Friday, September 29, 2006

Hacks and Cracks

Ok, enough politics for awhile; I found a couple of interesting nuggets on Bruce Schneier's blog. The first concerns Microsoft's reaction to vulnerabilities, which depends on whether they actually lose money because of the vulnerability, or not.
If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

Schneier makes the good point that Microsoft doesn't really stand to lose money from vulnerabilities in IE or Windows. So it takes its time issuing patches- unless those patches are for vulnerabilities in DRM software. Then, unsurprisingly, the patch is out there in record time, because that hole could cost it money. - Microsoft and FairUse4WM


The second bit is about hacking ATMs:
Last month, a man reprogrammed an automated teller machine at a gas station on Lynnhaven Parkway to spit out four times as much money as it should.

He then made off with an undisclosed amount of cash.

The weird thing about this is how easy it is. The manuals for the machine can be found after a couple of Google searches. The manuals include the default passwords, which seem to be rarely changed. - Programming ATMs to Believe $20 Bills Are $5 Bills