May 29, 2009
Update covering May 22 - 28, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about ID theft, termination, Caller ID and more.
Our selections from this week's tech news:
- Identity theft in 2008
- Big thefts from tiny deposits grow
- Post-termination thievery
- Careful bank has big losses
- Verifying foreign card use
- Spoofing Caller ID
- Old cell phone in new scam
- New security for cell phones
- Reviewing data security strategy
|
- Microsoft's Vista upgrade
- Google buffs up Chrome again
- Packing Windows 7 into netbooks
- Demise of Office 2000
- a BBerry security alert
- Microsoft DirectX security gap
- Resources for IT risk management
- Marshals' email arrested
- and on the lighter side...
|
Get the details below.
|
|
Join ...
Paul Carrubba
&
Dan Fisher
for a 2-hour
LIVE Webinar
Ready to take the plunge into offering RDC services? We know more than ever before about what works smoothly, what doesn’t, and what regulatory expectations are. One of the regulatory expectations is that you ensure it fits with your business strategies and you understand what the ROI is likely to be and what the risks are. To do so, you need to understand what prospective vendors are offering you and choose wisely. This webinar will help you do just that.
Can't attend?
Order the CD ROM of the program now.
|
ID theft trends—good news and bad
Thirty-nine percent of ID theft victims were hit with fraudulent charges to debit and credit cards in 2008, more than double the 2007 rate. The good news in a new study from the Identity Theft Resource Center is that more victims are learning about the theft of their identities by detecting bogus transactions or credit report entries themselves, or from notices from companies or government agencies, rather than from collection agencies or research after a credit denial. Perhaps both consumers and businesses are more alert to signs of identity theft. For more about the study, read PCWorld.
Aetna's recent notice to 65,000 current or former employees is one example of a business's proactive efforts to prevent ID theft following a data breach. Read about Aetna's response in Computerworld.
| BOL's ID Fraud/Phishing Center has a wealth of information relating to identity theft scams and tools. Our Red Flags Special Edition is a compilation of articles, discussions and tools focusing on complying with the federal "Identity Theft Red Flag and Address Discrepancy" regulations affecting banks and other financial institutions. |
Pesky little deposits add up
When your customers sign up for online brokerage accounts, the brokerage firms verify the deposit accounts, usually with a small deposit. While these pittances typically range from $.02 to $2, Michael Largent (many of you will recognize the irony of his last name -- "l'argent" is French for "money") figured out how to profit from them. He wrote a script that enabled him to open more than 58,000 accounts. Before you say this sounds like a great idea, read the rest of the story and hang on until Largent is sentenced later this year. The details are in Computerworld.
Access after resignation means trouble
When an employee leaves your bank, how long does it take before access to facilities and systems is terminated? You can bet it will be faster at California Water Services Company from now on. Abdirahman Ismail Abdi resigned from his position as auditor there. Nine hours later, he still had access to two buildings and to an executive's computer in each, which enabled him to defeat dual control requirements and wire himself $9 million. Read more on this case in CSOOnline.
Bank sues over $16M loss
Merrick Bank claims that it lost $16 million because hackers were able to penetrate the unencrypted servers at CardSystems Solutions. Savvis, a Visa-certified professional service firm, had recommended that CardSystems be recognized as compliant with Visa's security protocols. Merrick alleges that Visa's certification led to their use of CardSystems, and is suing Savvis in federal court to recover its losses. The suit alleges that 40 million credit card accounts were compromised. You can get more details on this story from the Courthouse News Service.
Making foreign credit card use safer
Bankers know that when a customer is in the U.S. and they see debit or credit card use in Russia, they have a claim coming. That is why many banks block transactions from foreign countries unless their customer has told them in advance of foreign travel plans. Ericsson has a proposed solution that would help banks verify that a customer's cell phone is in the same area as the transaction. That can help verify that a foreign transaction is valid. Read more on this proposed use of technology at Computerworld.
Do you know who I am?
In the Diane Lane movie thriller "Untraceable," the FBI couldn't track down the killer because he was using a spoof card to disguise his telephone number. Teens also used a spoof card in a recent "Law & Order SVU" episode. Entertainment value aside, criminals are now using these cards to validate credit cards. Does your bank use caller ID to "know" that you are talking to your customer? Read more on this in Computerworld. Be sure to review the comments in "What People Are Saying" below the blog entry.
