[LAC-TF] internet banking threatens IPv6 in Brazil

Alejandro Acosta alejandroacostaalamo at gmail.com
Fri Apr 10 15:11:55 BRT 2015 

Hi Antonio,
  Thanks for sharing this.
  This is a very interesting information. I have never heard something
like this before.  Unfortunately these are very sad news.
  What actions have been taken?, have you (I mean, anyone over there)
contacted Diebold?, any response from them?

  Please keep us posted :-)

Alejandro,


El 4/9/2015 a las 7:36 PM, Antonio M. Moreiras escribió:
> Hi.
>
> We have an interesting situation here. At the same moment that some of
> our big ISPs are starting to deploy IPv6 to home users [1], a bug in a
> software used by online banking for security reasons threatens this
> initiative.
>
> This software is 'warsaw 1.5.1' from GAS Tecnologia, that is a Diebold
> company. It is used by our main banks. The security software installs
> itself automatically when the user access home banking, and works as a
> service in Windows. According to the company, it is installed in more
> than 31 million Windows hosts in Brazil, and it doesn't offer any means
> to the user uninstall it.
>
> If the network has IPv6, the bug prevents the access to IPv6 hosts, even
> if IPv4 is also available. From the end user point of view, 'Internet
> stops' (you can't access Google, Facebook, Yahoo, Netflix, etc, and even
> network shared folders). Ahh... Yes, you can still use the home banking
> website, since it is IPv4 only. So the user probably will blame the ISP
> for the lack of connection, or a virus, or maybe the IPv6 deployment
> itself, if he is aware of it.
>
> It has proved to be more difficult than it should to show the seriouness
> of this situation to the banks and to the company that sells this
> solution to them. At the same time, we listen from some companies and
> universities that their IT teams are starting to disable IPv6 in Windows
> 7 and Windows 8 to mitigate this problem.
>
> Do you know any similar problem? I'm not sure if this technology from
> Diebold is used in other countries.
>
> We wrote an article in ipv6.br about it:
>
> http://ipv6.br/bug-em-plugin-de-seguranca-de-bancos-bloqueia-internet/
>
> Regards,
> Moreiras.
>
> [1] http://6lab.cisco.com/stats/cible.php?country=BR&option=users
>
>
> _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
> Cancelar suscripcion: lactf-unsubscribe at lacnic.net

More information about the LACTF mailing list