Re: Banc of America Article

[Avleen Vig <lists-nanog () silverwraith com>]

On Sat, Jan 25, 2003 at 05:45:16PM -0500, Alex Rubenstein wrote:
> Another article states, "Bank of America Corp., one of the nation's
> largest banks, said many customers could not withdraw money from its
> 13,000 ATM machines because of technical problems caused by the attack. A
> spokeswoman, Lisa Gagnon, said the bank restored service to nearly all
> ATMs by late Saturday afternoon and that customers' money and personal
> information had not been at risk."
> Does anyone else, based upon the assumptions above, believe this statement
> to be patently incorrect (specifically, the part about 'personal
> information had not been at risk.') ?

Which not technically correct, they are not technically incorrect
either.
Initial assesments of the worm do show that it's payload is simply
designed to propagate.

Someone could of course have written another worm / whatever that did
harver or allow the harvesting of data. This would be bad and until they
patched their servers would probably have been possible.
But within the confines of the attack scenario of last night, they are
correct in what they said. It's just PR spin.

What is scarier is that they dont have / use firewalls properly and
traffic can so easily pass from their DMZ/public network to their
private network.

BoA is one place I'll never be willingly taking my business, and I'm
sure now others here won't.