Security Hole in Citibank ATMs Underscores Larger Security Flaws
Jul 3, 2008, News Report
Found in: Security
TraceSecurity disclosed today that the case of Citibank customers whose funds were hacked via the connection between ATMs and third parties processing their PIN codes, are just the tip of the iceberg when it comes to the overall security and compliance of the networks that process ATM transactions. Over the past five years, TraceSecurity personnel have uncovered thousands of un-patched ATM processing servers while performing routine security compliance inspections. The company is responsible for performing annual audits and inspections for firms in the financial services space to ensure they are complying with industry and government regulations that help protect consumers' sensitive data as well as the funds in their accounts.
"Most people's home personal computers are better protected from malicious hackers than many ATM servers," remarked Jim Stickley, CTO and vice president of strategy and solutions at TraceSecurity. "Financial institutions are failing to perform patch updates to ATM servers often because third party vendors aren't approving the patches to be applied to systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems such as Microsoft, which are used by many ATM solutions available today."
In addition, the company has found that many financial institutions are not placing their ATM servers into secured private segments on the network. This means that anyone with basic access to the network can eavesdrop on the data and transactions being processed by the ATMs and hack away at un-patched services. Officials recommend that ATMs should always be segmented onto their own network segments with tight access controls in place.
Stickley added, "Financial institutions need to do a much better job at setting up their network infrastructure. Unfortunately many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case."
If You Liked This Article, You May Also Like...
Related Products and Services
Latest News in Security
- IRS Selects Disaster Recovery Support Tool
- RFID: From Fish to Flowerpots
- Companies Continue to Overlook Evolved Virus Attacks
- FBI Warns of E-mail Relief Scams Following Hurricane Gustav
- New Software Equips Laptops with Remote Data Destruction Capability
- Reading, Pa., Deploys Citywide Wireless Surveillance Network
- California Announces New State Archives Collections
- Tarrant County honored for Electronic Check Deposit System
- Cyber-Attackers Target Web Applications, Study Says
- Report Claims Information Management Mistakes Wreak Havoc in the Public Sector
Latest Government Technology News
- Judge Not Lest Ye Get an Online Report Card - Sep 5
- RFID: From Fish to Flowerpots - Sep 5
- Maine Authority Awards $1.75 Million for Broadband Buildout - Sep 5
- U.S. Government Providing All Hazards Alert Radios for Nation's Schools - Sep 4
- City University of New York to Form Open Source Solutions Lab for Government - Sep 4
Industry Solutions for Government
Read real world deployments of technology in government from our sponsors.
View All Industry SolutionsMarketplace
brought to you by:
Find out the Survey Results to date
SF Health Plan
Yes! I would like more information about CA's solutions for Government.
IT Governance
IT Network Management: State and Local Governments Face New Challenges Network and voice management tools help agancies get optimum performance from today's increasingly complex networks.
IT Governance: Making the Difference in Cities, Counties and States Project and portfolio management helps government respond to old and new challenges. Featuring case studies from California Department of Agriculture, New York City, and Oakland County, Michigan.
CA Network & Voice Management Solution Brief Integrated, fault and performance management for end-to-end service assurance of multi-vendor, multi-technology converged networks.
University Safeguards Wired & Wireless Access CA's Network ensures availability & performance of key systems with single, unified view.
The Power of IT Helps Oakland County, Michigan, Develop a High-Tech Future CA helped Oakland County implement effective IT Governance and Service Management Solutions to support the evolution of their economy.
Enterprise Management
Success Stories: San Francisco Health Plan San Francisco Health Plan helps more people access affordable healthcare by simplifying IT management
Success Stories: Social Services Agency, County of Santa Clara County of Santa Clara improves the quality of social services with simplified IT management
Solution Brief: Service Availability Management The CA Service Availability Management solution correlates events across a broadrange of IT domains; enabling you to solve problems faster, drive down costs and expedite time to value.
Risk Compliance and Best Practices
Network and VoiceManagement for Evolving Business IT management specialist CA provides a foundation for delivering the value of unified network and voice management
By applying new levels of consolidation, automation and insight, dynamic Business Svc Mgt delivers improved service levels and cost controls
Deploying the CMDB for Change & Configuration Management The Configuration Management Database (CMDB) plays a critical role within the ITIL framework.
IT Service Management Process Maps Select your route to ITILĀ© Best Practice
Business Service Management Links IT Services To Business Goals Adopting a process-centric approach to IT, applying ITILĀ® best practices and building a service-oriented team culture
Video, Security Podcasts, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE SubscriptionTexas Technology Magazine
Texas Technology Magazine provides technology news and solutions to the Texas public sector community.
Get FREE Subscription
