Re: [FD] [Full-disclosure] Bank of the West security contact?

[Jeffrey Walton <noloader@xxxxxxxxx>]

On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand
<eric.rand@xxxxxxxxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> BoA has no incentive to switch, as the customers have not demanded
> more secure ATMs, and it's cheaper to have 'hacking insurance' to
> cover any losses than it would be to replace all their ATMs.
Sad, but true. I doubt they have the hacking insurance, though.

There's a reason US banks suffer losses at a rate of 600x that of a
German bank. For the discussion, see Gutmann's Engineering Security,
page 542 (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf‎).

I'm amazed that the losses get passed onto shared holders, and then
executives give themselves a bonus for a job well done.

Jeff

> On 04/02/2014 01:30 PM, Sholes, Joshua wrote:
>> And how fast would those ATM manufacturers switch to a Linux or
>> other offering if, say, Bank of America said "We won't buy an ATM
>> with an easily skimmable reader or with an insecure OS on it?"
>>
>> Diebold, for example, has a market cap of less than $3B.  BoA is
>> sitting around $182B.  With that much leverage, the big banks have
>> NO excuse to just accept whatever crap the vendors shovel out the
>> door.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/