How to hack an ATM

Just read an interesting article on Ars about hacking ATM's at the recent BlackHat conference.

Reading it reminded me about how important the basic foundations are in IT security. Get the physical security right first, in this case the ATM's used the same $10 security key available from eBay for all machines to increase usability. Then make sure you properly test before you release your software, product, or system. The hack on one machine could be stopped by reducing the attack surface and stopping the remote access facility... or ensuring that only signed code could be run.

It's not secure if you haven't tested!