BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
March 7, 2008
Update covering February 29 - March 6, 2008

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about breach costs, scams, DST and more.


You'll read about:
  • an FDIC report on computer intrusions
  • banks as favorite ID theft targets
  • scams using digital certificates
  • the arrest of a teen scammer
  • getting canned for internet abuse
  • a reminder to "spring ahead"
  • four security updates due on Patch Tuesday
  • a brazen two-headed threat
  • a report on thumbdrive security
  • a stubborn rootkit
  • a virus attack on a health care provider
  • markdowns on Vista upgrades
  • IE8's beta release
  • plans for Firefox Mobile
  • a spammer's conviction affirmed
  • an obit for Netscape
  • a look ahead at iPhones in the workplace
  • US-CERT's latest vulnerabilities list
Get the details below.
Order your 2008 ID Checking Guide NOW
The Costs of Computer Intrusions
In a recent post to his "Security Fix" blog for washingtonpost.com, Brian Krebs reports on a non-public FDIC "Cyber Fraud and Financial Crime Report" issued in November. The agency report was based on Suspicious Activity Reports (SARs) filed in the second quarter of 2007. The FDIC's report reveals that financial crime aided by computer intrusions is growing at a rapid pace, and that the average loss reported per SAR had nearly tripled over 2006 levels. The FDIC's report also revealed substantial increases in new account and mortgage fraud incidents. Read Krebs' Security Fix blog post for more information.

Is Your Bank Wearing an ID Theft Bull's-eye?
You've heard for years that identity theft is the fastest growing crime in the U.S. The University of California at Berkeley has compiled three months of 2006 FTC complaint data and determined that 25 companies account for almost half of all the 88,000 complaints. Bank of America was a primary contributor, as the largest U.S. consumer bank. Banks dominate the top 25. JP Morgan, Capital One and Citibank were also listed. For more on this story, read PCWorld.

Bank Digital Certificates Used in Scams
SecureWorks, a security service provider, has reported that hackers are scamming bank customers with targeted phishing email messages claiming that their banking digital certificates have expired. Clicking on a link in these scam emails loads the infamous Prg Banking Trojan, allowing a hacker to access the compromised user's online bank account without ever using the user's logon information. Get the rest of this story at Dark Reading.

International Effort Nabs Teen Scammer
U. S. and Dutch investigators worked with New Zealand authorities to arrest Owen Thor Walker, an 18-year-old computer programmer, last November. He was charged and is on bail for computer crimes that carry up to ten years in prison. Walker was part of a cyber crime network that infiltrated 1.3 million computers and skimmed millions of dollars from victims' bank accounts. For more on this story including the disposition of Walker's accomplices, read the story at MSNBC. A related article on PCWorld tells us that the FBI estimates losses caused by the botnet at $20 million.

Is Improper Internet Use a Fireable Offense?
The American Management Association surveyed 304 U.S. companies of various sizes and discovered that improper use of the internet is often a contributing factor in firings. In fact, 84 percent of those surveyed said that staff had been let go for accessing pornographic or other inappropriate content. Email abuse was also a fireable offense, when users violated company policy and their messages had inappropriate content. Twenty-two percent of those fired over email breached confidentiality rules in those messages. PCWorld has more details on this.

Time to Spring Forward
March 9th is the date to set your clocks ahead an hour, with the beginning of Daylight Saving Time. Don't forget desktops, laptops, PDAs, cell phones, cameras, security VCRs and just about any other clock that wasn't in sync with the last date change. Adjust your vault timers, too.

Need to remind someone of the time change? Send a BOL e-Card.

Plan Ahead: Four Critical MS Office Patches
Computerworld reports that Microsoft has signaled its plan to release four security updates next Tuesday. The patches for Patch Tuesday are all labeled "critical" by Microsoft, and all address weaknesses in all supported versions of MS Office (Office 2000, XP, 2003, and 2007 for Windows, and 2004 and 2008 for the Mac). Get details in the Computerworld article.

MonaRonaDona - A Double Threat
When you look at a computer screen and read this message, "Welcome to MonaRonaDona. I am a Virus & I am here to wreck your PC. If you observe strange behaviour with your PC, like program Windows disappearing, etc., it's me who's doing this," you have a problem. If you search the internet for ways to remove MonaRonaDona, you may have a bigger problem. You could be led to malicious programs purporting to be the best way to remove the virus. For information about where this virus came from and recommendations on removal, read Networkworld.

