[LAC-TF] internet banking threatens IPv6 in Brazil

Carlos M. Martinez carlosm3011 at gmail.com
Fri Apr 10 15:02:15 BRT 2015

In Uruguay no banks (that I know of) are asking users to install
specific pieces of software, instead they are relying heavily on private
(i.e. non-Google) two-factor authentication schemes.

I'd be very wary of a 'hidden' piece of software that no-one is very
specific of what it does, has no user interface and no means of
stopping/uninstalling it.

I know a whole family of software that behaves in this way, they are
called rootkits :-)

This smells to me a lot like the Sony Rootkit scandal of a couple of
years ago.



On 4/10/15 12:44 PM, Antonio M. Moreiras wrote:
> Yep. It looks like malware in a lot of ways.
> I don't know for sure what it should do. The company says that it is
> similar to an antivirus, and it tries to protect the user against DNS
> poisoning and phishing, detecting fake sites similar to those of banks.
> There are people that suspect of privacy issues, but I don't have
> evidence of it. They suspect it also sends information about the system
> (installed software and versions, for instance) and Internet navigation
> to the banks.
> They sell a version of it as a personal security software:
> http://www.g-lock.com.br/. There is some information at the website.
> In other countries in our region is it normal for banks to ask (or
> force) people to install specific security solutions in Windows in order
> to allow access to online banking? What kind of security systems do they
> use?
> []s
> Moreiras.
> On 09/04/15 21:44, Carlos M. Martinez wrote:
>> Hi Antonio,
>> what does this software do ? Any software that 'has no means of
>> uninstalling or disabling it' looks very similar to malware :-)
>> cheers!
>> -Carlos
>> On 4/9/15 9:06 PM, Antonio M. Moreiras wrote:
>>> Hi.
>>> We have an interesting situation here. At the same moment that some of
>>> our big ISPs are starting to deploy IPv6 to home users [1], a bug in a
>>> software used by online banking for security reasons threatens this
>>> initiative.
>>> This software is 'warsaw 1.5.1' from GAS Tecnologia, that is a Diebold
>>> company. It is used by our main banks. The security software installs
>>> itself automatically when the user access home banking, and works as a
>>> service in Windows. According to the company, it is installed in more
>>> than 31 million Windows hosts in Brazil, and it doesn't offer any means
>>> to the user uninstall it.
>>> If the network has IPv6, the bug prevents the access to IPv6 hosts, even
>>> if IPv4 is also available. From the end user point of view, 'Internet
>>> stops' (you can't access Google, Facebook, Yahoo, Netflix, etc, and even
>>> network shared folders). Ahh... Yes, you can still use the home banking
>>> website, since it is IPv4 only. So the user probably will blame the ISP
>>> for the lack of connection, or a virus, or maybe the IPv6 deployment
>>> itself, if he is aware of it.
>>> It has proved to be more difficult than it should to show the seriouness
>>> of this situation to the banks and to the company that sells this
>>> solution to them. At the same time, we listen from some companies and
>>> universities that their IT teams are starting to disable IPv6 in Windows
>>> 7 and Windows 8 to mitigate this problem.
>>> Do you know any similar problem? I'm not sure if this technology from
>>> Diebold is used in other countries.
>>> We wrote an article in ipv6.br about it:
>>> http://ipv6.br/bug-em-plugin-de-seguranca-de-bancos-bloqueia-internet/
>>> Regards,
>>> Moreiras.
>>> [1] http://6lab.cisco.com/stats/cible.php?country=BR&option=users
> _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
> Cancelar suscripcion: lactf-unsubscribe at lacnic.net

More information about the LACTF mailing list