BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
May 16, 2008
Update covering May 9 - May 15, 2008

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about payments, service packs, phish stew and more.


You'll read about:
  • mobile digital wallets
  • the FTC's interest in contactless payment
  • worries over counterfeit parts
  • rootkits that defy detection
  • problems with XP SP3
  • this month's updates from Microsoft
  • a service pack for Office 2007
  • crooks foiled by a webcam
  • a big spam verdict
  • a taste of cellular spam
  • a fine kettle of phish
  • card info stolen from restaurants
  • tiny terrors in Texas
  • US-CERT's latest vulnerabilities list
  • a humorous look at the Help Desk
Get the details below.

Join Susan Orr to learn about the tools used by today's ID thieves and the controls that should be considered as your institution designs its ID Theft Prevention Program. With new requirements for implementing a written ID Theft Prevention Program looming, and the threat landscape changing so rapidly, it's essential to stay current.
Change Your Game with AT&T
Change critical apps at the office to power tools at your fingertips. Change your game. With mobility solutions from AT&T.

For more information please visit att.com/business.

My phone is my wallet
Bill Gates talked about the digital wallet years ago. The concept is becoming more of a reality, with cell phones being used to make purchases in Tokyo and London. Find out what works, when it will be more widely accepted, the critical mass that is needed and more, in this Reuters article.

FTC looking at contactless payment
The Federal Trade Commission has announced a "Town Hall Meeting" in July to "explore emerging uses of contactless payment devices and their implications for consumer protection policy." The FTC plans to discuss types of contactless devices, consumer awareness of their capabilities and risks, security and privacy concerns and emerging practices and technologies. For more information, read the FTC's press release.

The FBI is worried — should you be?
Last February the FBI broke up a ring selling counterfeit Cisco networking components and seized $3.5 million dollars worth of phony parts made in China. Some of the components that had already been sold went to the U.S. military and the FBI. A leaked FBI presentation suggests that the equipment could be a threat to the systems running on it. The PCWorld Business Center has the story.

Stealthy rootkit could endanger your data
Researchers developed a System Management Mode (SSM) rootkit that is able to hide from current antivirus programs. It comes with software that could allow your computer to be monitored by hackers. For more on what these rootkits can do, where they hide and why you should be concerned, read the article at InfoWorld.

There is a related story about a security researcher who has written a malicious rootkit for Cisco routers. Once installed, it could be used to monitor web or network traffic and control the device. The PCWorld Business Center has this story.



XP SP3 may cause reboot loop snafu
Even though Windows XP Service Pack 3 was released, pulled back for refinement and re-released, it still seems to be causing trouble. Reports show that some computers can't complete the boot process and fall into an endless reboot loop. Before you rip your hair out or do something desperate like reformatting hard drives, read Computerworld and review Jesper Johansson's blog about the problem. If you haven't already installed SP3, read Johansson's blog first!

Patch Tuesday bundle delivered
This week's Patch Tuesday updates from Microsoft included four security bulletins addressing six security flaws in MS operating systems and the MS Office software suite. Microsoft labeled three of the updates "critical." For more information, read Brian Krebs' Security Fix blog.

Office 2007 update set
Microsoft has announced that Office 2007 Service Pack 1 will be released starting on June 16. If that sounds familiar, it should. SP1 has been available for manual downloads for about five months. The June date is when Microsoft will move SP1 to its automatic update service, so it will get pulled down for installation on a lot more machines. For more information on the distribution, read the InformationWeek article.


Thieves on candid camera
A laptop was stolen from its owner in New York City. That isn't news, but the recovery of the property and arrest of the thieves is certainly newsworthy. The laptop's owner, Kait Duplaga, works at an Apple store, and had some tricks up her sleeve. She remotely accessed the webcam and other applications on the laptop to get pictures of the thieves and help police track them down. The New York Times has this and similar stories about recovering stolen laptops.

$234 Million for Spam
Two spammers hijacked MySpace accounts and sent 730,000 spam messages. MySpace wanted justice and received it via this record judgment of $234 Million. This was a civil suit, and collecting the money may be easier said than done. Read more on ChannelWeb.

Cell spam is here
If the bills for your cell phones are rising, spam may be part of the problem. Spammers are increasingly using text messaging to sell their products. Many cell phone plans charge for text messages and the user may be asked to pay. What can be done? Read the article at the International Herald Tribune.

On the lighter side ...

Before Help Desks in the Information Age, there were the Middle Ages. Have you wondered what the Help Desk had to handle in medieval times? This YouTube video has a humorous clue. You might recognize one of your end users in a starring role.

If you can't "tune in" YouTube at work, click on "Email This Article!" at the top of this page to forward yourself (and a friend) a link at home.

Phish du jour
If there is one certainty in the world of phishing, it is that scammers are ever alert for events they can twist to their malicious purposes. Two of the latest scams are no exceptions to that rule. In an "Economic Stimulus Payments" scam described in InfoWorld, a bogus IRS email tries to dupe recipients into supplying bank account information to "speed up delivery" of a taxpayer's stimulus payment by direct deposit. A relatively new entry into the phishing game is gasoline-related spam, described in an SCMagazineUS article. There are also scams capitalizing on human suffering in the wakes of the Myanmar cyclone, recent weather and fire-related tragedies in the U.S., and the earthquake disaster in western China.

Finally, the United States Tax Court has posted an alert on its website about spear-phishing emails purporting to originate with the Court. You might pass that tidbit along to other members of your institution's management team.

Hackers charged in restaurant job
It took them a while to get the kinks ironed out, but three men charged this week with fraud, computer hacking and wire fraud conspiracy allegedly managed to steal details on 5,000 payment cards, and run up at least $600 thousand in fraudulent transactions. The trio reportedly installed "sniffer" software on point-of-sale servers at 11 "Dave & Buster's" restaurants across the country. One of the group, Maksym Yastremskiy, has been held in Turkey since July and is considered among the largest international distributors of stolen bank-card information. CIO.com has the rest of the story.

Houston, you have a problem!
Be grateful this week if you don't work in the Houston, TX, area. Unless you've missed the network news this week, you've heard about "crazy Rasberry ants" that are raising havoc with electronics all over the Houston area. They have attacked sewage pumps, computers and fire alarms, and so far have defied conventional extermination methods. The Chicago Tribune has this story.

59 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of May 5, 2008, lists 33 High and 25 Medium weaknesses, and one Low security gap. High severity security faults were listed for Redhat Linux, Sun Solaris versions 8, 9 & 10, and Yahoo! Assistant 3.6, among others.


Subscribe to Tech Talk and BOL Tech Advisories

In the Banker Store
ORDER TODAY
CD ROM Training
Implementing the Red Flag Guidelines
FACTA: Responding to Identity Theft (Video)
Video Training
FACTA: Responding to Identity Theft
ORDER TODAY
CD ROM Training
e-Disclosures, ESIGN, UETA and Regulatory Changes
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.