October 30, 2009
Update covering October 23 - October 29, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about TD Ameritrade's woes, false security hopes, scam phone calls, and more.
Our selections from this week's tech news:
- Security found lacking
- Risks in biometrics
- Spoofed calls scam customers
- Texting for ransomware
- Public WiFi threats
- Five flavors of spam
- Where spam is made
|
- FDIC uses viral messaging
- Gift cards at risk
- Firefox's update
- Beneficial bugs
- Pre-scrubbed PCs
- Verizon's newest smartphone
- Our time-ly reminder
|
Get the details below.
|
Payment Card Industry Data Security Policy Template
|
On the lighter side ...
It is time for trick or treat. In the office, sometimes a trick is better. Especially if you're delivering and not receiving. Here are 15 geek pranks you may be interested in, from NetworkWorld.
|
TD Ameritrade security judged inadequate
TD Ameritrade suffered a data breach in 2007. As a part of its proposed court settlement it was to ramp up security. However, the court handling the case has rejected what TD Ameritrade proposed as sufficient security. U.S. District Court Judge Vaughn Walker in San Francisco said that the court didn't believe the proposed settlement was "fair, reasonable or adequate." In his written opinion, Judge Walker said "as a large company that deals in sensitive personal information, penetration and data breach tests [which TD Ameritrade offered as part of the proposed settlement] should be routine practices of TD Ameritrade's department that handles information security." Last week we wrote about a Maine court that is reconsidering whether harm is done when a consumer is protected by zero liability. Will the courts now specify your security requirements? Read more in Computerworld.
The FBI has said that a federal law on reporting data breaches would prove helpful to law enforcement. The idea is knowing what happened to one company, if shared, could be prevented at another. For more details read this NetworkWorld article.
Is biometric security a myth?
Most bankers have moved to multifactor authentication. Their customers need a password, a PIN, and may review pictures or have a token that allows them to logon to Internet banking. But logon credentials are still compromised or taken via a breach. Are biometrics the answer? Will a fingerprint or retinal scan ensure your customer is the person logging on? Perhaps not. Read more about the dark side of this oft-touted hope for a security panacea in Computerworld.
Caller ID: Your bank is calling -- Or is it?
Cybercriminals are hacking into telephone systems and calling customers. They are abusing the ability of many VoIP systems to send false caller ID information with outgoing calls. Bank customers are more likely to divulge logon credentials, PINs or other confidential information if their caller ID displays their bank's name or number. Read more on how it is done at Computerworld, then consider how you will protect your bank and its customers.
LoroBot ransomware a new threat
Toolkits used to build SMS ransomware cost between $15 and $30. An unsuspecting user's machine is infected with the LoroBot, which encrypts a variety of file types including images, sound, PDFs and assorted Microsoft Office files, holding them ransom. The scammer's investment in the ransomware is paid back on the first successful attack, when the user is told the decryption code requires a $100 payment, to be completed by sending a "premium SMS" to a designated number. The target of the scam must send a text message with a cell phone, and is billed for the message at the $100 premium rate. Read more about this scam, including what the anti-virus companies are doing about it at ZDNet.
WiFi - convenience vs. security
We hope WiFi security isn't a problem at your bank, but consider your employees and customers as you view this Today Show video. This six minute segment demonstrates that when an unsecure WiFi connection is in use, it is more than what users are doing that is at risk. Everything on their computers can be read and even copied. You'll find the video at Today.
Email spam scams
Your employees and customers need to remain vigilant about deleting spam scam emails. Here are some examples:
- "Facebook Password Reset Confirmation" is a message actually carrying a variant of the Bredolab trojan, according to ZDNet.
- There is another Facebook threat from the Zeus bank trojan. This "update request" is intended to steal financial information. CNet News details that threat.
- Twitter is also warning users about a spam attack, according to CIO.
- “check your Bank Deposit Insurance Coverage” is the subject line of spam looking for your customers' logon credentials, according to the FDIC.
- The FDIC isn't the only federal agency sounding the alarm. There is a spam message purportedly from DHS and the FBI that accuses the recipient of involvement in money laundering and terrorist activities, according to this FBI alert.
Spam source revealed
A new survey from the Anti-Phishing Working Group reveals that during the first half of the year, 25 percent of all spam was sent by one gang. "Avalanche" started sending spam in late 2008 and has been increasing its activity. The gang attacks financial institutions, online services and job-search providers. How are they evading detection? Details are in this Techworld article.
FDIC delivers via YouTube
Hearing more questions from customers on bank failures, FDIC Chairman Sheila Bair has posted a video to reinforce the FDIC's message of strength. She emphasizes that the FDIC has a pool of money now, along with industry paid premiums and a line of credit that will handle any emergency that may arise. The message? Insured deposits are not at risk. This may be a good link to post on your own website. See the video on YouTube.
Don't forget those gift cards
You know the magnetic strips on credit and debit cards can be compromised. Reaseachers at Corsaire, a UK company, remind us that gift cards often use the same technology but may not have the same security features. Even cards that have not yet been activated can be at risk. Find more on this threat at Dark Reading.
Firefox flaws fixed
Mozilla fixed six critical bugs (11 total) in its Firefox web browser this week. The update should bring the browser version up to 3.5.4. The vulnerabilities are such that an attacker could use them to actually take over a machine. The new version also improves stability. Read more about the update at ZDNet.
Ants may de-worm you
Scientists from Wake Forest University and the Pacific Northwest National Laboratory are creating digital "ants" that could combat worms and viruses trying to harm your computer. These good ants can monitor what your computer is doing, such as its Internet connection speed, and fight off an attack. Read how the ants work at MSNBC.
New PCs offer less junkware
When Andy bought his last PC he had a pro run a removal program that deleted the demoware and junkware programs. Speed was enhanced significantly. Now there are programs that allow you to do that for yourself. But with Windows 7, Microsoft is helping you avoid some of this problem from the start. Read why there is less crud on new machines at PCWorld.
Can you hear me now?
The newest Smartphone will hit the market next week -- the Motorola Droid from Verizon. This is another smart phone with Google's Android operating system, and some think it will be a real competitor for Apple's iPhone. Images and a video embedded in this article show you the sliding screen and the physical keyboard as well as an overview of the features you can expect. NetworkWorld has the details.
 Reclaim that hour!
November 1st is the date to set your clocks back an hour, when Daylight Saving Time ends for another year. Don't forget desktops, laptops, PDAs, cell phones, cameras, security VCRs and just about any other clock that doesn't get reset automatically. Adjust your vault timers, and enjoy the extra hour's sleep Sunday morning -- the one you lost in March.
|
|
Print Friendly Version!
Email This Article!
Discuss NOW!
