lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 3 Apr 2014 02:13:52 -0400
From: Jeffrey Walton <>
To: Eric Rand <>
Cc: Full Disclosure List <>
Subject: Re: [FD] Bank of the West security contact?

On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand
<> wrote:
> Hash: SHA1
> BoA has no incentive to switch, as the customers have not demanded
> more secure ATMs, and it's cheaper to have 'hacking insurance' to
> cover any losses than it would be to replace all their ATMs.
Sad, but true. I doubt they have the hacking insurance, though.

There's a reason US banks suffer losses at a rate of 600x that of a
German bank. For the discussion, see Gutmann's Engineering Security,
page 542 (‎).

I'm amazed that the losses get passed onto shared holders, and then
executives give themselves a bonus for a job well done.


> On 04/02/2014 01:30 PM, Sholes, Joshua wrote:
>> And how fast would those ATM manufacturers switch to a Linux or
>> other offering if, say, Bank of America said "We won't buy an ATM
>> with an easily skimmable reader or with an insecure OS on it?"
>> Diebold, for example, has a market cap of less than $3B.  BoA is
>> sitting around $182B.  With that much leverage, the big banks have
>> NO excuse to just accept whatever crap the vendors shovel out the
>> door.

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists