Tech Alert Briefing for 3/21/2002
Microsoft Updates Its Warning on Critical Windows Vulnerability
Microsoft issued an updated bulletin on a critical vulnerabilityin its Java Virtual Machine code.The latest vulnerability affectsusers who access the Web via proxy servers, which involve themajority of business users.
Microsoft originally warned of the potential vulnerability in aMarch 4th bulletin, saying that a malicious attacker could placea Java applet on a user's machine that was capable of silentlyhijacking web traffic. Once the web traffic was rerouted to themalicious java applet, the attacker could then record a user?ssession information and possibly search for usernames, passwords,or credit card numbers.
The latest bulletin warns that the vulnerability could furtherallow the attacker to essentially take over a user's machine andperform any task the user was authorized to perform.Microsofthas issued critical updates to patch the vulnerability which affectsall Windows systems running the Microsoft Virtual Machine.
Microsoft has made a patch available to correct the vulnerability.
Safeguarding Customer Information
Recent prosecutions involving theft of customer information by employeesof financial institutions.
Chase Employee Pleads Guilty to Computer Fraud
Unauthorized Computer Access by California Financial Institution Employee
Fed to Discontinue FedLine for Windows NT, Move to Web
The Federal Reserve is discontinuing development of the FedLine? for the Windows NT? operating system.Instead, the Federal Reserve will be using Web technology as a platform for accessing all Federal Reserve services. The new Web based technology will include all the features and functions from the current DOS-based FedLine software.For more information go to: Federal Reserve FedLine
Previous Tech Alerts:
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed
First published on 03/20/2002