http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tpl

I don't have ADD. I was just... OMG a waffle!

I just had a flashback to 1999...

It's not censorship. It's enforcing the castle doctrine by protecting my property and family.

And funions, man. Yeah....

Don't use your cisco gear to manage dhcp. It's better utilized doing it's primary function of routing and switching. Set up a Linux box to do dhcp. Setup multiple subnets and use the "ip helper-address" command on the interfaces of your Cisco router's to forward the dhcp requests to your Linux dhcp server. It's simple to do. Once upon a time I setup a 5000k node network doing that very same thing.

I work in the industry and deal with it every day. It's as easy as reading the technical documentation on any ATM.

If you tamper with the software or the hardware of the pinpad, it goes belly up and has to be replaced. At which time you also have to load new encryption keys into the ATM.

The problem with making the ATM storage read only is that you have to configure the device. There are a lot of configuration settings that have to be changed out of the box, with some of them specific to the ATM itself and to the processing company that it's using to process transactions through.

The ATM also keeps a electronic journal of all of the ATM's activity. It's kind of like a flight data recorder (black box). You have to have writable storage for that.

I go along the lines that ATM security standards are BOTH not being met and terribly inadequate.

One of the bigger rackets going on last year, with ATM's, was in San Francisco. An ATM provider were placing cheap ATM's with a money catch tray on street corners. Bum's would come along and stuff paper wads up into the catch tray so that the money wouldn't drop down when a person ran a transaction. Periodically through out the day the bum's would go and collect the money that never dispensed.

I think that this story is half bogus. PIN numbers aren't stored on a debit card. They are stored on a server located at a transaction network, that a bank uses to process their card base. When a PIN number is typed into an ATM machine it is automatically encrypted by a 3DES encryptor on the PIN pad. It's NEVER in clear text. The ATM machines and ATM transaction processing companies use a pivate/public key encryption system. At least in the USA, the only part of a transaction that is encrypted down the wire is the PIN number between the ATM machine and transaction network. If the data is sent over the internet, the transaction is encrypted via a IPSEC tunnel or SSL. I have not seen an ATM machine that runs on Windows XP. Most of the newer ATM machines run on Windows CE. It would be trivial to sniff the network and grab card numbers if you had access to the network that the transaction was running across, but the PIN number would be much tougher to get. It's would be a little more complicated to get the card information based upon a device or software installed on the ATM to grab the card number as it's being swiped in the card reader. IF you could do that, then you could also get the track2 data that is loaded on to the card. That information consists of the card holders name and address. Basically, I'm claiming BS on the article, as I see it as hype.

In the US, the only part of the transaction that is encrypted is the PIN number. All other information sent between the ATM and the card holders bank is sent in clear text. Some other countries require that the entire conversation between the ATM and card holders bank be encrypted, but I digress. The original encryption between the ATM and the host processing server is a 3DES private/working key system. I'm not entirely sure the encryption between processing networks (star, plus, pulse, etc) and between processing networks and banks, but there are many networks and many more banks. Having some sort of system that required the networks and banks to share working keys of 300,000+ ATM's in the US would be a major undertaking and would require some major cooperation between companies who are in reality competitors. I personally don't see that happening, unless companies like Mastercard or Visa start requiring it. Beyond that, there are other encryption systems in place for TCP/IP based ATM terminals the utilize SSL and IPSEC for communication over the Internet to a host processing server.

Erm, the government wasn't proactive in preventing the depression. They were very reactive, after the fact.