6 Feb
2018
6 Feb
'18
11:05 a.m.
Hello!
In NYC the machines who sell MTA transit cards and refill them are
running Windows Embedded. And not the most up to date version. I've
watched them cause the classic BSOD more then once, and sometimes
worse.
The actual hardware that's delivers the cards and the single use ones
are running something else, and appear to be VME based. The whole
thing is a revolting kludge that's asking for trouble.
Oh and Dan Cross? Thank you for your service to this country, again and again.
-----
Gregg C Levine gregg.drwho8(a)gmail.com
"This signature fought the Time Wars, time and again."
On Mon, Feb 5, 2018 at 11:58 PM, Theodore Ts'o <tytso(a)mit.edu> wrote:
On Mon, Feb 05, 2018 at 05:54:57PM -0500, Dan Cross
wrote:
Speaking of things like that...This just landed
in my inbox:
http://www.mymtaalerts.com/m?78F2F
The metrocard vending machines in the NYC subway are little PCs. I could
swear I've seen either an OS/2, Windows, or Linux startup sequence on one
or more of them before (maybe all three).
Anyway, what do you want to bet that the MTA is making people go around
with media and manually install updates for Spectre/Meltdown across the
transit system?
No bet. How much do you want to bet the MTA isn't bothering to update
gazillions of *other* already published and known security holes that
were zero days years ago? Holes that are probably *Way* easier to
exploit than those using Spectre/Meltdown?
If it's anything like the MBTA in Massachusetts their security is
limited to trying to sue graduate students[1] in an attempt to impose
prior restraint on their research (and including the presentation[2]
as an exhibit on the lawsuit and letting it be published on the
court's website for all to see?).
[1] https://en.wikipedia.org/wiki/Massachusetts_Bay_Transportation_Authority_v.…
[2] http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf
- Ted