or similar?

    Maybe they did crack a door open. The information presented is very
    thin.

    Why isn't the software access directly at the hardware secured by a
    password?

    Maybe it is, and the Pi was somehow involved in bypassing that.

    Another possibility would be authentication based on some physical token
    (e.g. a smartcard) with the Pi emulating it and attacking the control
    software via that channel.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Martin Gregorie@3:770/3 to Marco Moock on Wed Sep 6 12:13:50 2023
    On Wed, 6 Sep 2023 12:50:20 +0200, Marco Moock wrote:

    Am 05.09.2023 um 20:52:58 Uhr schrieb Richard Kettlewell:

    | According to court records, the three used a device called a |
    “raspberry pi” that is plugged into ATMs and deactivates its security | >> systems so they could remove the cash drawer.

    Why is it possible to plug something in without having to crack a door
    open or similar?

    Because the ATM is designed to be installed in a secured room? The only
    think anybody needs to enter it for is the stuff more cash into its cash
    drawer (or in India, where ATMs typically can accept as well as pay out
    cash), to remove incoming cash from its deposit drawer.

    Why isn't the software access directly at the hardware secured by a
    password?

    No need. You typically need a physical key to access the cont of the ATM's
    cash drawer(s). Each ATM is run by its own copy of a fairly dumb finite
    state machine (FSM), which knows just enough to run its display, handle
    the smartcard reader and interpret the punter's key presses. The ATM's controlling FSM is in turn overseen by an ATM network management process running on a bigger box back at head office.


    --

    Martin | martin at
    Gregorie | gregorie dot org

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Martin Gregorie@3:770/3 to Martin Gregorie on Wed Sep 6 12:39:36 2023
    On Wed, 6 Sep 2023 12:13:50 -0000 (UTC), Martin Gregorie wrote:

    On Wed, 6 Sep 2023 12:50:20 +0200, Marco Moock wrote:

    Am 05.09.2023 um 20:52:58 Uhr schrieb Richard Kettlewell:

    | According to court records, the three used a device called a |
    “raspberry pi” that is plugged into ATMs and deactivates its security >>> |
    systems so they could remove the cash drawer.

    Why is it possible to plug something in without having to crack a door
    open or similar?

    Because the ATM is designed to be installed in a secured room? The only
    think anybody needs to enter it for is the stuff more cash into its cash drawer (or in India, where ATMs typically can accept as well as pay out cash), to remove incoming cash from its deposit drawer.

    Why isn't the software access directly at the hardware secured by a
    password?

    No need. You typically need a physical key to access the cont of the
    ATM's cash drawer(s). Each ATM is run by its own copy of a fairly dumb
    finite state machine (FSM), which knows just enough to run its display, handle the smartcard reader and interpret the punter's key presses. The
    ATM's controlling FSM is in turn overseen by an ATM network management process running on a bigger box back at head office.

    I should have added that, at least back in the 90s when I was dealing with
    ATM networks and the software that interfaces that network to the
    financial system the ATM network is front-ending, the network was
    typically using X.25 or SDLC (if connected to an IBM box).

    I'd imagine the RPi was being used to emulate an idle ATM while the actual ATM's cash drawers were being emptied: because it would be normal for an
    ATM to report access to its cash drawer(s) to the network manager both as
    a security check as well as to report events such as the machine running
    out of cash to the network operators. The short disconnections while the
    RPi was plugged in and removed would typically be reported as network
    blips but otherwise ignored because the ATM network protocols are
    typically fairly fault tolerant.


    --

    Martin | martin at
    Gregorie | gregorie dot org

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From R.Wieser@3:770/3 to All on Wed Sep 6 14:24:44 2023
    Marco,

    Why is it possible to plug something in without having to crack a door
    open or similar?
    Why isn't the software access directly at the hardware secured by a
    password?

    How come you think that neither (door, password) was present ? What's your underbuilding for it ?

    Also, what makes you think they "plugged something in" to begin with ? The security-system "hacking" intruders on TV always seem to be using "alligator clip" wires connected to some gizmo they bring with them.

    In this case the Pi /could/ have been connected to a dummy bank card (with a thin flat cable) and used to emulate a special kind of smart-card. Who
    knows ...

    IOW, when thinking about *possibilities*, be carefull not to put them
    forward as if they are facts (and /especially not/ post complaints based on such "facts").

