Bank of America ATMs are net-connected!

Boing Boing notes that the SQL Slammer worm ’caused service outages at tens of thousands of Bank of America ATMs and wreaked havoc at Continental Airlines. Apparently, customers at most of the #3 American bank’s 13,000 automatic teller machines were unable to process transactions for a period of time.’

Does anyone else find it very scary to contemplate an ATM network connected to the internet, with a sufficiently open set of firewalls that a semi-documented Microsoftish SQL protocol can traverse as far as the ATM servers? Sure, it probably took a few hops, compromising a couple of SQL servers along the way, but each of the firewalls in question must have had that MS-SQL port open for those servers. Yikes.

Someone should teach those guys about network compartmentalization for security; something like an ATM network, where security is hugely essential, should never have a direct IP-based connection to the internet, no matter how many firewalls and gateways are in place.

Spam: NACS: Spam Detection. Great, Catherine’s new email system at UCI uses SpamAssassin. Nothing like getting bug reports from your SO ;)

On the other side, though, they’ve written an excellent set of pages on how to detect and act on the SpamAssassin markup in various MUAs.

This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.