May 22, 2009
Update covering May 15 - 21, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about passwords, lost ID data, wireless networks, and more.
Our selections from this week's tech news:
- A password checking tool
- Facebook targeted by phishers
- Your secret's out!
- Transaction data for sale
- Government loses ID data
- Wireless weakness woes
- When Google gulped
- Third-party storage risks
|
- Gumblar goofs Google searches
- An Internet server alert
- Hints for vishing training
- Adobe goaded into patches fix
- Leaked Office 2010 copies
- Macs open to attack
- Free PDF to Word conversions
- and on the lighter side...
|
Get the details below.
|
|
Join ...
Paul Carrubba
&
Dan Fisher
for a 2-hour
LIVE Webinar
Ready to take the plunge into offering RDC services? We know more than ever before about what works smoothly, what doesn’t, and what regulatory expectations are. One of the regulatory expectations is that you ensure it fits with your business strategies and you understand what the ROI is likely to be and what the risks are. To do so, you need to understand what prospective vendors are offering you and choose wisely. This webinar will help you do just that.
Can't attend?
Order the CD ROM of the program now.
|
Checking password strength
You, your employees, and your customers know (or should know) that a strong password is necessary for better security of confidential bank and customer information. Microsoft has an online password checker that rates a password from "Weak" to "Best." Test your password and have others test theirs. You can find more on this story, including a link to the checker, in the washingtonpost.com.
Strong passwords may be hard to remember. BOL's Digital Register may be the solution you need.
Passwords harvested at Facebook
Not only is having a strong password important, it can be equally important to use different passwords for different websites (or different applications in a work environment). Facebook users are being tested by a new round of attacks, says Kevin Haley, a director on Symantec's security response team. Phishers are betting that the users' Facebook passwords work elsewhere, and that may be where their phishing efforts pay off. Computerworld has more on this.
Are secret questions secure?
One way to beef up authentication of user logon attempts is to use secret questions that request "out-of-wallet" information -- the name of a first pet, brand of first car, grandmother's maiden name and the like -- that was entered by the user when establishing the online relationship. A study released this week suggests that the technique doesn't protect user passwords very well at all. PCWorld has more information on the study's findings.
For background information on authenticating customer logon attempts, see Making Sure Your Customer Authentication Method is Commercially Reasonable, at BankersOnline.
Is your customers' info for sale?
Mint.com is a legitimate data aggregator. Your bank customers use sites like it to see all their financial information in one place. That often means that the aggregator has your customer's banking logon information, which may be a concern if the aggregator's security gets compromised. It's also possible that customer information will be sold. While Mint.com says any data it sells won't be identifiable by customer, the company may provide access to aggregated transaction information to generate additional revenue. That is a data-miner's dream. Read more about it at Bloomberg.com.
One of the aggregators -- Rudder -- inadvertently shared much more than aggregate data. Some users of the service were able to see other users' confidential information for a short time this week. TechCrunch has the details, including Rudder's response to the data leak.
Drive with ID data lost
The U.S. National Archives has posted a $50,000 reward for a missing external hard drive that includes the names and Social Security numbers of Clinton administration staff and visitors. More than 100,000 individuals may be affected, according to a story in PCWorld.
In another embarrassment for government -- a wonderful example of "Do as I say, not as I do" -- the IRS has again been taken to task for sloppy security. A recent audit report of the agency and its document disposition practices revealed that old taxpayer records were being tossed out like yesterday's newspapers -- intact. Read Security Fix for more information and a link to the report, which will provide terrific examples of what NOT to do.
Wireless insecurity
AirTight Networks has released the findings of a survey they completed on wireless security. The "Financial Districts Scanning Report" is the result of their work in New York, Chicago, Boston, Wilmington (DE), Philadelphia, San Francisco and London. They report that 57 percent of scanned networks were not secure. Other concerns noted in the report, along with suggested solutions, can be found in this informative AirTight Networks press release.
