BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
February 29, 2008
Update covering February 22 - 28, 2008

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about access threats, risky tools, air travel and more.


You'll read about:
  • a warning about illicit FTP use
  • inadequate encryption
  • dangerous IE plug-ins
  • a hacker cult's two-edged sword
  • the search for literate hackers
  • fear of flying laptops
  • the end of paper tickets
  • details on XP's next service pack
  • how tighter controls could have saved billions
  • a lender's FTC settlement
  • what YouTube's outage could mean to you
  • US-CERT's latest vulnerabilities list
Get the details below.
Order your 2008 ID Checking Guide NOW
Stolen FTP Credentials
San Jose security vendor Finjan has uncovered a rogue database of stolen FTP server credentials. Hosted on a Hong Kong server, the contents are in Russian, and they appear to be for sale. If you're concerned about illicit FTP access to your servers, you'll want to read the Infoworld article.

Encryption May Not Be Enough
Researchers at Princeton University have shown that just because a hard drive is encrypted, doesn't mean it is secured. Because the bits and bytes of encryption keys are retained for up to a few minutes on the DRAM (dynamic random access memory), a stolen drive that was in a hibernation mode is less secure than one that was shut down. And if you give the DRAM a cold pack, the data is preserved longer. Why? Read the story in The New York Times.

Plug-ins Make IE vulnerable
The bad guys are exploiting Internet Explorer (versions 6 and 7) security gaps created by several popular IE plug-ins. Aurigma's image transfer plug-in, used by a lot of MySpace and Facebook visitors (and others), is the primary target, but recent exploits keep looking for other weak plug-ins to trick users into giving up login credentials. There is a free utility that prevents anyone from using the Active-X controls that are the weak link in the vulnerably plug-ins. Read the Washington's Security Fix article for details on the attacks and the free tool for blocking them.

Beware the Cult of the Dead Cow
Designed for IT professionals to scan their own websites for security vulnerabilities, a new open-source tool from a hacker group self-dubbed the Cult of the Dead Cow (or cDc) can also be used maliciously to identify hacker targets. Like a knife, the "Goolag Scanner" -- actually a collection of special Google search terms -- can be used as a tool or a weapon. The cDc claims it has already used the tool to identify some "pretty scary holes" in government sites. Computerworld has the rest of this unsettling story.

Hacker Wanted, Must Sphell Good
Remember when you could spot a faked website or spam email just by its use of poor grammer and speling? McAfee reports that the help-wanted boreds are seeking out programers who are flewent in other langwedges in order to avoid the obvious appeerence of crooked intenshions. This will allow the theeves to captcher more confidenshul data. For more on this story, read myway. [Forgive us, please. We couldn't resist!]

Will the FAA ban laptop batteries?
Lithium ion batteries recently came under more scrutiny as the FAA began limiting the number of batteries an air passenger can take on a flight. We've all read about exploding laptop batteries and there is fear of an in-flight incident. Will there be a complete ban? Read the PCWorld story.

No More Paper Tickets
Speaking of air travel, are you getting ready to travel for your institution? You have probably accepted e-tickets for your air flights for a long time. Beginning June 1, almost every traveler will. The International Air Transport Association has set June 1 as the mandatory date for only e-ticket issuance. Some exceptions will be made, but at a cost. WashingtonPost.com has this story.

Will XP's SP3 Change the Way You See Your OS?
Windows XP Service Pack 3 will be available soon. Its delivery will be a little different, and you won't see many changes on your computer. The changes will be seen by your operating system, though, and several security enhancements may help you sleep better. Computerworld has this story, which describes SP3's delivery, download size, security enhancements, and impact on your processing speed.

Tighter IT Controls Could Have Saved Billions
The report is in, and it says French bank Société Générale lost $7.2 billion when a trader abused his position. Emails were faked to authorize trades and other traders' login information was also used. To read more on the IT problems and solutions, read PCWorld.

Lender Singing the Blues
BlueHippo Funding financed computers for consumers who otherwise might not have been approved by a traditional lender. However, many of their customers made down payments and then cancelled their orders, but BlueHippo kept their deposits. Consumers complained to the FTC that they were not aware of the no refund policy, and were left with no computer and no refund. BlueHippo has now agreed to a $5 Million settlement. Infoworld has more on this story.

YouTube Outage: Should You Care?
YouTube users may blame Pakistan for a two-hour outage, but is there a lesson to be learned here for us all? Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. This BGP is what helps stop access to YouTube videos that the government of Pakistan doesn't want their citizens to see. The BGP information was erroneously used outside of Pakistan, blocking access elsewhere in the world. Could a repeat of the misuse of BGP information affect your access to information you need to do your job? PCWorld has this story.

88 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of February 18, 2008, lists 48 High, 36 Medium and 4 Low severity weaknesses. High severity security faults were listed for e-Vision, Mambo and Joomla products and Lyris List Manager, among others.


Subscribe to Tech Talk and BOL Tech Advisories

In the Banker Store
ORDER TODAY
CD ROM Training
Implementing the Red Flag Guidelines
FACTA: Responding to Identity Theft (Video)
Video Training
FACTA: Responding to Identity Theft
ORDER TODAY
CD ROM Training
Patch & Vulnerability Management
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.