blank.gif (43 bytes)

Church Of The
Swimming Elephant

SQL Slammer worm shines light on Banking and, in particular, Bank of America

SQL Slammer is a worm that capitalizes on a six month old vulnerability in MS-SQL server. A patch for this has been available for six months. This should be a non-issue. The world should not be fighting with networks overloaded with data from this worm, it is an old vulnerability. I've also said this before about Code Red, Nimda, and other worms.

But, alas, that is not the way things work. Microsoft Windows shops do not patch their servers. The reason is mainly because Microsoft patches have sometimes caused system crashes and other problems. So, MS shops don't patch because uptime is more important to them than security (see story about Uptime vs Security). But, we expect differently from major financial institutions, right? Wrong, they appear to be huge offenders.

The Washington Post reported that the majority Bank of America's 13,000 ATM machines were unable to process transactions due to this worm. I may be wrong, but last I knew ATM machines did not process transactions over the general Internet. Many banks charge or once charged network fees to subsidize the cost of building that ATM network. So, if ATM machines do not process over the Internet, that means that Bank of America's ATM network was down because Bank of America was infected by this worm. It would mean that Bank of America is not concerned about security, that they didn't even apply a security patch that has been available for six months.

Bank of America is not the only bank affected by this worm. The Register reports that some London financial services were also affected by Slammer. There is absolutely no excuse for this inaction. It is obvious that either system administrators are lazy (which I doubt) or red tape/managerial ineptitude (which I believe, security is a low priority in most companies because it costs) is causing these systems to remain unsecured.

We as consumers obviously need to demand via our wallets that banks and other places we do business with keep their networks secure. It is apparent that when left on their own, they will ignore security. We see this because time and time again, some worm comes along that utilizes a long known vulnerability where a patch has been available and it wreaks havoc.

Want to know who takes security seriously and who does not? Watch for these worms, this isn't the last, there will be more that capitalize on long known vulnerabilities. Any company mentioning that they have a problem with one of these worms is showing you that they do not care about security and are too lazy or tied up in red tape to patch even known vulnerabilities. Speak with your wallet and DO NOT do business with companies like this.



Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609