Thumb Drive Security
To move data via the "sneaker-net," many people use USB flash drives because they are small and able to hold large amounts of data. They're also easy to lose. That is a real risk you must address. This article reviews 7 USB drives for security, and in today's world of data breaches, we all need security. Read about PINs, passwords and encryption devices at Networkworld.

Mebroot Hard to Uproot
Mebroot is difficult to find and remove said F-Secure, a Finnish security company that discovered it in the wild last December. Mebroot infects the first sector of the Master Boot Record, which makes it nearly invisible to software designed to find this malicious code and help remove it. Once a boot record is infected, the hacker administering the rootkit can take the PC over. For more information, read Computerworld.

Virus Attacks Health Care Provider
A virus infected computer systems at Cascade Healthcare Community in December, but suspicious activity remained undetected until February 5th, according to a news release this week from the owner/operator of Charles Medical Centers in Bend and Redmond, Oregon. Cascade reported that sensitive information -- names, addresses, dates of birth and credit card numbers -- of as many as 11,500 donors to the non-profit organization "may" have been compromised. Cascade employee usernames and passwords were also exposed for part of that period. Donation activity would, of course, have been at a peak in December, to take advantage of tax deductions. The Bend (Oregon) Weekly has more information.

In its news release, Cascade acknowledged a need to "raise the level of security within the organization." In his 3/6/08 BOL Security Blog post, Andy reported on a student loan lender that was led to the same conclusion, with some help from the FTC.

Is It Time for a Vista Upgrade?
Microsoft decided volume is better than markup and lowered the cost of many of their Vista upgrade packages. Vista Ultimate dropped $80 to $219, and Home Premium dropped $30 to $129. Those prices affect only the XP-to-Vista upgrade and only to the standalone retail versions. CNet News.com has this story.

Internet Explorer 8 (Beta) Debuts
The next version of Microsoft's Internet Explorer, IE8, was announced this week, and the Beta 1 release was made available. Microsoft previewed IE8's new features, including "WebSlices" and "Activities," a reworked Favorites bar, auto crash recovery and upgraded anti-phishing filters. A Computerworld article provides details. But remember, it's a Beta 1 release, and you can expect some glitches if you elect to kick the tires on IE8. Computerworld's Melissa Perenson took it for a test drive, and crashed more than once. Read Melissa's review for her initial reactions.

Is That a Firefox in Your Pocket?
Many netizens enjoy using Firefox as an alternative browser on their computers. By year end, they may be able to use the browser on mobile devices. Mozilla plans a mobile browser for devices running embedded Linux and Microsoft's Windows Mobile. The hurdles to accomplish this breakthrough, so that users have a choice, are more than technological. Read PCWorld for the story.

Conviction Upheld
In 2003, Jeremy Jaynes of Raleigh, N.C. was considered one of the most egregious spammers in the world. He was convicted of violating anti-spam laws and sentenced to 9 years in prison. The Virginia Supreme Court recently affirmed the nation's first felony conviction for illegal spamming, 4 to 3. They ruled that Virginia's anti-spamming law does not violate free-speech rights. MSNBC has this AP story.

Netscape No More
Many "older" web surfers remember how cool Netscape was and how it opened up the World Wide Web to more users. In 1998, AOL bought Netscape Communications Corp. and with it, the browser. The Netscape chapter is closing, because there will be no more updates, and no more bug fixes. Users are referred to Firefox and Flock. The washingtonpost.com blog has the obit. Meanwhile, Computerworld tells us that Firefox is continuing to grow and now has over 17 percent of the browser market.

iPhones -- A Work Risk?
iPhones look and act cool. But that is not a business-use justification. The iPhone Software Developer Kit is due for release soon and is expected to open the market for greater acceptance. A PCWorld article examines the iPhone from an IT acceptance perspective. How does it handle email, can it sync calendars and share data, and is it secure?

95 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of February 25, 2008, lists 34 High and 60 Medium weaknesses, and 1 Low-severity flaw. High severity security faults were listed for Mozilla SeaMonkey and Thunderbird, Novell iPrint Client and iPrint, and Symantec Backup Exec for Windows Server, among others.


Subscribe to Tech Talk and BOL Tech Advisories

In the Banker Store
ORDER TODAY
CD ROM Training
Implementing the Red Flag Guidelines
FACTA: Responding to Identity Theft (Video)
Video Training
FACTA: Responding to Identity Theft
ORDER TODAY
CD ROM Training
Patch & Vulnerability Management
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.