    Regards,
    Rudy Wieser

    P.s.
    You might like the below link :
    https://krebsonsecurity.com/all-about-skimmers/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Marco Moock@3:770/3 to All on Wed Sep 6 16:06:26 2023
    Am 06.09.2023 um 12:49:18 Uhr schrieb Richard Kettlewell:

    Another possibility would be authentication based on some physical
    token (e.g. a smartcard) with the Pi emulating it and attacking the
    control software via that channel.

    A good concept of that is that such a card carries information like a certificate or a password, so simply emulating such a card cannot go
    around the normal authentication.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From mm0fmf@3:770/3 to Chris Elvidge on Wed Sep 6 17:59:34 2023
    On 05/09/2023 15:19, Chris Elvidge wrote:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm


    <pedant>

    Robbery is stealing something from someone by using force or threatening
    to use force.

    So it should be "raspberry-pi-used-to-steal-from-atm"

    </pedant>

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to R.Wieser on Wed Sep 6 18:42:58 2023
    "R.Wieser" <address@is.invalid> writes:
    Also, what makes you think they "plugged something in" to begin with ?

    That’s what the reporting says. Whether it’s accurate or not I can’t
    say, but that’s what we’ve got to work with.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From R.Wieser@3:770/3 to All on Wed Sep 6 20:06:24 2023
    Richard,

    Also, what makes you think they "plugged something in" to begin with ?

    That's what the reporting says. Whether it's accurate or not I can't
    say, but that's what we've got to work with.

    I've read the linked article, and all it says is "nor was it confirmed how
    the Pis were used beyond as tools to bypass security somehow". IOW, no "plugged in" of any kind mentioned. For all I know they used it as a wedge
    to keep the cash drawer open. :-)

    Yes, I did read that article. Though alas, the "EverythingLubbock" link
    just shows an "not available in your region" page to me.

    Regards,
    Rudy Wieser

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From mm0fmf@3:770/3 to All on Wed Sep 6 18:26:12 2023
    On 06/09/2023 18:24, mm0fmf wrote:
    On 05/09/2023 15:19, Chris Elvidge wrote:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    OK, all done.

    Remember SMS spotting has a per spot cost to SOTA and so it should be
    used only when your mobile internet connection is not available at the summit.


    73
    Andy
    How did that get there and not in an email. :-(

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From mm0fmf@3:770/3 to Chris Elvidge on Wed Sep 6 18:24:04 2023
    On 05/09/2023 15:19, Chris Elvidge wrote:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm

    OK, all done.

    Remember SMS spotting has a per spot cost to SOTA and so it should be
    used only when your mobile internet connection is not available at the
    summit.


    73
    Andy

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Jim H@3:770/3 to martin@mydomain.invalid on Wed Sep 6 18:45:42 2023
    On Wed, 6 Sep 2023 12:13:50 -0000 (UTC), in
    <ud9qdu$2dslj$1@dont-email.me>, Martin Gregorie
    <martin@mydomain.invalid> wrote:

    [ snip ]

    Each ATM is run by its own copy of a fairly dumb finite
    state machine (FSM), which knows just enough to run its display, handle
    the smartcard reader and interpret the punter's key presses. The ATM's >controlling FSM is in turn overseen by an ATM network management process >running on a bigger box back at head office.


    Really? I had a drive thru ATM reboot on me once, The boot screen said
    it was running Windows. Any chance it was a case of a bigger box way
    back at the head office rebooting and displaying a reboot screen on
    that ATM. Not a chance! The bank was Synovis.
    --
    Jim H

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From druck@3:770/3 to Martin Gregorie on Wed Sep 6 21:40:10 2023
    On 06/09/2023 13:13, Martin Gregorie wrote:
    Each ATM is run by its own copy of a fairly dumb finite
    state machine (FSM), which knows just enough to run its display, handle
    the smartcard reader and interpret the punter's key presses. The ATM's controlling FSM is in turn overseen by an ATM network management process running on a bigger box back at head office.

    That's how they were originally, but these days some run Windows (often
    out o support versions) and serve advertising while you try to get your
    cash out. They offer the a huge range of world class vulnerabilities
    that only Microsoft can provide.

    ---druck

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Ahem A Rivet's Shot@3:770/3 to Jim H on Wed Sep 6 21:24:28 2023
    On Wed, 06 Sep 2023 18:45:43 +0000
    Jim H <invalid@invalid.invalid> wrote:

    Really? I had a drive thru ATM reboot on me once, The boot screen said
    it was running Windows.

