Automated Teller Machines

[Ben Scott]

On Sat, Aug 2, 2008 at 9:20 PM, Curtis Sandoval
<curtis.sandoval at gmail.com> wrote:
> Anyway, I wondered if there were any efforts to develop a Linux like
> OpenBSD or similar that was all but impenetrable and could run
> on minimal resources to produce an open-source and secure
> platform for banks ...

  Not that I don't like the thought, but I think you're missing some
key aspects of the situation:

  1. Most of the insecurities around cash machines stem from poor
understanding of security issues at the application layer.  The OS is
almost irrelevant.  It's not like Windows XP or Linux have cash
dispensing routines.  (Windows tends to consume cash, not dispense it,
hah hah.)

  2. Historically, banks have depended almost entirely on physical
methods and isolation for security, not higher level protections.
ATMs do typically resemble a strong box or bank vault, so this isn't
entirely an unrealistic approach.

  3. "minimal resources" isn't the concern these days.  Hardware is
cheap.  Banks are most concern with the organization which is
providing the equipment and software -- the level of support they can
provide, and their established reputation.  Fundamentally, banks
function based on reputation; this leads them to be very suspicious of
newcomers.

  Simply throwing Linux at the problem isn't likely to work.

-- Ben