BANKERSONLINE.COM MAIN PAGE
 Print Friendly Version!  Email This Article!  Discuss NOW!
|
January 18, 2008
Update covering January 11 - 17, 2008
Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about sneak attacks, storage woes, an inept security agency and more.
|
You'll read about:
- stealing from bank accounts
- IBM's security alert
- new tools for "stealth-ware"
- an uncovered Excel weakness
- costly stolen laptops
- troubles at the TSA
- malware from MySpace
- MacScareware
- a reward for gaps (for real?)
- patches from Apple
- myths about data protection
- increased privacy worries
- training you can use
- US-CERT's latest vulnerabilities list
Get the details below.
|
Conducting the Required Identity Theft Risk Assessment
Tuesday
January 22, 2008
Your bank has to have a board-approved Identity Theft Prevention Program in place no later than November 1, 2008. Getting it implemented sooner just makes good business sense. The cornerstone of your bank's Program is a risk assessment to determine which accounts are at risk, and which "red flags" of ID theft are relevant to your institution.
Join BOL Gurus Mary Beth Guard and Jack Holzknecht as they share a blueprint for your bank's risk assessment in this important webinar.
 |
|
|
|
Another Trojan Hits Bank Accounts
Symantec has named it "Trojan.Silentbanker." It can sit quietly on an infected computer and intercept banking transactions, literally re-routing legitimate transactions to the attacker's account. Fortunately, once the Trojan is identified, it can easily be removed. The trick is to detect it before it steals from you! Read more about this Trojan in Computerworld.
IBM Warning on Tivoli
Computerworld reports that IBM is warning its customers about a need to apply a patch to Tivoli Storage Manager Express installations. Until the patch is installed, Tivoli user's data could be exposed to unauthorized access. Read the Computerworld article for details and links to the IBM advisory.
JavaScript Tool Cloaks Malware
A new malware toolkit can use randomized JavaScript to create threats that look different each time they attempt to attack a computer. The malware authoring package, dubbed "Random JS Toolkit," is designed to avoid detection by anti-virus researchers. One estimate suggests that more than 10,000 machines were infected using Random JS during December 2007. Learn more about this threat at InfoWorld.
Crunched by Excel
Several versions of Microsoft Office Excel, including versions 2000, 2002, 2003 and more, may make a user's computer vulnerable to compromise, based on the User Account level. This is a reported zero-day exploit that Microsoft is investigating. Are your users vulnerable? Read the specifics at TechNewsWorld.
Those Are Expensive Laptops!
Nashville area voters are being contacted by the Davidson County Election Commission to warn them about possible ID theft and offer a free one-year subscription to identity theft protection. Thieves broke into the Commission's offices in December, and made off with computer equipment, including two laptops with the unencrypted names and Social Security numbers of all 337,000 registered voters in the county. According to the InfoWorld article, it is estimated that the cost of the free ID coverage will approach $1 million.
Their Middle Name Is Security?
The Transportation Security Administration (TSA), the folks you love to hate at the airport security check-in, have just been ripped in a report by the House Committee on Oversight and Government Reform, according to a Washington Post Security Fix blog article. The TSA's website for travelers who have been flagged by the government's "no fly" list apparently accepted Social Security numbers and other confidential information without encrypting the data, leaving it exposed to hackers. Ironically, one of the site's critics noted that it was so peppered with spelling errors it resembled a phishing site. To put frosting on the cake, the report also alleges that the site work and other lucrative TSA contracts were awarded -- without competitive bidding -- to a company where the TSA official in charge of outside contracts formerly worked.
Malicious Messages from MySpace
McAfee has issued a warning that MySpace users who receive "friend" requests may see a genuine-looking pop-up promising Windows updates. Users that are lured into clicking the box are on their way toward having a "malware cocktail" downloaded, and none of it from Microsoft. SC Magazine has details.
Beware! Mac Scareware Appears
Mac users can run a trial scan with MacSweeper, which promises to identify security vulnerabilities on Mac machines. And it will -- even if there aren't any there! The scan, run from MacSweeper's website, will tell users that they need to purchase their software download to clean their machines. Purchases will result in compromised credit card information, and the user will have nothing of value. Get more information about this and other "scareware" scams in the Computerworld security article.
Security Hole Scam?
Digital Armaments, reportedly a security research company, is offering $20,000 for information on undisclosed security flaws in the Microsoft operating systems. Their website is reminiscent of spam from the 90s with poor grammar and bad spelling. Is it a legitimate offer with a moral purpose in mind, or a way to accumulate a list of vulnerabilities to exploit? PCWorld has more on this story.
iPhone, iPod, QT Patches
Apple issued security patches for the Apple iPhone, iPod and QuickTime. The patches close a variety of holes in the Safari browser and four flaws in QuickTime. Patches will be available via iTunes updates. InfoWorld has more.
Ten Data Protection Myths
Data thefts and leaks happen all the time, from government to retail and everywhere else, right? But it's not always easy to figure out what needs to be done to protect valuable data from being compromised, while allowing the business of your business to continue. A CIO article takes aim at 10 popular data security myths. It's a "must read" for IT professionals.
Privacy Concerns Are Up
From 2006 to 2007, Americans who said they were very or extremely concerned about privacy rose from 47 percent to 61 percent of those surveyed in a new study. These concerns are increasing as the loss of confidential information is increasing and is being publicized more. seattlepi.com has more on this story, including the number of records compromised last year as reported by the Identity Theft Resource Center, fears of childrens' identities being stolen, and more. Is this reflective of your customers' concerns?
Free Anti-Scam Email Training
If you want an easy way to train your staff and your customers to better recognize email scams, have them spend a few minutes online. You can use this series of 11 slides showing examples of malicious messages, pointing out what is wrong with them, or create your own version based on your own collection. PCWorld has a training site for you.
And if you need some sample letters, look to the BOL Phishing & Scam Letter page.
126 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of January 7, 2008, lists 51 High, 72 Medium and 3 Low severity weaknesses. High severity security faults were reported in Gateway Weblaunch, IBM Websphere and multiple Microsoft products, among others.
Subscribe to Tech Talk and BOL Tech Advisories
|
| In the Banker Store |
 CD ROM Training
Implementing the Red Flag Guidelines |
 2008 ID Guide
Stay Current! |
 CD ROM Training
Patch & Vulnerability Management |
|
| Archived Articles on Technology and eBanking |
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page. Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
|
|
|
