On Thu, 06 Sep 2001 07:54:17 -0400 Steven M. Bellovin <smb@research.att.com> wrote:
According to today's Wall Street Journal, Citibank is explaining the outage as "software", and declining to release further details. But the article also noted that
many of the computer systems on which banking networks are based are aging -- and trouble-shooters who can fix problems quickly are becoming rarer.
i'll say. when we got into our little bank project, they were using a Frame Relay WAN based on PCs with serial cards and MS-DOS based software. it was 1999, they were never going to get a Y2K certificate from the defunct integrator that built the PCs, they'd just gone public, and were loudly proclaiming that they were Y2K ready on their website. on top of that, their in house IT staff reminded all of us of Larry, Moe and Curly. when we suggested upgrading to cisco routers, their response was "isn't that expensive?" we didn't say it out loud, but we were all thinking "not nearly so expensive as the shareholder lawsuit you're risking right this minute". the situation was aggravated by the fact that NCR was deeply involved in Y2K upgrades at the big customers, and didn't have time for 20 office small banks, and couldn't even be bothered to give ETAs for the necessary ATM upgrades. we finally got the whole thing cut over in december 1999. the 9600 baud SNA links from the ATMs to the routers are still unencrypted, and physical access to them is not hard at some branch offices. it's a little frightening. richard -- Richard Welty Averill Park Networking rwelty@averillpark.net 518-573-7592