June 12, 2009
Update covering June 5 - 11, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about Starbucks' slip, security, plentiful patches and more.
Our selections from this week's tech news:
- 1 for 2 sales
- In pursuit of youth
- Keeping your website secure
- Blocking security gaps
- Fighting the eastern hacker hordes
- T-Mobile's denial
- Microsoft's mega-patch
- Stomping PDF bugs
|
- Apple's big browser update
- The end of Money
- Not enough hours in a day
- When Pricewert went down
- Google can speak Outlook
- Smartphones battle
- Jargon: Going "...ishing"
- On the lighter side
|
Get the details below.
|
Single latte, double price
Starbucks has confirmed that it double-debited a million customers of their company-owned stores over the Memorial Day weekend. The duplicate charges occurred on both debit and credit card transactions. Starbucks says it has reversed all the extra entries. However, what if your customers' accounts were overdrawn by the extra charge? Could you have bounced checks because of Starbucks' mistake? What will you do about the overdraft fees? Your customers won't be satisfied with "It's your barista's fault" (it wasn't, by the way). This isn't the first time we've seen this happen. Both Macy's and Best Buy have been in the news for extra debits. You can read all about it in the StorefrontBacktalk blog.
Innovating for younger markets
What do consumers want? Internet banking and bill payment? That is for certain, but it's old news. Younger customers want yet more technology and they often want it consolidated in their existing devices, like their own phones. While mobile banking may fill part of the bill, consumers are also being enticed by account alerts, websites optimized for mobile banking and contactless payments, all through mobile phones. Read more in contactlessnews.com.
Best Practices for Protecting Banking Sites
Terence Cornelius is an information security consultant at Paladion, an India-based security testing and consulting company. He provided BankersOnline with a paper that includes 14 things you can do to protect your bank's website. Did you know that a new infected webpage is discovered every 4.5 seconds? The threats are real, so your security must be, too. Read more right here on BOL.
Five security holes you should plug
Chris Nickerson is a security consultant in Colorado. He's written about weaknesses found in many companies and how those companies may be penetrated through social engineering and physical security gaps. From unsecure backup generators to easy entry at the "smoker's door," Nickerson reveals tricks that all bank employees need to be aware of so that the risks may be mitigated. You'll find Nickerson's article and a video at CSOOnline.
On the topics of IT security and corporate espionage, Symantec is urging users to reconsider their use of wireless keyboards, if security is an issue. Passwords, usernames and anything else typed on them can be read, based on the electromagnetic signals they emit. Read more in CIO.
Fighting back
United States and United Kingdom authorities are getting ready to fight back against cyber attacks. Hackers from the East continue their attempts to penetrate government and commercial computer systems and it is believed many of the attempts are sponsored by foreign governments. Now the U.S. and U.K. are preparing a counterattack that includes a "defensive offensive capability." You can read more on this story in the guardian.co.uk.
T-Mobile (not) hacked
A group calling itself "pwnmobile" reportedly hacked into T-Mobile's servers and accessed everything from customer records to the company's financials for 2009 ("PWN" means to own or conquer. It is commonly used in mobile hacking program names). T-Mobile has stated that data provided as evidence of the hack was genuine, but maintains they were not hacked. You can find more on this accusation and response in CIO.
Patch Tuesday
This week had the second Tuesday of the month. That means Microsoft was due to send patches and did they ever! Thirty-one vulnerabilities were patched in ten security updates for IE, Word, Excel and more. Eighteen of the bugs were termed critical. You can read more on the details in The Washington Post's Security Fix.
Adobe bugs quashed
Adobe released patches for their popular Reader and Acrobat programs on Tuesday, too. Thirteen bugs in all were patched for Windows and Macintosh users, but Unix users will have to wait another week. Hackers used these vulnerabilities to install malware which could allow the hacker to take control of the infected computer. CIO has more information.
Safari 4.0
The new Apple Safari 4.0 browser has patched more than 50 vulnerabilities. Some of the bugs could allow a hacker to take control of a computer and even launch a denial-of-service attack from it. For more on the bugs and the patches, read SCMagazine.
|
Kiss your Money goodbye
Microsoft has announced that they will stop selling Microsoft Money Plus at the end of this month. Annual updates were suspended last year when it was no longer sold in retail outlets. Microsoft cited changes in consumer needs and the fact that banks, brokerage firms and websites are meeting the current needs. With no updates and less support from Microsoft, banks may want to reconsider any implied endorsement of the product. Many banks include tutorials on their Internet banking sites on importing/exporting data and may want to add a footnote for their customers there. Read more on the termination in Computerworld.
