Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Banc of America Article

  • From: Alex Rubenstein
  • Date: Sat Jan 25 19:49:13 2003




http://biz.yahoo.com/rb/030125/tech_virus_boa_1.html

Let's make the assumption that the outage of ATM's that BoA suffered was
caused by last nights 'SQL Slammer' virus.

The following things can then be assumed:

a) BoA's network has Microsoft SQL Servers on them.

b) BoA has not applied SP3 (available for a week) or the patch for this
particular problem (SQL Slammer) (available for many months).

c) somehow, this attack spawned on the public internet made it's way to
BoA's SQL servers, bypassing firewalls (did they have firewalls?).

Another article states, "Bank of America Corp., one of the nation's
largest banks, said many customers could not withdraw money from its
13,000 ATM machines because of technical problems caused by the attack. A
spokeswoman, Lisa Gagnon, said the bank restored service to nearly all
ATMs by late Saturday afternoon and that customers' money and personal
information had not been at risk."

Does anyone else, based upon the assumptions above, believe this statement
to be patently incorrect (specifically, the part about 'personal
information had not been at risk.') ?

I find these statement made by BoA, based upon assumptions which are
probably correct, to be very scary.

Comments?


-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben --
--    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.