March 20, 2009
Update covering March 13 - 19, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about hacked ATMs, a critical claim deadline, and more.
Our selections from this week's tech news:
- ATMs hit in Russia
- Heartland claim deadline
- Update on Conficker
- Spousal cyberspying
- Cloudy security picture
- Internet founder victimized
- Leak@comcast.net?
|
- Phony disaster news emails
- Patch possibly poor
- IE8 debuts
- Chrome back in beta
- iPhone updates promised
- Socially risking privacy
- A digital digit
|
Get the details below.
|
|
Join ...
Susan Orr
for a 2-hour
LIVE Webinar
Several risks glare at you when you mention a breach. There is the financial loss, there is the reputation risk, and you know there will be examiner oversight. Your bank is particularly vulnerable because of the very nature of this business. You have information that thieves want.
This webinar will cover the key regulatory requirements including state level data breach notification laws and focus on the key elements of an Incident Response Plan.
Can't attend?
Order the CD ROM of the program now. |
Diebold ATMs hacked
How secure is the access to the operating systems on your ATMs? Are your security passwords changed regularly? Diebold recently released a global security update for its Opteva ATM line, after a hack attack on machines in Russia. The attack inserted malware capable of intercepting "sensitive information." If you haven't yet upgraded any Opteva machines in your network, push the fix up on your priority list. Get details in this Computerworld story.
Visa sets deadline for Heartland claims
Heartland Update: Visa has taken Heartland Payment Systems off its list of compliant service providers. And very important to you is Visa's May 19, 2009 deadline for claims. Sponsoring banks will also be assessed a penalty, according to this Information Security Resources story, where you can get the details.
Heartland is also now facing a class action lawsuit from its investors who've lost money as a result of the data breach. ComputerWeekly has this story.
In a recent filing with the SEC, Heartland reveals a bit more background on the aftermath of the data theft. So far, it appears the company hasn't set aside any reserve for pending lawsuits. That, a list of agencies investigating the data breach, and more are discussed in Evan Schuman's StorefrontBacktalk newsletter.
What lessons can we learn from the Heartland breach -- and others -- that may help us improve our own security measures and those of our vendors? Cloakware, a software security company, lists five common faults in securing cardholder data in this PR Newswire release.
Conficker/Downadup is just nasty
The newest variant, Conficker.C, does everything from shutting off your security program to stopping you from logging on to security websites. Plus, your system gets infected by a Trojan. Enough said. Read CNet News.com.
Woman charged with cyberspying on ex
Dana Thompson thought her husband was cheating on her. She installed a keylogger on his computer to catch him in the act. After a divorce, she thought he was involved in illegal online activity, and she spied on him again. Now she is being charged with a felony and could face up to 20 years in prison. The Austin American Statesman has more on this crime.
Assessing cloud data security
The Federal Trade Commission hosted a two-day meeting this week to discuss the merits of cloud computing and whether additional security regulation would prove beneficial or harmful. Among the topics discussed were the patchwork of international, national and state data security laws, identity theft, and warnings from privacy advocates about huge data repositories such as Google. A CNet News article provides details on the FTC meeting, as well as information on international discussions on cloud computing.
Cybercrime bites owner
Well, Tim Berners-Lee isn't the "owner" of the World Wide Web, but he is credited with "inventing" it. At least he developed the idea twenty years ago that has led to what millions use and depend on every day. Berners-Lee was also a victim of cybercrime. By his own admission, it wasn't much, but it is still a shame. Read ITWorld for more.
In fact, last Friday was the Web's 20th birthday of sorts. You can read a little history that you may have lived through, in NetworkWorld.
|
Compliance doesn't need giant budgets
Use the "collective approach" by combining the requirements of various regulations and addressing them collectively. For instance, both GLBA and FACTA require risk assessments and comprehensive program documents that address similar issues. Similarly, both GLBA and PCI DSS require comprehensive penetration testing. Get compliance right. Call us at 305-447-6750 or write to us at info@emrisk.com. Enterprise Risk Management
|
Comcast email passwords leaked
A Comcast email customer stumbled upon a list of 8,000 leaked Comcast usernames and passwords that had apparently been posted on a document-sharing website for two months. After culling out duplicates, Comcast estimates that only about 700 actual users were affected, and their email accounts will be frozen, presumably until logon credentials are updated. Read more, including Comcast's response in a comment to the CNet news article.
Personalized news with a punch
"There has been a bomb explosion in your area. Are you OK?" Would you open and read an email like that? Some hackers are betting many people will. It may be time to advise your customers and employees that this is a scam. Read more on how malware is being delivered this way in CNet News.
Microsoft accused of useless patch
Tyler Reguly, a senior security engineer at nCircle Network Security Inc., said one of last week's patches from Microsoft simply was not a patch. He accuses Microsoft of putting the function of a program over the security that should protect the user. Which patch does Reguly think was a waste of time and effort, and why? You'll have to read Computerworld to find out.
Internet Explorer 8 released
Microsoft began its release of its long-anticipated Internet Explorer 8 on Thursday, along with claims that the new version is more secure than rival browsers Firefox and Chrome. Microsoft is also touting improved performance and new features in its latest campaign in the ongoing browser war. You'll find more information in PCWorld.
In the meantime, it appears that a German researcher has already hacked IE8, notwithstanding Microsoft's claims of increased security in the new release. Computerworld has that story.
Chrome 2.0 is faster
Google came out with the Chrome browser and has now decided to enhance it, in order to be more of a competitor in the browser wars. Chrome 2.0 is in beta and is reported to be twice as fast as Chrome 1.0. For more on the speed enhancements read Computerworld.
iPhone to get another makeover
Apple's iPhone will grow up a bit more this summer, when version 3.0 software will be released. Apple announced plans for the next iteration of its iPhone/iPod Touch operating system at a media event Tuesday. Key enhancements will include data push, copy and paste, MMS and improved calendar synch capabilities, along with improvements to the user interface. Many businesses have already included iPhones in their smartphone stables, but will the 3.0 upgrade include everything that enterprise data managers are looking for? Perhaps not, suggests a CIO article.
|
On the lighter side ...
Have you ever been frustrated trying to park? What about waiting for someone else to park so you could move?
What would your frustration level be if you were here? Check out this YouTube video.
|
Social networking risks
In today's information-rich society there are risks hiding behind each mouse-click. People feel the need to blog and post the latest information on sites like Twitter, LinkedIn and Facebook. With a little linking these social sites can become interconnected. Say the wrong thing, and you may end up trying to unring a bell. You just can't "take it back." Read more on the risks of social networking and dealing with them in PCWorld.
And read how one person stepped on his Twitter and tweeted himself out of a job. This small article with a big message is on NetworkWorld.
Believe it or not, a real "thumb drive"
Jerry Jalava lost a finger in a motorcycle accident. This Finnish programmer decided to replace the lost digit with a thumb drive. Technically it is a finger drive. Carrying your important documents this way is certainly "handy." Photos are included in this PCWorld article.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