    A good many of them were running Windows NT when Microsoft ended support - ISTR hearing the banks negotiated a support extension.

    That being said this doesn't invalidate the claim that they run a fairly dumb FSM (flying spaghetti monster) under Windows NT.

    --
    Steve O'Hara-Smith
    Odds and Ends at http://www.sohara.org/
    Host: Beautiful Theory meet Inconvenient Fact
    Obit: Beautiful Theory died today of factual inconsistency

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From druck@3:770/3 to R.Wieser on Wed Sep 6 21:48:00 2023
    On 06/09/2023 13:24, R.Wieser wrote:
    In this case the Pi /could/ have been connected to a dummy bank card (with a thin flat cable) and used to emulate a special kind of smart-card. Who
    knows ...

    When I was working with Richard K we had some pen testers give a talk on
    how they discovered how to program a smart card to compromise a mobile
    payment terminal. They demonstrated this by making the payment terminal
    play space invaders when the card was inserted.

    So it's not beyond imagination that a doctored smart card connected to a Raspberry Pi could exploit a vulnerability in an ATM. It them may have
    been possible to dispense cash without debiting their own accounts.

    ----druck

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Martin Gregorie@3:770/3 to Jim H on Wed Sep 6 20:49:30 2023
    On Wed, 06 Sep 2023 18:45:43 +0000, Jim H wrote:

    On Wed, 6 Sep 2023 12:13:50 -0000 (UTC), in
    <ud9qdu$2dslj$1@dont-email.me>, Martin Gregorie
    <martin@mydomain.invalid> wrote:

    [ snip ]

    Each ATM is run by its own copy of a fairly dumb finite state machine >>(FSM), which knows just enough to run its display, handle the smartcard >>reader and interpret the punter's key presses. The ATM's controlling FSM
    is in turn overseen by an ATM network management process running on a >>bigger box back at head office.


    Really? I had a drive thru ATM reboot on me once, The boot screen said
    it was running Windows.

    There are several ATM manufacturers, and anyway the models I worked on in
    the late '80s and '90s are quite unlikely to be around now. I forget who
    made the ATM varieties I was familiar with or what, if any OS, their FSMs
    or equivalent ran on: its quite likely that some ATM makes and models ran
    under Windows.

    Similarly, the ATM network management server which interfaced the
    financial system to the ATM network and managed ATM states did the same:
    this was the software I mostly worked on in the '90s. It ran on NCR's
    Intel 386 boxes under their proprietary UNIX flavour.

    Most of the ATM management and interfacing software was C code though some chunks of that was written in MicroFocus COBOL. These ATM networks were
    often quite small, with the financial software written in RPG3 (UGH!!) and running on IBM AS/400 midrange kit: I liked the AS/400s despite the RPG3.
    They were dead reliable and OS/400 had a really nice scripting language,
    they though the standard text editor was surprisingly agricultural: the
    current Linux editors (I mainly use gedit and sometimes vi) are far more polished editing tools.








    --

    Martin | martin at
    Gregorie | gregorie dot org

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Martin Gregorie@3:770/3 to druck on Wed Sep 6 21:04:52 2023
    On Wed, 6 Sep 2023 21:40:10 +0100, druck wrote:

    On 06/09/2023 13:13, Martin Gregorie wrote:
    Each ATM is run by its own copy of a fairly dumb finite state machine
    (FSM), which knows just enough to run its display, handle the smartcard
    reader and interpret the punter's key presses. The ATM's controlling
    FSM is in turn overseen by an ATM network management process running on
    a bigger box back at head office.

    That's how they were originally, but these days some run Windows (often
    out o support versions) and serve advertising while you try to get your
    cash out. They offer the a huge range of world class vulnerabilities
    that only Microsoft can provide.

    Sure. I haven't touched any of that stuff since 2000, and as I said, even
    then I was more concerned with the software managing the ATM network and interfacing it to the financial system it was front ending. Thats where virtually all the client-specific custom code was situated.


    --

    Martin | martin at
    Gregorie | gregorie dot org

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Ahem A Rivet's Shot@3:770/3 to druck on Thu Sep 7 08:08:12 2023
    On Wed, 6 Sep 2023 21:48:00 +0100
    druck <news@druck.org.uk> wrote:

    When I was working with Richard K we had some pen testers give a talk on
    how they discovered how to program a smart card to compromise a mobile payment terminal. They demonstrated this by making the payment terminal
    play space invaders when the card was inserted.

    I like these pen testers, the ones I've known are much less fun
    they'd have just had it display "Penetrated" or some such boring result.

    --
    Steve O'Hara-Smith
    Odds and Ends at http://www.sohara.org/
    Host: Beautiful Theory meet Inconvenient Fact
    Obit: Beautiful Theory died today of factual inconsistency

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From candycane@3:770/3 to All on Thu Sep 7 08:10:44 2023
    Don't wander around at night carrying a Raspberry Pi or you might be arrested for "going equipped"!

    Why on earth would you be going out just carrying a rPi?

    ---------------
    user <candycane> is generated from /dev/urandom

    ... Send replies to /dev/null.
    ___ MultiMail/Linux v0.52

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From The Natural Philosopher@3:770/3 to All on Thu Sep 7 11:52:40 2023
    On 06/09/2023 17:59, mm0fmf wrote:
    On 05/09/2023 15:19, Chris Elvidge wrote:

    https://www.tomshardware.com/news/raspberry-pi-used-to-rob-atm


    <pedant>

    Robbery is stealing something from someone by using force or threatening
    to use force.

    So it should be "raspberry-pi-used-to-steal-from-atm"

    </pedant>

    Its more legal than that. Some years ago I was burgled, and they caught
    the guys.
    For my burglary, it was 'breaking and entering' and 'theft' but when
    they did the same to a young woman with a child on the premises that
    they didn't know about, the policewoman in charge of my part of the case
    wet her pants 'that's robbery with violence - 8 year stretch!'

    --
    Climate is what you expect but weather is what you get.
    Mark Twain

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Kees Nuyt@3:770/3 to All on Thu Sep 7 16:52:04 2023
    On Wed, 06 Sep 2023 19:53:56 +1300, candycane@f172.n1.z21.fsxnet
    (candycane) wrote:

    Your
    References:
    heasder is missing.
    --
    HTH

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Kees Nuyt@3:770/3 to All on Thu Sep 7 16:52:10 2023
    On Thu, 07 Sep 2023 08:10:45 +1300, candycane@f172.n1.z21.fsxnet
    (candycane) wrote:

    Your
    References:
    heasder is missing.
    --
    HTH

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to druck on Thu Sep 7 22:31:50 2023
    druck <news@druck.org.uk> writes:
    On 06/09/2023 13:13, Martin Gregorie wrote:

    Each ATM is run by its own copy of a fairly dumb finite state machine
    (FSM), which knows just enough to run its display, handle the
    smartcard reader and interpret the punter's key presses. The ATM's
    controlling FSM is in turn overseen by an ATM network management
    process running on a bigger box back at head office.

    That's how they were originally, but these days some run Windows
    (often out o support versions) and serve advertising while you try to
    get your cash out. They offer the a huge range of world class
    vulnerabilities that only Microsoft can provide.

    They’ve been using general-purpose operating systems for a very long
    time; I remember one displaying an OS/2 error screen in the mid 1990s.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Theo@3:770/3 to Martin Gregorie on Fri Sep 8 10:01:50 2023
    Martin Gregorie <martin@mydomain.invalid> wrote:
    On Wed, 6 Sep 2023 21:40:10 +0100, druck wrote:

    On 06/09/2023 13:13, Martin Gregorie wrote:
    Each ATM is run by its own copy of a fairly dumb finite state machine
    (FSM), which knows just enough to run its display, handle the smartcard
    reader and interpret the punter's key presses. The ATM's controlling
    FSM is in turn overseen by an ATM network management process running on
    a bigger box back at head office.

    That's how they were originally, but these days some run Windows (often
    out o support versions) and serve advertising while you try to get your cash out. They offer the a huge range of world class vulnerabilities
    that only Microsoft can provide.

    Sure. I haven't touched any of that stuff since 2000, and as I said, even then I was more concerned with the software managing the ATM network and interfacing it to the financial system it was front ending. Thats where virtually all the client-specific custom code was situated.

    I think you might be describing the 80s kind which had a 2 line text display (VFD?), whereas everything since has had a CRT or LCD and needed a
    'computer' to drive it, and that computer ran some kind of OS (from DOS upwards).

