January 16, 2009
Update covering January 9 - 15, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about mini-debits, Windows 7, patches and more.
Our selections from this week's tech news:
- Small entries that mean big troubles
- Info for road warriors
- Email gaffe in Chicago
- Debut of Windows 7
- One patch from Redmond
- Plenty of patches from Oracle
- Programming errors to avoid
|
- Worm's increased threat level
- Resurgence of botnets
- Predicting increase in cyber attacks
- Phishing without email lures
- YouTube email scams
- Watching Nortel news
- and on the lighter side...
|
Get the details below.
|
Join ...
Dan Fisher and
Paul Carrubba
in a 2-hour
LIVE Webinar
Bankers don't have to "fly blind" any more as they plan for, design, develop and deploy remote deposit capture for their customers. The much-anticipated Guidance document from the FFIEC has finally been released.
Learn about the concerns and issues that regulators have with RDC, and what you need to address as you design or revise your RDC offerings.
Can't attend?
Order the CD ROM of the program now. |
Beware the small things
It's time once again to alert customers (and your customer service staff) about the dangers of unexplained small transactions (under $1) that appear among other credit card or debit card transactions on customer statements. Those little transactions, which customers and service staff might ignore or adjust and forget, could be harbingers of bigger things to come. In his Security Fix blog, Brian Krebs suggests that those mini-transactions are just tests to see if a compromised card number still works, and mean that the number will likely be used by a cyber crook with bigger plans for your customer's account. That means you should probably view these entries as warnings to shut down the account and issue new cards.
Mobile Information
Your bank likely has people working in the field, an officer call program, lenders calling on businesses, and marketing officers developing relationships. You may be using Dunn & Bradstreet reports now to get financial information on companies you do business with in advance of those calls. Hoover's, a D&B company, has information on databases available now for mobile access. Company, sales, financial information and more is available in various mobile apps. Read more from CNet's CES 2009 coverage.
Speaking of mobile applications, did you know that WebEx is available for the iPhone? ZDNet has this update.
Email oops
Remember being told to "check email addresses and attachments before you click send"? Someone in the U.S. Attorney's office in Chicago is wishing they'd remembered the rule before they sent a list of names of 20 confidential informants to the media. Read about this snafu in Computerworld.
Windows 7 in delayed reveal
We told you the Windows 7 beta was scheduled to be released last Friday. Well, that didn't happen. Microsoft delayed the release because of "very heavy traffic" on their website. Oops. What were they expecting? Read more in Computerworld. The release was finally available Saturday, as Computerworld reports here.
The first patch to the beta product has already been issued. The fix, available on Windows Update since Tuesday morning, addressed problems with MP3 files. Read more about the problem and suggestions from Microsoft to protect MP3 files in a CIO.com article.
A Windows 7 tool may provide an answer for those whose main complaint about Windows Vista has been their inability to run legacy applications on new operating systems. According to an insider blog, Microsoft will use MED-V, part of its Microsoft Desktop Optimization Pack, to create Windows XP or 2000 virtual environments on Vista or Windows 7 machines. NetworkWorld has more on this story.
Don't ignore Microsoft's patch
Microsoft only issued one Security Bulletin for this week's Patch Tuesday, but the patch it delivers should not be taken lightly. The potential exploits of the weaknesses covered by the patch don't require that passwords be used by a hacker to compromise a machine or launch a denial-of-service attack. Read more in the TechWorld article, if you need convincing that the patch shouldn't be put on the back burner.
Oracle's big update collection
Oracle also issued patches this week, and more than made up for the fact that Microsoft only released one. Oracle released 41 security patches you should be reviewing, testing and adding. Computerworld has details.
Top 25 programming errors
Homeland Security recently completed a three-year project. They organized participants in what became the Common Weakness Enumeration project, listing the top 25 programming mistakes. These are often the root cause of major security problems. Understanding the problems helps to both resolve them, and avoid making the same mistakes in the future. See what made the list at NetworkWorld.
Conficker.c now an Orange threat
Panda Security recently increased its threat warning level to Orange on the "Conficker.c" worm (a/k/a Downadup), which is increasingly exploiting a Microsoft Windows bug. The increased threat level is ironic, because a patch addressing the worm was available two months ago (see story above: Don't ignore Microsoft's patch). ITWorld has this story.
One researcher at Finnish security firm F-Secure Corp. estimated that 1.1 million additional PCs were infected by the worm in one 24-hour period this week. That update can be found at CIO.com.
On the lighter side ...
What can we say. Some days you feel like an owner, and some days you feel like a dog. Enjoy this YouTube clip.
|
Botnets rising from the ashes
With the unwinding of the Storm worm botnet in September, the end of McColo in November and the death knell for Bobax in December, you might feel that the world has become a safer, less-spam place. Unfortunately, it's time to look over your shoulder to see the new spam botnets rising from the ashes of 2008, and the newbies are more sophisticated and harder to shut down. The new names on the spam roster include Cutwail, Pushdo, Donbot, and Cimbot. Find out how the new spam botnets have spread so quickly in this Security Fix blog entry.
Major news breeds cybercrime attempts
Next Tuesday is, of course, Inauguration Day. There is a lot of buzz on the Web, and there is already a significant increase in phishing, spam and malware. Cybercrime attempts often coincide with major events, and the Obama inauguration is huge news. If you haven't already sent out a general warning to your staff or added one to your website, it's not too late. US-CERT has some hints you can include in your alerts.
Phishing with the web
A JavaScript vulnerability in most web browsers can be used for "in-session phishing," a new form of phishing attack that doesn't depend on email to deliver its lure to vulnerable phish. The trick uses a pop-up window that emulates a security alert and asks for password and login information. According to the NetworkWorld article, Amit Klein, the chief technology officer at security vendor Trusteer, has notified browser makers of the flaw.
Links to YouTube can be infectious
YouTube's message sending system is apparently being abused by crooks in attempts to infect user computers with malware. Messages announcing that someone has posted a video of the user include links that download a strain of the Autodelete.G virus. Panda Security describes how the scam works.
Nortel shops watch and wait
If you have Nortel equipment in your shop, you may be concerned about news that Nortel has filed for bankruptcy protection. Things may not be all doom and gloom, though. Most Nortel users are taking a "wait and see" approach. For more information, read this NetworkWorld article. For a Q&A discussion about Nortel's decision, see NetworkWorld's FAQ.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
