October 9, 2009
Update covering October 2 - October 8, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about the bank trojan threat, insider data theft, a Heartland update, a major patch collection, and much more.
Our selections from this week's tech news:
- Bank trojan threat worsens
- Facing the threat from within
- Suits against Heartland combined
- Is encryption a better choice?
- FBI head won't use online banking
- A major password compromise
- Planting seeds of infection for cash
|
- Spearfishing debit card scams
- A record Patch Tuesday looms
- Devising a mobile strategy
- Will you have a Flash-y phone?
- Mozilla plans for safer browsing
- Who allows social networking?
- Speeding up that morning boot
|
Get the details below.
|
Payment Card Industry Data Security Policy Template
|
On the lighter side ...
Windows 7 is just around the corner. Will it be an improved operating system over what we have now? That makes us wonder what we will be using in a galaxy far, far away, many, many years from now. YouTube has an idea.
|
URLZone bank trojan threat worsens
The URLZone trojan may be nastier than we originally thought. This malicious program not only steals your customers' money, but it rewrites online statements so no money appears to be missing. Now researchers believe it may also be able to identify machines that are run by investigators and law enforcement, and send them mis-information to throw them off the trail of money mules used to move stolen funds overseas. CIO has details.
Silver Tail Systems licenses software to detect patterns that may indicate a customers' account and/or computer have been compromised. Silver Tail recently held a seminar on e-commerce and the trojan Zeus was used as an example. Zeus steals data and has been used successfully several times this year. Silver Tail may have pinned a target on itself because it was infected with the Zeus trojan. Read more at The Washington Post.
Insider theft an "epic problem"
A veteran of 21 years at Wachovia, Shirley Inscoe handled insider fraud investigations and prevention. She believes the economy has increased the threat of insider theft but that many banks don't yet realize it is an "epic problem." Illustrating just how large the problem has become, Actimize, a provider of transactional risk management software for the financial services industry, issued the results of its recent survey. It concluded that 70 percent of financial institutions have had an insider data theft case in the last year. The positions posing the greatest threat of insider theft and more on the problem can be learned at Dark Reading.
Bank Heartland suits consolidated
The 16 separate lawsuits against Heartland Payment Systems, Inc. have been consolidated into one case filed in the U.S. District Court for the Southern District of Texas. The move was not unexpected because Heartland's data center is in Texas and the cases, previously spread around the country, will progress faster with the consolidation. You can read more on the case in Computerworld.
Merchants have been insulated from liability in many data breaches because of card association zero liability rules. If consumers incurred no loss, there is nothing to be done to make them whole. Now the same judge who issued that ruling is asking the Maine Supreme Court if the time and effort spent protecting oneself after a breach is a "substantial injury" that may be compensated. Read more on this question in the StorefrontBacktalk blog.
End-to-end encryption
On Monday of this week Visa issued a best practices document for its merchants looking into end-to-end encryption. Merchants have several incentives to employ encryption, because it will not only reduce the risk of a data breach, but reduce some PCI DSS requirements. Read more in SCMagazine.
FBI Director banned from Internet banking
While speaking to the Commonwealth Club of California about "Operation Phish Phry" (the largest cybercrime investigation to date in the U.S.), FBI Director Robert Mueller revealed that he is banned from Internet banking -- by his wife. You can read why (and see the video), as well as more about Phish Phry at CNet News.
Symantec Internet safety adviser Marian Merritt recently spoke with CNet's Larry Magid about phishing and how to avoid being a phishing victim. You'll find a podcast of that conversation at CNet News.
30,000 passwords posted
The logon credentials for at least 30,000 Windows Live, Gmail and Yahoo account holders were posted online last week. Windows Live includes users of Microsoft's Hotmail, Messenger, and Xbox LIVE services. You may have initially blown the mess off as unimportant to your bank, but how many of your customers may be using the same logon for one of these services that is used for Internet banking? This may be the perfect opportunity to warn customers about using the same credentials in multiple places, and to refresh theirs at the bank. Mail Online has more.
While Google and Microsoft blame phishing for the exposure of logon credentials, Mary Landesman, a senior security researcher at San Francisco-based ScanSafe believes botnets, trojans or keylogging are the culprits. Read more at Computerworld.
We covered the threat of these compromised passwords in more detail earlier this week in our Special Edition of Tech Talk.
Work from home infecting PCs for cash
Have you wondered how it is that so many computers can become infected so quickly? Pay-per-install.org is one significant part of the problem. People are paid based on how many computers they can infect. Once an initial malware seed is planted by piece-workers, another criminal can further pollute targeted machines to steal banking and other information or to conscript the machines into malicious botnets. Rates for "seeding" the machines vary by geographic region. You can read what those rates are, why Russian computers aren't targeted and how going to google.ru might protect you, in NetworkWorld.
Spearphishing continues
From Suffolk, New York to Omaha, Nebraska, spearphishing is still finding victims. Suffolk police report that a credit union's members had received text messages and voice mails that their debit cards had been deactivated. Another credit union in Omaha reported their members were getting similar alerts. When the targeted members called the phone number in the alerts to respond, they were asked for confidential information to verify who they were. Reminding your customers of this type of targeted threat will save you money in the long run. You can read about these stories in newsday.com and WOWT.com.
Got plans for Tuesday?
Make plans now to face a mountain of security updates in this month's Microsoft Patch Tuesday. This month it falls on the 13th, and a record 13 updates will be released, according to this month's advance notification from Redmond. Flaws in every supported version of Windows, Internet Explorer, Office, SQL Server and other key products are addressed in the patches, eight of which are tagged by Microsoft as "critical." Computerworld has the details.
You should also be on the alert for a Tuesday update from Adobe for versions of its popular Acrobat and Reader software. Read Adobe's Security Advisory for details of the software versions to be patched.
Calling up your mobile strategy
Have you started on your mobile strategy yet? Publishers Clearing House noticed that many sweepstakes registrants were filling out long forms on mobile browsers. That prompted them to create a mobile-friendly site, inviting more iPhone and BlackBerry users. They used a two-pronged strategy that made mobile access easier for current users, and reached out to younger customers. Read more to help you build your strategy in Computerworld.
Mobile Flash Player in the works
Mobile browsing has come a long way since it was specially created for wireless devices. Browsers now are "full service" but with an exception. Flash for mobile devices isn't yet available, but will be soon. Adobe announced that its upcoming 10.1 Flash player will also work on some mobile devices. Might this development impact your website and mobile banking strategy? You can read which phones are included and when mobile Flash should be available in this article from The Washington Post. There is more on how Flash will work on the iPhone in CIO.
While we are discussing mobile devices, we should mention that Windows Mobile 6.5 was released this week. Matthew Miller posted his review, with a video, and wasn't impressed. See why in the ZDNet Blogs.
A safer Firefox
Mozilla has released a test build of Firefox which includes Content Security Policy (CSP), which allows a website or application developer to define what a site's content should be so the browser knows what is authorized or inappropriate. You can read more on this security feature at NetworkWorld.
Study on social networking
A study done for an IT staffing company, Robert Half Technology, found that 54 percent of companies in the U.S. do not allow social networking at work. Sites such as Twitter, Facebook and LinkedIn are banned. Some allow access for business use, and fewer allow personal social networking while at work. The details are at Computerworld.
"Instant on" is close
Turning on a PC and going to get that first cup of coffee is a common process for many computer users. That routine may be about to change. While you may have read about new hard drives that allow a computer to boot faster, there is a BIOS solution in the works as well. For more on plans to speed up your boot time, read this Wired article, at CNN.com.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