    The old type being this kind of thing:
    https://en.wikipedia.org/wiki/IBM_3624

    Theo

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Martin Gregorie@3:770/3 to Theo on Fri Sep 8 09:42:50 2023
    On 08 Sep 2023 10:01:51 +0100 (BST), Theo wrote:

    Martin Gregorie <martin@mydomain.invalid> wrote:
    On Wed, 6 Sep 2023 21:40:10 +0100, druck wrote:

    On 06/09/2023 13:13, Martin Gregorie wrote:
    Each ATM is run by its own copy of a fairly dumb finite state
    machine (FSM), which knows just enough to run its display, handle
    the smartcard reader and interpret the punter's key presses. The
    ATM's controlling FSM is in turn overseen by an ATM network
    management process running on a bigger box back at head office.

    That's how they were originally, but these days some run Windows
    (often out o support versions) and serve advertising while you try to
    get your cash out. They offer the a huge range of world class
    vulnerabilities that only Microsoft can provide.

    Sure. I haven't touched any of that stuff since 2000, and as I said,
    even then I was more concerned with the software managing the ATM
    network and interfacing it to the financial system it was front ending.
    Thats where virtually all the client-specific custom code was situated.

    I think you might be describing the 80s kind which had a 2 line text
    display (VFD?), whereas everything since has had a CRT or LCD and needed
    a 'computer' to drive it, and that computer ran some kind of OS (from
    DOS upwards).

    The old type being this kind of thing:
    https://en.wikipedia.org/wiki/IBM_3624

    I don't recall supporting any ATM that primitive or any with IBM stamped
    on them. AFAICR they looked remarkably like the ones you currently find at
    the front of Sainsbury's and other UK supermarkets, but with rectangular monochrome screens. I can't remember who made them or who supplied the ATM network management software we were customising except that it came from
    Texas and most of the ATM networks used X.25 protocols.


    --

    Martin | martin at
    Gregorie | gregorie dot org

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From mm0fmf@3:770/3 to Martin Gregorie on Fri Sep 8 13:07:02 2023
    On 08/09/2023 10:42, Martin Gregorie wrote:
    On 08 Sep 2023 10:01:51 +0100 (BST), Theo wrote:

    Martin Gregorie <martin@mydomain.invalid> wrote:
    On Wed, 6 Sep 2023 21:40:10 +0100, druck wrote:

    On 06/09/2023 13:13, Martin Gregorie wrote:
    Each ATM is run by its own copy of a fairly dumb finite state
    machine (FSM), which knows just enough to run its display, handle
    the smartcard reader and interpret the punter's key presses. The
    ATM's controlling FSM is in turn overseen by an ATM network
    management process running on a bigger box back at head office.

    That's how they were originally, but these days some run Windows
    (often out o support versions) and serve advertising while you try to
    get your cash out. They offer the a huge range of world class
    vulnerabilities that only Microsoft can provide.

    Sure. I haven't touched any of that stuff since 2000, and as I said,
    even then I was more concerned with the software managing the ATM
    network and interfacing it to the financial system it was front ending.
    Thats where virtually all the client-specific custom code was situated.

    I think you might be describing the 80s kind which had a 2 line text
    display (VFD?), whereas everything since has had a CRT or LCD and needed
    a 'computer' to drive it, and that computer ran some kind of OS (from
    DOS upwards).

    The old type being this kind of thing:
    https://en.wikipedia.org/wiki/IBM_3624

    I don't recall supporting any ATM that primitive or any with IBM stamped
    on them. AFAICR they looked remarkably like the ones you currently find at the front of Sainsbury's and other UK supermarkets, but with rectangular monochrome screens. I can't remember who made them or who supplied the ATM network management software we were customising except that it came from Texas and most of the ATM networks used X.25 protocols.



    NCR

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Jim H@3:770/3 to martin@mydomain.invalid on Fri Sep 8 22:36:30 2023
    On Wed, 6 Sep 2023 20:49:30 -0000 (UTC), in
    <udaokq$2dslj$3@dont-email.me>, Martin Gregorie
    <martin@mydomain.invalid> wrote:

    On Wed, 06 Sep 2023 18:45:43 +0000, Jim H wrote:

    Really? I had a drive thru ATM reboot on me once, The boot screen said
    it was running Windows.

    There are several ATM manufacturers, and anyway the models I worked on in
    the late '80s and '90s are quite unlikely to be around now. I forget who
    made the ATM varieties I was familiar with or what, if any OS, their FSMs
    or equivalent ran on: its quite likely that some ATM makes and models ran >under Windows.

    The one that rebooted on me and displayed a Windows screen did so
    maybe a year ago. If it mentioned what version of Windows, I don't
    recall.
    --
    Jim H

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)