Wells Fargo recent move to web-enable ATM machines, moving from OS/2 to Windows is a bit scary.
Gartner analyst Avivah Litan said it succinctly: “not great news for the security of the system. I’m sure there’s a lot of holes that will be created because of this.”
As would be expected, Slashdot techies are having a field day with this story.
According to the ComputerWorld article, Wells Fargo’s architecture uses Java Enterprise (J2EE) to integrate the Windows-based ATMs with their back-end systems, with XML (through SOAP) to communicate between “various backup platforms”.
One Slashdot poster makes the point that “TCP/IP and HTML have been heavily stress tested” and “there are flaws but they are known and everybody and their dog has had a chance to work out flaws with them.”
True. But there’s another point. The problem isn’t necessarily in TCP/IP or HTML. The problem is in the fact that Windows is the most hacked (and hence, least secure) operating system in the world.
Call me a luddite. But I’d rather see my ATMs running some ancient proprietary, character based system, based off some old hardened Unix code. Something that script kiddies haven’t had a chance to play with, or don’t even know how.
Alex Eckelberry
President