lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000a01c2ce33$98c05270$6401a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: How the BofA ATM network got whacked by the SQL Slammer Worm

'Slammer' attacks may become way of life for Net 
http://news.com.com/2009-1001-983540.html?tag=fd_lede2_hed

....

That's exactly what happened to Bank of America, whose automated teller
machines suddenly stopped dispensing cash early Saturday. The reason:
The sheer volume of data produced by servers infected with Slammer
smothered databases in Bank of America's internal network.

"When a person uses an ATM, (the ATM) communicates with databases on our
internal networks," said Lisa Gagnon, a spokeswoman for the bank. "That
communication couldn't happen because our network was so congested."
Indeed, a single infected server churning out copies of the worm could
theoretically congest the bandwidth of a 100Mbps Ethernet, according to
analyses of the program.

By late Saturday, most of the company's ATMs were back in service. The
company located the entry point but, for security reasons, would give no
details of how the worm got in. 

"Either the patch failed or we missed some servers when we applied the
patch," Gagnon said. "Going forward we will analyze what we can do to
make sure this doesn't happen again." 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