BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
February 8, 2008
Update covering February 1 - 7, 2008

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about login threats, phishing defenses and more.


You'll read about:
  • a threat to two-factor authentication
  • a Patch Tuesday dozen
  • threats of a new Spam King
  • a website hostage-taking
  • a big fine for a load of spam
  • eBay's fight against phishing fraud
  • tactics for domain name defense
  • the importance of password management
  • bringing remote deposit capture home
  • updates from Adobe and Apple
  • plug-in woes for IE users
  • a win for anonymity
  • a million-dollar letter
  • a new challenge for IT software managers
  • the release of Vista SP1
  • US-CERT's latest vulnerabilities list
Get the details below.
Register Today!
Order your 2008 ID Checking Guide NOW
Is Two-Factor Authentication Threatened?
The January 18 edition of Tech Talk had a short story on SilentBanker, a password-stealing Trojan. Now we've learned that it is a possible threat to two-factor authentication. Is it a threat to your internet banking security? ComputerWeekly.com has the story.

A Dozen Due from Microsoft
Microsoft's Security Bulletin Advance Notification indicates that there will be twelve security bulletins next Tuesday, seven of which will carry a "Critical" designation.

Storm Replaced as Spam King
To avoid some reader's firewalls and filters from blocking this edition of Tech Talk, we won't refer to the entire name of the botnet that has replaced Storm as the largest sender of spam. Mega- ___ reportedly can send 30 percent more spam than Storm. Appropriately (you might say "inappropriately") enough, it is best-known for much of the bedroom performance enhancement product crud that challenges spam filters everywhere. You can read more on this at Computerworld.

'I Am Holding Your Website Hostage'
Last week we told you about an employee who thought she was being fired and wiped out her employer's computer files. This week, from Austin, TX comes a story about an employee who was fired and held websites "hostage" until he was paid. He also deleted a large database file. He has been arrested and charged. Read the details on the charges, the files affected and more at statesman.com.

This Story Will Take a Load Off Your Mind
A federal district court struck a blow against at least one purveyor of inbox clutter when it ordered Kaycon to pay a hefty $2.5 million fine. The court also ordered the distributor of hoodia weight-loss and HGH-related products to stop misrepresenting its products and cease sending spam. We think Kaycon's legal name, Sili Neutraceuticals, says it all. But it seems strange to mention weight loss and spam in the same sentence. SC Magazine has this story.

eBay - PayPal Fighting Fraud
When you think of phishing, two of the most popular companies being spoofed are eBay and PayPal. What are they doing to combat fraud? They are utilizing DomainKeys Identified Mail (a Yahoo/Cisco approach for cryptographic signatures) for improved email authentication. Because "one size doesn't fit all," they are also using Sender ID SPF (Microsoft's encrypted signature tool - SPF stands for "Sender Policy Framework," not "sun protection factor" ) and have more plans to expand their customer protection. Read Network World for more details and maybe you won't have to reinvent your anti-phishing wheel.

Domain Decisions
What are some of the things you need to consider when acquiring a new internet domain name, or maintaining one? Say you select a new domain name to register and it shows as available, but a few days later it's been reserved. That's domain sniffing. What are your rights? What should you know about trademarks, and about the kinds of entities that can register a domain? Ten pertinent issues are discussed here, in DomainInformer.

The Importance of Being Earnest - About Passwords
Are passwords a weak link? Ask French bank Societe Generale, which learned about password weaknesses in a very expensive way. This Computerworld article will remind us all about when to change passwords and rescind old ones, ensuring the right employee has the right level of access and more.

Home Remote Deposit Capture Expanding
Fiserv's CheckFree is extending the use of Remote Deposit Capture from businesses to consumers. This technology has been available for years but use in the consumer market has been slow to grow. With a scanner and RDC software, your customers' use of home banking can expand because they don't need to visit a branch to make a deposit. Read the chicagotribune.com story for more on these new services.

Adobe, QuickTime Fixes
On February 6, Apple released a security fix for QuickTime. The flaw allowed unauthorized software to be run on a computer because of a problem in the code that allows streamed content to play. This weakness was known about for nearly a month. Wednesday's fix is also the fifth in five months. Adobe Reader had more than two dozen bugs repaired in its recent update. Read the washingtonpost.com Security Fix.

IE Users Face Problems
Internet Explorer has a plug-in to help users upload photos to websites like Facebook and MySpace. Instructions for exploiting known flaws in the ActiveX controls in the plug-in have now been published, increasing the exposure of vulnerable systems. There are some things users can do now to protect themselves. The washingtonpost.com Security Fix has the story.

Anonymous Means Anonymous
Comments were made on a Yahoo message board about a former executive at SFBC International Inc. The executive wanted to subpoena Yahoo to discover the identity of the poster and other individuals, but a California appeals court has ruled and said that won't happen. Why? Read the story on Reuters.

I'll Take "S" for $1 Million, Alex
What is the difference between "cruise" and "cruises?" About $1,000,000. Read about what may be the largest sum paid for a single letter in a domain name at CNet News.com.

Software Management May be Harder
Google Apps Team Edition was made available this week. The Team Edition contains the same core programs as other editions, except for Gmail. Omitting Gmail means there is less integration with existing systems and email doesn't have to be rerouted. That reduces IT's workload. Or does it? Will employees install Google Apps Team Edition when they realize they don't need IT to do it? See what Computerworld has to say.

Vista SP1 Released to Makers
Those companies manufacturing PCs received Vista SP1 for inclusion in the Vista operating system. More than 300 fixes are included. Programs such as Internet Explorer, Outlook and Outlook Express should be improved. PCs with the improved OS should show up in the coming months. SP1 should be available to users of Windows Update in mid-March. For details on this story and links to what is being fixed, see SC Magazine.

94 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of January 28, 2008, lists 42 High and 51 Medium weaknesses and 1 Low severity flaw. High severity security faults were reported in Comodo AntiVirus, fedoraproject, Firebird, and IBM Hardware Management Console products, among others.


Subscribe to Tech Talk and BOL Tech Advisories

In the Banker Store
ORDER TODAY
CD ROM Training
Implementing the Red Flag Guidelines
FACTA: Responding to Identity Theft (Video)
Video Training
FACTA: Responding to Identity Theft
ORDER TODAY
CD ROM Training
Patch & Vulnerability Management
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.