JaBbA's Hut

Diebold used to build their ATMs on OS/2. I know this because early in the process of using OS/2 they called me in (I was a local OS/2 guru in NE Ohio) to help with some networking problems they had in their development network. OS/2 was stable and powerful. Unfortunately, it was also backed by the worst marketing fiasco since New Coke (actually, worse. Coke is still around).

So they switched to Windows. NT 3.51 to start with (ok, it was stable, even if it's networking capabilities sucked). Then NT4.

Well, early this year, they started rolling out ATMs using Embedded XP. If course, they had to - thanks to Bill's planned obsolescence, NT4 isn't going to be supported soon.

Now, when designing single-purpose appliances, it makes sense to use a single purpose OS - a cleaner code base, tighter code, better performance. Of course, XP is anything but a single purpose OS. It includes all kinds of services that ATMs dont need.

Like DCOM.

Yup. Reports came out this week that ATMs at 2 banks running the new OS got infected with Nachi. They started slamming the internal networks with probes, and the bank's IDS sensors picked it up and cut them off - shutting them down and making them unavailable.

So we've got at least 2 big mistakes here:

- Using a general purpose OS for a single purpose application

- Connecting a highly critical, supposedly secure network (the ATMs) to a general purpose network, which is, in turn connected to the Internet.

Feel safe yet?

Oh, yeah. Diebold is the leading vendor of electronic voting machines. Yeah, this just keeps getting better.