[LAC-TF] internet banking threatens IPv6 in Brazil

Antonio M. Moreiras moreiras at nic.br
Fri Apr 10 19:39:44 BRT 2015 

In spite of their apparent lack of attention to this problem in the last
days, GAS Tecnologia sent us today a release candidate of a new version
correcting the problem with IPv6, and it is OK. I am not sure how much
time the banks will take to test it. I expect next week the problem
related to IPv6 will be solved.

Moreiras.

On 10/04/15 15:11, Alejandro Acosta wrote:
> Hi Antonio,
>   Thanks for sharing this.
>   This is a very interesting information. I have never heard something
> like this before.  Unfortunately these are very sad news.
>   What actions have been taken?, have you (I mean, anyone over there)
> contacted Diebold?, any response from them?
> 
>   Please keep us posted :-)
> 
> Alejandro,
> 
> 
> El 4/9/2015 a las 7:36 PM, Antonio M. Moreiras escribió:
>> Hi.
>>
>> We have an interesting situation here. At the same moment that some of
>> our big ISPs are starting to deploy IPv6 to home users [1], a bug in a
>> software used by online banking for security reasons threatens this
>> initiative.
>>
>> This software is 'warsaw 1.5.1' from GAS Tecnologia, that is a Diebold
>> company. It is used by our main banks. The security software installs
>> itself automatically when the user access home banking, and works as a
>> service in Windows. According to the company, it is installed in more
>> than 31 million Windows hosts in Brazil, and it doesn't offer any means
>> to the user uninstall it.
>>
>> If the network has IPv6, the bug prevents the access to IPv6 hosts, even
>> if IPv4 is also available. From the end user point of view, 'Internet
>> stops' (you can't access Google, Facebook, Yahoo, Netflix, etc, and even
>> network shared folders). Ahh... Yes, you can still use the home banking
>> website, since it is IPv4 only. So the user probably will blame the ISP
>> for the lack of connection, or a virus, or maybe the IPv6 deployment
>> itself, if he is aware of it.
>>
>> It has proved to be more difficult than it should to show the seriouness
>> of this situation to the banks and to the company that sells this
>> solution to them. At the same time, we listen from some companies and
>> universities that their IT teams are starting to disable IPv6 in Windows
>> 7 and Windows 8 to mitigate this problem.
>>
>> Do you know any similar problem? I'm not sure if this technology from
>> Diebold is used in other countries.
>>
>> We wrote an article in ipv6.br about it:
>>
>> http://ipv6.br/bug-em-plugin-de-seguranca-de-bancos-bloqueia-internet/
>>
>> Regards,
>> Moreiras.
>>
>> [1] http://6lab.cisco.com/stats/cible.php?country=BR&option=users

More information about the LACTF mailing list