Lessons from Google's traffic mess
Google suffered a 90 minute service outage last week caused by an Internet traffic routing problem. While many web users don't see it as a major event, for businesses whose operations depend on the use of Google tools, it was. Does the Google traffic jam show that cloud computing has a long way to go, and that backup systems are needed? You can read more on this outage as a lesson to be learned at PCWorld.
Online storage going offline
Just a few years ago, online data storage was very popular. However, the business models for several of the firms offering to store data don't seem to have overcome negative issues, and more of the online storage sites are shutting down. Where will the users' data go, how much notice will they get, and how confident are they that their data will remain secure? The future of this aspect of cloud computing is cloudy indeed. PCWorld has more.
More problems for Google
Google search results are being infected with malicious links in an attack dubbed Gumblar. More than 3,000 websites have already been infected by the attack, which involves stolen FTP logon credentials obtained from user PCs with unpatched systems via PDF and Flash weaknesses. CIO.com has more on the Gumblar threat.
Microsoft alerts Internet server users
Microsoft has issued a security advisory for users of its Internet Information Services (IIS) server configurations. The vulnerability could allow an anonymous user to access protected data on the server. The InformationWeek article suggests that users of IIS versions 5, 5.1 or 6.0 are potentially at risk, and provides steps to control the risk and a link to the Microsoft advisory.
Vishing for vishing info?
Vishing is in the news. The Federal Trade Commission is pursuing lawsuits against telemarketing firms and a company pushing a bogus automobile warranty scam. The companies allegedly used spoofed caller ID numbers to trick consumers. They used vishing -- social engineering techniques for stealing money or confidential information using telephone calls. CNET has a quick FAQ article that you can adapt to provide information on these scams to your employees and customers. Ironically, we received two of the car warranty calls this week, and hung up.
Adobe alters its patch plans
Adobe received lots of criticism in February for its delays in patching a key weakness in its PDF Reader. Apparently, that criticism and perhaps some government prodding have sparked an overhaul of Adobe's security and patch efforts. The firm announced an effort to clean up older code, get patches out more quickly, and, perhaps most noteworthy, schedule regular release dates for security updates to Reader and Acrobat. Beginning this summer (the date hasn't yet been announced), users can expect a regular quarterly patch cycle, aligned with Microsoft's "Patch Tuesday." Read the details in Brian Krebs' Washington Post Security Fix blog.
|
Office 2010 knockoffs
Microsoft Office 2010 is not officially available yet. However, a pirated copy has made its way to the usual file-sharing sites. After Windows 7 was leaked and copies later were found to carry malware, you'd think that people, even those eager for the "next big thing," would recognize the danger. For more information on illegal copies of Office 2010, how many might be out there, and more, check out Computerworld.
On the lighter side ...
Last week we watched popcorn pop when surrounded by ringing cell phones. Well, it wasn't real. But this week we want to look at what you really can use a cell phone for on a daily basis. Well, almost. YouTube has the video.
|
Mac OS X Java weakness
SecureMac.com, a security consulting firm, has issued a warning for an allegedly unpatched Java security gap in Apple's Mac OS X, including last week's update to version 10.5.7. According to the firm's critical warning, the vulnerability makes Macs susceptible to "drive-by downloads" of malware when visiting infected websites. Read the CNet article for more information and a workaround that can insulate Macs from attack.
According to an article in ComputerWorld, Sun Microsystems fixed the flaw in December, but Apple has yet to include the Sun fixes in its updates.
PDF to Word
While Tech Talk is more about news than utilities, we thought you might be interested in this. You know Microsoft Word documents are easily convertible to PDF documents, but have you ever wanted to reverse the process? There is a free service allowing PDF conversion to Word format. Read more about it and get the link at the washingtonpost.com. [Editor's note: We submitted a two page Federal Register PDF document to the service, and although it took a couple of hours for the Word file to appear in our inbox, the results were impressive, and included the columnar format, headings, tiny font size, etc., expected on a Federal Register page.]
|
Print Friendly Version!
Email This Article!
Discuss NOW!
