BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
December 11, 2009
Update covering December 4 - 10, 2009

Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about an insecurity suit, changing threats, breached bank data security, and more.

Our selections from this week's tech news:
  • Another bank security suit
  • Bank cyberthreats morphing
  • Upping the security ante
  • Bogus domain renewal requests
  • Two bank data breaches
  • When spies watch spies
  • Where NOT to post your manuals
  • Banks and the digital divide
  • Are they tweeting about your bank?
  • Ads about behavioral targeting launched
  • Was the Black Screen of Death real?
  • Microsoft's December updates
  • Cellular news that caught our eye
  • and on the lighter side...
Get the details below.

Paul Carrubba
Dan Fisher

in a 2-hour
LIVE Webinar

December 16th

RDC Risk Management and FFIEC Compliance: It is harder than you think!

Whether you have already rolled out a Remote Deposit Capture service for your customers or are still just contemplating the move, or if your only exposure to imaging is a current or planned teller or branch image capture system, you need to know how your plans and operations can be affected by the FFIEC's remote deposit capture risk management guidance. Regardless of the technology you deploy, attend this important two-hour presentation by remote deposit experts Paul Carrubba and Dan M. Fisher to get a clear understanding of the compliance implications of the FFIEC's guidance.

Can't attend?
Order the CD ROM of the program now.

Payment Card Industry Data Security Policy Template
On the lighter side ...
Have you had employees complain when you install a new computer for them or upgrade their software? Some people are never happy! Now there is a report to track these folks so they can be scheduled for weekend and holiday duty. Check out our tongue-in-cheek Hurt Feelings Report.
Bank sued for lax customer protection
JM Test Systems, an electronic testing company in Louisiana, had almost $100,000 transferred from its account at Capital One. Hackers made the wire transfers and JM Test Systems is taking Capital One to court, maintaining that the bank failed to provide adequate safeguards to protect its customers. Read more on this case at The Washington Post Security Fix.

Banks are getting better about advising customers of threats that directly involve their accounts, but the JM Test Systems suit makes us all aware that we need to inform customers of other threats that may later involve their accounts. Here are the 12 Scams of Christmas from ABC News. [For more information on getting the word out to bank customers, check out Andy's February 17, 2010 webinar, Cyber-Education/Awareness for your Customers – Requirements and Recommendations.]

Heard about all the recent computer attacks? Are you protected? Are you sure? Want to ensure your antivirus, antispyware, Microsoft applications and ALL other applications are up to date? Look no further, PCSentry is your answer. Learn how to receive your free vulnerability scan and relax with a vacation on us!

Changing threat to banks
In its 2009 Annual Security Report, Cisco indicates that cybercriminals are advancing to new techniques. Scams like phishing and malware are being put aside as social networking and data theft is where the money is today. Commonly used passwords provide access to bank accounts and the new tools available to cybercrooks make it easier to steal them. Read more in CIO.

In a related story, the security firm Sophos completed a survey revealing that nearly half of Facebook users "friended" a complete stranger, providing access to personal information. CNet News has more on this threat and PCWorld discusses recent privacy changes at Facebook.

Calls for enhanced cybersecurity
A new report from the Internet Security Alliance calls for improved cybersecurity on the part of private businesses as well as the government. An article on the report correctly points out that zero-liability rules make a consumer whole after suffering a loss, but card issuer charge-offs are passed along to all consumers in the form of higher fees and rates. Read more on the call for revamped security in Computerworld.

Renew bank domains with caution
Popular scams are circulating that may be directed at your webmaster. Often your domain name is registered for several years at a time. Getting a reminder email to renew it isn't unheard of. But make sure that the registration is actually due for renewal first. This scam and another are detailed for you in a PCWorld article.

Two more bank data breaches
HSBC inadvertently exposed some customers' confidential information. They filed records electronically and the document scanning wasn't as protective of specific fields of data as it was designed to be. But to add insult to injury, these were records filed in bankruptcy court and involve accounts the bank is going to lose money on. Now the bank has to pay more money to allow free credit monitoring for their bankrupt borrowers. Read the details at Computerworld.

In Michigan, Flagstar Bank may have suffered a data breach because of a vendor. The vendor had bank customer data on a laptop, which was stolen. More is at WoodTV8.

