Juniper nixes ATM security talk
Router maker Juniper Networks has barred one of the company's security researchers from discussing security flaws in Automated Teller Machines after an ATM maker threatened legal action.
Staff Security Researcher Barnaby Jack had been set to deliver a July 30 talk entitled "Jackpotting Automated Teller Machines" at the Black Hat security conference in Las Vegas. But Jack abruptly asked conference organizers to pull the talk on Monday, according to Black Hat Director Jeff Moss. The talk has also been pulled from Black Hat's sister conference, Defcon, he added.
News of the cancellation was first reported by security news site Risky.Biz.
In a statement, Juniper said Tuesday that it made Jack withdraw the talk after an ATM vendor expressed concern that Jack's research could be misused. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research," Juniper said.
Neither Juniper nor Moss would name the ATM maker that Jack had been studying, but Juniper says it is reaching out to other vendors as well to share information.
According to Jack's description of the talk on the Defcon site, he had found a vulnerability in the underlying software used to run "a line of popular new model ATMs."
"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine," the Juniper researcher wrote. "I think I've got that kid beat."
The presentation was supposed to "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM."
According to a source familiar with the situation, Jack had been working with the vendor for the past nine months, but the ATM maker grew concerned that Jack's talk would lead to some bad publicity.
Black Hat talks have been pulled in the past because of legal threats. In 2005 researcher Michael Lynn was told by his employer, Internet Security Systems, to pull a Black Hat talk on router vulnerabilities after Cisco Systems threatened to sue him. Lynn quit and gave the talk anyway.
Within months, he was hired by Juniper.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
black hat
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
