BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
April 25, 2008
Update covering April 18 - April 24, 2008

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about security leaks, IT staffing, and more.


You'll read about:
  • LendingTree's stolen data
  • trends in cyber security
  • PayPal's mandate to update browsers
  • botnet attacks on Google's Blogger
  • keeping valuable IT staff
  • a hacked company's costly plans
  • Rock Phish's dangerous downloads
  • Microsoft's repeat patch attempts
  • next week's release of XP SP3
  • uncertain plans for XP's future
  • a push to bury Outlook Express
  • taking credit for Storm's demise
  • automatically installing Vista SP1
  • US-CERT's latest vulnerabilities list
Get the details below.



Are you ready for your key role in implementing your bank's ID Theft Prevention Program? Time is getting short: examiners will be looking for progress before the November 1, 2008, compliance deadline. Get a good look at the rule from an IT perspective. Join Susan Orr for this important 2-hour webinar.


Change Your Game with AT&T
Change critical apps at the office to power tools at your fingertips. Change your game. With mobility solutions from AT&T.

For more information please visit att.com/business.

Insider Breach at LendingTree
LendingTree recently revealed that it suffered from a data breach. Several former employees shared their system logon codes with a handful of mortgage lenders who then had access to confidential customer data submitted online. LendingTree is assisting in the investigation and pursuing legal actions against the former employees. Read more on Networkworld.

Cyber Security Trends
Dave DeWalt, CEO and President of IT security firm McAfee, included organized crime and huge increases in new malware in a recent discussion on trends in cyber security. Increases in cybercrime and cyber-terrorism emanating from Southeast Asia, Eastern Europe and the Middle East were the first of four key trends outlined in DeWalt's talk with journalists. The threat to businesses posed by data loss and data breach incidents was another item on his list. ConnectIT has more on DeWalt's discussion.

Current Browser Required
In an effort to provide better security for its users, PayPal is requiring users to update their browsers. PayPal has found that some users are still surfing with Internet Explorer 3 and 4. Those versions are 11 and 12 years old and open the user to attack. Apple's Safari browser may experience problems as well. You can find out why in the story at Networkworld. Perhaps this is a move other e-commerce sites -- and bankers -- could take to mitigate risks.

Learn how to ensure application service levels in retail banking
Join DataSynapse and John Hasson, international banking expert, to discuss the challenges facing retail banking IT in ensuring that SLAs are met or exceeded, and that end-user experience standards for applications, such as CRM, Internet banking, loan and mortgage applications, risk reporting, and offline batch processes are consistently high. Register here.

Google's Blogger Under Attack
The CAPTCHA device designed to prevent automated scams from completing new account registrations on Google's Blogger.com service is being successfully defeated in a mass botnet attack. Many of the Blogger pages created by the botnets are harmless purveyors of spammer goods, but some include malicious JavaScript that redirects visitors to other spam sites. CAPTCHA access security in the registration pages for free email accounts hosted by Google, Yahoo and Microsoft is also being compromised, making the creation of new spam-generating accounts easy. PC World's Business Center has more on this story.

Jargon Watch -- CAPTCHA
Completely Automated Public Turing Test to Tell Computers and Humans Apart -- This term was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. A user signing up for some type of service over the web would see a graphic of distorted text and have to type that text into a box to be approved. A human could read the distorted text, a computer could not. "Turing," by the way, is a reference to Alan Mathison Turing, an English mathematician (1912 - 1954) involved in the breaking of Germany's Enigma codes during World War II. For more, see the CAPTCHA site.

High-Tech Retention
There are still more positions for highly qualified high-tech personnel than there are people to fill them. When you have talent, you need to keep it. Robert Half Technology, an IT staffing consulting company, surveyed 1,400 CIOs to see what they feel is needed to improve retention. Compensation is on the list. For the other two critical elements, read the story at Networkworld.

Hacked Company Plans Major Upgrade
Hannaford Bros. Co., the Maine-based grocer who suffered a recent network intrusion that compromised up to 4.2 million card numbers, held a news conference this week to announce plans to invest millions of dollars on IT security in the next 18 months. The improvements will include intrusion-prevention systems and installation of improved PIN-pad card-reader devices with encryption support. The company said it is putting "military- and industrial-strength" controls into their systems. Computerworld has more information on Hannaford's plans, and the companies that will be involved as the upgraded systems are deployed.

Dangerous Drive-by Download
You have read about the Rock Phish gang in Tech Talk in the past. This group is now delivering a drive-by download. The user has to do no more than visit the malicious website to get infected with the Zeus Trojan, which will capture screen shots, passwords, and more. You can read about Rock Phish and these new attacks at the PCWorld Business Center.

Patched Over
Microsoft has provided two new patches for critical holes in Internet Explorer and most versions of Windows. These are re-issued patches for a vulnerability known as the "data stream handling memory corruption vulnerability" which was supposed to have been corrected in the April edition of Patch Tuesday, and for .NET vulnerabilities. Networkworld has more.

XP SP3 Due Next Week
Windows XP Service Pack 3 is set for download beginning April 29. Business customers will have earlier access through their MSDN and TechNet subscriptions. Details are scarce, but InformationWeek has a short article with links.

Will XP Exit in June?
Microsoft had extended the offering of Windows XP until June 2008. They then extended it again, but only for specific low-power computers that can't handle Vista. In a Thursday press conference in Europe, Microsoft's Steve Ballmer offered hope to those who want XP's lifecycle extended. However, Microsoft's public relations firm says there is no change in the official stance on XP availability. Read more about Microsoft's response to Ballmer's comments in Networkworld.

Hotmail Turns Cold Shoulder to Outlook Express
Many people enjoy using Hotmail but use Outlook Express, Microsoft's aging email client, to access their messages. That relationship is coming to an end in June. Microsoft wants Outlook Express users to migrate to Windows Live Mail. Even Outlook users may need to make some adjustments to keep their access to Hotmail accounts. Why the changes? Are there downloads available to keep using Hotmail? It's all in the PCWorld Business Center article.

Storm Passes, Microsoft Takes Credit
You've read many times in Tech Talk about the Storm Trojan botnet. Microsoft reports that the Storm has passed and they believe they deserve credit. Microsoft's Malicious Software Removal Tool disinfected so many bots that the hackers using this malware have decided to move on. For more on the strategy used, read the story on Networkworld.

For a contrarian view, read this Computerworld article.

Vista SP1 Released
If you have adopted the Vista operating system and have automatic updates turned on, Service Pack 1 will begin its install. Prior to SP1, Vista users had to manually select the downloads to install. Microsoft is hoping that the bugs and glitches being repaired automatically will bring in new users of the system. InfoWorld has more on this story.

112 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of April 14, 2008, lists 53 High and 54 Medium weaknesses, 5 Low security gaps. High severity security faults were listed for Cisco -- Network Admission Control, Mozilla, OpenOffice, and Oracle, among others.


Subscribe to Tech Talk and BOL Tech Advisories

In the Banker Store
ORDER TODAY
CD ROM Training
Implementing the Red Flag Guidelines
FACTA: Responding to Identity Theft (Video)
Video Training
FACTA: Responding to Identity Theft
ORDER TODAY
CD ROM Training
e-Disclosures, ESIGN, UETA and Regulatory Changes
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.