Spying on a spy
You may not remember the name David Kernell, but you'll remember his actions. He hacked into Sarah Palin's Yahoo email during her run for vice president. As forensic experts were examining his computer for his upcoming trial, they found something very interesting. His computer has malware on it which would allow a hacker to see what Kernell saw and recover that data from his computer. Perhaps more worrisome to our readers is a researcher's guess that one in five PCs is infected with malware. Read more on this story at Computerworld.

IntRAnet or IntERnet? A costly gaffe
Have you ever made the mistake of posting a document on the wrong network? Consider how embarrassing it might be if your document belonged on your bank's intranet but you posted it on the Internet. Well the Transportation Safety Administration (TSA) made just such an error recently when it posted confidential screening procedures online for the world to see. While some parts of the document were redacted, it appears a simple copy and paste maneuver could reveal more than the reader was supposed to know. Read more on TSA's blunder and the resulting PR battle in The Washington Post, and consider how damaging it could be for one of your bank's security manuals to be "published" on the Web.

Be aware of the digital divide
As you read this story that focuses on children doing homework and not having reliable or high-speed Internet access, remember that this means their parents don't have it at home either. Many banks have forgotten that not all customers have broadband Internet connections. As web pages are designed and products are delivered electronically, we have to be aware that dial-up still exists, and in some places is not consistent. Read more on the digital divide in The Washington Post.

When tweeters attack
You may have read about Google's real time search capabilities and Twitter. In the past you may have dismissed disgruntled tweets about your bank. You may now have to revisit this reputation risk issue. A ZDNet article explains why you need to be aware of what is being said about you in the social networking environment.

Push for Web advertising awareness
The Interactive Advertising Bureau (IAB) has launched a new public service campaign to increase awareness by consumers that their data can be collected and used online. A group of companies have committed to getting this message out, to the tune of 500 million times. The campaign was announced after at least one legislator said he'd introduce a bill requiring consent for obtaining personal info and the FTC criticized the use of complex privacy policies to inform people of behaviorally-targeted ads. For details and early reaction to the IAB campaign, see this MediaPostNews article.

To help web users protect their privacy, Yahoo beta-released a tool allowing users to opt out of ads and data collection. Read more on Yahoo's move at ZDNet.

BSOD — much ado about nothing?
Last week we alerted you to the "Black Screen of Death" that was being reported after many users of various Microsoft operating systems installed November patches. A ZDNet blog entry reviews the flimsy connection to Patch Tuesday and offers several explanations for the phenomenon along with as many troubleshooting tips. You'll find the blog HERE.

Final Patch Tuesday
We had the final Patch Tuesday of the year and 12 Windows vulnerabilities were addressed. Patches were made available for Microsoft Windows, Office, and Internet Explorer. Three bugs were rated as critical and each was in IE8. You can find details on what was fixed in this article from SCMagazine.

There was also a patch for a critical Adobe Flash vulnerability made available this week. Details are at Adobe.

Cellular snippets
Even smartphone users are applying patches. The Verizon/Motorola Droid was patched over the air on Monday. That story is here.

Jailbroken iPhones can be hacked. Even iPhones that are not jailbroken can be harmed by a malicious app. The flexibility of the iPhone and other smartphones now on the market leads to the variety of apps that increase the functionality of the phones. What if an app includes malicious code that facilitates a data breach? Read more at PCWorld.

In spite of those risks, the iPhone is winning support from some security experts according to this article in NetworkWorld.

Need to spruce up a BlackBerry? This slide show looks at six BlackBerry makeovers that cost a total of only $100.

Real BlackBerry addicts will be trying to get one of these $1,500 BlackBerry Bolds.

Bad cell service -- AT&T has an app for that. Using triangulation, your position can be determined and sent with a complaint about poor service, a dropped call, etc. What John and Andy don't understand is how your position can be recorded and a complaint submitted when you don't have service. Perhaps there will be fewer complaints that way. AppleInsider has more details.

And finally, a reminder that if you're looking for a free holiday e-card, you need look no further than the eCard Exchange at

Subscribe to Tech Talk and BOL Tech Advisories

  In the Banker Store
CD ROM Training
Information Security
In Today's World
FACTA: Responding to Identity Theft (Video)
Video Training
Responding to Identity Theft
CD ROM Training
Incident Response Plan–
Responding to an
Information Security Breach
  Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
  Support the vendors who support BOL!
Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors or BOL Vendor Connect.