June 5, 2009
Update covering May 29 - June 4, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about ATM malware, an unplugged ISP, pending patches and more.
Our selections from this week's tech news:
- How secure are your ATMs?
- A win for the FTC
- Windows 7 plans
- Securing enterprise email
- A growing malware threat
- DirectX weakness attacked
- Apple patches QuickTime
- Patch Tuesday updates due
|
- Defending against botnets
- Searching with Bing
- Acceptable use -- or not?
- BofA spoofed in spam
- Thief posts own wanted poster
- Was this spam worth the price?
- Reviewing SkyMall gadgets
- and on the lighter side...
|
Get the details below.
|
ATM malware
In our March 20, 2009 Tech Talk we described malware attacks on ATMs in Russia. A recent report suggests there are infected machines in the U.S., although details on networks, owners and locations are not available. Infected machines are all using Windows XP operating systems. The malware captures information on card numbers and PINs and can dump the information on command to the machine's printer. According to SpiderLabs, which provided information for the article, the malware can also be used to make the machine dispense its entire cash supply -- up to $600,000 in some machines. Read CNet Security News for details.
FTC scores a web takedown
The Federal Trade Commission has unplugged a California ISP that provided Internet services for crooks deploying botnets, phishing, spyware and other nasty things. Pricewert LLC, alias 3FN and APS Telecom, advertised its services as a rogue or "black hat" ISP. Early this week, a court approved an FTC request, and 15,000 sites on the 3FN network were shut down. Read Brian Krebs's detailed Security Fix article for details. The FTC's Thursday press release on its action against Pricewert can be found here. Arguing that the Commission's actions were unfair, Pricewert plans to contest the FTC's tactics, according to a NetworkWorld article.
Latest on Windows 7
The newest operating system Microsoft is about to offer, Windows 7, has several varieties. The basic one, Windows 7 Starter Edition, may be the version that will be installed on netbooks. Microsoft, which had been planning to restrict Starter Edition users to no more than three applications open at any one time, has announced it will revise that limit upward. Read more at ComputerWorld.
Windows 7 now has an official release date, too. Check out the plans in TechWorld.
Easy email encryption
One of the problems with encrypted email was that it was just too hard to use and if it wasn't used, it was a cost with no payoff. A recent article reviews three email encryption programs designed for business use. If you've thought about encryption but are concerned about throwing money away, check out the reviews to see how things have changed, in Computerworld.
One company was so confident of its email security product that it offered a $10,000 prize to the person who could hack into its CEO's email account. They even supplied his user name and password. It only took about two weeks for someone to stake a claim on the prize. Read about the challenge at Computerworld.
DirectX attacks on the loose
There have been attacks detected that exploit a vulnerability in Microsoft's DirectX in XP, Windows 2003 and older versions of Windows, such as Windows Server 2003. They attack a quartz.dll hole and a browser plug-in for QuickTime movies. The exploit can work whether or not QuickTime is installed. Microsoft is working on a patch. For more information on the exploit and workarounds, read NetworkWorld.
QuickTime patched
Apple has updated its QuickTime player, including PC versions. The update version 7.6.2 patches ten vulnerabilities. Without the update, a hacker could imbed an image or movie file with malicious code allowing the execution of arbitrary code on an unwary user's computer. You can read more on the update in SC Magazine.
Tuesday forecast
You can expect 10 security updates from Microsoft on Tuesday, and updates to Adobe Reader and Acrobat will also appear in your "To Do" queue. There are six critical patches affecting Windows, Internet Explorer, Office, Word and Excel, in one of Microsoft's bigger patch bundles. The Reader and Acrobat fixes will affect versions 7, 8 and 9. For a forecast that includes the affected systems and software, read CNet News.
|
Gumblar threat grows
ScanSafe is reporting continuing threats from the Gumblar attack, which was first reported in March. The attack is compromising websites at the same time it is creating a botnet of infected PCs. Through malware on an infected computer, FTP credentials are stolen and websites can be compromised without further hacking. In an ironic demonstration of the first two Ws in WWW, the malware started with a Chinese domain associated with Russian and Latvian IP addresses, delivering code from servers in the U.K. Read about the problems caused by Gumblar and tips on determining if your computer is infected in this CNet News article.
In another example of website attacks, more than 40,000 sites were infected last weekend with malware based on a typo. Read more on this in NetworkWorld.
Fighting back against botnets
The number of botnets is growing and with it the odds that you could be a victim of a Distributed Denial of Service (DDoS) attack. There are some preventive things you can do to protect yourself, including filtering, but what filters are recommended? A NetworkWorld article provides "Top 4 Tips" on preventing DDoS attacks (and adds another in an apparent afterthought).
Bing - Bing - Bing
"Bing" is a new search engine that was recently launched by Microsoft. Like Google, it has a clean interface and works fast. There has been a lot of press on Bing and some of your users may be checking it out. IT administrators need to know, however, that Bing's adult material filters are reportedly easily over-written and viewing adult videos can require only a mouse-over gesture in a search results page. The Washington Post has more on this story.
Bing has a cashback rewards program that may make it worth a review - after ensuring your search filter has the appropriate setting. For more on Bing's features, read ComputerWorld.
If you want to test Google against Bing for search results, there's a way to compare them. Find out what one tech writer learned in a side-by-side comparison, in The Washington Post.
How tight are IT's handcuffs?
As an IT manager there are gadgets and websites you like that don't really have a business purpose ... or do they? This article lists eight programs/products -- including social networking giants Facebook and Twitter -- that may be acceptable or not to an organization, and may have a legitimate business or not, based on a survey Osterman Research conducted. What do you think? Read David Greenfield's "Team Think" blog at ZDNet to see the Osterman survey results.
On the lighter side ...
You could call this YouTube video "How old do you have to be to want a smartphone?" or
"A future whiny officer at our bank." It's your choice.
What do you do when you are a computer programmer, and you love puzzles? Twenty-five years ago, you created Tetris. If you played it back in the day and were addicted, too, you'll want to read more in CNet News.
|
BofA victim of malware
While it is the customer of Bank of America who would be the first victim of a new spam scam, it is the bank itself that would suffer the financial loss. BofA customers are getting a fraudulent email asking them to update their BofA "digital certificates." This spam is actually the delivery mechanism for scammers to install the Waledac worm on users' systems. Although BofA has nothing to do with the message or scam, it will have to deal with the ensuing negative public relations. Read the article and consider what your bank could do proactively to reduce those risks. SC Magazine has the details.
Thief foiled by vanity
While it isn't as good as LoJack, one man's automatic backup program helped him recover his stolen laptop. Because the pilfered laptop was used online, it backed up photos taken by the thief with the laptop's built-in camera. When the victim accessed the backed-up files on the Internet, he found an incriminating self-portrait of the crook. Read more about how the laptop -- and thief -- were tracked down in CNet News.
Slammer for spammer
Romanian immigrant Sergiu D. Popa ran a phishing scheme. By his own account, his 7,000 victims lost $700,000. Popa was tried and found guilty for his theft of personal information and financial records, and was sentenced to 8-1/2 years in prison. You can read more on Popa's exploits and comeuppance in the StarTribune.com of Minneapolis - St. Paul.
Is SkyMall for real?
Admit it. On one of your last flights you flipped through the SkyMall catalog on the plane. If you love gadgets, you have to look at it. Have you thought to yourself "that was cool," but didn't risk buying anything? Here is a review of ten items you may have seen, from the Spy Pen to the Home Theater Watch to the Stop Snoring Wristband -- and worse. Check them all out in this PCWorld article.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
