BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW! Update for May 12, 2006 to May 18, 2006 Welcome to Tech Talk! This week, anti-spammers suffered a casualty in the ongoing war on spam: Security firm Blue Security Inc. was forced to close its doors. Apple released several patches, a database of stolen identities was discovered and 112 new vulnerabilities were discovered including several in Cisco PIX firewalls. Lloyds TSB admits to security weaknesses in their new 'chip and PIN' cards. And another data breach bill is introduced in Congress.                                                                                             -- Jeff Patterson , BOL GURU If you are reading this in your web browser but want it faster, and delivered directly to you in your inbox, subscribe to the Tech Alert. And please pass it along to anyone in your institution who may find it of interest. Recent US-CERT Summary Highlights New Vulnerabilities The US-CERT Vulnerability Summary for the Week of May 15, 2006 lists thirty-two new High severity, thirty-five Medium and forty-five Low severity vulnerabilities. Common products containing High severity vulnerabilities include several Cisco PIX firewall products, Microsoft Exchange Server, several Microsoft Windows versions, and Sophos Anti-Virus products. Medium vulnerabilities may be found in MySQL, several versions of the Novell Client software, and Novell's Distributed Print Services. Check your systems against the latest vulnerabilities, patch where appropriate and develop mitigation plans when needed. 'Chip and PIN' Vulnerability Lloyds TSB conceded this week that the new 'chip and PIN' system it has adopted has led to a surge in ID theft and fraud. ID thieves have easily been able to clone the new 'chip and PIN' cards and then use them at ATMs overseas to withdraw customer funds. The stolen information to clone the cards is traveling the globe quickly and fraudulent transactions are occurring as far away as Hong Kong, Sri Lanka and Thailand. The Daily Mail reports that the fraud detection software employed by Lloyds did not examine ATM withdrawals, having assumed that ATMs were inherently more secure. Prime for Online Crime Fortune Magazine published The Net's not-so-secret economy of crime this week. This article discusses the often open Web sites that cater to identity thieves and other perpetrators of online crime. RSA Cyota, a division of RSA Security, was used as the primary source of information for the article. Every bank employee should read this article and learn just how big identity theft really is. The Apple Patch Apple has released patches to fix 43 flaws in its operating system and applications. The Security Update 2006-003 lists patches from the CoreFoundation to the Safari web browser. An additional update for Quicktime addresses twelve recently discovered vulnerabilities. The QuickTime 7.1 Release is available from Apple. Plain Answers to Vista Questions Bank Systems & Technology released 20 Questions About Windows Vista containing 20 common questions about Microsoft's new operating system. Questions range from When will Vista be available to the public - for real? To What are the system requirements for Vista? Read this article for some plain answers to common Vista questions. Breach Bills Pending in Congress Do you know what these bills have in common? Cyber-Security Enhancement and Consumer Data Protection Act of 2006 (H.R. 5318) Financial Data Protection Act (H.R. 3997) Data Accountability and Trust Act (H.R. 4127) Personal Data Privacy and Security Act (S. 1789) Notification of Risk to Personal Data Act (S. 1326) Identity Theft Protection Act (S. 1408) All of these are proposed bills that will require some level of disclosure in the event of a data breach to consumer information. Current copies of each of the bills referenced above may be obtained through the Thomas legislative section of the Library of Congress. But you may read a summary of the bills at Internet News, learn more about each bill, and work with your representatives to find the right solution to protect consumers. Stolen Identity Stash Found Webroot Software has uncovered a stash of tens of thousands of stolen identities from around the world. These identities are believed to have been stolen by a new Trojan that Webroot Software is calling Trojan-Phisher-Rebery. This Trojan is an example of a 'drive-by download' and targets banking and e-commerce sites. Read more about this Trojan at ComputerWorld Security. JARGON WATCH Drive-By Downloads - Explained 'Drive-by downloads' are downloads that happen without the knowledge of the user. Usually accomplished through an un-patched, published vulnerability in a web browser, drive-by downloads are usually malicious in nature and are often found on adult entertainment, teen networking, and other spurious sites visited by thousands of users a day. Broken InfoSec & ID Theft In the war on spam, anti-virus company Blue Security Inc. has become the latest casualty. After an onslaught of spam against the company and some of its clients, combined with threats to bombard all of Blue Security's clients, Blue Security has decided to close its doors. The attack against Blue Security was perpetrated by a Russia-based spammer and shows the lengths spammers are willing to go to. Read the full details in the Washington Post. Join Jeff Patterson on July 20, 2006 for a BOL Learning Connect live Webinar on "Essential Patch and Vulnerability Management." CD ROM TRAINING OPTIONS Announcing ... BOL Learning Connect CD-ROM Training Catalog Featured Tech Vendors RSA Consumer Solutions RSA Consumer Solutions provides online security and anti-fraud solutions for financial institutions. Its portfolio includes risk-based and segment-based authentication, anti-Phishing/Pharming services and Transaction Monitoring. For more information, visit www.rsasecurity.com/consumer. Green Armor Solutions Green Armor Solutions offers FFIEC-compliant two-factor authentication & anti-fraud systems that leverage a combination of technology and psychology to deliver both security and user convenience. Its Identity Cues™ products don't require users to enroll or endure extra steps during the login process. For more information, visit www.greenarmor.com.