Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

Posted by John B. Frank Thursday, July 2, 2009

The day before yesterday, in a post entitled: "How to Hack an ATM Live Onstage, Pulled from Black Hat Event" I talked about the decision by Juniper to postpone the presentation.  The talk, which would have revealed flaws in theautomated teller machines (ATM) of an undisclosed vendors, will bepostponed until the vulnerabilities are fixed, Juniper said in astatement. The original description of the presentation stated that theresearcher, Barnaby Jack, would "retrace the steps I took to interfacewith, analyze, and find a vulnerability in a line of popular new modelATMs," and would "explore both local and remote attack vectors, andfinish with a live demonstration of an attack on an unmodified, stockATM."

Here's more directly from  Juniper's Blog

Juniper’s Decision To Postpone “Jackpotting Automated Teller Machines”

Yesterday, Juniper postponed a scheduled Blackhat USA 2009 presentation by one of our employees, Barnaby Jack, entitled "Jackpotting Automated Teller Machines." This decision has grabbed the attention of the press, the Twittersphere and Blogosphere, and understandably so.

The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public. To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen.

Therefore, we felt it our responsibility to delay the presentation until all those protection measures were put into place. Unfortunately, there isn't enough time before Blackhat to make that happen.

We did not arrive at this decision easily. Indeed, we feel that Barnaby's research is important, vital to the advancement of the state of security and should be discussed in an open forum. However, Juniper is also committed to the responsible disclosure of security vulnerabilities, and to protecting the public from them.

We look forward to sharing our findings with the security community in time and, rest assured, we will.
Related articles by Zemanta
Reblog this post [with Zemanta]

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio