On Sat, Jan 25, 2003 at 05:45:16PM -0500, Alex Rubenstein wrote:
Another article states, "Bank of America Corp., one of the nation's largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack. A spokeswoman, Lisa Gagnon, said the bank restored service to nearly all ATMs by late Saturday afternoon and that customers' money and personal information had not been at risk." Does anyone else, based upon the assumptions above, believe this statement to be patently incorrect (specifically, the part about 'personal information had not been at risk.') ?
Which not technically correct, they are not technically incorrect either. Initial assesments of the worm do show that it's payload is simply designed to propagate. Someone could of course have written another worm / whatever that did harver or allow the harvesting of data. This would be bad and until they patched their servers would probably have been possible. But within the confines of the attack scenario of last night, they are correct in what they said. It's just PR spin. What is scarier is that they dont have / use firewalls properly and traffic can so easily pass from their DMZ/public network to their private network. BoA is one place I'll never be willingly taking my business, and I'm sure now others here won't.