Re: Banc of America Article

[Jeffrey Meltzer <jeffrey () villageworld com>]

< knowing absolutely nothing about how BoA ATM's work >

It could be that BoA's network wasn't flooded / servers infected, but that
the ATM's do not dial BoA directly, and dial somewhere else (ie, maybe some
kind of ATM Dial Provider, nationwide wholesale, etc), and then tunnel back
to BoA to get the data.  Could be that the upstream of either the dial
provider, or BoA was just flooded...



On Sat, Jan 25, 2003 at 05:45:16PM -0500, Alex Rubenstein wrote:
> http://biz.yahoo.com/rb/030125/tech_virus_boa_1.html
>
> Let's make the assumption that the outage of ATM's that BoA suffered was
> caused by last nights 'SQL Slammer' virus.
>
> The following things can then be assumed:
>
> a) BoA's network has Microsoft SQL Servers on them.
>
> b) BoA has not applied SP3 (available for a week) or the patch for this
> particular problem (SQL Slammer) (available for many months).
>
> c) somehow, this attack spawned on the public internet made it's way to
> BoA's SQL servers, bypassing firewalls (did they have firewalls?).
>
> Another article states, "Bank of America Corp., one of the nation's
> largest banks, said many customers could not withdraw money from its
> 13,000 ATM machines because of technical problems caused by the attack. A
> spokeswoman, Lisa Gagnon, said the bank restored service to nearly all
> ATMs by late Saturday afternoon and that customers' money and personal
> information had not been at risk."
>
> Does anyone else, based upon the assumptions above, believe this statement
> to be patently incorrect (specifically, the part about 'personal
> information had not been at risk.') ?
>
> I find these statement made by BoA, based upon assumptions which are
> probably correct, to be very scary.
>
> Comments?
>
>
> -- Alex Rubenstein, AR97, K2AHR, alex () nac net, latency, Al Reuben --
> --    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --

-- 
Jeffrey Meltzer
ICS/VillageWorld
631-218-0700 x100