Should you fear the Nokia 1100?
The Nokia 1100 is an older-style cell phone. But if you are worried about mobile banking, you may have good reason to fear the 1100. It can be reprogrammed to use the banking customer's cell phone number, and intercept special authorization and SMS messages. The fact that one of these old phones recently sold for over $7,500 makes the threat even more credible. If you are considering mobile banking or offer it now, you must read this PCW Business Center article.
Remote wipe for lost phones
Kaspersky Lab has announced new security features in an update to its Mobile Security software. Version 8.0, due next week, will have new data protection and deletion options that can be used if a phone is lost or stolen. One new capability will allow the tracking of a stolen handset even if the SIM card is replaced. For more information, read Techworld.
Another take on enterprise data security
Today's budget pressures require that data security managers reevaluate how they allocate available funds to their efforts to protect the information entrusted to them. A recent CIO.com article provides an overview of enterprise data security, including what tasks to focus on, spending priorities, getting management support, and more. Read CIO.com's Security Drilldown article.
Vista SP2 downloading now ... sort of
Microsoft has made Windows Vista Service Pack 2 and Windows Server 2008 available for download. Links to the hefty full-system downloads are in this short article, which also includes a link to more information on the service packs, where you can also obtain a service pack blocker to delay automated delivery until you've had a chance to test the service pack for compatibility with your systems. Get all this at ZDNet. Note: SP2 has not yet been made available at the Windows Update site for conventional (and less bulky) downloads to individual machines. That step is expected in the next few weeks, perhaps as soon as Patch Tuesday, on June 9.
Chrome 2 adds polish
Google is providing upgrades to its Chrome browser. Chrome 2 is being rolled out, and Google claims it is 30 percent faster at rendering JavaScript-heavy pages and allows thumbnails to be hidden. The latest version also has forms autofill. You can read more on Chrome 2 in PCWorld.
Windows 7 on netbooks
Information is being leaked that Microsoft will offer a version of Windows 7 specifically for netbooks. But Microsoft is dictating the machine specifications to ensure there is adequate power. You can read more on the specs and Windows 7 versions to be available later this year, in Computerworld.
If you are beta testing Windows 7 to check out the new operating system and your programs, be aware that on July 1, you'll start experiencing some planned erratic system behavior. Read InformationWeek to find out what you can expect, and why.
Office 2000—RIP
Do you have users who are still on Microsoft's Office 2000? If you want to keep the program secure, you may need to isolate their machines, or upgrade. Microsoft is reminding users that this July is the "kill date" for Office 2000. Both support and security updates will stop. Read more on this in NetworkWorld.
BlackBerry issues security advisory
If your bank deploys BlackBerry smartphones that use the BlackBerry Attachment Service, be sure to review Research in Motion's Security Advisory KB18327, issued Tuesday. There is potential for malicious PDF files to corrupt system memory and execute unauthorized code on Attachment Service machines. Read the Advisory for details on systems affected and security patches to download and apply.
Microsoft posts workaround for DirectX gap
Microsoft is working on a patch for a DirectX security weakness that can be used to take over a computer with a malicious QuickTime file. Read CNet news for information on the vulnerable systems and links to Microsoft's security advisory and a workaround to keep you out of trouble until the patch is delivered.
|
On the lighter side ...
Recycled appliances can become great computer furniture. The next time you get a request for a new PC work environment, refer the user to this YouTube video to complete the order.
|
Free risk-management guides
Two free risk assessment guides have been released which may help you tweak your IT security programs. They include ways to establish your corporate security metrics and how to organize and present your findings. You will find more information and links to both documents on TechWorld.
U.S. Marshals offline
The U.S. Marshals Service's computer system was crippled by malware last week. Early reports are that the Neeris worm had worked its way into the Service's computer system. Apparently the system was either offline to stop the spread of the worm, or was taken down by the infection. Either way, the Marshals' email system was down. Interestingly, the Service had paid for upgrades, but the programs installed to defend against this type of an attack were not updated in the last three years. You can read more at NetworkWorld.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
