Juniper’s Decision To Postpone “Jackpotting Automated Teller Machines”
Jun 30, 2009
Juniper postponed a scheduled Blackhat USA 2009 presentation by one of our
employees, Barnaby Jack, entitled "Jackpotting Automated Teller
Machines." This decision has grabbed the attention of the press, the
Twittersphere and Blogosphere, and understandably so.
vulnerability Barnaby was to discuss has far reaching consequences, not only to
the affected ATM vendor, but to other ATM vendors and - ultimately - the
public. To publicly disclose the research findings before the affected vendor
could properly mitigate the exposure would have potentially placed their
customers at risk. That is something we don't want to see happen.
we felt it our responsibility to delay the presentation until all those
protection measures were put into place. Unfortunately, there isn't
enough time before Blackhat to make that happen.
We did not
arrive at this decision easily. Indeed, we feel that Barnaby's research
is important, vital to the advancement of the state of security and should be
discussed in an open forum. However, Juniper is also committed to the
responsible disclosure of security vulnerabilities, and to protecting the
public from them.
forward to sharing our findings with the security community in time and, rest
assured, we will.