24/7 isn't enough
Cisco predicts individual customers will use 48 hours of Internet connectivity in a 24-hour period within the next four years. How could this be? Multitasking has improved and customers have become more and more connected to, and dependent on, the Internet. As you read this edition of Tech Talk, how many times has your email been checked by both your computer and your smartphone? Read more on this story, including how many hours of Internet connectivity we use every day already, in PCW Business Center. (How many hours do you think are used daily now -- 8, 18, 36?)
Pricewert offline
We told you last week that the Federal Trade Commission had Pricewert LLC shut down because of its criminal connections and for being a leading provider for illegal, malicious, and harmful content. Pricewert also seems to have been used heavily by spammers. After the shutdown, spam sent was reduced by 15 percent last weekend. You can find details in Computerworld.
Gmail makes nice with Outlook
If you are a Microsoft Outlook user who also uses Gmail as a Google App, life may have gotten easier. Google has released "Sync for Outlook" to marry the popular desktop program with a taste of cloud computing. Google is working its way into enterprise applications. Users have the ability now to accomplish tasks in any of several ways. As an example, a meeting can be scheduled with coworkers either through Google's calendar, or Outlook's, and no Exchange server is needed. Read more in ZDNet.
Smartphones — Palm Pre vs. iPhone 3G S
Unless you have been Internet-free for the last couple of weeks you know that the Palm Pre was released last weekend. Many believe it will de-throne the Apple iPhone, but this week Apple announced the release dates of its updated iPhone operating system and its new model 3G S iPhone. In this article the features of the two smartphones are compared by PCWorld.
The iPhone has long been criticized for not meeting the needs of enterprise users. The new version of the operating system promises some BlackBerry-like security features. Read more in InfoWorld.
Jargon Watch: "...ishing" Things
You have read about phishing, smishing and vishing in many editions of Tech Talk, including this one. We thought it appropriate to give our new readers some quick explanations, just in case.
Phishing - an email that claims to be from a legitimate source that attempts to have the reader provide confidential personal information. These messages could be attempts to gain bank account or credit card information, Internet banking logon information, etc. BOL has many examples of phishing emails as well as articles and tools to help you save your bank and customers from losses. Take a look at BOL's Anti-Phishing Blog and you'll be "hooked" on it!
Spear Phishing - Targeted phishing emails. In phishing, a large number of emails are sent and many recipients have no relationship with the supposed source. Spear phishing, on the other hand, is targeted and may be sent to just customers of a bank, or employees in a department. The email may appear to be from the bank, or from Human Resources, as examples. One variant of spear phishing is Whaling (see our 4/18/08 Tech Talk), which is an attack targeted to executives such as the CEO, CIO, COO, etc. (the "big phish" in an organization).
Smishing - phishing with text messages and cell phones. "SMiShing" is a compound of phishing and "SMS" text messaging.
Vishing - phishing using a voice message. Voice phISHING often uses Voice over Internet Protocol (VOIP) to make calls at no cost that are harder to trace. A message is left with a telephone number to return the call. When targets call the number, feeling safer because they initiated the call, a voice response system will ask for the same confidential personal information described above. If your customers get taken in by these scams, they'll be "vishing" they hadn't. BOL Guru Jeff Patterson, our predecessor here at Tech Talk, discussed phishing, vishing and smishing in his 8/25/06 edition.
Pharming - the use of a fraudulent or spoofed website that appears to be one of a legitimate business, to obtain and record user logon information and other confidential personal information. Domain Name Servers (DNS) can be hacked, redirecting web traffic from a legitimate site to the spoofed site. A phishing email may also link to the pharmed website. John compared pharming and phishing in a 3/24/08 Guru Q&A.
In-Session Phishing - interrupts a web browsing session with a pop-up window. Users see the pop-up and believe it is associated with the site they are on. Of course they are asked to re-enter confidential personal information. If your users have infected computers, entering a username and password on your Internet banking site would trigger the pop-up window, sending the data to the thieves. We discussed these attacks in Tech Talk in January.
FYI - The word "phishing" comes from the analogy that Internet scammers are using email lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting users. Since hackers have a tendency to replace "f" with "ph," the term phishing was coined.
|
|
Print Friendly Version!
Email This Article!
Discuss NOW!
