| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Apr 2014 02:13:52 -0400 From: Jeffrey Walton <noloader@...il.com> To: Eric Rand <eric.rand@...wnhatsecurity.com> Cc: Full Disclosure List <fulldisclosure@...lists.org> Subject: Re: [FD] Bank of the West security contact? On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand <eric.rand@...wnhatsecurity.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > BoA has no incentive to switch, as the customers have not demanded > more secure ATMs, and it's cheaper to have 'hacking insurance' to > cover any losses than it would be to replace all their ATMs. Sad, but true. I doubt they have the hacking insurance, though. There's a reason US banks suffer losses at a rate of 600x that of a German bank. For the discussion, see Gutmann's Engineering Security, page 542 (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). I'm amazed that the losses get passed onto shared holders, and then executives give themselves a bonus for a job well done. Jeff > On 04/02/2014 01:30 PM, Sholes, Joshua wrote: >> And how fast would those ATM manufacturers switch to a Linux or >> other offering if, say, Bank of America said "We won't buy an ATM >> with an easily skimmable reader or with an insecure OS on it?" >> >> Diebold, for example, has a market cap of less than $3B. BoA is >> sitting around $182B. With that much leverage, the big banks have >> NO excuse to just accept whatever crap the vendors shovel out the >> door. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists