let me be clear. If I had a desktop in that XPe ATM (unlikly), and that desktop had IE/FF/etc (highly unlikly), I could get to www.google.com on some networks. Certinally the outbound is going through a router and firewall and some web proxy, and there is no direct inbound path to that machine.
Lest you say that it is "only" a web proxy, I have seen some (misconfigured devices) inside a LAN hit my internet facing NTP server. You can't tell me that their networks are isolated islands of security when NTP can leak out. Certinally not every network allows this. But it does happen, That number is more than zero, and I am not caging my response to hide that I am only talking about one. The vector is LAN(infected desktop) to LAN/WAN pounding at any ip it can find, be it another desktop, or an ATM. ----- Original Message ----- From: "der Mouse" <[EMAIL PROTECTED]> To: <funsec@linuxbox.org> Sent: Tuesday, March 18, 2008 10:27 AM Subject: Re: [funsec] Windows-based cash machines 'easily hacked' >> "can they" the ATM, reach the internet. no, I really doubt they >> could, as I've said before, they are XPe. One would hope they didnt >> compile in IE into the runtime.. > > Surely you're not under the delusion that "the Internet" equals the > Web? Or that the only way to speak over the Internet is with IE? > > /~\ The ASCII der Mouse > \ / Ribbon Campaign > X Against HTML [EMAIL PROTECTED] > / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
